KVM: Remove ability to assign a device without iommu support

This option has no users and it exposes a security hole that we
can allow devices to be assigned without iommu protection.  Make
KVM_DEV_ASSIGN_ENABLE_IOMMU a mandatory option.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

1 files changed, 9 insertions, 9 deletions

diff --git a/virt/kvm/assigned-dev.c b/virt/kvm/assigned-dev.c
index 3ad0925d23a9..a251a28f79c7 100644
--- a/virt/kvm/assigned-dev.c
+++ b/virt/kvm/assigned-dev.c
@@ -487,6 +487,9 @@ static int kvm_vm_ioctl_assign_device(struct kvm *kvm,
         struct kvm_assigned_dev_kernel *match;
         struct pci_dev *dev;
 
+        if (!(assigned_dev->flags & KVM_DEV_ASSIGN_ENABLE_IOMMU))
+                return -EINVAL;
+
         mutex_lock(&kvm->lock);
         idx = srcu_read_lock(&kvm->srcu);
 
@@ -544,16 +547,14 @@ static int kvm_vm_ioctl_assign_device(struct kvm *kvm,
 
         list_add(&match->list, &kvm->arch.assigned_dev_head);
 
-        if (assigned_dev->flags & KVM_DEV_ASSIGN_ENABLE_IOMMU) {
-                if (!kvm->arch.iommu_domain) {
-                        r = kvm_iommu_map_guest(kvm);
-                        if (r)
-                                goto out_list_del;
-                }
-                r = kvm_assign_device(kvm, match);
+        if (!kvm->arch.iommu_domain) {
+                r = kvm_iommu_map_guest(kvm);
                 if (r)
                         goto out_list_del;
         }
+        r = kvm_assign_device(kvm, match);
+        if (r)
+                goto out_list_del;
 
 out:
         srcu_read_unlock(&kvm->srcu, idx);
@@ -593,8 +594,7 @@ static int kvm_vm_ioctl_deassign_device(struct kvm *kvm,
                 goto out;
         }
 
-        if (match->flags & KVM_DEV_ASSIGN_ENABLE_IOMMU)
-                kvm_deassign_device(kvm, match);
+        kvm_deassign_device(kvm, match);
 
         kvm_free_assigned_device(kvm, match);