git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Nikhil Rao <nikhil.rao@intel.com>
	Wed, 24 Apr 2024 15:16:12 +0000 (15:16 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 17 May 2024 09:56:23 +0000 (11:56 +0200)
commit	5056d238937dc7ef9fdf7c06a5bf64f9b04091c0
tree	896090211d6b34fbe124ea5dae78eda75b01aee9	tree \| snapshot
parent	3e4368832e5478bec54c0b83e7c3fb390518bb96	commit \| diff

dmaengine: idxd: add a write() method for applications to submit work

commit 6827738dc684a87ad54ebba3ae7f3d7c977698eb upstream.

After the patch to restrict the use of mmap() to CAP_SYS_RAWIO for
the currently existing devices, most applications can no longer make
use of the accelerators as in production "you don't run things as root".

To keep the DSA and IAA accelerators usable, hook up a write() method
so that applications can still submit work. In the write method,
sufficient input validation is performed to avoid the security issue
that required the mmap CAP_SYS_RAWIO check.

One complication is that the DSA device allows for indirect ("batched")
descriptors. There is no reasonable way to do the input validation
on these indirect descriptors so the write() method will not allow these
to be submitted to the hardware on affected hardware, and the sysfs
enumeration of support for the opcode is also removed.

Early performance data shows that the performance delta for most common
cases is within the noise.

Signed-off-by: Nikhil Rao <nikhil.rao@intel.com>
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/dma/idxd/cdev.c		diff \| blob \| blame \| history
drivers/dma/idxd/sysfs.c		diff \| blob \| blame \| history