summaryrefslogtreecommitdiffstats
path: root/samples/vfio-mdev
AgeCommit message (Collapse)AuthorFilesLines
2020-04-21vmalloc: fix remap_vmalloc_range() bounds checksJann Horn1-1/+1
remap_vmalloc_range() has had various issues with the bounds checks it promises to perform ("This function checks that addr is a valid vmalloc'ed area, and that it is big enough to cover the vma") over time, e.g.: - not detecting pgoff<<PAGE_SHIFT overflow - not detecting (pgoff<<PAGE_SHIFT)+usize overflow - not checking whether addr and addr+(pgoff<<PAGE_SHIFT) are the same vmalloc allocation - comparing a potentially wildly out-of-bounds pointer with the end of the vmalloc region In particular, since commit fc9702273e2e ("bpf: Add mmap() support for BPF_MAP_TYPE_ARRAY"), unprivileged users can cause kernel null pointer dereferences by calling mmap() on a BPF map with a size that is bigger than the distance from the start of the BPF map to the end of the address space. This could theoretically be used as a kernel ASLR bypass, by using whether mmap() with a given offset oopses or returns an error code to perform a binary search over the possible address range. To allow remap_vmalloc_range_partial() to verify that addr and addr+(pgoff<<PAGE_SHIFT) are in the same vmalloc region, pass the offset to remap_vmalloc_range_partial() instead of adding it to the pointer in remap_vmalloc_range(). In remap_vmalloc_range_partial(), fix the check against get_vm_area_size() by using size comparisons instead of pointer comparisons, and add checks for pgoff. Fixes: 833423143c3a ("[PATCH] mm: introduce remap_vmalloc_range()") Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Cc: stable@vger.kernel.org Cc: Alexei Starovoitov <ast@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: Martin KaFai Lau <kafai@fb.com> Cc: Song Liu <songliubraving@fb.com> Cc: Yonghong Song <yhs@fb.com> Cc: Andrii Nakryiko <andriin@fb.com> Cc: John Fastabend <john.fastabend@gmail.com> Cc: KP Singh <kpsingh@chromium.org> Link: http://lkml.kernel.org/r/20200415222312.236431-1-jannh@google.com Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-12-10samples: vfio-mdev: constify fb opsJani Nikula1-1/+1
Now that the fbops member of struct fb_info is const, we can start making the ops const as well. v2: fix typo (Christophe de Dinechin) Cc: Kirti Wankhede <kwankhede@nvidia.com> Cc: kvm@vger.kernel.org Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> Acked-by: Kirti Wankhede <kwankhede@nvidia.com> Signed-off-by: Jani Nikula <jani.nikula@intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/ddb10df1316ef585930cda7718643a580f4fe37b.1575390741.git.jani.nikula@intel.com
2019-11-25sample/vfio-mdev/mbocs: Remove dma_buf_k(un)map supportDaniel Vetter1-16/+0
No in-tree users left. Acked-by: Sumit Semwal <sumit.semwal@linaro.org> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> Cc: Kirti Wankhede <kwankhede@nvidia.com> Cc: kvm@vger.kernel.org Link: https://patchwork.freedesktop.org/patch/msgid/20191118103536.17675-15-daniel.vetter@ffwll.ch
2019-08-19vfio-mdev/mtty: Simplify interrupt generationParav Pandit1-31/+8
While generating interrupt, mdev_state is already available for which interrupt is generated. Instead of doing indirect way from state->device->uuid-> to searching state linearly in linked list on every interrupt generation, directly use the available state. Hence, simplify the code to use mdev_state and remove unused helper function with that. Reviewed-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Parav Pandit <parav@mellanox.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2019-07-25treewide: remove SPDX "WITH Linux-syscall-note" from kernel-space headers againMasahiro Yamada1-1/+1
The "WITH Linux-syscall-note" exception exists for headers exported to user space. It is strange to add it to non-exported headers. Commit 687a3e4d8e61 ("treewide: remove SPDX "WITH Linux-syscall-note" from kernel-space headers") did cleanups some months ago, but it looks like we need to do this periodically. This patch was generated by the following script: git grep -l -e Linux-syscall-note \ -- :*.h :^arch/*/include/uapi/asm/*.h :^include/uapi/ :^tools | while read file do sed -i -e 's/(\(GPL-[^[:space:]]*\) WITH Linux-syscall-note)/\1/g' \ -e 's/ WITH Linux-syscall-note//g' $file done I did not commit drivers/staging/android/uapi/ion.h . This header is not currently exported, but somebody may plan to move it to include/uapi/ when the time comes. I am not sure. Anyway, it will be better to check the license inconsistency in drivers/staging/android/uapi/. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-07-02sample/mdev/mbochs: remove set but not used variable 'mdev_state'YueHaibing1-3/+0
Fixes gcc '-Wunused-but-set-variable' warning: samples/vfio-mdev/mbochs.c: In function mbochs_ioctl: samples/vfio-mdev/mbochs.c:1188:21: warning: variable mdev_state set but not used [-Wunused-but-set-variable] It's not used any more since commit 104c7405a64d ("vfio: add edid support to mbochs sample driver") Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2019-07-02vfio-mdev/samples: make some symbols staticKefeng Wang1-23/+24
