aboutsummaryrefslogtreecommitdiffstats
path: root/virt
diff options
context:
space:
mode:
authorAlex Williamson <alex.williamson@redhat.com>2012-03-12 10:06:37 -0400
committerLuis Henriques <luis.henriques@canonical.com>2012-03-26 05:26:34 -0400
commit69a6057470d168e067bd5297552791f135701596 (patch)
tree8f8830f74b9c1f1f7fd373a5356547025d437d27 /virt
parented2e92a43ec03cc6165f4b07ceb56fe9544919b6 (diff)
KVM: Remove ability to assign a device without iommu support
This option has no users and it exposes a security hole that we can allow devices to be assigned without iommu protection. Make KVM_DEV_ASSIGN_ENABLE_IOMMU a mandatory option. Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> (cherry picked from commit 423873736b78f549fbfa2f715f2e4de7e6c5e1e9) CVE-2011-4347 BugLink: http://bugs.launchpad.net/bugs/897812 Acked-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Andy Whitcroft <apw@canonical.com>
Diffstat (limited to 'virt')
-rw-r--r--virt/kvm/assigned-dev.c18
1 files changed, 9 insertions, 9 deletions
diff --git a/virt/kvm/assigned-dev.c b/virt/kvm/assigned-dev.c
index 2e8c7271009..49b402cf8e1 100644
--- a/virt/kvm/assigned-dev.c
+++ b/virt/kvm/assigned-dev.c
@@ -544,6 +544,9 @@ static int kvm_vm_ioctl_assign_device(struct kvm *kvm,
544 struct pci_dev *dev; 544 struct pci_dev *dev;
545 u8 header_type; 545 u8 header_type;
546 546
547 if (!(assigned_dev->flags & KVM_DEV_ASSIGN_ENABLE_IOMMU))
548 return -EINVAL;
549
547 mutex_lock(&kvm->lock); 550 mutex_lock(&kvm->lock);
548 idx = srcu_read_lock(&kvm->srcu); 551 idx = srcu_read_lock(&kvm->srcu);
549 552
@@ -613,16 +616,14 @@ static int kvm_vm_ioctl_assign_device(struct kvm *kvm,
613 616
614 list_add(&match->list, &kvm->arch.assigned_dev_head); 617 list_add(&match->list, &kvm->arch.assigned_dev_head);
615 618
616 if (assigned_dev->flags & KVM_DEV_ASSIGN_ENABLE_IOMMU) { 619 if (!kvm->arch.iommu_domain) {
617 if (!kvm->arch.iommu_domain) { 620 r = kvm_iommu_map_guest(kvm);
618 r = kvm_iommu_map_guest(kvm);
619 if (r)
620 goto out_list_del;
621 }
622 r = kvm_assign_device(kvm, match);
623 if (r) 621 if (r)
624 goto out_list_del; 622 goto out_list_del;
625 } 623 }
624 r = kvm_assign_device(kvm, match);
625 if (r)
626 goto out_list_del;
626 627
627out: 628out:
628 srcu_read_unlock(&kvm->srcu, idx); 629 srcu_read_unlock(&kvm->srcu, idx);
@@ -662,8 +663,7 @@ static int kvm_vm_ioctl_deassign_device(struct kvm *kvm,
662 goto out; 663 goto out;
663 } 664 }
664 665
665 if (match->flags & KVM_DEV_ASSIGN_ENABLE_IOMMU) 666 kvm_deassign_device(kvm, match);
666 kvm_deassign_device(kvm, match);
667 667
668 kvm_free_assigned_device(kvm, match); 668 kvm_free_assigned_device(kvm, match);
669 669
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-31 12:23:23 -0400