microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/drivers
История
David Hildenbrand 5c6705aa47 drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() 
[ Upstream commit 3d6586008f7b638f91f3332602592caa8b00b559 ]

Patch series "mm: follow_pte() improvements and acrn follow_pte() fixes".

Patch #1 fixes a bunch of issues I spotted in the acrn driver.  It
compiles, that's all I know.  I'll appreciate some review and testing from
acrn folks.

Patch #2+#3 improve follow_pte(), passing a VMA instead of the MM, adding
more sanity checks, and improving the documentation.  Gave it a quick test
on x86-64 using VM_PAT that ends up using follow_pte().

This patch (of 3):

We currently miss handling various cases, resulting in a dangerous
follow_pte() (previously follow_pfn()) usage.

(1) We're not checking PTE write permissions.

Maybe we should simply always require pte_write() like we do for
pin_user_pages_fast(FOLL_WRITE)? Hard to tell, so let's check for
ACRN_MEM_ACCESS_WRITE for now.

(2) We're not rejecting refcounted pages.

As we are not using MMU notifiers, messing with refcounted pages is
dangerous and can result in use-after-free. Let's make sure to reject them.

(3) We are only looking at the first PTE of a bigger range.

We only lookup a single PTE, but memmap->len may span a larger area.
Let's loop over all involved PTEs and make sure the PFN range is
actually contiguous. Reject everything else: it couldn't have worked
either way, and rather made use access PFNs we shouldn't be accessing.

