Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1423674pxk;
        Mon, 31 Aug 2020 20:15:03 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxkaGX1rtN/GdLygqrChkqaPrJQPM05POe8WS+0ahKFPllO0sjcv9d1ADDTmidyvvrm7Aaq
X-Received: by 2002:a50:f102:: with SMTP id w2mr3960574edl.63.1598930102904;
        Mon, 31 Aug 2020 20:15:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1598930102; cv=none;
        d=google.com; s=arc-20160816;
        b=zTK/P+DkUWdjqiAWxhrPV3jNUFkn5bHt4U6P34UXdBDDmehzhOnu3FEa9ZeZCL1i+k
         sh7tY3XReTEyF3YUwqD0Y4Mr05EDiTOA4SyiupN8peO3YUyCJXX05F5OtmaAy8Uh3AnQ
         hVKy0K7hfoYSSQ+QBiv0a+jw+JO7ACJ4QEikDwuT673aAZF2kTY7RBk/OSM1y9OUrlBA
         aTz1aj8u6CubqCTQDuug1MY9ybRya92gWaLtJ6vEfky9eQXxwEZOnGgFiCkcT+iJ3A5n
         agn2iY4+LD3rsx0rDnMneHrAUi4FK6fFHu6yrtfW0a4Zbl2a1tKmJg90QkTUS8I0wh9q
         bz+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:to:subject:cc:ironport-sdr:ironport-sdr;
        bh=r8yBjvVb4IlpNs0T0GHJve7Kqi/Wu6twnhjkbbDfqCo=;
        b=Pn8LeVO02WvmsS2/JuED6FKWVADJ+QLnig6R8HVS86b/otuM84QNtgKUw5DRz4Mw+x
         Sdcl5Cb8SnPULNcmuC+IcW7wP+AFzYqJW5o/vxYTFVq4RYb1U6fhBk538WP2oRTL3fA6
         DdUHqjeU34y9EMntsOPLLXvuIKIGAkHe4NEV08Erw4LdjlzztS07bYFkxjWjHLgYgInx
         YPnqWUBh16GV5w0hpuAkCAdHj01LofDr2vt/AH+j7hh43t4KiWwylFDdxIdnwfu25Wzi
         vImnleX/TvVDWAOc1o0KrlEN14yJGRjc+sw4wtXiHpDgMqbF3cEPmldLYpoj61uTcOg7
         Lzww==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id q16si6190894eds.582.2020.08.31.20.14.37;
        Mon, 31 Aug 2020 20:15:02 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726102AbgIADOB (ORCPT <rfc822;kerneldev.sdk@gmail.com>
        + 99 others); Mon, 31 Aug 2020 23:14:01 -0400
Received: from mga18.intel.com ([134.134.136.126]:18231 "EHLO mga18.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726020AbgIADOA (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 31 Aug 2020 23:14:00 -0400
IronPort-SDR: zfJh0yvkKhIzjDeZV2eHn3mfbwALu2mnN0+/NIhQOwneb02U3LoKBJ6xlv3AxZ3aa4DedRMIXj
 Ra5Hx2TpXxMg==
X-IronPort-AV: E=McAfee;i="6000,8403,9730"; a="144786022"
X-IronPort-AV: E=Sophos;i="5.76,377,1592895600"; 
   d="scan'208";a="144786022"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga004.fm.intel.com ([10.253.24.48])
  by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Aug 2020 20:13:59 -0700
IronPort-SDR: rKZzeqLAQU40eajfXweGsHc/Gy3SPbdgFm4ssYm5zaESBdwwQ0ic4RbbpCcP6cTvv/TxWfc9zr
 LBKx2j1b4dBA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.76,377,1592895600"; 
   d="scan'208";a="325174443"
Received: from allen-box.sh.intel.com (HELO [10.239.159.139]) ([10.239.159.139])
  by fmsmga004.fm.intel.com with ESMTP; 31 Aug 2020 20:13:55 -0700
Cc:     baolu.lu@linux.intel.com, David Woodhouse <dwmw2@infradead.org>,
        Yi Liu <yi.l.liu@intel.com>,
        "Tian, Kevin" <kevin.tian@intel.com>,
        Raj Ashok <ashok.raj@intel.com>,
        Christoph Hellwig <hch@infradead.org>,
        Jean-Philippe Brucker <jean-philippe@linaro.com>,
        Eric Auger <eric.auger@redhat.com>,
        Jonathan Corbet <corbet@lwn.net>,
        Jacob Pan <jacob.jun.pan@linux.intel.com>
Subject: Re: [PATCH v8 7/7] iommu/vt-d: Check UAPI data processed by IOMMU
 core
To:     Jacob Pan <jacob.pan.linux@gmail.com>,
        iommu@lists.linux-foundation.org,
        LKML <linux-kernel@vger.kernel.org>,
        Joerg Roedel <joro@8bytes.org>,
        Alex Williamson <alex.williamson@redhat.com>
References: <1598898300-65475-1-git-send-email-jacob.jun.pan@linux.intel.com>
 <1598898300-65475-8-git-send-email-jacob.jun.pan@linux.intel.com>
From:   Lu Baolu <baolu.lu@linux.intel.com>
Message-ID: <2b4ee3f0-d0df-9802-14e6-984a790834af@linux.intel.com>
Date:   Tue, 1 Sep 2020 11:08:19 +0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <1598898300-65475-8-git-send-email-jacob.jun.pan@linux.intel.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Jacob,

