From: John Johnson <john.g.johnson@oracle.com>
To: qemu-devel@nongnu.org
Subject: [RFC v3 05/19] Add validation ops vector
Date: Mon, 8 Nov 2021 16:46:33 -0800 [thread overview]
Message-ID: <327df73b51de7a11657aea61295d735fdd0427fb.1636057885.git.john.g.johnson@oracle.com> (raw)
In-Reply-To: <cover.1636057885.git.john.g.johnson@oracle.com>
Validates cases where the return values aren't fully trusted
(prep work for vfio-user, where the return values from the
remote process aren't trusted)
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
---
include/hw/vfio/vfio-common.h | 21 ++++++++++++++
hw/vfio/pci.c | 67 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 88 insertions(+)
diff --git a/include/hw/vfio/vfio-common.h b/include/hw/vfio/vfio-common.h
index 43fa948..c0dbbfb 100644
--- a/include/hw/vfio/vfio-common.h
+++ b/include/hw/vfio/vfio-common.h
@@ -125,6 +125,7 @@ typedef struct VFIOHostDMAWindow {
typedef struct VFIODeviceOps VFIODeviceOps;
typedef struct VFIODevIO VFIODevIO;
+typedef struct VFIOValidOps VFIOValidOps;
typedef struct VFIODevice {
QLIST_ENTRY(VFIODevice) next;
@@ -141,6 +142,7 @@ typedef struct VFIODevice {
bool enable_migration;
VFIODeviceOps *ops;
VFIODevIO *io_ops;
+ VFIOValidOps *valid_ops;
unsigned int num_irqs;
unsigned int num_regions;
unsigned int flags;
@@ -214,6 +216,25 @@ struct VFIOContIO {
extern VFIODevIO vfio_dev_io_ioctl;
extern VFIOContIO vfio_cont_io_ioctl;
+/*
+ * This ops vector allows for bus-specific verification
+ * routines in cases where the server may not be fully
+ * trusted.
+ */
+struct VFIOValidOps {
+ int (*validate_get_info)(VFIODevice *vdev, struct vfio_device_info *info);
+ int (*validate_get_region_info)(VFIODevice *vdev,
+ struct vfio_region_info *info, int *fd);
+ int (*validate_get_irq_info)(VFIODevice *vdev, struct vfio_irq_info *info);
+};
+
+#define VDEV_VALID_INFO(vdev, info) \
+ ((vdev)->valid_ops->validate_get_info((vdev), (info)))
+#define VDEV_VALID_REGION_INFO(vdev, info, fd) \
+ ((vdev)->valid_ops->validate_get_region_info((vdev), (info), (fd)))
+#define VDEV_VALID_IRQ_INFO(vdev, irq) \
+ ((vdev)->valid_ops->validate_get_irq_info((vdev), (irq)))
+
#endif /* CONFIG_LINUX */
typedef struct VFIOGroup {
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 28f21f8..6e2ce35 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -3371,3 +3371,70 @@ static void register_vfio_pci_dev_type(void)
}
type_init(register_vfio_pci_dev_type)
+
+
+/*
+ * PCI validation ops - used when return values need
+ * validation before use
+ */
+
+static int vfio_pci_valid_info(VFIODevice *vbasedev,
+ struct vfio_device_info *info)
+{
+ /* must be PCI */
+ if ((info->flags & VFIO_DEVICE_FLAGS_PCI) == 0) {
+ return -EINVAL;
+ }
+ /* only other valid flag is reset */
+ if (info->flags & ~(VFIO_DEVICE_FLAGS_PCI | VFIO_DEVICE_FLAGS_RESET)) {
+ return -EINVAL;
+ }
+ /* account for extra migration region */
+ if (info->num_regions > VFIO_PCI_NUM_REGIONS + 1) {
+ return -EINVAL;
+ }
+ if (info->num_irqs > VFIO_PCI_NUM_IRQS) {
+ return -EINVAL;
+ }
+ return 0;
+}
+
+static int vfio_pci_valid_region_info(VFIODevice *vbasedev,
+ struct vfio_region_info *info,
+ int *fd)
+{
+ if (info->flags & ~(VFIO_REGION_INFO_FLAG_READ |
+ VFIO_REGION_INFO_FLAG_WRITE |
+ VFIO_REGION_INFO_FLAG_MMAP |
+ VFIO_REGION_INFO_FLAG_CAPS)) {
+ return -EINVAL;
+ }
+ if (info->index > vbasedev->num_regions) {
