0ec8ce0739
When the idxd_user_drv driver is bound to a Work Queue (WQ) device
without IOMMU or with IOMMU Passthrough without Shared Virtual
Addressing (SVA), the application gains direct access to physical
memory via the device by programming physical address to a submitted
descriptor. This allows direct userspace read and write access to
arbitrary physical memory. This is inconsistent with the security
goals of a good kernel API.
Unlike vfio_pci driver, the IDXD char device driver does not provide any
ways to pin user pages and translate the address from user VA to IOVA or
PA without IOMMU SVA. Therefore the application has no way to instruct the
device to perform DMA function. This makes the char device not usable for
normal application usage.
Since user type WQ without SVA cannot be used for normal application usage
and presents the security issue, bind idxd_user_drv driver and enable user
type WQ only when SVA is enabled (i.e. user PASID is enabled).
Fixes:
|
||
|---|---|---|
| .. | ||
| bus.c | ||
| cdev.c | ||
| compat.c | ||
| device.c | ||
| dma.c | ||
| idxd.h | ||
| init.c | ||
| irq.c | ||
| Makefile | ||
| perfmon.c | ||
| perfmon.h | ||
| registers.h | ||
| submit.c | ||
| sysfs.c | ||