[PATCH kernel v5 09/10] KVM: PPC: iommu: Unify TCE checking

David Gibson david at gibson.dropbear.id.au
Thu Feb 23 15:40:27 AEDT 2017 

On Wed, Feb 22, 2017 at 07:21:32PM +1100, Alexey Kardashevskiy wrote:
> Signed-off-by: Alexey Kardashevskiy <aik at ozlabs.ru>

I like this, except for one detail

> ---
>  arch/powerpc/include/asm/iommu.h    | 20 +++++++++++++++-----
>  arch/powerpc/include/asm/kvm_ppc.h  |  6 ++++--
>  arch/powerpc/kernel/iommu.c         | 37 +++++++++++++------------------------
>  arch/powerpc/kvm/book3s_64_vio_hv.c | 31 +++++++------------------------
>  4 files changed, 39 insertions(+), 55 deletions(-)
> 
> diff --git a/arch/powerpc/include/asm/iommu.h b/arch/powerpc/include/asm/iommu.h
> index 82e77ebf85f4..d4396d1d89df 100644
> --- a/arch/powerpc/include/asm/iommu.h
> +++ b/arch/powerpc/include/asm/iommu.h
> @@ -296,11 +296,21 @@ static inline void iommu_restore(void)
>  #endif
>  
>  /* The API to support IOMMU operations for VFIO */
> -extern int iommu_tce_clear_param_check(struct iommu_table *tbl,
> -		unsigned long ioba, unsigned long tce_value,
> -		unsigned long npages);
> -extern int iommu_tce_put_param_check(struct iommu_table *tbl,
> -		unsigned long ioba, unsigned long tce);
> +extern int iommu_tce_check_ioba(unsigned long page_shift,
> +		unsigned long offset, unsigned long size,
> +		unsigned long ioba, unsigned long npages);
> +extern int iommu_tce_check_tce(unsigned long page_shift,
> +		unsigned long tce);
> +
> +#define iommu_tce_clear_param_check(tbl, ioba, tce_value, npages) \
> +		(iommu_tce_check_ioba((tbl)->it_page_shift,       \
> +				(tbl)->it_offset, (tbl)->it_size, \
> +				(ioba), (npages)) || (tce_value))
> +#define iommu_tce_put_param_check(tbl, ioba, tce)                 \
> +		(iommu_tce_check_ioba((tbl)->it_page_shift,       \
> +				(tbl)->it_offset, (tbl)->it_size, \
> +				(ioba), 1) ||                     \
> +		iommu_tce_check_tce((tbl)->it_page_shift, (tce)))
>  
>  extern void iommu_flush_tce(struct iommu_table *tbl);
>  extern int iommu_take_ownership(struct iommu_table *tbl);
> diff --git a/arch/powerpc/include/asm/kvm_ppc.h b/arch/powerpc/include/asm/kvm_ppc.h
> index 37bc9e7e90ba..e04b7fb8ccaa 100644
> --- a/arch/powerpc/include/asm/kvm_ppc.h
> +++ b/arch/powerpc/include/asm/kvm_ppc.h
> @@ -168,8 +168,10 @@ extern long kvm_vm_ioctl_create_spapr_tce(struct kvm *kvm,
>  				struct kvm_create_spapr_tce_64 *args);
>  extern struct kvmppc_spapr_tce_table *kvmppc_find_table(
>  		struct kvm *kvm, unsigned long liobn);
> -extern long kvmppc_ioba_validate(struct kvmppc_spapr_tce_table *stt,
> -		unsigned long ioba, unsigned long npages);
> +#define kvmppc_ioba_validate(stt, ioba, npages)                         \
> +		(iommu_tce_check_ioba((stt)->page_shift, (stt)->offset, \
> +				(stt)->size, (ioba), (npages)) ?        \
> +				H_PARAMETER : H_SUCCESS)
>  extern long kvmppc_tce_validate(struct kvmppc_spapr_tce_table *tt,
>  		unsigned long tce);
>  extern long kvmppc_gpa_to_ua(struct kvm *kvm, unsigned long gpa,
> diff --git a/arch/powerpc/kernel/iommu.c b/arch/powerpc/kernel/iommu.c
> index d02b8d22fb50..a419bd3997ba 100644
> --- a/arch/powerpc/kernel/iommu.c
> +++ b/arch/powerpc/kernel/iommu.c
> @@ -960,47 +960,36 @@ void iommu_flush_tce(struct iommu_table *tbl)
>  }
>  EXPORT_SYMBOL_GPL(iommu_flush_tce);
>  
> -int iommu_tce_clear_param_check(struct iommu_table *tbl,
> -		unsigned long ioba, unsigned long tce_value,
> -		unsigned long npages)
> +int iommu_tce_check_ioba(unsigned long page_shift,
> +		unsigned long offset, unsigned long size,
> +		unsigned long ioba, unsigned long npages)
>  {
> -	/* tbl->it_ops->clear() does not support any value but 0 */
> -	if (tce_value)
> -		return -EINVAL;
> +	unsigned long mask = (1 << page_shift) - 1;
>  
> -	if (ioba & ~IOMMU_PAGE_MASK(tbl))
> +	if (ioba & mask)
>  		return -EINVAL;
>  
> -	ioba >>= tbl->it_page_shift;
> -	if (ioba < tbl->it_offset)
> +	ioba >>= page_shift;
> +	if (ioba < offset)
>  		return -EINVAL;
>  
> -	if ((ioba + npages) > (tbl->it_offset + tbl->it_size))
> +	if ((ioba + 1) > (offset + size))
>  		return -EINVAL;
>  
>  	return 0;
>  }
> -EXPORT_SYMBOL_GPL(iommu_tce_clear_param_check);
> +EXPORT_SYMBOL_GPL(iommu_tce_check_ioba);
>  
> -int iommu_tce_put_param_check(struct iommu_table *tbl,
> -		unsigned long ioba, unsigned long tce)
> +int iommu_tce_check_tce(unsigned long page_shift, unsigned long tce)
>  {
> -	if (tce & ~IOMMU_PAGE_MASK(tbl))
> -		return -EINVAL;
> -
> -	if (ioba & ~IOMMU_PAGE_MASK(tbl))
> -		return -EINVAL;
> -
> -	ioba >>= tbl->it_page_shift;
> -	if (ioba < tbl->it_offset)
> -		return -EINVAL;
> +	unsigned long mask = (1 << page_shift) - 1;
>  
> -	if ((ioba + 1) > (tbl->it_offset + tbl->it_size))
> +	if (tce & mask)
>  		return -EINVAL;

