| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 19 Sep 2021 14:38:46 +0800
From: Liu Yi L <yi.l.liu@...el.com>
To: alex.williamson@...hat.com, jgg@...dia.com, hch@....de,
jasowang@...hat.com, joro@...tes.org
Cc: jean-philippe@...aro.org, kevin.tian@...el.com, parav@...lanox.com,
lkml@...ux.net, pbonzini@...hat.com, lushenming@...wei.com,
eric.auger@...hat.com, corbet@....net, ashok.raj@...el.com,
yi.l.liu@...el.com, yi.l.liu@...ux.intel.com, jun.j.tian@...el.com,
hao.wu@...el.com, dave.jiang@...el.com,
jacob.jun.pan@...ux.intel.com, kwankhede@...dia.com,
robin.murphy@....com, kvm@...r.kernel.org,
iommu@...ts.linux-foundation.org, dwmw2@...radead.org,
linux-kernel@...r.kernel.org, baolu.lu@...ux.intel.com,
david@...son.dropbear.id.au, nicolinc@...dia.com
Subject: [RFC 18/20] iommu/iommufd: Add IOMMU_[UN]MAP_DMA on IOASID
[HACK. will fix in v2]
This patch introduces vfio type1v2-equivalent interface to userspace. Due
to aforementioned hack, iommufd currently calls exported vfio symbols to
handle map/unmap requests from the user.
Signed-off-by: Liu Yi L <yi.l.liu@...el.com>
---
drivers/iommu/iommufd/iommufd.c | 104 ++++++++++++++++++++++++++++++++
include/uapi/linux/iommu.h | 29 +++++++++
2 files changed, 133 insertions(+)
diff --git a/drivers/iommu/iommufd/iommufd.c b/drivers/iommu/iommufd/iommufd.c
index cbf5e30062a6..f5f2274d658c 100644
--- a/drivers/iommu/iommufd/iommufd.c
+++ b/drivers/iommu/iommufd/iommufd.c
@@ -55,6 +55,7 @@ struct iommufd_ioas {
struct mutex lock;
struct list_head device_list;
struct iommu_domain *domain;
+ struct vfio_iommu *vfio_iommu; /* FIXME: added for reusing vfio_iommu_type1 code */
};
/*
@@ -158,6 +159,7 @@ static void ioas_put_locked(struct iommufd_ioas *ioas)
return;
WARN_ON(!list_empty(&ioas->device_list));
+ vfio_iommu_type1_release(ioas->vfio_iommu); /* FIXME: reused vfio code */
xa_erase(&ictx->ioasid_xa, ioasid);
iommufd_ctx_put(ictx);
kfree(ioas);
@@ -185,6 +187,7 @@ static int iommufd_ioasid_alloc(struct iommufd_ctx *ictx, unsigned long arg)
struct iommufd_ioas *ioas;
unsigned long minsz;
int ioasid, ret;
+ struct vfio_iommu *vfio_iommu;
minsz = offsetofend(struct iommu_ioasid_alloc, addr_width);
@@ -211,6 +214,18 @@ static int iommufd_ioasid_alloc(struct iommufd_ctx *ictx, unsigned long arg)
return ret;
}
+ /* FIXME: get a vfio_iommu object for dma map/unmap management */
+ vfio_iommu = vfio_iommu_type1_open(VFIO_TYPE1v2_IOMMU);
+ if (IS_ERR(vfio_iommu)) {
+ pr_err_ratelimited("Failed to get vfio_iommu object\n");
+ mutex_lock(&ictx->lock);
+ xa_erase(&ictx->ioasid_xa, ioasid);
+ mutex_unlock(&ictx->lock);
+ kfree(ioas);
+ return PTR_ERR(vfio_iommu);
+ }
+ ioas->vfio_iommu = vfio_iommu;
+
ioas->ioasid = ioasid;
/* only supports kernel managed I/O page table so far */
@@ -383,6 +398,49 @@ static int iommufd_get_device_info(struct iommufd_ctx *ictx,
return copy_to_user((void __user *)arg, &info, minsz) ? -EFAULT : 0;
}
+static int iommufd_process_dma_op(struct iommufd_ctx *ictx,
+ unsigned long arg, bool map)
+{
+ struct iommu_ioasid_dma_op dma;
+ unsigned long minsz;
+ struct iommufd_ioas *ioas = NULL;
+ int ret;
+
+ minsz = offsetofend(struct iommu_ioasid_dma_op, padding);
+
+ if (copy_from_user(&dma, (void __user *)arg, minsz))
+ return -EFAULT;
+
+ if (dma.argsz < minsz || dma.flags || dma.ioasid < 0)
+ return -EINVAL;
+
+ ioas = ioasid_get_ioas(ictx, dma.ioasid);
+ if (!ioas) {
+ pr_err_ratelimited("unkonwn IOASID %u\n", dma.ioasid);
+ return -EINVAL;
+ }
+
+ mutex_lock(&ioas->lock);
+
+ /*
+ * Needs to block map/unmap request from userspace before IOASID
+ * is attached to any device.