Link: https://lkml.kernel.org/r/20240410155527.474777-1-david@redhat.com
Link: https://lkml.kernel.org/r/20240410155527.474777-2-david@redhat.com
Fixes: 8a6e85f75a ("virt: acrn: obtain pa from VMA with PFNMAP flag")
Signed-off-by: David Hildenbrand <david@redhat.com>
Cc: Alex Williamson <alex.williamson@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Fei Li <fei1.li@intel.com>
Cc: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
Cc: Heiko Carstens <hca@linux.ibm.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Yonghua Huang <yonghua.huang@intel.com>
Cc: Sean Christopherson <seanjc@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-06-16 13:39:32 +02:00
..
accessibility speakup: Fix sizeof() vs ARRAY_SIZE() bug 2024-06-16 13:39:11 +02:00
acpi ACPI: disable -Wstringop-truncation 2024-06-16 13:39:20 +02:00
amba amba: bus: fix refcount leak 2023-09-19 12:22:47 +02:00
android binder: fix max_thread type inconsistency 2024-05-25 16:20:18 +02:00
ata ata: sata_gemini: Check clk_enable() result 2024-05-17 11:50:53 +02:00
atm atm: idt77252: fix a memleak in open_card_ubr0 2024-02-23 08:54:57 +01:00
auxdisplay
base driver core: Introduce device_link_wait_removal() 2024-04-10 16:19:42 +02:00
bcma
block null_blk: Fix missing mutex_destroy() at module removal 2024-06-16 13:39:17 +02:00
bluetooth Bluetooth: qca: fix firmware check error path 2024-05-17 11:51:06 +02:00
bus bus: tegra-aconnect: Update dependency to ARCH_TEGRA 2024-03-26 18:21:19 -04:00
cdrom
char hwrng: core - Fix page fault dead lock on mmap-ed hwrng 2024-02-23 08:54:24 +01:00
clk clk: qcom: mmcc-msm8998: fix venus clock issue 2024-06-16 13:39:31 +02:00
clocksource clocksource/drivers/arm_global_timer: Fix maximum prescaler value 2024-04-10 16:18:46 +02:00
comedi comedi: vmk80xx: fix incomplete endpoint checking 2024-04-27 17:05:26 +02:00
connector
counter counter: microchip-tcb-capture: Fix the use of internal GCLK logic 2023-10-19 23:05:37 +02:00
cpufreq cppc_cpufreq: Fix possible null pointer dereference 2024-06-16 13:39:21 +02:00
cpuidle cpuidle: Avoid potential overflow in integer multiplication 2024-04-13 13:01:43 +02:00
crypto crypto: ccp - drop platform ifdef checks 2024-06-16 13:39:16 +02:00
cxl cxl/mem: Fix shutdown order 2023-11-20 11:08:27 +01:00
dax
dca
devfreq PM / devfreq: Synchronize devfreq_monitor_[start/stop] 2024-02-23 08:54:38 +01:00
dio
dma dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" 2024-05-17 11:50:43 +02:00
dma-buf dma-buf: add dma_fence_timestamp helper 2024-02-23 08:55:10 +01:00
edac EDAC/thunderx: Fix possible out-of-bounds string access 2024-01-25 14:52:32 -08:00
eisa
extcon
firewire firewire: nosy: ensure user_length is taken into account when fetching packet contents 2024-05-17 11:51:01 +02:00
firmware firmware: raspberrypi: Use correct device for DMA mappings 2024-06-16 13:39:16 +02:00
fpga
fsi fsi: aspeed: Reset master errors after CFAM reset 2023-09-19 12:22:46 +02:00
gnss
gpio gpio: crystalcove: Use -ENOTSUPP consistently 2024-05-17 11:50:55 +02:00
gpu drm/mipi-dsi: use correct return type for the DSC functions 2024-06-16 13:39:30 +02:00
greybus
hid HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors 2024-06-16 13:39:24 +02:00
hsi
hv
hwmon hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us 2024-05-17 11:51:05 +02:00
hwspinlock
hwtracing coresight: etm4x: Fix width of CCITMIN field 2024-01-25 14:52:32 -08:00
i2c i2c: smbus: fix NULL function pointer dereference 2024-05-02 16:24:50 +02:00
i3c i3c: master: cdns: Update maximum prescaler value for i2c clock 2024-02-23 08:54:50 +01:00
idle
iio iio: accel: mxc4005: Interrupt handling fixes 2024-05-17 11:51:04 +02:00
infiniband RDMA/hns: Modify the print level of CQE error 2024-06-16 13:39:31 +02:00
input Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails 2024-04-13 13:01:44 +02:00
interconnect Revert "interconnect: Teach lockdep about icc_bw_lock order" 2024-03-06 14:38:50 +00:00
iommu iommu: mtk: fix module autoloading 2024-05-17 11:50:55 +02:00
ipack
irqchip irqchip/loongson-pch-msi: Fix off-by-one on allocation error path 2024-06-16 13:39:20 +02:00
isdn mISDN: Update parameter type of dsp_cmx_send() 2023-08-16 18:22:01 +02:00
leds leds: sgm3140: Add missing timer cleanup and flash gpio control 2024-03-26 18:21:31 -04:00
macintosh macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" 2024-06-16 13:39:23 +02:00
mailbox mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt 2024-02-23 08:54:50 +01:00
mcb mcb: fix error handling for different scenarios when parsing 2023-11-28 16:56:31 +00:00
md md: fix resync softlockup when bitmap size is less than array size 2024-06-16 13:39:17 +02:00
