Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'vfio-v6.19-rc4' of https://github.com/awilliam/linux-vfio
Pull VFIO fixes from Alex Williamson:
- Restrict ROM access to dword to resolve a regression introduced with
qword access seen on some Intel NICs. Update VGA region access to the
same given lack of precedent for 64-bit users (Kevin Tian)
- Fix missing .get_region_info_caps callback in the xe-vfio-pci variant
driver due to integration through the DRM tree (Michal Wajdeczko)
- Add aligned 64-bit access macros to tools/include/linux/types.h,
allowing removal of uapi/linux/type.h includes from various vfio
selftest, resolving redefinition warnings for integration with KVM
selftests (David Matlack)
- Fix error path memory leak in pds-vfio-pci variant driver (Zilin Guan)
- Fix error path use-after-free in xe-vfio-pci variant driver (Alper Ak)
* tag 'vfio-v6.19-rc4' of https://github.com/awilliam/linux-vfio:
vfio/xe: Fix use-after-free in xe_vfio_pci_alloc_file()
vfio/pds: Fix memory leak in pds_vfio_dirty_enable()
vfio: selftests: Drop <uapi/linux/types.h> includes
tools include: Add definitions for __aligned_{l,b}e64
vfio/xe: Add default handler for .get_region_info_caps
vfio/pci: Disable qword access to the VGA region
vfio/pci: Disable qword access to the PCI ROM bar
+46
-19
+2
-2
drivers/vfio/pci/nvgrace-gpu/main.c
+2
-2
drivers/vfio/pci/nvgrace-gpu/main.c
···
561
561
ret = vfio_pci_core_do_io_rw(&nvdev->core_device, false,
562
562
nvdev->resmem.ioaddr,
563
563
buf, offset, mem_count,
564
-
0, 0, false);
564
+
0, 0, false, VFIO_PCI_IO_WIDTH_8);
565
565
}
566
566
567
567
return ret;
···
693
693
ret = vfio_pci_core_do_io_rw(&nvdev->core_device, false,
694
694
nvdev->resmem.ioaddr,
695
695
(char __user *)buf, pos, mem_count,
696
-
0, 0, true);
696
+
0, 0, true, VFIO_PCI_IO_WIDTH_8);
697
697
}
698
698
699
699
return ret;
+5
-2
drivers/vfio/pci/pds/dirty.c
+5
-2
drivers/vfio/pci/pds/dirty.c
···
292
292
len = num_ranges * sizeof(*region_info);
293
293
294
294
node = interval_tree_iter_first(ranges, 0, ULONG_MAX);
295
-
if (!node)
296
-
return -EINVAL;
295
+
if (!node) {
296
+
err = -EINVAL;
297
+
goto out_free_region_info;
298
+
}
299
+
297
300
for (int i = 0; i < num_ranges; i++) {
298
301
struct pds_lm_dirty_region_info *ri = ®ion_info[i];
299
302
u64 region_size = node->last - node->start + 1;
+18
-7
drivers/vfio/pci/vfio_pci_rdwr.c
+18
-7
drivers/vfio/pci/vfio_pci_rdwr.c
···
135
135
ssize_t vfio_pci_core_do_io_rw(struct vfio_pci_core_device *vdev, bool test_mem,
136
136
void __iomem *io, char __user *buf,
137
137
loff_t off, size_t count, size_t x_start,
138
-
size_t x_end, bool iswrite)
138
+
size_t x_end, bool iswrite,
139
+
enum vfio_pci_io_width max_width)
139
140
{
140
141
ssize_t done = 0;
141
142
int ret;
···
151
150
else
152
151
fillable = 0;
153
152
154
-
if (fillable >= 8 && !(off % 8)) {
153
+
if (fillable >= 8 && !(off % 8) && max_width >= 8) {
155
154
ret = vfio_pci_iordwr64(vdev, iswrite, test_mem,
156
155
io, buf, off, &filled);
157
156
if (ret)
158
157
return ret;
159
158
160
-
} else
161
-
if (fillable >= 4 && !(off % 4)) {
159
+
} else if (fillable >= 4 && !(off % 4) && max_width >= 4) {
162
160
ret = vfio_pci_iordwr32(vdev, iswrite, test_mem,
163
161
io, buf, off, &filled);
164
162
if (ret)
165
163
return ret;
166
164
167
-
} else if (fillable >= 2 && !(off % 2)) {
165
+
} else if (fillable >= 2 && !(off % 2) && max_width >= 2) {
168
166
ret = vfio_pci_iordwr16(vdev, iswrite, test_mem,
169
167
io, buf, off, &filled);
170
168
if (ret)
···
234
234
void __iomem *io;
235
235
struct resource *res = &vdev->pdev->resource[bar];
236
236
ssize_t done;
237
+
enum vfio_pci_io_width max_width = VFIO_PCI_IO_WIDTH_8;
237
238
238
239
if (pci_resource_start(pdev, bar))
239
240
end = pci_resource_len(pdev, bar);
···
263
262
if (!io)
264
263
return -ENOMEM;
265
264
x_end = end;
265
+
266
+
/*
267
+
* Certain devices (e.g. Intel X710) don't support qword
268
+
* access to the ROM bar. Otherwise PCI AER errors might be
269
+
* triggered.
