+++ /dev/null
-From 91c740fee4773eac5ca7b8b463e78d44c7557c20 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Fri, 14 Oct 2022 15:25:41 -0700
-Subject: dmaengine: idxd: Do not enable user type Work Queue without Shared
- Virtual Addressing
-
-From: Fenghua Yu <fenghua.yu@intel.com>
-
-When the idxd_user_drv driver is bound to a Work Queue (WQ) device
-without IOMMU or with IOMMU Passthrough without Shared Virtual
-Addressing (SVA), the application gains direct access to physical
-memory via the device by programming physical address to a submitted
-descriptor. This allows direct userspace read and write access to
-arbitrary physical memory. This is inconsistent with the security
-goals of a good kernel API.
-
-Unlike vfio_pci driver, the IDXD char device driver does not provide any
-ways to pin user pages and translate the address from user VA to IOVA or
-PA without IOMMU SVA. Therefore the application has no way to instruct the
-device to perform DMA function. This makes the char device not usable for
-normal application usage.
-
-Since user type WQ without SVA cannot be used for normal application usage
-and presents the security issue, bind idxd_user_drv driver and enable user
-type WQ only when SVA is enabled (i.e. user PASID is enabled).
-
-Fixes: 448c3de8ac83 ("dmaengine: idxd: create user driver for wq 'device'")
-Cc: stable@vger.kernel.org
-Suggested-by: Arjan Van De Ven <arjan.van.de.ven@intel.com>
-Signed-off-by: Fenghua Yu <fenghua.yu@intel.com>
-Reviewed-by: Dave Jiang <dave.jiang@intel.com>
-Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
-Link: https://lore.kernel.org/r/20221014222541.3912195-1-fenghua.yu@intel.com
-Signed-off-by: Vinod Koul <vkoul@kernel.org>
----
- drivers/dma/idxd/cdev.c | 18 ++++++++++++++++++
- include/uapi/linux/idxd.h | 1 +
- 2 files changed, 19 insertions(+)
-
-diff --git a/drivers/dma/idxd/cdev.c b/drivers/dma/idxd/cdev.c
-index 033df43db0ce..91e335f62b30 100644
---- a/drivers/dma/idxd/cdev.c
-+++ b/drivers/dma/idxd/cdev.c
-@@ -312,6 +312,24 @@ static int idxd_user_drv_probe(struct idxd_dev *idxd_dev)
- if (idxd->state != IDXD_DEV_ENABLED)
- return -ENXIO;
-
-+ /*
-+ * User type WQ is enabled only when SVA is enabled for two reasons:
-+ * - If no IOMMU or IOMMU Passthrough without SVA, userspace
-+ * can directly access physical address through the WQ.
-+ * - The IDXD cdev driver does not provide any ways to pin
-+ * user pages and translate the address from user VA to IOVA or
-+ * PA without IOMMU SVA. Therefore the application has no way
-+ * to instruct the device to perform DMA function. This makes
-+ * the cdev not usable for normal application usage.
-+ */
-+ if (!device_user_pasid_enabled(idxd)) {
-+ idxd->cmd_status = IDXD_SCMD_WQ_USER_NO_IOMMU;
-+ dev_dbg(&idxd->pdev->dev,
-+ "User type WQ cannot be enabled without SVA.\n");
-+
-+ return -EOPNOTSUPP;
-+ }
-+
- mutex_lock(&wq->wq_lock);
- wq->type = IDXD_WQT_USER;
- rc = __drv_enable_wq(wq);
-diff --git a/include/uapi/linux/idxd.h b/include/uapi/linux/idxd.h
-index c750eac09fc9..7355f498923e 100644
---- a/include/uapi/linux/idxd.h
-+++ b/include/uapi/linux/idxd.h
-@@ -28,6 +28,7 @@ enum idxd_scmd_stat {
- IDXD_SCMD_WQ_NONE_CONFIGURED = 0x800d0000,
- IDXD_SCMD_WQ_NO_SIZE = 0x800e0000,
- IDXD_SCMD_WQ_NO_PRIV = 0x800f0000,
-+ IDXD_SCMD_WQ_USER_NO_IOMMU = 0x80110000,
- };
-
- #define IDXD_SCMD_SOFTERR_MASK 0x80000000
---
-2.35.1
-
projects / thirdparty / kernel / stable-queue.git / commitdiff