media media: ipu3-cio2: Request IRQ earlier 2024-06-16 13:39:29 +02:00
memory
memstick
message
mfd mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref 2024-03-26 18:21:29 -04:00
misc mei: me: add lunar lake point M DID 2024-05-17 11:51:05 +02:00
mmc mmc: sdhci-msm: pervent access to suspended controller 2024-05-02 16:24:48 +02:00
most
mtd mtd: rawnand: hynix: fixed typo 2024-06-16 13:39:27 +02:00
mux
net net/mlx5: Discard command completions in internal error 2024-06-16 13:39:26 +02:00
nfc NFC: trf7970a: disable all regulators on removal 2024-05-02 16:24:45 +02:00
ntb NTB: fix possible name leak in ntb_register_device() 2024-03-26 18:21:28 -04:00
nubus
nvdimm nd_btt: Make BTT lanes preemptible 2023-11-20 11:08:22 +01:00
nvme nvme: find numa distance only if controller has valid numa id 2024-06-16 13:39:15 +02:00
nvmem nvmem: meson-efuse: fix function pointer type mismatch 2024-04-10 16:18:40 +02:00
of of: dynamic: Synchronize of_changeset_destroy() with the devlink removals 2024-04-10 16:19:42 +02:00
opp OPP: debugfs: Fix warning around icc_get_name() 2024-03-26 18:21:23 -04:00
parisc parisc: iosapic.c: Fix sparse warnings 2023-10-06 13:18:15 +02:00
parport parport: parport_serial: Add Brainboxes device IDs and geometry 2024-01-25 14:52:31 -08:00
pci PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports 2024-04-10 16:19:34 +02:00
pcmcia pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() 2023-11-20 11:08:27 +01:00
perf perf: hisi: Fix use-after-free when register pmu fails 2023-11-20 11:08:21 +01:00
phy phy: tegra: xusb: Add API to retrieve the port number of phy 2024-04-10 16:18:40 +02:00
pinctrl pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() 2024-05-25 16:20:16 +02:00
platform platform/x86: intel-vbtn: Update tablet mode switch at end of probe 2024-04-13 13:01:48 +02:00
pnp PNP: ACPI: fix fortify warning 2024-02-23 08:54:38 +01:00
power power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator 2024-05-17 11:50:46 +02:00
powercap
pps
ps3
ptp ptp: annotate data-race around q->head and q->tail 2023-11-28 16:56:23 +00:00
pwm pwm: sti: Simplify probe function using devm functions 2024-06-16 13:39:23 +02:00
rapidio
ras
regulator regulator: vqmmc-ipq4019: fix module autoloading 2024-06-16 13:39:14 +02:00
remoteproc remoteproc: mediatek: Make sure IPI buffer fits in L2TCM 2024-05-25 16:20:18 +02:00
reset reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning 2024-01-25 14:52:30 -08:00
rpmsg rpmsg: virtio: Free driver_override when rpmsg_remove() 2024-02-23 08:54:24 +01:00
rtc rtc: mt6397: select IRQ_DOMAIN instead of depending on it 2024-03-26 18:21:34 -04:00
s390 s390/cio: fix tracepoint subchannel type field 2024-06-16 13:39:17 +02:00
sbus
scsi scsi: qla2xxx: Fix debugfs output for fw_resource_count 2024-06-16 13:39:24 +02:00
sh
siox
slimbus slimbus: qcom-ngd-ctrl: Add timeout for wait operation 2024-05-17 11:51:04 +02:00
soc soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE 2024-06-16 13:39:17 +02:00
soundwire soundwire: stream: fix NULL pointer dereference for multi_link 2023-12-20 15:17:41 +01:00
spi spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs 2024-05-17 11:50:47 +02:00
spmi
ssb
staging media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries 2024-06-16 13:39:29 +02:00
target scsi: target: Fix SELinux error when systemd-modules loads the target module 2024-05-17 11:50:54 +02:00
tc
tee tee: optee: Fix kernel panic caused by incorrect error handling 2024-04-10 16:18:46 +02:00
thermal thermal/drivers/tsens: Fix null pointer dereference 2024-06-16 13:39:22 +02:00
thunderbolt thunderbolt: Fix wake configurations after device unplug 2024-04-27 17:05:26 +02:00
tty serial: 8250_bcm7271: use default_mux_rate if possible 2024-06-16 13:39:12 +02:00
uio uio: Fix use-after-free in uio_open 2024-01-25 14:52:31 -08:00
usb usb: typec: ucsi: displayport: Fix potential deadlock 2024-05-25 16:20:18 +02:00
vdpa vdpa/mlx5: Allow CVQ size changes 2024-03-26 18:21:36 -04:00
vfio vfio/fsl-mc: Block calling interrupt handler without trigger 2024-04-10 16:19:30 +02:00
vhost vhost: Add smp_rmb() in vhost_vq_avail_empty() 2024-04-17 11:15:16 +02:00
video fbdev: sh7760fb: allow modular build 2024-06-16 13:39:29 +02:00
virt drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() 2024-06-16 13:39:32 +02:00
virtio virtio: reenable config if freezing device failed 2024-04-13 13:01:47 +02:00
visorbus
vlynq
vme
w1
watchdog watchdog: stm32_iwdg: initialize default timeout 2024-03-26 18:21:33 -04:00
xen xen/events: close evtchn after mapping cleanup 2024-04-10 16:18:46 +02:00
zorro
Kconfig
Makefile