On 9/1/20 2:25 AM, Jacob Pan wrote:
> IOMMU generic layer already does sanity checks on UAPI data for version
> match and argsz range based on generic information.
> 
> This patch adjusts the following data checking responsibilities:
> - removes the redundant version check from VT-d driver
> - removes the check for vendor specific data size
> - adds check for the use of reserved/undefined flags
> 
> Signed-off-by: Jacob Pan <jacob.jun.pan@linux.intel.com>
> ---
>   drivers/iommu/intel/iommu.c |  3 +--
>   drivers/iommu/intel/svm.c   | 11 +++++++++--
>   include/uapi/linux/iommu.h  |  1 +
>   3 files changed, 11 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
> index 43f16f0cebde..a3a0b5c8921d 100644
> --- a/drivers/iommu/intel/iommu.c
> +++ b/drivers/iommu/intel/iommu.c
> @@ -5399,8 +5399,7 @@ intel_iommu_sva_invalidate(struct iommu_domain *domain, struct device *dev,
>   	int ret = 0;
>   	u64 size = 0;
>   
> -	if (!inv_info || !dmar_domain ||
> -	    inv_info->version != IOMMU_CACHE_INVALIDATE_INFO_VERSION_1)
> +	if (!inv_info || !dmar_domain)
>   		return -EINVAL;
>   
>   	if (!dev || !dev_is_pci(dev))
> diff --git a/drivers/iommu/intel/svm.c b/drivers/iommu/intel/svm.c
> index 99353d6468fa..0cb9a15f1112 100644
> --- a/drivers/iommu/intel/svm.c
> +++ b/drivers/iommu/intel/svm.c
> @@ -284,8 +284,15 @@ int intel_svm_bind_gpasid(struct iommu_domain *domain, struct device *dev,
>   	if (WARN_ON(!iommu) || !data)
>   		return -EINVAL;
>   
> -	if (data->version != IOMMU_GPASID_BIND_VERSION_1 ||
> -	    data->format != IOMMU_PASID_FORMAT_INTEL_VTD)
> +	if (data->format != IOMMU_PASID_FORMAT_INTEL_VTD)
> +		return -EINVAL;
> +
> +	/* IOMMU core ensures argsz is more than the start of the union */
> +	if (data->argsz < offsetofend(struct iommu_gpasid_bind_data, vendor.vtd))
> +		return -EINVAL;
> +
> +	/* Make sure no undefined flags are used in vendor data */
> +	if (data->vendor.vtd.flags & ~(IOMMU_SVA_VTD_GPASID_LAST - 1))
>   		return -EINVAL;
>   
>   	if (!dev_is_pci(dev))
> diff --git a/include/uapi/linux/iommu.h b/include/uapi/linux/iommu.h
> index c64bca5af419..1ebc23df4fbc 100644
> --- a/include/uapi/linux/iommu.h
> +++ b/include/uapi/linux/iommu.h
> @@ -288,6 +288,7 @@ struct iommu_gpasid_bind_data_vtd {
>   #define IOMMU_SVA_VTD_GPASID_PWT	(1 << 3) /* page-level write through */
>   #define IOMMU_SVA_VTD_GPASID_EMTE	(1 << 4) /* extended mem type enable */
>   #define IOMMU_SVA_VTD_GPASID_CD		(1 << 5) /* PASID-level cache disable */
> +#define IOMMU_SVA_VTD_GPASID_LAST	(1 << 6)
>   	__u64 flags;
>   	__u32 pat;
>   	__u32 emt;
> 

Reviewed-by: Lu Baolu <baolu.lu@linux.intel.com>

Best regards,
baolu