From patchwork Wed Apr 18 10:55:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xu Yandong X-Patchwork-Id: 10347879 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0FC3960365 for ; Wed, 18 Apr 2018 10:58:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 043DE285DB for ; Wed, 18 Apr 2018 10:58:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id ED1B9285E0; Wed, 18 Apr 2018 10:58:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AE1C8285DB for ; Wed, 18 Apr 2018 10:58:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752027AbeDRK6M (ORCPT ); Wed, 18 Apr 2018 06:58:12 -0400 Received: from szxga06-in.huawei.com ([45.249.212.32]:48896 "EHLO huawei.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1751878AbeDRK6L (ORCPT ); Wed, 18 Apr 2018 06:58:11 -0400 Received: from DGGEMS412-HUB.china.huawei.com (unknown [172.30.72.60]) by Forcepoint Email with ESMTP id 7ACA0D5C62307; Wed, 18 Apr 2018 18:58:08 +0800 (CST) Received: from localhost (10.177.33.58) by DGGEMS412-HUB.china.huawei.com (10.3.19.212) with Microsoft SMTP Server id 14.3.361.1; Wed, 18 Apr 2018 18:58:02 +0800 From: Xu Yandong To: CC: , , , , Xu Yandong Subject: [PATCH] vfio iommu type1: no need to check task->mm if task has been destroyed Date: Wed, 18 Apr 2018 18:55:45 +0800 Message-ID: <20180418105545.13488-1-xuyandong2@huawei.com> X-Mailer: git-send-email 2.8.4.windows.1 MIME-Version: 1.0 X-Originating-IP: [10.177.33.58] X-CFilter-Loop: Reflected Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The task structure in vfio_dma struct used to identify the same task who map it or other task who shares same adress space is allowed to unmap. But if the task who map it has exited, mm of the task has been set to null, we should unmap the vfio dma directly. Signed-off-by: Xu Yandong --- Hi all, When I unplug a vcpu from a VM lanched with a VFIO hostdev device, I found that the *vfio_dma* mapped by this vcpu task could not be unmaped in the future, so I send this patch to unmap vfio_dma directly if the task who mapped it has exited. Howerver this patch may introduce a new security risk because any task can unmap the *vfio_dma* if the mapper task has exited. --- drivers/vfio/vfio_iommu_type1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c index 5c212bf..601a353 100644 --- a/drivers/vfio/vfio_iommu_type1.c +++ b/drivers/vfio/vfio_iommu_type1.c @@ -947,7 +947,7 @@ static int vfio_dma_do_unmap(struct vfio_iommu *iommu, * Task with same address space who mapped this iova range is * allowed to unmap the iova range. */ - if (dma->task->mm != current->mm) + if (dma->task->mm && (dma->task->mm != current->mm)) break; if (!RB_EMPTY_ROOT(&dma->pfn_list)) {