[PATCH v3 08/14] iommu/vt-d: Check ownership for PASIDs from user-space

Wed, 24 Jun 2020 01:49:31 -0700 

When an IOMMU domain with nesting attribute is used for guest SVA, a
system-wide PASID is allocated for binding with the device and the domain.
For security reason, we need to check the PASID passsed from user-space.
e.g. page table bind/unbind and PASID related cache invalidation.

Cc: Kevin Tian <kevin.t...@intel.com>
CC: Jacob Pan <jacob.jun....@linux.intel.com>
Cc: Alex Williamson <alex.william...@redhat.com>
Cc: Eric Auger <eric.au...@redhat.com>
Cc: Jean-Philippe Brucker <jean-phili...@linaro.org>
Cc: Joerg Roedel <j...@8bytes.org>
Cc: Lu Baolu <baolu...@linux.intel.com>
Signed-off-by: Liu Yi L <yi.l....@intel.com>
Signed-off-by: Jacob Pan <jacob.jun....@linux.intel.com>
---
 drivers/iommu/intel/iommu.c | 10 ++++++++++
 drivers/iommu/intel/svm.c   |  7 +++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index b139ab4..b50395e 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -5429,6 +5429,7 @@ intel_iommu_sva_invalidate(struct iommu_domain *domain, 
struct device *dev,
                int granu = 0;
                u64 pasid = 0;
                u64 addr = 0;
+               void *pdata;
 
                granu = to_vtd_granularity(cache_type, inv_info->granularity);
                if (granu == -EINVAL) {
@@ -5448,6 +5449,15 @@ intel_iommu_sva_invalidate(struct iommu_domain *domain, 
struct device *dev,
                         (inv_info->granu.addr_info.flags & 
IOMMU_INV_ADDR_FLAGS_PASID))
                        pasid = inv_info->granu.addr_info.pasid;
 
+               pdata = ioasid_find(dmar_domain->ioasid_sid, pasid, NULL);
+               if (!pdata) {
+                       ret = -EINVAL;
+                       goto out_unlock;
+               } else if (IS_ERR(pdata)) {
+                       ret = PTR_ERR(pdata);
+                       goto out_unlock;
+               }
+
                switch (BIT(cache_type)) {
                case IOMMU_CACHE_INV_TYPE_IOTLB:
                        /* HW will ignore LSB bits based on address mask */
diff --git a/drivers/iommu/intel/svm.c b/drivers/iommu/intel/svm.c
index 1e567a1..aa2e1aa 100644
--- a/drivers/iommu/intel/svm.c
+++ b/drivers/iommu/intel/svm.c
@@ -323,7 +323,7 @@ int intel_svm_bind_gpasid(struct iommu_domain *domain, 
struct device *dev,
        dmar_domain = to_dmar_domain(domain);
 
        mutex_lock(&pasid_mutex);
-       svm = ioasid_find(INVALID_IOASID_SET, data->hpasid, NULL);
+       svm = ioasid_find(dmar_domain->ioasid_sid, data->hpasid, NULL);
        if (IS_ERR(svm)) {
                ret = PTR_ERR(svm);
                goto out;
@@ -440,6 +440,7 @@ int intel_svm_unbind_gpasid(struct iommu_domain *domain,
                            struct device *dev, ioasid_t pasid)
 {
        struct intel_iommu *iommu = intel_svm_device_to_iommu(dev);
+       struct dmar_domain *dmar_domain;
        struct intel_svm_dev *sdev;
        struct intel_svm *svm;
        int ret = -EINVAL;
@@ -447,8 +448,10 @@ int intel_svm_unbind_gpasid(struct iommu_domain *domain,
        if (WARN_ON(!iommu))
                return -EINVAL;
 
+       dmar_domain = to_dmar_domain(domain);
+
        mutex_lock(&pasid_mutex);
-       svm = ioasid_find(INVALID_IOASID_SET, pasid, NULL);
+       svm = ioasid_find(dmar_domain->ioasid_sid, pasid, NULL);
        if (!svm) {
                ret = -EINVAL;
                goto out;
-- 
2.7.4

_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu

Reply via email to