Make some structs and functions static to fix build warning, parts of warning shown below, samples/vfio-mdev/mtty.c:730:5: warning: symbol 'mtty_create' was not declared. Should it be static? samples/vfio-mdev/mtty.c:780:5: warning: symbol 'mtty_remove' was not declared. Should it be static? samples/vfio-mdev/mtty.c:802:5: warning: symbol 'mtty_reset' was not declared. Should it be static? samples/vfio-mdev/mtty.c:818:9: warning: symbol 'mtty_read' was not declared. Should it be static? samples/vfio-mdev/mtty.c:877:9: warning: symbol 'mtty_write' was not declared. Should it be static? samples/vfio-mdev/mtty.c:1070:5: warning: symbol 'mtty_get_region_info' was not declared. Should it be static? samples/vfio-mdev/mtty.c:1119:5: warning: symbol 'mtty_get_irq_info' was not declared. Should it be static? samples/vfio-mdev/mtty.c:1143:5: warning: symbol 'mtty_get_device_info' was not declared. Should it be static? samples/vfio-mdev/mtty.c:1275:5: warning: symbol 'mtty_open' was not declared. Should it be static? samples/vfio-mdev/mtty.c:1281:6: warning: symbol 'mtty_close' was not declared. Should it be static? samples/vfio-mdev/mtty.c:1305:30: warning: symbol 'mtty_dev_groups' was not declared. Should it be static? Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Alex Williamson <alex.williamson@redhat.com> Cc: Kirti Wankhede <kwankhede@nvidia.com> Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> [aw: wrap long lines] Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2019-06-19treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500Thomas Gleixner1-5/+1
Based on 2 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license version 2 as published by the free software foundation this program is free software you can redistribute it and or modify it under the terms of the gnu general public license version 2 as published by the free software foundation # extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 4122 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Enrico Weigelt <info@metux.net> Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Reviewed-by: Allison Randal <allison@lohutok.net> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190604081206.933168790@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-21treewide: Add SPDX license identifier - Makefile/KconfigThomas Gleixner1-0/+1
Add SPDX license identifiers to all Make/Kconfig files which: - Have no license information of any form These files fall under the project license, GPL v2 only. The resulting SPDX license identifier is: GPL-2.0-only Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-02-12samples/vfio-mdev/mtty: expand minor range when registering chrdev regionChengguang Xu1-4/+5
Actually, total amount of available minor number for a single major is MINORMARK + 1. So expand minor range when registering chrdev region. Signed-off-by: Chengguang Xu <cgxu519@gmx.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2019-02-12samples/vfio-mdev/mdpy: expand minor range when registering chrdev regionChengguang Xu1-4/+4
Actually, total amount of available minor number for a single major is MINORMARK + 1. So expand minor range when registering chrdev region. Signed-off-by: Chengguang Xu <cgxu519@gmx.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2019-02-12samples/vfio-mdev/mbochs: expand minor range when registering chrdev regionChengguang Xu1-4/+4
Actually, total amount of available minor number for a single major is MINORMARK + 1. So expand minor range when registering chrdev region. Signed-off-by: Chengguang Xu <cgxu519@gmx.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2019-02-05vfio-mdev: Switch to use new generic UUID APIAndy Shevchenko1-4/+4
There are new types and helpers that are supposed to be used in new code. As a preparation to get rid of legacy types and API functions do the conversion here. Cc: Kirti Wankhede <kwankhede@nvidia.com> Cc: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-12-17vfio-mdev/samples: Use u8 instead of char for handle functionsNathan Chancellor1-13/+13
Clang warns: samples/vfio-mdev/mtty.c:592:39: warning: implicit conversion from 'int' to 'char' changes value from 162 to -94 [-Wconstant-conversion] *buf = UART_MSR_DSR | UART_MSR_DDSR | UART_MSR_DCD; ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~ 1 warning generated. Turns out that all uses of buf in this function ultimately end up stored or cast to an unsigned type. Just use u8, which has the same number of bits but can store this larger number so Clang no longer warns. Signed-off-by: Nathan Chancellor <natechancellor@gmail.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-10-11vfio: add edid support to mbochs sample driverGerd Hoffmann1-19/+117
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-07-11sample: vfio-mdev: avoid deadlock in mdev_access()Alexey Khoroshilov1-1/+3
mdev_access() calls mbochs_get_page() with mdev_state->ops_lock held, while mbochs_get_page() locks the mutex by itself. It leads to unavoidable deadlock. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-07-04sample/vfio-mdev: Change return type to vm_fault_tSouptick Joarder1-2/+2
convert mbochs_region_vm_fault and mbochs_dmabuf_vm_fault to return vm_fault_t type. Signed-off-by: Souptick Joarder <jrdr.linux@gmail.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-06-26sample/mdev/mbochs: add mbochs_kunmap_dmabufGerd Hoffmann1-0/+7
There is no default implementation for dma_buf_ops->unmap. So add a function unmapping the page, otherwise we'll leak them. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-06-26sample/mdev/mbochs: remove mbochs_kmap_atomic_dmabufGerd Hoffmann1-10/+0
