stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	patches@lists.linux.dev, Arjan van de Ven <arjan@linux.intel.com>
Subject: [PATCH 6.9 1/5] VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist
Date: Wed, 15 May 2024 10:26:38 +0200	[thread overview]
Message-ID: <20240515082345.484193693@linuxfoundation.org> (raw)
In-Reply-To: <20240515082345.213796290@linuxfoundation.org>

6.9-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Arjan van de Ven <arjan@linux.intel.com>

commit 95feb3160eef0caa6018e175a5560b816aee8e79 upstream.

Due to an erratum with the SPR_DSA and SPR_IAX devices, it is not secure to assign
these devices to virtual machines. Add the PCI IDs of these devices to the VFIO
denylist to ensure that this is handled appropriately by the VFIO subsystem.

The SPR_DSA and SPR_IAX devices are on-SOC devices for the Sapphire Rapids
(and related) family of products that perform data movement and compression.

Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/dma/idxd/registers.h |    3 ---
 drivers/vfio/pci/vfio_pci.c  |    2 ++
 include/linux/pci_ids.h      |    2 ++
 3 files changed, 4 insertions(+), 3 deletions(-)

--- a/drivers/dma/idxd/registers.h
+++ b/drivers/dma/idxd/registers.h
@@ -6,9 +6,6 @@
 #include <uapi/linux/idxd.h>
 
 /* PCI Config */
-#define PCI_DEVICE_ID_INTEL_DSA_SPR0	0x0b25
-#define PCI_DEVICE_ID_INTEL_IAX_SPR0	0x0cfe
-
 #define DEVICE_VERSION_1		0x100
 #define DEVICE_VERSION_2		0x200
 
--- a/drivers/vfio/pci/vfio_pci.c
+++ b/drivers/vfio/pci/vfio_pci.c
@@ -71,6 +71,8 @@ static bool vfio_pci_dev_in_denylist(str
 		case PCI_DEVICE_ID_INTEL_QAT_C62X_VF:
 		case PCI_DEVICE_ID_INTEL_QAT_DH895XCC:
 		case PCI_DEVICE_ID_INTEL_QAT_DH895XCC_VF:
+		case PCI_DEVICE_ID_INTEL_DSA_SPR0:
+		case PCI_DEVICE_ID_INTEL_IAX_SPR0:
 			return true;
 		default:
 			return false;
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -2687,8 +2687,10 @@
 #define PCI_DEVICE_ID_INTEL_I960	0x0960
 #define PCI_DEVICE_ID_INTEL_I960RM	0x0962
 #define PCI_DEVICE_ID_INTEL_HDA_HSW_0	0x0a0c
+#define PCI_DEVICE_ID_INTEL_DSA_SPR0	0x0b25
 #define PCI_DEVICE_ID_INTEL_HDA_HSW_2	0x0c0c
 #define PCI_DEVICE_ID_INTEL_CENTERTON_ILB	0x0c60
+#define PCI_DEVICE_ID_INTEL_IAX_SPR0	0x0cfe
 #define PCI_DEVICE_ID_INTEL_HDA_HSW_3	0x0d0c
 #define PCI_DEVICE_ID_INTEL_HDA_BYT	0x0f04
 #define PCI_DEVICE_ID_INTEL_SST_BYT	0x0f28



  reply	other threads:[~2024-05-15  8:27 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-15  8:26 [PATCH 6.9 0/5] 6.9.1-rc1 review Greg Kroah-Hartman
2024-05-15  8:26 ` Greg Kroah-Hartman [this message]
2024-05-15  8:26 ` [PATCH 6.9 2/5] dmaengine: idxd: add a new security check to deal with a hardware erratum Greg Kroah-Hartman
2024-05-15  8:26 ` [PATCH 6.9 3/5] dmaengine: idxd: add a write() method for applications to submit work Greg Kroah-Hartman
2024-05-15  8:26 ` [PATCH 6.9 4/5] keys: Fix overwrite of key expiration on instantiation Greg Kroah-Hartman
2024-05-15  8:26 ` [PATCH 6.9 5/5] wifi: mt76: mt7915: add missing chanctx ops Greg Kroah-Hartman
2024-05-15 18:38 ` [PATCH 6.9 0/5] 6.9.1-rc1 review Ron Economos
2024-05-15 18:57 ` Florian Fainelli
2024-05-15 19:54 ` Shuah Khan
2024-05-16  8:40 ` Naresh Kamboju
2024-05-16 12:03 ` Mark Brown
2024-05-17  2:37 ` Bagas Sanjaya
2024-05-17  9:28 ` Jon Hunter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240515082345.484193693@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=arjan@linux.intel.com \
    --cc=patches@lists.linux.dev \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).