On Wed, 24 Jun 2020 14:54:49 +0800
Lu Baolu<baolu.lu@xxxxxxxxxxxxxxx> wrote:
Hi Jacob,No need. The difference is that there is no
On 2020/6/24 1:03, Jacob Pan wrote:
IOMMU UAPI data has a user filled argsz field which indicates theNeed to do size check in intel_iommu_sva_invalidate() as well?
data length comes with the API call. User data is not trusted,
argsz must be validated based on the current kernel data size,
mandatory data size, and feature flags.
User data may also be extended, results in possible argsz increase.
Backward compatibility is ensured based on size and flags checking.
Details are documented in Documentation/userspace-api/iommu.rst
This patch adds sanity checks in both IOMMU layer and vendor code,
where VT-d is the only user for now.
Signed-off-by: Liu Yi L<yi.l.liu@xxxxxxxxx>
Signed-off-by: Jacob Pan<jacob.jun.pan@xxxxxxxxxxxxxxx>
---
drivers/iommu/intel/svm.c | 3 ++
drivers/iommu/iommu.c | 96
++++++++++++++++++++++++++++++++++++++++++++---
include/linux/iommu.h | 7 ++-- 3 files changed, 98
insertions(+), 8 deletions(-)
diff --git a/drivers/iommu/intel/svm.c b/drivers/iommu/intel/svm.c
index 713b3a218483..237db56878c0 100644
--- a/drivers/iommu/intel/svm.c
+++ b/drivers/iommu/intel/svm.c
@@ -244,6 +244,9 @@ int intel_svm_bind_gpasid(struct iommu_domain
*domain, struct device *dev, data->format !=
IOMMU_PASID_FORMAT_INTEL_VTD) return -EINVAL;
+ if (data->argsz != offsetofend(struct
iommu_gpasid_bind_data, vendor.vtd))
+ return -EINVAL;
vendor specific union for intel_iommu_sva_invalidate().
Generic flags are used to process invalidation data inside
intel_iommu_sva_invalidate().