+ return -EINVAL;
+ }
+ /* cap_offset in valid area */
+ if ((info->flags & VFIO_REGION_INFO_FLAG_CAPS) &&
+ (info->cap_offset < sizeof(*info) || info->cap_offset > info->argsz)) {
+ return -EINVAL;
+ }
+ return 0;
+}
+
+static int vfio_pci_valid_irq_info(VFIODevice *vbasedev,
+ struct vfio_irq_info *info)
+{
+ if (info->flags & ~(VFIO_IRQ_INFO_EVENTFD | VFIO_IRQ_INFO_MASKABLE |
+ VFIO_IRQ_INFO_AUTOMASKED | VFIO_IRQ_INFO_NORESIZE)) {
+ return -EINVAL;
+ }
+ if (info->index > vbasedev->num_irqs) {
+ return -EINVAL;
+ }
+ return 0;
+}
+
+struct VFIOValidOps vfio_pci_valid_ops = {
+ .validate_get_info = vfio_pci_valid_info,
+ .validate_get_region_info = vfio_pci_valid_region_info,
+ .validate_get_irq_info = vfio_pci_valid_irq_info,
+};
--
1.8.3.1
next prev parent reply other threads:[~2021-11-09 0:52 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-09 0:46 [RFC v3 00/19] vfio-user client John Johnson
2021-11-09 0:46 ` [RFC v3 01/19] vfio-user: introduce vfio-user protocol specification John Johnson
2021-11-09 0:46 ` [RFC v3 02/19] vfio-user: add VFIO base abstract class John Johnson
2021-11-19 22:42 ` Alex Williamson
2021-12-07 7:47 ` John Johnson
2021-11-09 0:46 ` [RFC v3 03/19] Add container IO ops vector John Johnson
2021-11-09 0:46 ` [RFC v3 04/19] Add device " John Johnson
2021-11-19 22:42 ` Alex Williamson
2021-12-07 7:48 ` John Johnson
2021-11-09 0:46 ` John Johnson [this message]
2021-11-19 22:42 ` [RFC v3 05/19] Add validation " Alex Williamson
2021-12-07 7:48 ` John Johnson
2021-11-09 0:46 ` [RFC v3 06/19] vfio-user: Define type vfio_user_pci_dev_info John Johnson
2021-11-19 22:42 ` Alex Williamson
2021-12-07 7:49 ` John Johnson
2021-11-09 0:46 ` [RFC v3 07/19] vfio-user: connect vfio proxy to remote server John Johnson
2021-11-19 22:42 ` Alex Williamson
2021-12-07 7:49 ` John Johnson
2021-11-09 0:46 ` [RFC v3 08/19] vfio-user: define socket receive functions John Johnson
2021-11-19 22:42 ` Alex Williamson
2021-12-07 7:49 ` John Johnson
2021-11-09 0:46 ` [RFC v3 09/19] vfio-user: define socket send functions John Johnson
2021-11-09 0:46 ` [RFC v3 10/19] vfio-user: get device info John Johnson
2021-11-09 0:46 ` [RFC v3 11/19] vfio-user: get region info John Johnson
2021-11-19 22:42 ` Alex Williamson
2021-12-07 7:50 ` John Johnson
2021-11-09 0:46 ` [RFC v3 12/19] vfio-user: region read/write John Johnson
2021-11-19 22:42 ` Alex Williamson
2021-12-07 7:50 ` John Johnson
2021-11-09 0:46 ` [RFC v3 13/19] vfio-user: pci_user_realize PCI setup John Johnson
2021-11-19 22:42 ` Alex Williamson
2021-12-07 7:50 ` John Johnson
2021-11-09 0:46 ` [RFC v3 14/19] vfio-user: get and set IRQs John Johnson
2021-11-09 0:46 ` [RFC v3 15/19] vfio-user: proxy container connect/disconnect John Johnson
2021-11-09 0:46 ` [RFC v3 16/19] vfio-user: dma map/unmap operations John Johnson
2021-11-19 22:42 ` Alex Williamson
2021-12-07 7:50 ` John Johnson
2021-11-09 0:46 ` [RFC v3 17/19] vfio-user: dma read/write operations John Johnson
2021-11-09 0:46 ` [RFC v3 18/19] vfio-user: pci reset John Johnson
2021-11-09 0:46 ` [RFC v3 19/19] vfio-user: migration support John Johnson
2021-11-19 22:42 ` Alex Williamson
2021-12-07 7:50 ` John Johnson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=327df73b51de7a11657aea61295d735fdd0427fb.1636057885.git.john.g.johnson@oracle.com \
--to=john.g.johnson@oracle.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.