Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp222053ybh; Sun, 12 Jul 2020 04:17:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyJq2FP0TyQINJCx35S8EaxwM95wQwilf5fFYuurfhFaMKhdXxL4Ge4apuFxMq3DoTYfnGS X-Received: by 2002:a05:6402:1c86:: with SMTP id cy6mr71631516edb.30.1594552650294; Sun, 12 Jul 2020 04:17:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594552650; cv=none; d=google.com; s=arc-20160816; b=P4hjGuXrJ9OuZ4BVLERIn0nwTTFFLv9zSF0kCTydv0mupD4VVYsjDC7vSyyyfmtMbA Hgi6jnNbZlhJcFV+85MspWOYyNlE7ErLfT7m+oiTT0V7HRwroD1i89fGdjbcU72a/ldj kE2T+sF2OtVpDkT9wFEDiESmYKk91WevJoapEP5XdC1drMky1IdAOLFkOGeLDzClSizL EiZl/IvdbcJnwXX0O8S6kZngHXjyURd5Dt2OPfZzBaH9MYF1YT01hR6qwjS6m1/5cC6P 6eSFI8kpWvoadV0RYuf8/29wNrfWg/C1kACGlTvGjLnqqi5iXWHLnz7BeD97C/JtNrq+ H9QA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:ironport-sdr:ironport-sdr; bh=t5wAfp4cg/CwTRCqxYNbwm9Qm4NmeOnx0JvuZYJKW08=; b=nHYz92SFya2YSMG1ZxmFg8XHlF5RPTbx9HRpzoGBuVMqCIHEJc/LeKYW0qjGCA/ufX aNReNBtkK4FZSpiHy8GP5mGjyZdN8UdS/j+Spne1mtqmYb/lhs4jDbV3cyXeHCjUiJK5 SFewiN5qCfZ+P4vn9h0cXs1iAT13vkk+hpfsjcrvaW/89nS5vn/uHuz3XK09WMIiDnct WjTPHHQ8Ae1YTvh2p+MYa1yauc1h/pkrj+Gg6ENv9djvgM5TYAqDWYzkFRTwaPd1p3yg 1atPBVhW4hXfkK/nSFv6w1xuJ4B7+IQfftn8ISuorr0FNpxQVPrc2p8qiARaTtLj8GdV WC0A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c13si7285015edw.351.2020.07.12.04.17.08; Sun, 12 Jul 2020 04:17:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728989AbgGLLP6 (ORCPT + 99 others); Sun, 12 Jul 2020 07:15:58 -0400 Received: from mga09.intel.com ([134.134.136.24]:45847 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728827AbgGLLOf (ORCPT ); Sun, 12 Jul 2020 07:14:35 -0400 IronPort-SDR: HCBTurG+x9wv2Glb45Itda4ELKSE0kpg/+M4qqcwQ4v4erxGh2D9U81TdSj7yY3Qa/D0UvlIIR qFdv6BVPXkZw== X-IronPort-AV: E=McAfee;i="6000,8403,9679"; a="149952693" X-IronPort-AV: E=Sophos;i="5.75,343,1589266800"; d="scan'208";a="149952693" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jul 2020 04:14:30 -0700 IronPort-SDR: zd0ixL4Ch8prpJIg88cIj349IBmI83xKpIWi+Oa/xxVLeikQxmUYM/SW39IlKix08eq4FBwvU6 ospZSiv31P8w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,343,1589266800"; d="scan'208";a="315788576" Received: from jacob-builder.jf.intel.com ([10.7.199.155]) by orsmga008.jf.intel.com with ESMTP; 12 Jul 2020 04:14:30 -0700 From: Liu Yi L To: alex.williamson@redhat.com, eric.auger@redhat.com, baolu.lu@linux.intel.com, joro@8bytes.org Cc: kevin.tian@intel.com, jacob.jun.pan@linux.intel.com, ashok.raj@intel.com, yi.l.liu@intel.com, jun.j.tian@intel.com, yi.y.sun@intel.com, jean-philippe@linaro.org, peterx@redhat.com, hao.wu@intel.com, stefanha@gmail.com, iommu@lists.linux-foundation.