diff options
| author | Alex Williamson <alex.williamson@redhat.com> | 2011-12-20 23:59:03 -0500 |
|---|---|---|
| committer | Avi Kivity <avi@redhat.com> | 2011-12-25 10:13:31 -0500 |
| commit | 423873736b78f549fbfa2f715f2e4de7e6c5e1e9 (patch) | |
| tree | 62526563ccca81957a4c100aa0bc359dcd10af08 | |
| parent | 0924ab2cfa98b1ece26c033d696651fd62896c69 (diff) | |
KVM: Remove ability to assign a device without iommu support
This option has no users and it exposes a security hole that we
can allow devices to be assigned without iommu protection. Make
KVM_DEV_ASSIGN_ENABLE_IOMMU a mandatory option.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
| -rw-r--r-- | Documentation/virtual/kvm/api.txt | 3 | ||||
| -rw-r--r-- | virt/kvm/assigned-dev.c | 18 |
2 files changed, 12 insertions, 9 deletions
diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt index 7945b0bd35e2..ee2c96b3ba5a 100644 --- a/Documentation/virtual/kvm/api.txt +++ b/Documentation/virtual/kvm/api.txt | |||
| @@ -1151,6 +1151,9 @@ following flags are specified: | |||
| 1151 | /* Depends on KVM_CAP_IOMMU */ | 1151 | /* Depends on KVM_CAP_IOMMU */ |
| 1152 | #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) | 1152 | #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) |
| 1153 | 1153 | ||
| 1154 | The KVM_DEV_ASSIGN_ENABLE_IOMMU flag is a mandatory option to ensure | ||
| 1155 | isolation of the device. Usages not specifying this flag are deprecated. | ||
| 1156 | |||
| 1154 | 4.49 KVM_DEASSIGN_PCI_DEVICE | 1157 | 4.49 KVM_DEASSIGN_PCI_DEVICE |
| 1155 | 1158 | ||
| 1156 | Capability: KVM_CAP_DEVICE_DEASSIGNMENT | 1159 | Capability: KVM_CAP_DEVICE_DEASSIGNMENT |
diff --git a/virt/kvm/assigned-dev.c b/virt/kvm/assigned-dev.c index 3ad0925d23a9..a251a28f79c7 100644 --- a/virt/kvm/assigned-dev.c +++ b/virt/kvm/assigned-dev.c | |||
| @@ -487,6 +487,9 @@ static int kvm_vm_ioctl_assign_device(struct kvm *kvm, | |||
| 487 | struct kvm_assigned_dev_kernel *match; | 487 | struct kvm_assigned_dev_kernel *match; |
| 488 | struct pci_dev *dev; | 488 | struct pci_dev *dev; |
| 489 | 489 | ||
| 490 | if (!(assigned_dev->flags & KVM_DEV_ASSIGN_ENABLE_IOMMU)) | ||
| 491 | return -EINVAL; | ||
| 492 | |||
| 490 | mutex_lock(&kvm->lock); | 493 | mutex_lock(&kvm->lock); |
| 491 | idx = srcu_read_lock(&kvm->srcu); | 494 | idx = srcu_read_lock(&kvm->srcu); |
| 492 | 495 | ||
| @@ -544,16 +547,14 @@ static int kvm_vm_ioctl_assign_device(struct kvm *kvm, | |||
| 544 | 547 | ||
| 545 | list_add(&match->list, &kvm->arch.assigned_dev_head); | 548 | list_add(&match->list, &kvm->arch.assigned_dev_head); |
| 546 | 549 | ||
| 547 | if (assigned_dev->flags & KVM_DEV_ASSIGN_ENABLE_IOMMU) { | 550 | if (!kvm->arch.iommu_domain) { |
| 548 | if (!kvm->arch.iommu_domain) { | 551 | r = kvm_iommu_map_guest(kvm); |
| 549 | r = kvm_iommu_map_guest(kvm); | ||
| 550 | if (r) | ||
| 551 | goto out_list_del; | ||
| 552 | } | ||
| 553 | r = kvm_assign_device(kvm, match); | ||
| 554 | if (r) | 552 | if (r) |
| 555 | goto out_list_del; | 553 | goto out_list_del; |
| 556 | } | 554 | } |
| 555 | r = kvm_assign_device(kvm, match); | ||
| 556 | if (r) | ||
| 557 | goto out_list_del; | ||
| 557 | 558 | ||
| 558 | out: | 559 | out: |
| 559 | srcu_read_unlock(&kvm->srcu, idx); | 560 | srcu_read_unlock(&kvm->srcu, idx); |
| @@ -593,8 +594,7 @@ static int kvm_vm_ioctl_deassign_device(struct kvm *kvm, | |||
| 593 | goto out; | 594 | goto out; |
| 594 | } | 595 | } |
| 595 | 596 | ||
| 596 | if (match->flags & KVM_DEV_ASSIGN_ENABLE_IOMMU) | 597 | kvm_deassign_device(kvm, match); |
| 597 | kvm_deassign_device(kvm, match); | ||
| 598 | 598 | ||
| 599 | kvm_free_assigned_device(kvm, match); | 599 | kvm_free_assigned_device(kvm, match); |
| 600 | 600 | ||