vfio_pci.c - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
vfio_pci.c (7517B)
      1// SPDX-License-Identifier: GPL-2.0-only
      2/*
      3 * Copyright (c) 2021, NVIDIA CORPORATION & AFFILIATES. All rights reserved
      4 *
      5 * Copyright (C) 2012 Red Hat, Inc.  All rights reserved.
      6 *     Author: Alex Williamson <alex.williamson@redhat.com>
      7 *
      8 * Derived from original vfio:
      9 * Copyright 2010 Cisco Systems, Inc.  All rights reserved.
     10 * Author: Tom Lyon, pugs@cisco.com
     11 */
     12
     13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
     14
     15#include <linux/device.h>
     16#include <linux/eventfd.h>
     17#include <linux/file.h>
     18#include <linux/interrupt.h>
     19#include <linux/iommu.h>
     20#include <linux/module.h>
     21#include <linux/mutex.h>
     22#include <linux/notifier.h>
     23#include <linux/pm_runtime.h>
     24#include <linux/slab.h>
     25#include <linux/types.h>
     26#include <linux/uaccess.h>
     27
     28#include <linux/vfio_pci_core.h>
     29
     30#define DRIVER_AUTHOR   "Alex Williamson <alex.williamson@redhat.com>"
     31#define DRIVER_DESC     "VFIO PCI - User Level meta-driver"
     32
     33static char ids[1024] __initdata;
     34module_param_string(ids, ids, sizeof(ids), 0);
     35MODULE_PARM_DESC(ids, "Initial PCI IDs to add to the vfio driver, format is \"vendor:device[:subvendor[:subdevice[:class[:class_mask]]]]\" and multiple comma separated entries can be specified");
     36
     37static bool nointxmask;
     38module_param_named(nointxmask, nointxmask, bool, S_IRUGO | S_IWUSR);
     39MODULE_PARM_DESC(nointxmask,
     40		  "Disable support for PCI 2.3 style INTx masking.  If this resolves problems for specific devices, report lspci -vvvxxx to linux-pci@vger.kernel.org so the device can be fixed automatically via the broken_intx_masking flag.");
     41
     42#ifdef CONFIG_VFIO_PCI_VGA
     43static bool disable_vga;
     44module_param(disable_vga, bool, S_IRUGO);
     45MODULE_PARM_DESC(disable_vga, "Disable VGA resource access through vfio-pci");
     46#endif
     47
     48static bool disable_idle_d3;
     49module_param(disable_idle_d3, bool, S_IRUGO | S_IWUSR);
     50MODULE_PARM_DESC(disable_idle_d3,
     51		 "Disable using the PCI D3 low power state for idle, unused devices");
     52
     53static bool enable_sriov;
     54#ifdef CONFIG_PCI_IOV
     55module_param(enable_sriov, bool, 0644);
     56MODULE_PARM_DESC(enable_sriov, "Enable support for SR-IOV configuration.  Enabling SR-IOV on a PF typically requires support of the userspace PF driver, enabling VFs without such support may result in non-functional VFs or PF.");
     57#endif
     58
     59static bool disable_denylist;
     60module_param(disable_denylist, bool, 0444);
     61MODULE_PARM_DESC(disable_denylist, "Disable use of device denylist. Disabling the denylist allows binding to devices with known errata that may lead to exploitable stability or security issues when accessed by untrusted users.");
     62
     63static bool vfio_pci_dev_in_denylist(struct pci_dev *pdev)
     64{
     65	switch (pdev->vendor) {
     66	case PCI_VENDOR_ID_INTEL:
     67		switch (pdev->device) {
     68		case PCI_DEVICE_ID_INTEL_QAT_C3XXX:
     69		case PCI_DEVICE_ID_INTEL_QAT_C3XXX_VF:
     70		case PCI_DEVICE_ID_INTEL_QAT_C62X:
     71		case PCI_DEVICE_ID_INTEL_QAT_C62X_VF:
     72		case PCI_DEVICE_ID_INTEL_QAT_DH895XCC:
     73		case PCI_DEVICE_ID_INTEL_QAT_DH895XCC_VF:
     74			return true;
     75		default:
     76			return false;
     77		}
     78	}
     79
     80	return false;
     81}
     82
     83static bool vfio_pci_is_denylisted(struct pci_dev *pdev)
     84{
     85	if (!vfio_pci_dev_in_denylist(pdev))
     86		return false;
     87
     88	if (disable_denylist) {
     89		pci_warn(pdev,
     90			 "device denylist disabled - allowing device %04x:%04x.\n",
     91			 pdev->vendor, pdev->device);
     92		return false;
     93	}
     94
     95	pci_warn(pdev, "%04x:%04x exists in vfio-pci device denylist, driver probing disallowed.\n",
     96		 pdev->vendor, pdev->device);
     97
     98	return true;
     99}
    100
    101static int vfio_pci_open_device(struct vfio_device *core_vdev)
    102{
    103	struct vfio_pci_core_device *vdev =
    104		container_of(core_vdev, struct vfio_pci_core_device, vdev);
    105	struct pci_dev *pdev = vdev->pdev;
    106	int ret;
    107
    108	ret = vfio_pci_core_enable(vdev);
    109	if (ret)
    110		return ret;
    111
    112	if (vfio_pci_is_vga(pdev) &&
    113	    pdev->vendor == PCI_VENDOR_ID_INTEL &&
    114	    IS_ENABLED(CONFIG_VFIO_PCI_IGD)) {
    115		ret = vfio_pci_igd_init(vdev);
    116		if (ret && ret != -ENODEV) {