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v5 09/15] iommu/vt-d: Check ownership for PASIDs from user-space Date: Sun, 12 Jul 2020 04:21:04 -0700 Message-Id: <1594552870-55687-10-git-send-email-yi.l.liu@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1594552870-55687-1-git-send-email-yi.l.liu@intel.com> References: <1594552870-55687-1-git-send-email-yi.l.liu@intel.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When an IOMMU domain with nesting attribute is used for guest SVA, a system-wide PASID is allocated for binding with the device and the domain. For security reason, we need to check the PASID passsed from user-space. e.g. page table bind/unbind and PASID related cache invalidation. Cc: Kevin Tian CC: Jacob Pan Cc: Alex Williamson Cc: Eric Auger Cc: Jean-Philippe Brucker Cc: Joerg Roedel Cc: Lu Baolu Signed-off-by: Liu Yi L Signed-off-by: Jacob Pan --- drivers/iommu/intel/iommu.c | 10 ++++++++++ drivers/iommu/intel/svm.c | 7 +++++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c index 4d54198..a9504cb 100644 --- a/drivers/iommu/intel/iommu.c +++ b/drivers/iommu/intel/iommu.c @@ -5436,6 +5436,7 @@ intel_iommu_sva_invalidate(struct iommu_domain *domain, struct device *dev, int granu = 0; u64 pasid = 0; u64 addr = 0; + void *pdata; granu = to_vtd_granularity(cache_type, inv_info->granularity); if (granu == -EINVAL) { @@ -5456,6 +5457,15 @@ intel_iommu_sva_invalidate(struct iommu_domain *domain, struct device *dev, (inv_info->granu.addr_info.flags & IOMMU_INV_ADDR_FLAGS_PASID)) pasid = inv_info->granu.addr_info.pasid; + pdata = ioasid_find(dmar_domain->ioasid_sid, pasid, NULL); + if (!pdata) { + ret = -EINVAL; + goto out_unlock; + } else if (IS_ERR(pdata)) { + ret = PTR_ERR(pdata); + goto out_unlock; + } + switch (BIT(cache_type)) { case IOMMU_CACHE_INV_TYPE_IOTLB: /* HW will ignore LSB bits based on address mask */ diff --git a/drivers/iommu/intel/svm.c b/drivers/iommu/intel/svm.c index d2c0e1a..212dee0 100644 --- a/drivers/iommu/intel/svm.c +++ b/drivers/iommu/intel/svm.c @@ -319,7 +319,7 @@ int intel_svm_bind_gpasid(struct iommu_domain *domain, struct device *dev, dmar_domain = to_dmar_domain(domain); mutex_lock(&pasid_mutex); - svm = ioasid_find(INVALID_IOASID_SET, data->hpasid, NULL); + svm = ioasid_find(dmar_domain->ioasid_sid, data->hpasid, NULL); if (IS_ERR(svm)) { ret = PTR_ERR(svm); goto out; @@ -436,6 +436,7 @@ int intel_svm_unbind_gpasid(struct iommu_domain *domain, struct device *dev, ioasid_t pasid) { struct intel_iommu *iommu = intel_svm_device_to_iommu(dev); + struct dmar_domain *dmar_domain; struct intel_svm_dev *sdev; struct intel_svm *svm; int ret = -EINVAL; @@ -443,8 +444,10 @@ int intel_svm_unbind_gpasid(struct iommu_domain *domain, if (WARN_ON(!iommu)) return -EINVAL; + dmar_domain = to_dmar_domain(domain); + mutex_lock(&pasid_mutex); - svm = ioasid_find(INVALID_IOASID_SET, pasid, NULL); + svm = ioasid_find(dmar_domain->ioasid_sid, pasid, NULL); if (!svm) { ret = -EINVAL; goto out; -- 2.7.4