Re: [RFC PATCH 10/10] vfio/type1: Register device notifier

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [RFC PATCH 10/10] vfio/type1: Register device notifier
From: Peter Xu <peterx@xxxxxxxxxx>
Date: Thu, 25 Feb 2021 14:54:40 -0500
Cc: Alex Williamson <alex.williamson@xxxxxxxxxx>, cohuck@xxxxxxxxxx, kvm@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
In-reply-to: <20210225191714.GU4247@nvidia.com>
References: <161401167013.16443.8389863523766611711.stgit@gimli.home> <161401275279.16443.6350471385325897377.stgit@gimli.home> <20210222175523.GQ4247@nvidia.com> <20210224145508.1f0edb06@omen.home.shazbot.org> <20210225002216.GQ4247@nvidia.com> <20210225175457.GD250483@xz-x1> <20210225181945.GT4247@nvidia.com> <20210225190646.GE250483@xz-x1> <20210225191714.GU4247@nvidia.com>

On Thu, Feb 25, 2021 at 03:17:14PM -0400, Jason Gunthorpe wrote:
> It is a use-after-free. Once the PFN is programmed into the IOMMU it
> becomes completely divorced from the VMA. Remember there is no
> pin_user_page here, so the PFN has no reference count.
> 
> If the owner of the VMA decided to zap it or otherwise then the IOMMU
> access keeps going - but now the owner thinks the PFN is free'd and
> nobody is referencing it. Goes bad.

Sounds reasonable.  Thanks,

-- 
Peter Xu

References:
- [RFC PATCH 00/10] vfio: Device memory DMA mapping improvements
  - From: Alex Williamson
- [RFC PATCH 10/10] vfio/type1: Register device notifier
  - From: Alex Williamson
- Re: [RFC PATCH 10/10] vfio/type1: Register device notifier
  - From: Jason Gunthorpe
- Re: [RFC PATCH 10/10] vfio/type1: Register device notifier
  - From: Alex Williamson
- Re: [RFC PATCH 10/10] vfio/type1: Register device notifier
  - From: Jason Gunthorpe
- Re: [RFC PATCH 10/10] vfio/type1: Register device notifier
  - From: Peter Xu
- Re: [RFC PATCH 10/10] vfio/type1: Register device notifier
  - From: Jason Gunthorpe
- Re: [RFC PATCH 10/10] vfio/type1: Register device notifier
  - From: Peter Xu
- Re: [RFC PATCH 10/10] vfio/type1: Register device notifier
  - From: Jason Gunthorpe

Prev by Date: [PATCH] vfio/type1: fix unmap all on ILP32
Next by Date: Re: [PATCH v2 1/1] s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks
Previous by thread: Re: [RFC PATCH 10/10] vfio/type1: Register device notifier
Next by thread: Re: [RFC PATCH 10/10] vfio/type1: Register device notifier
Index(es):
- Date
- Thread

[Index of Archives] [KVM ARM] [KVM ia64] [KVM ppc] [Virtualization Tools] [Spice Development] [Libvirt] [Libvirt Users] [Linux USB Devel] [Linux Audio Users] [Yosemite Questions] [Linux Kernel] [Linux SCSI] [XFree86]