[thirdparty/kernel/stable-queue.git] / releases / 3.1.10 / kvm-remove-ability-to-assign-a-device-without-iommu-support.patch

From avi@redhat.com  Thu Jan 12 14:57:35 2012
From: Avi Kivity <avi@redhat.com>
Date: Thu, 12 Jan 2012 12:39:53 +0200
Subject: KVM: Remove ability to assign a device without iommu support
To: stable@vger.kernel.org
Cc: kvm@vger.kernel.org, Marcelo Tosatti <mtosatti@redhat.com>
Message-ID: <1326364794-18150-4-git-send-email-avi@redhat.com>


From: Alex Williamson <alex.williamson@redhat.com>

(cherry picked from commit 423873736b78f549fbfa2f715f2e4de7e6c5e1e9)

This option has no users and it exposes a security hole that we
can allow devices to be assigned without iommu protection.  Make
KVM_DEV_ASSIGN_ENABLE_IOMMU a mandatory option.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
 Documentation/virtual/kvm/api.txt |    3 +++
 virt/kvm/assigned-dev.c           |   18 +++++++++---------
 2 files changed, 12 insertions(+), 9 deletions(-)

--- a/Documentation/virtual/kvm/api.txt
+++ b/Documentation/virtual/kvm/api.txt
@@ -1131,6 +1131,9 @@ following flags are specified:
 /* Depends on KVM_CAP_IOMMU */
 #define KVM_DEV_ASSIGN_ENABLE_IOMMU	(1 << 0)
 
+The KVM_DEV_ASSIGN_ENABLE_IOMMU flag is a mandatory option to ensure
+isolation of the device.  Usages not specifying this flag are deprecated.
+
 4.49 KVM_DEASSIGN_PCI_DEVICE
 
 Capability: KVM_CAP_DEVICE_DEASSIGNMENT
--- a/virt/kvm/assigned-dev.c
+++ b/virt/kvm/assigned-dev.c
@@ -481,6 +481,9 @@ static int kvm_vm_ioctl_assign_device(st
 	struct kvm_assigned_dev_kernel *match;
 	struct pci_dev *dev;
 
+	if (!(assigned_dev->flags & KVM_DEV_ASSIGN_ENABLE_IOMMU))
+		return -EINVAL;
+
 	mutex_lock(&kvm->lock);
 	idx = srcu_read_lock(&kvm->srcu);
 
@@ -538,16 +541,14 @@ static int kvm_vm_ioctl_assign_device(st
 
 	list_add(&match->list, &kvm->arch.assigned_dev_head);
 
-	if (assigned_dev->flags & KVM_DEV_ASSIGN_ENABLE_IOMMU) {
-		if (!kvm->arch.iommu_domain) {
-			r = kvm_iommu_map_guest(kvm);
-			if (r)
-				goto out_list_del;
-		}
-		r = kvm_assign_device(kvm, match);
+	if (!kvm->arch.iommu_domain) {
+		r = kvm_iommu_map_guest(kvm);
 		if (r)
 			goto out_list_del;
 	}
+	r = kvm_assign_device(kvm, match);
+	if (r)
+		goto out_list_del;
 
 out:
 	srcu_read_unlock(&kvm->srcu, idx);
@@ -587,8 +588,7 @@ static int kvm_vm_ioctl_deassign_device(
 		goto out;
 	}
 
-	if (match->flags & KVM_DEV_ASSIGN_ENABLE_IOMMU)
-		kvm_deassign_device(kvm, match);
+	kvm_deassign_device(kvm, match);
 
 	kvm_free_assigned_device(kvm, match);
Commit	Line	Data
faa88b27 GKH	1	From avi@redhat.com Thu Jan 12 14:57:35 2012
	2	From: Avi Kivity <avi@redhat.com>
	3	Date: Thu, 12 Jan 2012 12:39:53 +0200
	4	Subject: KVM: Remove ability to assign a device without iommu support
	5	To: stable@vger.kernel.org
	6	Cc: kvm@vger.kernel.org, Marcelo Tosatti <mtosatti@redhat.com>
	7	Message-ID: <1326364794-18150-4-git-send-email-avi@redhat.com>
	8
	9
	10	From: Alex Williamson <alex.williamson@redhat.com>
	11
	12	(cherry picked from commit 423873736b78f549fbfa2f715f2e4de7e6c5e1e9)
	13
	14	This option has no users and it exposes a security hole that we
	15	can allow devices to be assigned without iommu protection. Make
	16	KVM_DEV_ASSIGN_ENABLE_IOMMU a mandatory option.
	17
	18	Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
	19	Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
	20	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
	21	---
	22	Documentation/virtual/kvm/api.txt \| 3 +++
	23	virt/kvm/assigned-dev.c \| 18 +++++++++---------
	24	2 files changed, 12 insertions(+), 9 deletions(-)
	25
	26	--- a/Documentation/virtual/kvm/api.txt
	27	+++ b/Documentation/virtual/kvm/api.txt
	28	@@ -1131,6 +1131,9 @@ following flags are specified:
	29	/* Depends on KVM_CAP_IOMMU */
	30	#define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0)
	31
	32	+The KVM_DEV_ASSIGN_ENABLE_IOMMU flag is a mandatory option to ensure
	33	+isolation of the device. Usages not specifying this flag are deprecated.
	34	+
	35	4.49 KVM_DEASSIGN_PCI_DEVICE
	36
	37	Capability: KVM_CAP_DEVICE_DEASSIGNMENT
	38	--- a/virt/kvm/assigned-dev.c
	39	+++ b/virt/kvm/assigned-dev.c
	40	@@ -481,6 +481,9 @@ static int kvm_vm_ioctl_assign_device(st
	41	struct kvm_assigned_dev_kernel *match;
	42	struct pci_dev *dev;
	43
	44	+ if (!(assigned_dev->flags & KVM_DEV_ASSIGN_ENABLE_IOMMU))
	45	+ return -EINVAL;
	46	+
	47	mutex_lock(&kvm->lock);
	48	idx = srcu_read_lock(&kvm->srcu);
	49
	50	@@ -538,16 +541,14 @@ static int kvm_vm_ioctl_assign_device(st
	51
	52	list_add(&match->list, &kvm->arch.assigned_dev_head);
	53
	54	- if (assigned_dev->flags & KVM_DEV_ASSIGN_ENABLE_IOMMU) {
	55	- if (!kvm->arch.iommu_domain) {
	56	- r = kvm_iommu_map_guest(kvm);
	57	- if (r)
	58	- goto out_list_del;
	59	- }
	60	- r = kvm_assign_device(kvm, match);
	61	+ if (!kvm->arch.iommu_domain) {
	62	+ r = kvm_iommu_map_guest(kvm);
	63	if (r)
	64	goto out_list_del;
65	}
66	+ r = kvm_assign_device(kvm, match);
67	+ if (r)
68	+ goto out_list_del;
69
70	out:
71	srcu_read_unlock(&kvm->srcu, idx);
72	@@ -587,8 +588,7 @@ static int kvm_vm_ioctl_deassign_device(
73	goto out;
74	}
75
76	- if (match->flags & KVM_DEV_ASSIGN_ENABLE_IOMMU)
77	- kvm_deassign_device(kvm, match);
78	+ kvm_deassign_device(kvm, match);
79
80	kvm_free_assigned_device(kvm, match);
81