    117			pci_warn(pdev, "Failed to setup Intel IGD regions\n");
    118			vfio_pci_core_disable(vdev);
    119			return ret;
    120		}
    121	}
    122
    123	vfio_pci_core_finish_enable(vdev);
    124
    125	return 0;
    126}
    127
    128static const struct vfio_device_ops vfio_pci_ops = {
    129	.name		= "vfio-pci",
    130	.open_device	= vfio_pci_open_device,
    131	.close_device	= vfio_pci_core_close_device,
    132	.ioctl		= vfio_pci_core_ioctl,
    133	.device_feature = vfio_pci_core_ioctl_feature,
    134	.read		= vfio_pci_core_read,
    135	.write		= vfio_pci_core_write,
    136	.mmap		= vfio_pci_core_mmap,
    137	.request	= vfio_pci_core_request,
    138	.match		= vfio_pci_core_match,
    139};
    140
    141static int vfio_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
    142{
    143	struct vfio_pci_core_device *vdev;
    144	int ret;
    145
    146	if (vfio_pci_is_denylisted(pdev))
    147		return -EINVAL;
    148
    149	vdev = kzalloc(sizeof(*vdev), GFP_KERNEL);
    150	if (!vdev)
    151		return -ENOMEM;
    152	vfio_pci_core_init_device(vdev, pdev, &vfio_pci_ops);
    153
    154	dev_set_drvdata(&pdev->dev, vdev);
    155	ret = vfio_pci_core_register_device(vdev);
    156	if (ret)
    157		goto out_free;
    158	return 0;
    159
    160out_free:
    161	vfio_pci_core_uninit_device(vdev);
    162	kfree(vdev);
    163	return ret;
    164}
    165
    166static void vfio_pci_remove(struct pci_dev *pdev)
    167{
    168	struct vfio_pci_core_device *vdev = dev_get_drvdata(&pdev->dev);
    169
    170	vfio_pci_core_unregister_device(vdev);
    171	vfio_pci_core_uninit_device(vdev);
    172	kfree(vdev);
    173}
    174
    175static int vfio_pci_sriov_configure(struct pci_dev *pdev, int nr_virtfn)
    176{
    177	struct vfio_pci_core_device *vdev = dev_get_drvdata(&pdev->dev);
    178
    179	if (!enable_sriov)
    180		return -ENOENT;
    181
    182	return vfio_pci_core_sriov_configure(vdev, nr_virtfn);
    183}
    184
    185static const struct pci_device_id vfio_pci_table[] = {
    186	{ PCI_DRIVER_OVERRIDE_DEVICE_VFIO(PCI_ANY_ID, PCI_ANY_ID) }, /* match all by default */
    187	{}
    188};
    189
    190MODULE_DEVICE_TABLE(pci, vfio_pci_table);
    191
    192static struct pci_driver vfio_pci_driver = {
    193	.name			= "vfio-pci",
    194	.id_table		= vfio_pci_table,
    195	.probe			= vfio_pci_probe,
    196	.remove			= vfio_pci_remove,
    197	.sriov_configure	= vfio_pci_sriov_configure,
    198	.err_handler		= &vfio_pci_core_err_handlers,
    199	.driver_managed_dma	= true,
    200};
    201
    202static void __init vfio_pci_fill_ids(void)
    203{
    204	char *p, *id;
    205	int rc;
    206
    207	/* no ids passed actually */
    208	if (ids[0] == '\0')
    209		return;
    210
    211	/* add ids specified in the module parameter */
    212	p = ids;
    213	while ((id = strsep(&p, ","))) {
    214		unsigned int vendor, device, subvendor = PCI_ANY_ID,
    215			subdevice = PCI_ANY_ID, class = 0, class_mask = 0;
    216		int fields;
    217
    218		if (!strlen(id))
    219			continue;
    220
    221		fields = sscanf(id, "%x:%x:%x:%x:%x:%x",
    222				&vendor, &device, &subvendor, &subdevice,
    223				&class, &class_mask);
    224
    225		if (fields < 2) {
    226			pr_warn("invalid id string \"%s\"\n", id);
    227			continue;
    228		}
    229
    230		rc = pci_add_dynid(&vfio_pci_driver, vendor, device,
    231				   subvendor, subdevice, class, class_mask, 0);
    232		if (rc)
    233			pr_warn("failed to add dynamic id [%04x:%04x[%04x:%04x]] class %#08x/%08x (%d)\n",
    234				vendor, device, subvendor, subdevice,
    235				class, class_mask, rc);
    236		else
    237			pr_info("add [%04x:%04x[%04x:%04x]] class %#08x/%08x\n",
    238				vendor, device, subvendor, subdevice,
    239				class, class_mask);
    240	}
    241}
    242
    243static int __init vfio_pci_init(void)
    244{
    245	int ret;
    246	bool is_disable_vga = true;
    247
    248#ifdef CONFIG_VFIO_PCI_VGA
    249	is_disable_vga = disable_vga;
    250#endif
    251
    252	vfio_pci_core_set_params(nointxmask, is_disable_vga, disable_idle_d3);
    253
    254	/* Register and scan for devices */
    255	ret = pci_register_driver(&vfio_pci_driver);
    256	if (ret)
    257		return ret;
    258
    259	vfio_pci_fill_ids();
    260
    261	if (disable_denylist)
    262		pr_warn("device denylist disabled.\n");
    263
    264	return 0;
    265}
    266module_init(vfio_pci_init);
    267
    268static void __exit vfio_pci_cleanup(void)
    269{
    270	pci_unregister_driver(&vfio_pci_driver);
    271}
    272module_exit(vfio_pci_cleanup);
    273
    274MODULE_LICENSE("GPL v2");
    275MODULE_AUTHOR(DRIVER_AUTHOR);
    276MODULE_DESCRIPTION(DRIVER_DESC);