OpenCloudOS-Kernel/drivers
Alex Williamson cc20d79990 vfio/pci: Introduce VF token
If we enable SR-IOV on a vfio-pci owned PF, the resulting VFs are not
fully isolated from the PF.  The PF can always cause a denial of service
to the VF, even if by simply resetting itself.  The degree to which a PF
can access the data passed through a VF or interfere with its operation
is dependent on a given SR-IOV implementation.  Therefore we want to
avoid a scenario where an existing vfio-pci based userspace driver might
assume the PF driver is trusted, for example assigning a PF to one VM
and VF to another with some expectation of isolation.  IOMMU grouping
could be a solution to this, but imposes an unnecessarily strong
relationship between PF and VF drivers if they need to operate with the
same IOMMU context.  Instead we introduce a "VF token", which is
essentially just a shared secret between PF and VF drivers, implemented
as a UUID.

The VF token can be set by a vfio-pci based PF driver and must be known
by the vfio-pci based VF driver in order to gain access to the device.
This allows the degree to which this VF token is considered secret to be
determined by the applications and environment.  For example a VM might
generate a random UUID known only internally to the hypervisor while a
userspace networking appliance might use a shared, or even well know,
UUID among the application drivers.

To incorporate this VF token, the VFIO_GROUP_GET_DEVICE_FD interface is
extended to accept key=value pairs in addition to the device name.  This
allows us to most easily deny user access to the device without risk
that existing userspace drivers assume region offsets, IRQs, and other
device features, leading to more elaborate error paths.  The format of
these options are expected to take the form:

"$DEVICE_NAME $OPTION1=$VALUE1 $OPTION2=$VALUE2"

Where the device name is always provided first for compatibility and
additional options are specified in a space separated list.  The
relation between and requirements for the additional options will be
vfio bus driver dependent, however unknown or unused option within this
schema should return error.  This allow for future use of unknown
options as well as a positive indication to the user that an option is
used.

An example VF token option would take this form:

"0000:03:00.0 vf_token=2ab74924-c335-45f4-9b16-8569e5b08258"

When accessing a VF where the PF is making use of vfio-pci, the user
MUST provide the current vf_token.  When accessing a PF, the user MUST
provide the current vf_token IF there are active VF users or MAY provide
a vf_token in order to set the current VF token when no VF users are
active.  The former requirement assures VF users that an unassociated
driver cannot usurp the PF device.  These semantics also imply that a
VF token MUST be set by a PF driver before VF drivers can access their
device, the default token is random and mechanisms to read the token are
not provided in order to protect the VF token of previous users.  Use of
the vf_token option outside of these cases will return an error, as
discussed above.

Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2020-03-24 09:28:27 -06:00
..
accessibility
acpi x86/mm: split vmalloc_sync_all() 2020-03-21 18:56:06 -07:00
amba
android binderfs: use refcount for binder control devices too 2020-03-11 19:33:52 +01:00
ata libata-5.6-2020-02-05 2020-02-06 06:11:50 +00:00
atm atm: nicstar: fix if-statement empty body warning 2020-02-29 21:28:30 -08:00
auxdisplay auxdisplay: charlcd: replace zero-length array with flexible-array member 2020-03-06 22:18:07 +01:00
base driver code: clarify and fix platform device DMA mask allocation 2020-03-11 09:30:27 -07:00
bcma Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-01-28 16:02:33 -08:00
block virtio: fixes 2020-03-09 16:02:32 -07:00
bluetooth Bluetooth: btrtl: Use kvmalloc for FW allocations 2020-01-24 19:57:53 +01:00
bus Few fixes for omaps for v5.6-rc cycle 2020-02-29 11:47:44 -08:00
cdrom scsi: compat_ioctl: cdrom: Replace .ioctl with .compat_ioctl in four appropriate places 2020-02-24 15:06:07 -05:00
char ipmi_si: Avoid spurious errors for optional IRQs 2020-03-11 21:15:19 -05:00
clk clk: qcom: dispcc: Remove support of disp_cc_mdss_rscc_ahb_clk 2020-02-12 15:03:08 -08:00
clocksource ARM: SoC: late updates 2020-02-08 14:17:27 -08:00
connector
counter
cpufreq cpufreq: Fix policy initialization for internal governor drivers 2020-02-27 08:57:48 +01:00
cpuidle ARM: SoC-related driver updates 2020-02-08 14:04:19 -08:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-01-28 16:02:33 -08:00
dax dax: Get rid of fs_dax_get_by_host() helper 2020-01-16 09:52:27 -08:00
dca
devfreq Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs" 2020-02-24 11:14:29 +09:00
dio
dma dmaengine: imx-sdma: Fix the event id check to include RX event for UART6 2020-02-25 14:15:26 +05:30
dma-buf dma-buf: free dmabuf->name in dma_buf_release() 2020-02-27 18:01:58 +05:30
edac EDAC/synopsys: Do not print an error with back-to-back snprintf() calls 2020-02-27 16:44:25 +01:00
eisa
extcon
firewire
firmware Two EFI fixes: 2020-03-15 12:42:03 -07:00
fpga fpga: xilinx-pr-decoupler: Remove clk_get error message for probe defer 2020-01-10 12:51:56 -08:00
fsi fsi: aspeed: add unspecified HAS_IOMEM dependency 2020-02-10 13:45:49 -08:00
gnss
gpio gpio: sifive: fix static checker warning 2020-02-10 13:54:17 +01:00
gpu drm/i915 fixes for v5.6-rc7: 2020-03-20 12:52:35 +10:00
greybus
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid 2020-03-17 09:38:03 -07:00
hsi
hv - Most of the commits here are work to enable host-initiated hibernation 2020-02-03 14:42:03 +00:00
hwmon hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() 2020-03-03 12:42:55 -08:00
hwspinlock hwspinlock: sirf: Use devm_hwspin_lock_register() to register hwlock controller 2020-01-21 16:16:36 -08:00
hwtracing intel_th: pci: Add Elkhart Lake CPU support 2020-03-18 11:32:56 +01:00
i2c i2c: acpi: put device when verifying client fails 2020-03-13 15:15:30 +01:00
i3c i3c: master: dw: reattach device on first available location of address table 2020-01-13 10:00:05 +01:00
ide scsi: compat_ioctl: cdrom: Replace .ioctl with .compat_ioctl in four appropriate places 2020-02-24 15:06:07 -05:00
idle intel_idle: Introduce 'states_off' module parameter 2020-02-03 11:57:18 +01:00
iio First set of IIO fixes in the 5.6 cycle. 2020-03-18 11:20:42 +01:00
infiniband Second RDMA 5.6 pull request 2020-03-07 19:52:55 -06:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2020-02-15 16:49:25 -08:00
interconnect interconnect: Handle memory allocation errors 2020-03-03 08:02:57 +01:00
iommu iommu/vt-d: Populate debugfs if IOMMUs are detected 2020-03-14 20:02:43 +01:00
ipack
irqchip irqchip fixes for 5.6, take #2 2020-03-15 10:53:11 +01:00
isdn proc: convert everything to "struct proc_ops" 2020-02-04 03:05:26 +00:00
leds leds: lm3532: add pointer to documentation and fix typo 2020-01-22 21:08:24 +01:00
lightnvm
macintosh macintosh: windfarm: fix MODINFO regression 2020-03-10 12:30:59 +01:00
mailbox
mcb
md block-5.6-2020-03-07 2020-03-07 14:14:38 -06:00
media media: mc-entity.c: use & to check pad flags, not == 2020-02-24 15:10:04 +01:00
memory mvebu drivers for 5.6 (part 1) 2020-01-16 10:45:44 -08:00
memstick
message Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net 2020-01-19 22:10:04 +01:00
mfd chrome platform changes for 5.6 2020-02-04 07:17:41 +00:00
