lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1512041678-4563-1-git-send-email-pmorel@linux.vnet.ibm.com>
Date:   Thu, 30 Nov 2017 12:34:38 +0100
From:   Pierre Morel <pmorel@...ux.vnet.ibm.com>
To:     alex.williamson@...hat.com
Cc:     cohuck@...hat.com, borntraeger@...ibm.com,
        zyimin@...ux.vnet.ibm.com, pasic@...ux.vnet.ibm.com,
        kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] vfio/iommu_type1: report the IOMMU aperture info

When userland VFIO defines a new IOMMU for a guest it may
want to specify to the guest the physical limits of
the underlying host IOMMU to avoid access to forbidden
memory ranges.

Currently, the vfio_iommu_type1 driver does not report this
information to userland.

Let's extend the vfio_iommu_type1_info structure reported
by the ioctl VFIO_IOMMU_GET_INFO command to report the
IOMMU limits as new uint64_t entries aperture_start and
aperture_end.

Let's also extend the flags bit map to add a flag specifying
if this extension of the info structure is reported or not.

Signed-off-by: Pierre Morel <pmorel@...ux.vnet.ibm.com>
---
 drivers/vfio/vfio_iommu_type1.c | 42 +++++++++++++++++++++++++++++++++++++++++
 include/uapi/linux/vfio.h       |  3 +++
 2 files changed, 45 insertions(+)

diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 8549cb1..7da5fe0 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -1526,6 +1526,40 @@ static int vfio_domains_have_iommu_cache(struct vfio_iommu *iommu)
 	return ret;
 }
 
+/**
+ * vfio_get_aperture - report minimal aperture of a vfio_iommu
+ * @iommu: the current vfio_iommu
+ * @start: a pointer to the aperture start
+ * @end  : a pointer to the aperture end
+ *
+ * This function iterate on the domains using the given vfio_iommu
+ * and restrict the aperture to the minimal aperture common
+ * to all domains sharing this vfio_iommu.
+ */
+static void vfio_get_aperture(struct vfio_iommu *iommu, uint64_t *start,
+				uint64_t *end)
+{
+	struct iommu_domain_geometry geometry;
+	struct vfio_domain *domain;
+
+	*start = 0;
+	*end = U64_MAX;
+
+	mutex_lock(&iommu->lock);
+	/* loop on all domains using this vfio_iommu */
+	list_for_each_entry(domain, &iommu->domain_list, next) {
+		iommu_domain_get_attr(domain->domain, DOMAIN_ATTR_GEOMETRY,
+					&geometry);
+		if (geometry.force_aperture) {
+			if (geometry.aperture_start > *start)
+				*start = geometry.aperture_start;
+			if (geometry.aperture_end < *end)
+				*end = geometry.aperture_end;
+		}
+	}
+	mutex_unlock(&iommu->lock);
+}
+
 static long vfio_iommu_type1_ioctl(void *iommu_data,
 				   unsigned int cmd, unsigned long arg)
 {
@@ -1560,6 +1594,14 @@ static long vfio_iommu_type1_ioctl(void *iommu_data,
 
 		info.iova_pgsizes = vfio_pgsize_bitmap(iommu);
 
+		minsz = min_t(size_t, info.argsz, sizeof(info));
+		if (minsz >= offsetofend(struct vfio_iommu_type1_info,
+					 aperture_end)) {
+			info.flags |= VFIO_IOMMU_INFO_APERTURE;
+			vfio_get_aperture(iommu, &info.aperture_start,
+					  &info.aperture_end);
+		}
+
 		return copy_to_user((void __user *)arg, &info, minsz) ?
 			-EFAULT : 0;
 
diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h
index 0fb25fb..780d909 100644
--- a/include/uapi/linux/vfio.h
+++ b/include/uapi/linux/vfio.h
@@ -519,6 +519,9 @@ struct vfio_iommu_type1_info {
 	__u32	flags;
 #define VFIO_IOMMU_INFO_PGSIZES (1 << 0)	/* supported page sizes info */
 	__u64	iova_pgsizes;		/* Bitmap of supported page sizes */
+#define VFIO_IOMMU_INFO_APERTURE (1 << 1)	/* supported aperture info */
+	__u64   aperture_start;		/* start of DMA aperture */
+	__u64   aperture_end;		/* end of DMA aperture */
 };
 
 #define VFIO_IOMMU_GET_INFO _IO(VFIO_TYPE, VFIO_BASE + 12)
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