Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 42387373 authored by Alex Williamson's avatar Alex Williamson Committed by Avi Kivity
Browse files

KVM: Remove ability to assign a device without iommu support 



This option has no users and it exposes a security hole that we
can allow devices to be assigned without iommu protection.  Make
KVM_DEV_ASSIGN_ENABLE_IOMMU a mandatory option.

Signed-off-by: default avatarAlex Williamson <alex.williamson@redhat.com>
Signed-off-by: default avatarMarcelo Tosatti <mtosatti@redhat.com>
parent 0924ab2c

Documentation/virtual/kvm/api.txt

+3 −0
Original line number Original line Diff line number Diff line
@@ -1151,6 +1151,9 @@ following flags are specified: 
/* Depends on KVM_CAP_IOMMU */

/* Depends on KVM_CAP_IOMMU */

#define KVM_DEV_ASSIGN_ENABLE_IOMMU	(1 << 0)

#define KVM_DEV_ASSIGN_ENABLE_IOMMU	(1 << 0)





The KVM_DEV_ASSIGN_ENABLE_IOMMU flag is a mandatory option to ensure

isolation of the device.  Usages not specifying this flag are deprecated.



4.49 KVM_DEASSIGN_PCI_DEVICE

4.49 KVM_DEASSIGN_PCI_DEVICE





Capability: KVM_CAP_DEVICE_DEASSIGNMENT

Capability: KVM_CAP_DEVICE_DEASSIGNMENT

virt/kvm/assigned-dev.c

+9 −9
Original line number Original line Diff line number Diff line
@@ -487,6 +487,9 @@ static int kvm_vm_ioctl_assign_device(struct kvm *kvm, 
	struct kvm_assigned_dev_kernel *match;

	struct kvm_assigned_dev_kernel *match;

	struct pci_dev *dev;

	struct pci_dev *dev;





	if (!(assigned_dev->flags & KVM_DEV_ASSIGN_ENABLE_IOMMU))

		return -EINVAL;



	mutex_lock(&kvm->lock);

	mutex_lock(&kvm->lock);

	idx = srcu_read_lock(&kvm->srcu);

	idx = srcu_read_lock(&kvm->srcu);
@@ -544,7 +547,6 @@ static int kvm_vm_ioctl_assign_device(struct kvm *kvm, 




	list_add(&match->list, &kvm->arch.assigned_dev_head);

	list_add(&match->list, &kvm->arch.assigned_dev_head);





	if (assigned_dev->flags & KVM_DEV_ASSIGN_ENABLE_IOMMU) {

	if (!kvm->arch.iommu_domain) {

	if (!kvm->arch.iommu_domain) {

		r = kvm_iommu_map_guest(kvm);

		r = kvm_iommu_map_guest(kvm);

		if (r)

		if (r)
@@ -553,7 +555,6 @@ static int kvm_vm_ioctl_assign_device(struct kvm *kvm, 
	r = kvm_assign_device(kvm, match);

	r = kvm_assign_device(kvm, match);

	if (r)

	if (r)

		goto out_list_del;

		goto out_list_del;

	}





out:

out:

	srcu_read_unlock(&kvm->srcu, idx);

	srcu_read_unlock(&kvm->srcu, idx);
@@ -593,7 +594,6 @@ static int kvm_vm_ioctl_deassign_device(struct kvm *kvm, 
		goto out;

		goto out;

	}

	}





	if (match->flags & KVM_DEV_ASSIGN_ENABLE_IOMMU)

	kvm_deassign_device(kvm, match);

	kvm_deassign_device(kvm, match);





	kvm_free_assigned_device(kvm, match);

	kvm_free_assigned_device(kvm, match);