From: Lu Baolu <baolu.lu@linux.intel.com>
To: Jacob Pan <jacob.jun.pan@linux.intel.com>
Cc: "Tian, Kevin" <kevin.tian@intel.com>,
Raj Ashok <ashok.raj@intel.com>, Jonathan Corbet <corbet@lwn.net>,
Jean-Philippe Brucker <jean-philippe@linaro.com>,
iommu@lists.linux-foundation.org,
LKML <linux-kernel@vger.kernel.org>,
Christoph Hellwig <hch@infradead.org>,
Alex Williamson <alex.williamson@redhat.com>,
David Woodhouse <dwmw2@infradead.org>
Subject: Re: [PATCH v3 4/5] iommu/uapi: Handle data and argsz filled by users
Date: Thu, 25 Jun 2020 15:07:27 +0800 [thread overview]
Message-ID: <1d730edf-277f-17fb-6a44-e6af07b6d43e@linux.intel.com> (raw)
In-Reply-To: <20200624100709.1277f912@jacob-builder>
On 2020/6/25 1:07, Jacob Pan wrote:
> On Wed, 24 Jun 2020 14:54:49 +0800
> Lu Baolu<baolu.lu@linux.intel.com> wrote:
>
>> Hi Jacob,
>>
>> On 2020/6/24 1:03, Jacob Pan wrote:
>>> IOMMU UAPI data has a user filled argsz field which indicates the
>>> data length comes with the API call. User data is not trusted,
>>> argsz must be validated based on the current kernel data size,
>>> mandatory data size, and feature flags.
>>>
>>> User data may also be extended, results in possible argsz increase.
>>> Backward compatibility is ensured based on size and flags checking.
>>> Details are documented in Documentation/userspace-api/iommu.rst
>>>
>>> This patch adds sanity checks in both IOMMU layer and vendor code,
>>> where VT-d is the only user for now.
>>>
>>> Signed-off-by: Liu Yi L<yi.l.liu@intel.com>
>>> Signed-off-by: Jacob Pan<jacob.jun.pan@linux.intel.com>
>>> ---
>>> drivers/iommu/intel/svm.c | 3 ++
>>> drivers/iommu/iommu.c | 96
>>> ++++++++++++++++++++++++++++++++++++++++++++---
>>> include/linux/iommu.h | 7 ++-- 3 files changed, 98
>>> insertions(+), 8 deletions(-)
>>>
>>> diff --git a/drivers/iommu/intel/svm.c b/drivers/iommu/intel/svm.c
>>> index 713b3a218483..237db56878c0 100644
>>> --- a/drivers/iommu/intel/svm.c
>>> +++ b/drivers/iommu/intel/svm.c
>>> @@ -244,6 +244,9 @@ int intel_svm_bind_gpasid(struct iommu_domain
>>> *domain, struct device *dev, data->format !=
>>> IOMMU_PASID_FORMAT_INTEL_VTD) return -EINVAL;
>>>
>>> + if (data->argsz != offsetofend(struct
>>> iommu_gpasid_bind_data, vendor.vtd))
>>> + return -EINVAL;
>> Need to do size check in intel_iommu_sva_invalidate() as well?
>>
> No need. The difference is that there is no
> vendor specific union for intel_iommu_sva_invalidate().
>
> Generic flags are used to process invalidation data inside
> intel_iommu_sva_invalidate().
Thanks for the explanation. With the nit tweaked,
Reviewed-by: Lu Baolu <baolu.lu@linux.intel.com>
Best regards,
baolu
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
WARNING: multiple messages have this Message-ID (diff)
From: Lu Baolu <baolu.lu@linux.intel.com>
To: Jacob Pan <jacob.jun.pan@linux.intel.com>
Cc: baolu.lu@linux.intel.com, iommu@lists.linux-foundation.org,
LKML <linux-kernel@vger.kernel.org>,
Joerg Roedel <joro@8bytes.org>,
Alex Williamson <alex.williamson@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Yi Liu <yi.l.liu@intel.com>, "Tian, Kevin" <kevin.tian@intel.com>,
Raj Ashok <ashok.raj@intel.com>,
Christoph Hellwig <hch@infradead.org>,
Jean-Philippe Brucker <jean-philippe@linaro.com>,
Eric Auger <eric.auger@redhat.com>,
Jonathan Corbet <corbet@lwn.net>
Subject: Re: [PATCH v3 4/5] iommu/uapi: Handle data and argsz filled by users
Date: Thu, 25 Jun 2020 15:07:27 +0800 [thread overview]
Message-ID: <1d730edf-277f-17fb-6a44-e6af07b6d43e@linux.intel.com> (raw)
In-Reply-To: <20200624100709.1277f912@jacob-builder>
On 2020/6/25 1:07, Jacob Pan wrote:
> On Wed, 24 Jun 2020 14:54:49 +0800
> Lu Baolu<baolu.lu@linux.intel.com> wrote:
>
>> Hi Jacob,
>>
>> On 2020/6/24 1:03, Jacob Pan wrote:
>>> IOMMU UAPI data has a user filled argsz field which indicates the
>>> data length comes with the API call. User data is not trusted,
>>> argsz must be validated based on the current kernel data size,
>>> mandatory data size, and feature flags.