Atomic mapping interface for dmabufs will be removed. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-06-08sample: vfio bochs vbe display (host device for bochs-drm)Gerd Hoffmann2-0/+1407
Display device, demo-ing the vfio dmabuf display interface (VFIO_GFX_PLANE_TYPE_DMABUF). Compatible enough to qemu stdvga that bochs-drm.ko can be used as guest driver. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-06-08sample: vfio mdev display - guest driverGerd Hoffmann2-0/+233
Guest fbdev driver for CONFIG_SAMPLE_VFIO_MDEV_MDPY. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-06-08sample: vfio mdev display - host deviceGerd Hoffmann3-0/+830
Simple framebuffer display, demo-ing the vfio region display interface (VFIO_GFX_PLANE_TYPE_REGION). Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2018-03-22vfio-mdev/samples: change RDI interrupt conditionShunyong Yang1-1/+1
When FIFO mode is enabled, the receive data available interrupt (UART_IIR_RDI in code) should be triggered when the number of data in FIFO is equal or larger than interrupt trigger level. This patch changes the trigger level check to ensure multiple bytes received from upper layer can trigger RDI interrupt correctly. Cc: Joey Zheng <yu.zheng@hxt-semitech.com> Signed-off-by: Shunyong Yang <shunyong.yang@hxt-semitech.com> Reviewed by: Kirti Wankhede <kwankhede@nvidia.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2017-10-02vfio-mdev/samples: make mdev_fops const and staticBhumika Goyal1-1/+1
Make this const as it is only passed to a const argument of the function mdev_register_device. Make it static as it is not referenced in any other file. Structure found using Coccinelle and changes done by hand. Signed-off-by: Bhumika Goyal <bhumirks@gmail.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2017-01-11vfio-mdev: remove some dead codeDan Carpenter1-3/+0
We set info.count to 1 in mtty_get_irq_info() so static checkers complain that, "Why do we have impossible conditions?" The answer is that it seems to be left over dead code that can be safely removed. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Kirti Wankhede <kwankhede@nvidia.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2017-01-11vfio-mdev: buffer overflow in ioctl()Dan Carpenter1-2/+5
This is a sample driver for documentation so the impact is probably pretty low. But we should check that bar_index is valid so we don't write beyond the end of the mdev_state->region_info[] array. Fixes: 9d1a546c53b4 ("docs: Sample driver to demonstrate how to use Mediated device framework.") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Kirti Wankhede <kwankhede@nvidia.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2017-01-11vfio-mdev: return -EFAULT if copy_to_user() failsDan Carpenter1-3/+12
The copy_to_user() function returns the number of bytes which it wasn't able to copy but we want to return a negative error code. Fixes: 9d1a546c53b4 ("docs: Sample driver to demonstrate how to use Mediated device framework.") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Kirti Wankhede <kwankhede@nvidia.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2017-01-04vfio-mdev: fix some error codes in the sample codeDan Carpenter1-1/+3
This is just sample code. We forget to set the error codes in a couple places. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reported-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2016-12-30vfio-mdev: Make mdev_device private and abstract interfacesAlex Williamson1-11/+13
Abstract access to mdev_device so that we can define which interfaces are public rather than relying on comments in the structure. Cc: Zhenyu Wang <zhenyuw@linux.intel.com> Cc: Zhi Wang <zhi.a.wang@intel.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Reviewed-by: Jike Song <jike.song@intel.com> Reviewed by: Kirti Wankhede <kwankhede@nvidia.com>
2016-12-30vfio-mdev: Make mdev_parent privateAlex Williamson1-1/+1
Rather than hoping for good behavior by marking some elements internal, enforce it by making the entire structure private and creating an accessor function for the one useful external field. Cc: Zhenyu Wang <zhenyuw@linux.intel.com> Cc: Zhi Wang <zhi.a.wang@intel.com> Cc: Jike Song <jike.song@intel.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Reviewed by: Kirti Wankhede <kwankhede@nvidia.com>
2016-12-30vfio-mdev: de-polute the namespace, rename parent_device & parent_opsAlex Williamson1-1/+1
Add an mdev_ prefix so we're not poluting the namespace so much. Cc: Zhenyu Wang <zhenyuw@linux.intel.com> Cc: Zhi Wang <zhi.a.wang@intel.com> Cc: Jike Song <jike.song@intel.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Reviewed by: Kirti Wankhede <kwankhede@nvidia.com>
2016-12-30vfio-mdev: Fix mtty sample driver buildingAlex Williamson1-13/+1
This sample driver was originally under Documentation/ and was moved to samples, but build support was never adjusted for the new location. Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Kirti Wankhede <kwankhede@nvidia.com>
2016-11-17docs: Sample driver to demonstrate how to use Mediated device framework.Kirti Wankhede2-0/+1516
The Sample driver creates mdev device that simulates serial port over PCI card. Signed-off-by: Kirti Wankhede <kwankhede@nvidia.com> Signed-off-by: Neo Jia <cjia@nvidia.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>