On Fri, Jun 17, 2022 at 01:44:30AM -0700, Christoph Hellwig wrote: > On Thu, Jun 16, 2022 at 04:52:11PM -0700, Nicolin Chen wrote: > > The pinned PFN list returned from vfio_pin_pages() is simply converted > > using page_to_pfn() without protection, so direct access via memcpy() > > will crash on S390 if the PFN is an IO PFN. Instead, the pages should > > be touched using kmap_local_page(). > > I don't see how this helps. kmap_local_page only works for either > pages in the kernel direct map or highmem, but not for memory that needs > to be ioremapped. And there is no highmem on s390. The remark about io memory is because on s390 memcpy() will crash even on ioremapped memory, you have to use the memcpy_to/fromio() which uses the special s390 io access instructions. This helps because we now block io memory from ever getting into these call paths. I'm pretty sure this is a serious security bug, but would let the IBM folks remark as I don't know it all that well.. As for the kmap, I thought it was standard practice even if it is a non-highmem? Aren't people trying to use this for other security stuff these days? Jason