+ */
+ if (list_empty(&ioas->device_list)) {
+ ret = -EINVAL;
+ goto out;
+ }
+
+ if (map)
+ ret = vfio_iommu_type1_map_dma(ioas->vfio_iommu, arg + minsz);
+ else
+ ret = vfio_iommu_type1_unmap_dma(ioas->vfio_iommu, arg + minsz);
+out:
+ mutex_unlock(&ioas->lock);
+ ioas_put(ioas);
+ return ret;
+};
+
static long iommufd_fops_unl_ioctl(struct file *filep,
unsigned int cmd, unsigned long arg)
{
@@ -409,6 +467,12 @@ static long iommufd_fops_unl_ioctl(struct file *filep,
case IOMMU_IOASID_FREE:
ret = iommufd_ioasid_free(ictx, arg);
break;
+ case IOMMU_MAP_DMA:
+ ret = iommufd_process_dma_op(ictx, arg, true);
+ break;
+ case IOMMU_UNMAP_DMA:
+ ret = iommufd_process_dma_op(ictx, arg, false);
+ break;
default:
pr_err_ratelimited("unsupported cmd %u\n", cmd);
break;
@@ -478,6 +542,39 @@ static int ioas_check_device_compatibility(struct iommufd_ioas *ioas,
return 0;
}
+/* HACK:
+ * vfio_iommu_add/remove_device() is hacky implementation for
+ * this version to add the device/group to vfio iommu type1.
+ */
+static int vfio_iommu_add_device(struct vfio_iommu *vfio_iommu,
+ struct device *dev,
+ struct iommu_domain *domain)
+{
+ struct iommu_group *group;
+ int ret;
+
+ group = iommu_group_get(dev);
+ if (!group)
+ return -EINVAL;
+
+ ret = vfio_iommu_add_group(vfio_iommu, group, domain);
+ iommu_group_put(group);
+ return ret;
+}
+
+static void vfio_iommu_remove_device(struct vfio_iommu *vfio_iommu,
+ struct device *dev)
+{
+ struct iommu_group *group;
+
+ group = iommu_group_get(dev);
+ if (!group)
+ return;
+
+ vfio_iommu_remove_group(vfio_iommu, group);
+ iommu_group_put(group);
+}
+
/**
* iommufd_device_attach_ioasid - attach device to an ioasid
* @idev: [in] Pointer to struct iommufd_device.
@@ -539,11 +636,17 @@ int iommufd_device_attach_ioasid(struct iommufd_device *idev, int ioasid)
if (ret)
goto out_domain;
+ ret = vfio_iommu_add_device(ioas->vfio_iommu, idev->dev, domain);
+ if (ret)
+ goto out_detach;
+
ioas_dev->idev = idev;
list_add(&ioas_dev->next, &ioas->device_list);
mutex_unlock(&ioas->lock);
return 0;
+out_detach:
+ iommu_detach_device(domain, idev->dev);
out_domain:
ioas_free_domain_if_empty(ioas);
out_free:
@@ -579,6 +682,7 @@ void iommufd_device_detach_ioasid(struct iommufd_device *idev, int ioasid)
}
list_del(&ioas_dev->next);
+ vfio_iommu_remove_device(ioas->vfio_iommu, idev->dev);
iommu_detach_device(ioas->domain, idev->dev);
ioas_free_domain_if_empty(ioas);
kfree(ioas_dev);
diff --git a/include/uapi/linux/iommu.h b/include/uapi/linux/iommu.h
index f408ad3c8ade..fe815cc1f665 100644
--- a/include/uapi/linux/iommu.h
+++ b/include/uapi/linux/iommu.h
@@ -141,6 +141,35 @@ struct iommu_ioasid_alloc {
#define IOMMU_IOASID_FREE _IO(IOMMU_TYPE, IOMMU_BASE + 3)
+/*
+ * Map/unmap process virtual addresses to I/O virtual addresses.
+ *
+ * Provide VFIO type1 equivalent semantics. Start with the same
+ * restriction e.g. the unmap size should match those used in the
+ * original mapping call.
+ *
+ * @argsz: user filled size of this data.
+ * @flags: reserved for future extension.
+ * @ioasid: the handle of target I/O address space.
+ * @data: the operation payload, refer to vfio_iommu_type1_dma_{un}map.
+ *
+ * FIXME:
+ * userspace needs to include uapi/vfio.h as well as interface reuses
+ * the map/unmap logic from vfio iommu type1.
+ *
+ * Return: 0 on success, -errno on failure.
+ */
+struct iommu_ioasid_dma_op {
+ __u32 argsz;
+ __u32 flags;
+ __s32 ioasid;
+ __u32 padding;
+ __u8 data[];
+};
+
+#define IOMMU_MAP_DMA _IO(IOMMU_TYPE, IOMMU_BASE + 4)
+#define IOMMU_UNMAP_DMA _IO(IOMMU_TYPE, IOMMU_BASE + 5)
+
#define IOMMU_FAULT_PERM_READ (1 << 0) /* read */
#define IOMMU_FAULT_PERM_WRITE (1 << 1) /* write */
#define IOMMU_FAULT_PERM_EXEC (1 << 2) /* exec */
--
2.25.1
Powered by blists - more mailing lists