github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
Linux kernel source tree
787,928 Commits 1 Branch 934 Tags 20 GiB
C 97%
Assembly 1%
Shell 0.6%
Rust 0.5%
Python 0.4%
Other 0.3%
f7b467ad1b
Go to file
Alex Williamson f7b467ad1b vfio/type1: Limit DMA mappings per container 
commit 492855939b upstream.

Memory backed DMA mappings are accounted against a user's locked
memory limit, including multiple mappings of the same memory.  This
accounting bounds the number of such mappings that a user can create.
However, DMA mappings that are not backed by memory, such as DMA
mappings of device MMIO via mmaps, do not make use of page pinning
and therefore do not count against the user's locked memory limit.
These mappings still consume memory, but the memory is not well
associated to the process for the purpose of oom killing a task.

To add bounding on this use case, we introduce a limit to the total
number of concurrent DMA mappings that a user is allowed to create.
This limit is exposed as a tunable module option where the default
value of 64K is expected to be well in excess of any reasonable use
case (a large virtual machine configuration would typically only make
use of tens of concurrent mappings).

This fixes CVE-2019-3882.

Reviewed-by: Eric Auger <eric.auger@redhat.com>
Tested-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-02 09:58:55 +02:00
arch perf/x86/intel: Update KBL Package C-state events to also include PC8/PC9/PC10 counters 2019-05-02 09:58:55 +02:00
block blk-iolatency: #include "blk.h" 2019-04-20 09:15:58 +02:00
certs export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR() 2018-08-22 23:21:44 +09:00
crypto crypto: x86/poly1305 - fix overflow during partial reduction 2019-04-27 09:36:37 +02:00
Documentation ARM: 8833/1: Ensure that NEON code always compiles with Clang 2019-04-05 22:33:08 +02:00
drivers vfio/type1: Limit DMA mappings per container 2019-05-02 09:58:55 +02:00
firmware kbuild: remove all dummy assignments to obj- 2017-11-18 11:46:06 +09:00
fs nfsd: Don't release the callback slot unless it was actually held 2019-05-02 09:58:54 +02:00
include tracing: Fix buffer_ref pipe ops 2019-05-02 09:58:53 +02:00
init Revert "mm: use early_pfn_to_nid in page_ext_init" 2019-03-23 20:09:46 +01:00
ipc ipc/shm.c: use ERR_CAST() for shm_lock() error return 2018-10-05 16:32:04 -07:00
kernel sched/numa: Fix a possible divide-by-zero 2019-05-02 09:58:54 +02:00
lib lib/Kconfig.debug: fix build error without CONFIG_BLOCK 2019-05-02 09:58:53 +02:00
LICENSES LICENSES: Remove CC-BY-SA-4.0 license text 2018-10-18 11:28:50 +02:00
mm percpu: stop printing kernel addresses 2019-04-27 09:36:40 +02:00
net sunrpc: don't mark uninitialised items as VALID. 2019-05-02 09:58:55 +02:00
samples samples: mei: use /dev/mei0 instead of /dev/mei 2019-02-15 08:10:11 +01:00
scripts modpost: file2alias: check prototype of handler 2019-04-27 09:36:39 +02:00
security device_cgroup: fix RCU imbalance in error case 2019-04-27 09:36:40 +02:00
sound ALSA: hda/ca0132 - Fix build error without CONFIG_PCI 2019-05-02 09:58:52 +02:00
tools tools include: Adopt linux/bits.h 2019-04-27 09:36:40 +02:00
usr initramfs: move gen_initramfs_list.sh from scripts/ to usr/ 2018-08-22 23:21:44 +09:00
virt KVM: Reject device ioctls from processes other than the VM's creator 2019-04-03 06:26:29 +02:00
.clang-format clang-format: Set IndentWrappedFunctionNames false 2018-08-01 18:38:51 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore Kbuild updates for v4.17 (2nd) 2018-04-15 17:21:30 -07:00
.mailmap libnvdimm-for-4.19_misc 2018-08-25 18:13:10 -07:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS 9p: remove Ron Minnich from MAINTAINERS 2018-08-17 16:20:26 -07:00
Kbuild Kbuild updates for v4.15 2017-11-17 17:45:29 -08:00
Kconfig kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt 2018-08-02 08:06:55 +09:00
MAINTAINERS platform/x86: Add Intel AtomISP2 dummy / power-management driver 2019-04-20 09:16:02 +02:00
Makefile Linux 4.19.37 2019-04-27 09:36:41 +02:00
README Docs: Added a pointer to the formatted docs to README 2018-03-21 09:02:53 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.