Commit 86624ba3 authored by Jason Gunthorpe's avatar Jason Gunthorpe Committed by Alex Williamson
Browse files

vfio/pci: Do vf_token checks for VFIO_DEVICE_BIND_IOMMUFD 



This was missed during the initial implementation. The VFIO PCI encodes
the vf_token inside the device name when opening the device from the group
FD, something like:

  "0000:04:10.0 vf_token=bd8d9d2b-5a5f-4f5a-a211-f591514ba1f3"

This is used to control access to a VF unless there is co-ordination with
the owner of the PF.

Since we no longer have a device name in the cdev path, pass the token
directly through VFIO_DEVICE_BIND_IOMMUFD using an optional field
indicated by VFIO_DEVICE_BIND_FLAG_TOKEN.

Fixes: 5fcc2696 ("vfio: Add VFIO_DEVICE_BIND_IOMMUFD")
Tested-by: default avatarShameer Kolothum <shameerali.kolothum.thodi@huawei.com>
Reviewed-by: default avatarYi Liu <yi.l.liu@intel.com>
Signed-off-by: default avatarJason Gunthorpe <jgg@nvidia.com>
Reviewed-by: default avatarKevin Tian <kevin.tian@intel.com>
Link: https://lore.kernel.org/r/0-v3-bdd8716e85fe+3978a-vfio_token_jgg@nvidia.com


Signed-off-by: default avatarAlex Williamson <alex.williamson@redhat.com>
parent b3060198

drivers/vfio/device_cdev.c

+35 −3
Original line number Diff line number Diff line
@@ -60,22 +60,50 @@ static void vfio_df_get_kvm_safe(struct vfio_device_file *df) 
	spin_unlock(&df->kvm_ref_lock);

}



static int vfio_df_check_token(struct vfio_device *device,

			       const struct vfio_device_bind_iommufd *bind)

{

	uuid_t uuid;



	if (!device->ops->match_token_uuid) {

		if (bind->flags & VFIO_DEVICE_BIND_FLAG_TOKEN)

			return -EINVAL;

		return 0;

	}



	if (!(bind->flags & VFIO_DEVICE_BIND_FLAG_TOKEN))

		return device->ops->match_token_uuid(device, NULL);



	if (copy_from_user(&uuid, u64_to_user_ptr(bind->token_uuid_ptr),

			   sizeof(uuid)))

		return -EFAULT;

	return device->ops->match_token_uuid(device, &uuid);

}



long vfio_df_ioctl_bind_iommufd(struct vfio_device_file *df,

				struct vfio_device_bind_iommufd __user *arg)

{

	const u32 VALID_FLAGS = VFIO_DEVICE_BIND_FLAG_TOKEN;

	struct vfio_device *device = df->device;

	struct vfio_device_bind_iommufd bind;

	unsigned long minsz;

	u32 user_size;

	int ret;



	static_assert(__same_type(arg->out_devid, df->devid));



	minsz = offsetofend(struct vfio_device_bind_iommufd, out_devid);



	if (copy_from_user(&bind, arg, minsz))

		return -EFAULT;

	ret = get_user(user_size, &arg->argsz);

	if (ret)

		return ret;

	if (user_size < minsz)

		return -EINVAL;

	ret = copy_struct_from_user(&bind, minsz, arg, user_size);

	if (ret)

		return ret;



	if (bind.argsz < minsz || bind.flags || bind.iommufd < 0)

	if (bind.iommufd < 0 || bind.flags & ~VALID_FLAGS)

		return -EINVAL;



	/* BIND_IOMMUFD only allowed for cdev fds */
@@ -93,6 +121,10 @@ long vfio_df_ioctl_bind_iommufd(struct vfio_device_file *df, 
		goto out_unlock;

	}



	ret = vfio_df_check_token(device, &bind);

	if (ret)

		goto out_unlock;



	df->iommufd = iommufd_ctx_from_fd(bind.iommufd);

	if (IS_ERR(df->iommufd)) {

		ret = PTR_ERR(df->iommufd);

drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c

+1 −0
Original line number Diff line number Diff line
@@ -1583,6 +1583,7 @@ static const struct vfio_device_ops hisi_acc_vfio_pci_ops = { 
	.mmap = vfio_pci_core_mmap,

	.request = vfio_pci_core_request,

	.match = vfio_pci_core_match,

	.match_token_uuid = vfio_pci_core_match_token_uuid,

	.bind_iommufd = vfio_iommufd_physical_bind,

	.unbind_iommufd = vfio_iommufd_physical_unbind,

	.attach_ioas = vfio_iommufd_physical_attach_ioas,

drivers/vfio/pci/mlx5/main.c

+1 −0
Original line number Diff line number Diff line
@@ -1372,6 +1372,7 @@ static const struct vfio_device_ops mlx5vf_pci_ops = { 
	.mmap = vfio_pci_core_mmap,

	.request = vfio_pci_core_request,

	.match = vfio_pci_core_match,

	.match_token_uuid = vfio_pci_core_match_token_uuid,

	.bind_iommufd = vfio_iommufd_physical_bind,

	.unbind_iommufd = vfio_iommufd_physical_unbind,

	.attach_ioas = vfio_iommufd_physical_attach_ioas,

drivers/vfio/pci/nvgrace-gpu/main.c

+2 −0
Original line number Diff line number Diff line
@@ -696,6 +696,7 @@ static const struct vfio_device_ops nvgrace_gpu_pci_ops = { 
	.mmap		= nvgrace_gpu_mmap,

	.request	= vfio_pci_core_request,

	.match		= vfio_pci_core_match,

	.match_token_uuid = vfio_pci_core_match_token_uuid,

	.bind_iommufd	= vfio_iommufd_physical_bind,

	.unbind_iommufd	= vfio_iommufd_physical_unbind,

	.attach_ioas	= vfio_iommufd_physical_attach_ioas,
@@ -715,6 +716,7 @@ static const struct vfio_device_ops nvgrace_gpu_pci_core_ops = { 
	.mmap		= vfio_pci_core_mmap,

	.request	= vfio_pci_core_request,

	.match		= vfio_pci_core_match,

	.match_token_uuid = vfio_pci_core_match_token_uuid,

	.bind_iommufd	= vfio_iommufd_physical_bind,

	.unbind_iommufd	= vfio_iommufd_physical_unbind,

	.attach_ioas	= vfio_iommufd_physical_attach_ioas,

drivers/vfio/pci/pds/vfio_dev.c

+1 −0
Original line number Diff line number Diff line
@@ -201,6 +201,7 @@ static const struct vfio_device_ops pds_vfio_ops = { 
	.mmap = vfio_pci_core_mmap,

	.request = vfio_pci_core_request,

	.match = vfio_pci_core_match,

	.match_token_uuid = vfio_pci_core_match_token_uuid,

	.bind_iommufd = vfio_iommufd_physical_bind,

	.unbind_iommufd = vfio_iommufd_physical_unbind,

	.attach_ioas = vfio_iommufd_physical_attach_ioas,