From: Yongji Xie <elohimes@xxxxxxxxx> This patch tries to expose MSI-X tables to userspace if hardware enables interrupt remapping. This capability can ensure that a given PCI device can only shoot the MSIs assigned for it. That means a userspace driver could never hurt other devices or system by writing to the exposed MSI-X table directly. Signed-off-by: Yongji Xie <xyjxie@xxxxxxxxxxxxxxxxxx> Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxxxx> --- drivers/vfio/pci/vfio_pci.c | 17 ++++++++++++++--- drivers/vfio/pci/vfio_pci_rdwr.c | 3 ++- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c index 324c52e3a1a4..0c616048ad80 100644 --- a/drivers/vfio/pci/vfio_pci.c +++ b/drivers/vfio/pci/vfio_pci.c @@ -564,8 +564,12 @@ static int msix_sparse_mmap_cap(struct vfio_pci_device *vdev, end = pci_resource_len(vdev->pdev, vdev->msix_bar); - /* If MSI-X table is aligned to the start or end, only one area */ - if (((vdev->msix_offset & PAGE_MASK) == 0) || + /* + * If MSI-X table is allowed to mmap because of the capability + * of IRQ remapping or aligned to the start or end, only one area + */ + if ((vdev->pdev->bus->bus_flags & PCI_BUS_FLAGS_MSI_REMAP) || + ((vdev->msix_offset & PAGE_MASK) == 0) || (PAGE_ALIGN(vdev->msix_offset + vdev->msix_size) >= end)) nr_areas = 1; @@ -577,6 +581,12 @@ static int msix_sparse_mmap_cap(struct vfio_pci_device *vdev, sparse->nr_areas = nr_areas; + if (vdev->pdev->bus->bus_flags & PCI_BUS_FLAGS_MSI_REMAP) { + sparse->areas[i].offset = 0; + sparse->areas[i].size = end; + return 0; + } + if (vdev->msix_offset & PAGE_MASK) { sparse->areas[i].offset = 0; sparse->areas[i].size = vdev->msix_offset & PAGE_MASK; @@ -1115,7 +1125,8 @@ static int vfio_pci_mmap(void *device_data, struct vm_area_struct *vma) if (req_start + req_len > phys_len) return -EINVAL; - if (index == vdev->msix_bar) { + if (index == vdev->msix_bar && + !(pdev->bus->bus_flags & PCI_BUS_FLAGS_MSI_REMAP)) { /* * Disallow mmaps overlapping the MSI-X table; users don't * get to touch this directly. We could find somewhere diff --git a/drivers/vfio/pci/vfio_pci_rdwr.c b/drivers/vfio/pci/vfio_pci_rdwr.c index 357243d76f10..5378f2c3ac8e 100644 --- a/drivers/vfio/pci/vfio_pci_rdwr.c +++ b/drivers/vfio/pci/vfio_pci_rdwr.c @@ -164,7 +164,8 @@ ssize_t vfio_pci_bar_rw(struct vfio_pci_device *vdev, char __user *buf, } else io = vdev->barmap[bar]; - if (bar == vdev->msix_bar) { + if (bar == vdev->msix_bar && + !(pdev->bus->bus_flags & PCI_BUS_FLAGS_MSI_REMAP)) { x_start = vdev->msix_offset; x_end = vdev->msix_offset + vdev->msix_size; } -- 2.11.0