misc mmc: rtsx_pci: Fix support for speed-modes that relies on tuning 2020-03-18 11:55:02 +01:00
mmc mmc: rtsx_pci: Fix support for speed-modes that relies on tuning 2020-03-18 11:55:02 +01:00
mtd treewide: remove redundant IS_ERR() before error code check 2020-02-04 03:05:27 +00:00
mux
net net: systemport: fix index check to avoid an array out of bounds access 2020-03-12 15:50:18 -07:00
nfc nfc: pn544: Fix occasional HW initialization failure 2020-02-19 11:09:27 -08:00
ntb
nubus
nvdimm mm: Cleanup __put_devmap_managed_page() vs ->page_free() 2020-01-31 10:30:37 -08:00
nvme nvmet-tcp: set MSG_MORE only if we actually have more to send 2020-03-21 04:37:53 +09:00
nvmem Merge branch 'i2c/for-5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2020-02-07 12:54:13 -08:00
of drivers/of/of_mdio.c:fix of_mdiobus_register() 2020-03-03 19:01:51 -08:00
opp ioremap changes for 5.6 2020-01-27 13:03:00 -08:00
oprofile tracing: Make struct ring_buffer less ambiguous 2020-01-13 13:19:38 -05:00
parisc proc: convert everything to "struct proc_ops" 2020-02-04 03:05:26 +00:00
parport
pci PCI: brcmstb: Fix build on 32bit ARM platforms with older compilers 2020-02-27 08:06:20 -06:00
pcmcia
perf drivers/perf: arm_pmu_acpi: Fix incorrect checking of gicc pointer 2020-03-02 12:07:35 +00:00
phy phy: for 5.6-rc 2020-03-04 13:28:52 +01:00
pinctrl pinctrl: qcom: Assign irq_eoi conditionally 2020-03-09 16:31:34 +01:00
platform platform/chrome: wilco_ec: Include asm/unaligned instead of linux/ path 2020-02-11 09:10:36 +01:00
pnp proc: convert everything to "struct proc_ops" 2020-02-04 03:05:26 +00:00
power ARM: SoC platform updates 2020-02-08 13:55:25 -08:00
powercap Merge back power capping changes for v5.6. 2020-01-13 10:32:19 +01:00
pps
ps3
ptp Merge ra.kernel.org:/pub/scm/linux/kernel/git/netdev/net 2020-01-19 22:10:04 +01:00
pwm pwm: Remove set but not set variable 'pwm' 2020-01-20 15:40:49 +01:00
rapidio
ras
regulator regulator: Fixes for v5.6 2020-03-06 14:48:30 -06:00
remoteproc remoteproc: qcom: q6v5-mss: Improve readability of reset_assert 2020-01-24 09:34:07 -08:00
reset reset: intel: add unspecified HAS_IOMEM dependency 2020-02-10 11:11:55 +01:00
rpmsg rpmsg: add rpmsg support for mt8183 SCP. 2020-01-20 10:29:56 -08:00
rtc rtc: max8907: add missing select REGMAP_IRQ 2020-03-19 09:55:25 -07:00
s390 block-5.6-2020-03-13 2020-03-13 12:45:23 -07:00
sbus
scsi scsi: ipr: Fix softlockup when rescanning devices in petitboot 2020-03-10 22:34:24 -04:00
sfi
sh
siox siox: Use the correct style for SPDX License Identifier 2020-01-14 21:46:53 +01:00
slimbus slimbus: ngd: add v2.1.0 compatible 2020-03-12 16:51:15 +01:00
soc i.MX fixes for 5.6: 2020-02-24 09:57:05 -08:00
soundwire soundwire: cadence: fix kernel-doc parameter descriptions 2020-01-16 17:34:38 +05:30
spi spi: Fixes for v5.6 2020-03-06 14:50:16 -06:00
spmi spmi: pmic-arb: Set lockdep class for hierarchical irq domains 2020-02-10 13:16:04 +01:00
ssb
staging Staging/IIO fixes for 5.6-rc7 2020-03-20 09:20:38 -07:00
target scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session" 2020-02-14 17:13:54 -05:00
tc The main MIPS changes for 5.6: 2020-01-31 11:28:31 -08:00
tee arm64: dts: agilex: fix gmac compatible 2020-03-03 16:40:56 -08:00
thermal - Fix a SEVERE docs build failure for cpu idle cooling device (Randy Dunlap) 2020-01-31 14:39:21 -08:00
thunderbolt thunderbolt: Fix error code in tb_port_is_width_supported() 2020-03-04 12:34:17 +03:00
tty tty: fix compat TIOCGSERIAL checking wrong function ptr 2020-03-18 13:15:13 +01:00
uio uio: uio_pdrv_genirq: Do not log an error when deferring probe routine. 2020-01-14 15:27:51 +01:00
usb USB-serial fixes for 5.6-rc7 2020-03-18 10:42:57 +01:00
vfio vfio/pci: Introduce VF token 2020-03-24 09:28:27 -06:00
vhost vhost: Check docket sk_family instead of call getname 2020-02-22 21:41:42 -08:00
video ARM: SoC fixes 2020-03-08 17:36:22 -07:00
virt
virtio virtio_balloon: Adjust label in virtballoon_probe 2020-03-08 05:35:24 -04:00
visorbus visorbus: fix uninitialized variable access 2020-01-14 15:30:35 +01:00
vlynq
vme Char/Misc driver changes for 5.6-rc1 2020-01-29 10:35:54 -08:00
w1 Char/Misc driver changes for 5.6-rc1 2020-01-29 10:35:54 -08:00
watchdog watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional 2020-03-10 10:20:37 +01:00
xen xen/xenbus: fix locking 2020-03-05 09:42:23 -06:00
zorro Kbuild updates for v5.6 (2nd) 2020-02-09 16:05:50 -08:00
Kconfig
Makefile