>>>
>>> User data may also be extended, results in possible argsz increase.
>>> Backward compatibility is ensured based on size and flags checking.
>>> Details are documented in Documentation/userspace-api/iommu.rst
>>>
>>> This patch adds sanity checks in both IOMMU layer and vendor code,
>>> where VT-d is the only user for now.
>>>
>>> Signed-off-by: Liu Yi L<yi.l.liu@intel.com>
>>> Signed-off-by: Jacob Pan<jacob.jun.pan@linux.intel.com>
>>> ---
>>> drivers/iommu/intel/svm.c | 3 ++
>>> drivers/iommu/iommu.c | 96
>>> ++++++++++++++++++++++++++++++++++++++++++++---
>>> include/linux/iommu.h | 7 ++-- 3 files changed, 98
>>> insertions(+), 8 deletions(-)
>>>
>>> diff --git a/drivers/iommu/intel/svm.c b/drivers/iommu/intel/svm.c
>>> index 713b3a218483..237db56878c0 100644
>>> --- a/drivers/iommu/intel/svm.c
>>> +++ b/drivers/iommu/intel/svm.c
>>> @@ -244,6 +244,9 @@ int intel_svm_bind_gpasid(struct iommu_domain
>>> *domain, struct device *dev, data->format !=
>>> IOMMU_PASID_FORMAT_INTEL_VTD) return -EINVAL;
>>>
>>> + if (data->argsz != offsetofend(struct
>>> iommu_gpasid_bind_data, vendor.vtd))
>>> + return -EINVAL;
>> Need to do size check in intel_iommu_sva_invalidate() as well?
>>
> No need. The difference is that there is no
> vendor specific union for intel_iommu_sva_invalidate().
>
> Generic flags are used to process invalidation data inside
> intel_iommu_sva_invalidate().
Thanks for the explanation. With the nit tweaked,
Reviewed-by: Lu Baolu <baolu.lu@linux.intel.com>
Best regards,
baolu
next prev parent reply other threads:[~2020-06-25 7:07 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-23 17:03 [PATCH v3 0/5] IOMMU user API enhancement Jacob Pan
2020-06-23 17:03 ` Jacob Pan
2020-06-23 17:03 ` [PATCH v3 1/5] docs: IOMMU user API Jacob Pan
2020-06-23 17:03 ` Jacob Pan
2020-06-26 22:19 ` Alex Williamson
2020-06-26 22:19 ` Alex Williamson
2020-06-29 23:05 ` Jacob Pan
2020-06-29 23:05 ` Jacob Pan
2020-06-30 2:52 ` Tian, Kevin
2020-06-30 2:52 ` Tian, Kevin
2020-06-30 17:39 ` Jacob Pan
2020-06-30 17:39 ` Jacob Pan
2020-07-07 21:40 ` Alex Williamson
2020-07-07 21:40 ` Alex Williamson
2020-07-08 15:21 ` Jacob Pan
2020-07-08 15:21 ` Jacob Pan
2020-06-23 17:03 ` [PATCH v3 2/5] iommu/uapi: Add argsz for user filled data Jacob Pan
2020-06-23 17:03 ` Jacob Pan
2020-06-23 17:03 ` [PATCH v3 3/5] iommu/uapi: Use named union for user data Jacob Pan
2020-06-23 17:03 ` Jacob Pan
2020-06-24 6:29 ` Lu Baolu
2020-06-24 6:29 ` Lu Baolu
2020-06-24 15:48 ` Jacob Pan
2020-06-24 15:48 ` Jacob Pan
2020-06-23 17:03 ` [PATCH v3 4/5] iommu/uapi: Handle data and argsz filled by users Jacob Pan
2020-06-23 17:03 ` Jacob Pan
2020-06-24 6:54 ` Lu Baolu
2020-06-24 6:54 ` Lu Baolu
2020-06-24 17:07 ` Jacob Pan
2020-06-24 17:07 ` Jacob Pan
2020-06-25 7:07 ` Lu Baolu [this message]
2020-06-25 7:07 ` Lu Baolu
2020-06-23 17:03 ` [PATCH v3 5/5] iommu/uapi: Support both kernel and user unbind guest PASID Jacob Pan
2020-06-23 17:03 ` Jacob Pan
2020-06-24 7:55 ` Lu Baolu
2020-06-24 7:55 ` Lu Baolu
2020-06-25 12:59 ` Lu Baolu
2020-06-25 12:59 ` Lu Baolu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1d730edf-277f-17fb-6a44-e6af07b6d43e@linux.intel.com \
--to=baolu.lu@linux.intel.com \
--cc=alex.williamson@redhat.com \
--cc=ashok.raj@intel.com \
--cc=corbet@lwn.net \
--cc=dwmw2@infradead.org \
--cc=hch@infradead.org \
--cc=iommu@lists.linux-foundation.org \
--cc=jacob.jun.pan@linux.intel.com \
--cc=jean-philippe@linaro.com \
--cc=kevin.tian@intel.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.