270
+
*
271
+
* Disable qword access to the ROM bar universally, which
272
+
* worked reliably for years before qword access is enabled.
273
+
*/
274
+
max_width = VFIO_PCI_IO_WIDTH_4;
266
275
} else {
267
276
int ret = vfio_pci_core_setup_barmap(vdev, bar);
268
277
if (ret) {
···
289
278
}
290
279
291
280
done = vfio_pci_core_do_io_rw(vdev, res->flags & IORESOURCE_MEM, io, buf, pos,
292
-
count, x_start, x_end, iswrite);
281
+
count, x_start, x_end, iswrite, max_width);
293
282
294
283
if (done >= 0)
295
284
*ppos += done;
···
363
352
* to the memory enable bit in the command register.
364
353
*/
365
354
done = vfio_pci_core_do_io_rw(vdev, false, iomem, buf, off, count,
366
-
0, 0, iswrite);
355
+
0, 0, iswrite, VFIO_PCI_IO_WIDTH_4);
367
356
368
357
vga_put(vdev->pdev, rsrc);
369
358
+4
-1
drivers/vfio/pci/xe/main.c
+4
-1
drivers/vfio/pci/xe/main.c
···
250
250
struct xe_vfio_pci_migration_file *migf;
251
251
const struct file_operations *fops;
252
252
int flags;
253
+
int ret;
253
254
254
255
migf = kzalloc(sizeof(*migf), GFP_KERNEL_ACCOUNT);
255
256
if (!migf)
···
260
259
flags = type == XE_VFIO_FILE_SAVE ? O_RDONLY : O_WRONLY;
261
260
migf->filp = anon_inode_getfile("xe_vfio_mig", fops, migf, flags);
262
261
if (IS_ERR(migf->filp)) {
262
+
ret = PTR_ERR(migf->filp);
263
263
kfree(migf);
264
-
return ERR_CAST(migf->filp);
264
+
return ERR_PTR(ret);
265
265
}
266
266
267
267
mutex_init(&migf->lock);
···
506
504
.open_device = xe_vfio_pci_open_device,
507
505
.close_device = xe_vfio_pci_close_device,
508
506
.ioctl = vfio_pci_core_ioctl,
507
+
.get_region_info_caps = vfio_pci_ioctl_get_region_info,
509
508
.device_feature = vfio_pci_core_ioctl_feature,
510
509
.read = vfio_pci_core_read,
511
510
.write = vfio_pci_core_write,
+9
-1
include/linux/vfio_pci_core.h
+9
-1
include/linux/vfio_pci_core.h
···
145
145
struct list_head dmabufs;
146
146
};
147
147
148
+
enum vfio_pci_io_width {
149
+
VFIO_PCI_IO_WIDTH_1 = 1,
150
+
VFIO_PCI_IO_WIDTH_2 = 2,
151
+
VFIO_PCI_IO_WIDTH_4 = 4,
152
+
VFIO_PCI_IO_WIDTH_8 = 8,
153
+
};
154
+
148
155
/* Will be exported for vfio pci drivers usage */
149
156
int vfio_pci_core_register_dev_region(struct vfio_pci_core_device *vdev,
150
157
unsigned int type, unsigned int subtype,
···
195
188
ssize_t vfio_pci_core_do_io_rw(struct vfio_pci_core_device *vdev, bool test_mem,
196
189
void __iomem *io, char __user *buf,
197
190
loff_t off, size_t count, size_t x_start,
198
-
size_t x_end, bool iswrite);
191
+
size_t x_end, bool iswrite,
192
+
enum vfio_pci_io_width max_width);
199
193
bool __vfio_pci_memory_enabled(struct vfio_pci_core_device *vdev);
200
194
bool vfio_pci_core_range_intersect_range(loff_t buf_start, size_t buf_cnt,
201
195
loff_t reg_start, size_t reg_cnt,
+8
tools/include/linux/types.h
+8
tools/include/linux/types.h
···
88
88
# define __aligned_u64 __u64 __attribute__((aligned(8)))
89
89
#endif
90
90
91
+
#ifndef __aligned_be64
92
+
# define __aligned_be64 __be64 __attribute__((aligned(8)))
93
+
#endif
94
+
95
+
#ifndef __aligned_le64
96
+
# define __aligned_le64 __le64 __attribute__((aligned(8)))
97
+
#endif
98
+
91
99
struct list_head {
92
100
struct list_head *next, *prev;
93
101
};
-1
tools/testing/selftests/vfio/lib/include/libvfio/iova_allocator.h
-1
tools/testing/selftests/vfio/lib/include/libvfio/iova_allocator.h
-1
tools/testing/selftests/vfio/lib/iommu.c
-1
tools/testing/selftests/vfio/lib/iommu.c
-1
tools/testing/selftests/vfio/lib/iova_allocator.c
-1
tools/testing/selftests/vfio/lib/iova_allocator.c
-1
tools/testing/selftests/vfio/lib/vfio_pci_device.c
-1
tools/testing/selftests/vfio/lib/vfio_pci_device.c
-1
tools/testing/selftests/vfio/vfio_dma_mapping_test.c
-1
tools/testing/selftests/vfio/vfio_dma_mapping_test.c