block/nvme: Fix VFIO_MAP_DMA failed: No space left on device

When the NVMe block driver was introduced (see commit bdd6a90a9e,
January 2018), Linux VFIO_IOMMU_MAP_DMA ioctl was only returning
-ENOMEM in case of error. The driver was correctly handling the
error path to recycle its volatile IOVA mappings.

To fix CVE-2019-3882, Linux commit 492855939bdb ("vfio/type1: Limit
DMA mappings per container", April 2019) added the -ENOSPC error to
signal the user exhausted the DMA mappings available for a container.

The block driver started to mis-behave:

  qemu-system-x86_64: VFIO_MAP_DMA failed: No space left on device
  (qemu)
  (qemu) info status
  VM status: paused (io-error)
  (qemu) c
  VFIO_MAP_DMA failed: No space left on device
  (qemu) c
  VFIO_MAP_DMA failed: No space left on device

(The VM is not resumable from here, hence stuck.)

Fix by handling the new -ENOSPC error (when DMA mappings are
exhausted) without any distinction to the current -ENOMEM error,
so we don't change the behavior on old kernels where the CVE-2019-3882
fix is not present.

An easy way to reproduce this bug is to restrict the DMA mapping
limit (65535 by default) when loading the VFIO IOMMU module:

  # modprobe vfio_iommu_type1 dma_entry_limit=666

Cc: qemu-stable@nongnu.org
Cc: Fam Zheng <fam@euphon.net>
Cc: Maxim Levitsky <mlevitsk@redhat.com>
Cc: Alex Williamson <alex.williamson@redhat.com>
Reported-by: Michal Prívozník <mprivozn@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210723195843.1032825-1-philmd@redhat.com
Fixes: bdd6a90a9e ("block: Add VFIO based NVMe driver")
Buglink: https://bugs.launchpad.net/qemu/+bug/1863333
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/65
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This commit is contained in:
Philippe Mathieu-Daudé 2021-07-23 21:58:43 +02:00 committed by Stefan Hajnoczi
parent a2376507f6
commit 15a730e7a3

View File

@ -1030,7 +1030,29 @@ try_map:
r = qemu_vfio_dma_map(s->vfio,
qiov->iov[i].iov_base,
len, true, &iova);
if (r == -ENOSPC) {
/*
* In addition to the -ENOMEM error, the VFIO_IOMMU_MAP_DMA
* ioctl returns -ENOSPC to signal the user exhausted the DMA
* mappings available for a container since Linux kernel commit
* 492855939bdb ("vfio/type1: Limit DMA mappings per container",
* April 2019, see CVE-2019-3882).
*
* This block driver already handles this error path by checking
* for the -ENOMEM error, so we directly replace -ENOSPC by
* -ENOMEM. Beside, -ENOSPC has a specific meaning for blockdev
* coroutines: it triggers BLOCKDEV_ON_ERROR_ENOSPC and
* BLOCK_ERROR_ACTION_STOP which stops the VM, asking the operator
* to add more storage to the blockdev. Not something we can do
* easily with an IOMMU :)
*/
r = -ENOMEM;
}
if (r == -ENOMEM && retry) {
/*
* We exhausted the DMA mappings available for our container:
* recycle the volatile IOVA mappings.
*/
retry = false;
trace_nvme_dma_flush_queue_wait(s);
if (s->dma_map_count) {