pm24.git/drivers/vfio, branch v4.18

Merge tag 'powerpc-4.18-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

2018-07-21T23:46:53Z

Pull powerpc fixes from Michael Ellerman: "Two regression fixes, one for xmon disassembly formatting and the other to fix the E500 build. Two commits to fix a potential security issue in the VFIO code under obscure circumstances. And finally a fix to the Power9 idle code to restore SPRG3, which is user visible and used for sched_getcpu(). Thanks to: Alexey Kardashevskiy, David Gibson. Gautham R. Shenoy, James Clarke" * tag 'powerpc-4.18-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) powerpc/Makefile: Assemble with -me500 when building for E500 KVM: PPC: Check if IOMMU page is contained in the pinned physical page vfio/spapr: Use IOMMU pageshift rather than pagesize powerpc/xmon: Fix disassembly since printf changes

vfio/pci: Fix potential Spectre v1

2018-07-18T18:57:25Z

info.index can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: drivers/vfio/pci/vfio_pci.c:734 vfio_pci_ioctl() warn: potential spectre issue 'vdev->region' Fix this by sanitizing info.index before indirectly using it to index vdev->region Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva Signed-off-by: Alex Williamson

KVM: PPC: Check if IOMMU page is contained in the pinned physical page

2018-07-18T06:17:17Z

A VM which has: - a DMA capable device passed through to it (eg. network card); - running a malicious kernel that ignores H_PUT_TCE failure; - capability of using IOMMU pages bigger that physical pages can create an IOMMU mapping that exposes (for example) 16MB of the host physical memory to the device when only 64K was allocated to the VM. The remaining 16MB - 64K will be some other content of host memory, possibly including pages of the VM, but also pages of host kernel memory, host programs or other VMs. The attacking VM does not control the location of the page it can map, and is only allowed to map as many pages as it has pages of RAM. We already have a check in drivers/vfio/vfio_iommu_spapr_tce.c that an IOMMU page is contained in the physical page so the PCI hardware won't get access to unassigned host memory; however this check is missing in the KVM fastpath (H_PUT_TCE accelerated code). We were lucky so far and did not hit this yet as the very first time when the mapping happens we do not have tbl::it_userspace allocated yet and fall back to the userspace which in turn calls VFIO IOMMU driver, this fails and the guest does not retry, This stores the smallest preregistered page size in the preregistered region descriptor and changes the mm_iommu_xxx API to check this against the IOMMU page size. This calculates maximum page size as a minimum of the natural region alignment and compound page size. For the page shift this uses the shift returned by find_linux_pte() which indicates how the page is mapped to the current userspace - if the page is huge and this is not a zero, then it is a leaf pte and the page is mapped within the range. Fixes: 121f80ba68f1 ("KVM: PPC: VFIO: Add in-kernel acceleration for VFIO") Cc: stable@vger.kernel.org # v4.12+ Signed-off-by: Alexey Kardashevskiy Reviewed-by: David Gibson Signed-off-by: Michael Ellerman

vfio/spapr: Use IOMMU pageshift rather than pagesize

2018-07-18T06:17:07Z

The size is always equal to 1 page so let's use this. Later on this will be used for other checks which use page shifts to check the granularity of access. This should cause no behavioral change. Cc: stable@vger.kernel.org # v4.12+ Reviewed-by: David Gibson Acked-by: Alex Williamson Signed-off-by: Alexey Kardashevskiy Signed-off-by: Michael Ellerman

vfio: Use get_user_pages_longterm correctly

2018-06-30T19:58:09Z

The patch noted in the fixes below converted get_user_pages_fast() to get_user_pages_longterm(), however the two calls differ in a few ways. First _fast() is documented to not require the mmap_sem, while _longterm() is documented to need it. Hold the mmap sem as required. Second, _fast accepts an 'int write' while _longterm uses 'unsigned int gup_flags', so the expression '!!(prot & IOMMU_WRITE)' is only working by luck as FOLL_WRITE is currently == 0x1. Use the expected FOLL_WRITE constant instead. Fixes: 94db151dc892 ("vfio: disable filesystem-dax page pinning") Cc: Signed-off-by: Jason Gunthorpe Acked-by: Dan Williams Signed-off-by: Alex Williamson

vfio/pci: Make IGD support a configurable option

2018-06-18T22:39:50Z

Allow the code which provides extensions to support direct assignment of Intel IGD (GVT-d) to be compiled out of the kernel if desired. The config option for this was previously automatically enabled on X86, therefore the default remains Y. This simply provides the option to disable it even for X86. Signed-off-by: Alex Williamson

Merge tag 'vfio-v4.18-rc1' of git://github.com/awilliam/linux-vfio

2018-06-12T20:11:26Z

Pull VFIO updates from Alex Williamson: - Bind type1 task tracking to group_leader to facilitate vCPU hotplug in QEMU (Alex Williamson) - Sample mdev display drivers, including region-based host and guest Linux drivers and bochs compatible dmabuf device (Gerd Hoffmann) - Fix vfio-platform reset module leak (Geert Uytterhoeven) - vfio-platform error message consistency (Geert Uytterhoeven) - Global checking for mdev uuid collisions rather than per parent device (Alex Williamson) - Use match_string() helper (Yisheng Xie) - vfio-platform PM domain fixes (Geert Uytterhoeven) - Fix sample mbochs driver build dependency (Arnd Bergmann) * tag 'vfio-v4.18-rc1' of git://github.com/awilliam/linux-vfio: samples: mbochs: add DMA_SHARED_BUFFER dependency vfio: platform: Fix using devices in PM Domains vfio: use match_string() helper vfio/mdev: Re-order sysfs attribute creation vfio/mdev: Check globally for duplicate devices vfio: platform: Make printed error messages more consistent vfio: platform: Fix reset module leak in error path sample: vfio bochs vbe display (host device for bochs-drm) sample: vfio mdev display - guest driver sample: vfio mdev display - host device vfio/type1: Fix task tracking for QEMU vCPU hotplug

vfio: platform: Fix using devices in PM Domains

2018-06-08T16:24:37Z

If a device is part of a PM Domain (e.g. power and/or clock domain), its power state is managed using Runtime PM. Without Runtime PM, the device may not be powered up or clocked, causing subtle failures, crashes, or system lock-ups when the device is accessed by the guest. Fix this by adding Runtime PM support, powering the device when the VFIO device is opened by the guest. Signed-off-by: Geert Uytterhoeven Reviewed-by: Simon Horman Acked-by: Eric Auger Signed-off-by: Alex Williamson

vfio: use match_string() helper

2018-06-08T16:24:33Z

match_string() returns the index of an array for a matching string, which can be used intead of open coded variant. Cc: Alex Williamson Cc: kvm@vger.kernel.org Signed-off-by: Yisheng Xie Reviewed-by: Andy Shevchenko Signed-off-by: Alex Williamson

vfio/mdev: Re-order sysfs attribute creation

2018-06-08T16:24:30Z

There exists a gap at the end of mdev_device_create() where the device is visible to userspace, but we're not yet ready to handle removal, as triggered through the 'remove' attribute. We handle this properly in mdev_device_remove() with an -EAGAIN return, but we can marginally reduce this gap by adding this attribute as a final step of our sysfs setup. Reviewed-by: Kirti Wankhede Reviewed-by: Cornelia Huck Acked-by: Halil Pasic Signed-off-by: Alex Williamson