[dpdk-stable] patch 'bus/pci: fix VF memory access' has been queued to stable release 19.11.4

[luca.boccassi at gmail.com]

Hi,

FYI, your patch has been queued to stable release 19.11.4

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 07/26/20. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Thanks.

Luca Boccassi

---
>From 2381dc9e10050265ee3c6abf178328eee4322804 Mon Sep 17 00:00:00 2001
From: Haiyue Wang <haiyue.wang at intel.com>
Date: Thu, 25 Jun 2020 11:50:46 +0800
Subject: [PATCH] bus/pci: fix VF memory access

[ upstream commit 54f3fb127d9c265a5724d193e5c7c6db29fb4150 ]

To fix CVE-2020-12888, the linux vfio-pci module will invalidate mmaps
and block MMIO access on disabled memory, it will send a SIGBUS to the
application:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abafbc551fdd

When the application opens the vfio PCI device, the vfio-pci module will
enable the bus memory space through PCI read/write access. According to
the PCIe specification, the 'Memory Space Enable' is always zero for VF:

             Table 9-13 Command Register Changes

Bit Location | PF and VF Register Differences | PF         | VF
             | From Base                      | Attributes | Attributes
-------------+--------------------------------+------------+-----------
             | Memory Space Enable - Does not |            |
             | apply to VFs. Must be hardwired|  Base      |  0b
     1       | to 0b for VFs. VF Memory Space |            |
             | is controlled by the VF MSE bit|            |
             | in the VF Control register.    |            |
-------------+--------------------------------+------------+-----------

Afterwards the vfio-pci will initialize its own virtual PCI config space
data ('vconfig') by reading the VF's physical PCI config space, then the
'Memory Space Enable' bit in vconfig will always be 0b value. This will
make the vfio-pci treat the BAR memory space as disabled, and the SIGBUS
will be triggered if access these BARs.

By investigation, the VF PCI device *passthrough* into the Guest OS by
QEMU has the 'Memory Space Enable' with 1b value. That's because every
PCI driver will start to enable the memory space, and this action will
be hooked by vfio-pci virtual PCI read/write to set the 'Memory Space
Enable' in vconfig space to 1b. So VF runs in guest OS has 'Mem+', but
VF runs in host OS has 'Mem-'.

Align with PCI working mode in Guest/QEMU/Host, in DPDK, enable the PCI
bus memory space explicitly to avoid access on disabled memory.

Fixes: 33604c31354a ("vfio: refactor PCI BAR mapping")

Signed-off-by: Haiyue Wang <haiyue.wang at intel.com>
Acked-by: Anatoly Burakov <anatoly.burakov at intel.com>
Tested-by: Harman Kalra <hkalra at marvell.com>
Tested-by: David Marchand <david.marchand at redhat.com>
Tested-by: Thierry Martin <thierry.martin.public at gmail.com>
---
 drivers/bus/pci/linux/pci_vfio.c | 37 ++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/drivers/bus/pci/linux/pci_vfio.c b/drivers/bus/pci/linux/pci_vfio.c
index 64cd84a68..ba60e7ce9 100644
--- a/drivers/bus/pci/linux/pci_vfio.c
+++ b/drivers/bus/pci/linux/pci_vfio.c
@@ -149,6 +149,38 @@ pci_vfio_get_msix_bar(int fd, struct pci_msix_table *msix_table)
 	return 0;
 }
 
+/* enable PCI bus memory space */
+static int
+pci_vfio_enable_bus_memory(int dev_fd)
+{
+	uint16_t cmd;
+	int ret;
+
+	ret = pread64(dev_fd, &cmd, sizeof(cmd),
+		      VFIO_GET_REGION_ADDR(VFIO_PCI_CONFIG_REGION_INDEX) +
+		      PCI_COMMAND);
+
+	if (ret != sizeof(cmd)) {
+		RTE_LOG(ERR, EAL, "Cannot read command from PCI config space!\n");
+		return -1;
+	}
+
+	if (cmd & PCI_COMMAND_MEMORY)
+		return 0;
+
+	cmd |= PCI_COMMAND_MEMORY;
+	ret = pwrite64(dev_fd, &cmd, sizeof(cmd),
+		       VFIO_GET_REGION_ADDR(VFIO_PCI_CONFIG_REGION_INDEX) +
+		       PCI_COMMAND);
+
+	if (ret != sizeof(cmd)) {
+		RTE_LOG(ERR, EAL, "Cannot write command to PCI config space!\n");
+		return -1;
+	}
+
+	return 0;
+}
+
 /* set PCI bus mastering */
 static int
 pci_vfio_set_bus_master(int dev_fd, bool op)
@@ -427,6 +459,11 @@ pci_rte_vfio_setup_device(struct rte_pci_device *dev, int vfio_dev_fd)
 		return -1;
 	}
 
+	if (pci_vfio_enable_bus_memory(vfio_dev_fd)) {
+		RTE_LOG(ERR, EAL, "Cannot enable bus memory!\n");
+		return -1;
+	}
+
 	/* set bus mastering for the device */
 	if (pci_vfio_set_bus_master(vfio_dev_fd, true)) {
 		RTE_LOG(ERR, EAL, "Cannot set up bus mastering!\n");
-- 
2.20.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2020-07-24 12:53:50.576143210 +0100
+++ 0051-bus-pci-fix-VF-memory-access.patch	2020-07-24 12:53:48.275006236 +0100
@@ -1,8 +1,10 @@
-From 54f3fb127d9c265a5724d193e5c7c6db29fb4150 Mon Sep 17 00:00:00 2001
+From 2381dc9e10050265ee3c6abf178328eee4322804 Mon Sep 17 00:00:00 2001
 From: Haiyue Wang <haiyue.wang at intel.com>
 Date: Thu, 25 Jun 2020 11:50:46 +0800
 Subject: [PATCH] bus/pci: fix VF memory access
 
+[ upstream commit 54f3fb127d9c265a5724d193e5c7c6db29fb4150 ]
+
 To fix CVE-2020-12888, the linux vfio-pci module will invalidate mmaps
 and block MMIO access on disabled memory, it will send a SIGBUS to the
 application:
@@ -41,7 +43,6 @@
 bus memory space explicitly to avoid access on disabled memory.
 
 Fixes: 33604c31354a ("vfio: refactor PCI BAR mapping")
-Cc: stable at dpdk.org
 
 Signed-off-by: Haiyue Wang <haiyue.wang at intel.com>
 Acked-by: Anatoly Burakov <anatoly.burakov at intel.com>