This doesn't seem to be quite correctly named, since it doesn't check
a TCE (including permission bits), but rather a GPA.

>  	return 0;
>  }
> -EXPORT_SYMBOL_GPL(iommu_tce_put_param_check);
> +EXPORT_SYMBOL_GPL(iommu_tce_check_tce);
>  
>  long iommu_tce_xchg(struct iommu_table *tbl, unsigned long entry,
>  		unsigned long *hpa, enum dma_data_direction *direction)
> diff --git a/arch/powerpc/kvm/book3s_64_vio_hv.c b/arch/powerpc/kvm/book3s_64_vio_hv.c
> index 0f145fc7a3a5..92d769f4eaea 100644
> --- a/arch/powerpc/kvm/book3s_64_vio_hv.c
> +++ b/arch/powerpc/kvm/book3s_64_vio_hv.c
> @@ -62,27 +62,6 @@ struct kvmppc_spapr_tce_table *kvmppc_find_table(struct kvm *kvm,
>  EXPORT_SYMBOL_GPL(kvmppc_find_table);
>  
>  /*
> - * Validates IO address.
> - *
> - * WARNING: This will be called in real-mode on HV KVM and virtual
> - *          mode on PR KVM
> - */
> -long kvmppc_ioba_validate(struct kvmppc_spapr_tce_table *stt,
> -		unsigned long ioba, unsigned long npages)
> -{
> -	unsigned long mask = (1ULL << stt->page_shift) - 1;
> -	unsigned long idx = ioba >> stt->page_shift;
> -
> -	if ((ioba & mask) || (idx < stt->offset) ||
> -			(idx - stt->offset + npages > stt->size) ||
> -			(idx + npages < idx))
> -		return H_PARAMETER;
> -
> -	return H_SUCCESS;
> -}
> -EXPORT_SYMBOL_GPL(kvmppc_ioba_validate);
> -
> -/*
>   * Validates TCE address.
>   * At the moment flags and page mask are validated.
>   * As the host kernel does not access those addresses (just puts them
> @@ -95,10 +74,14 @@ EXPORT_SYMBOL_GPL(kvmppc_ioba_validate);
>   */
>  long kvmppc_tce_validate(struct kvmppc_spapr_tce_table *stt, unsigned long tce)
>  {
> -	unsigned long page_mask = ~((1ULL << stt->page_shift) - 1);
> -	unsigned long mask = ~(page_mask | TCE_PCI_WRITE | TCE_PCI_READ);
> +	unsigned long gpa = tce & ~(TCE_PCI_READ | TCE_PCI_WRITE);
> +	enum dma_data_direction dir = iommu_tce_direction(tce);
>  
> -	if (tce & mask)
> +	/* Allow userspace to poison TCE table */
> +	if (dir == DMA_NONE)
> +		return H_SUCCESS;
> +
> +	if (iommu_tce_check_tce(stt->page_shift, gpa))
>  		return H_PARAMETER;
>  
>  	return H_SUCCESS;

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/linuxppc-dev/attachments/20170223/3f0c0a55/attachment.sig>

More information about the Linuxppc-dev mailing list