From nobody Sun Dec 28 04:40:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8D606C4332F for ; Tue, 12 Dec 2023 13:17:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1376760AbjLLNRi (ORCPT ); Tue, 12 Dec 2023 08:17:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53286 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1376616AbjLLNRX (ORCPT ); Tue, 12 Dec 2023 08:17:23 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6016F115 for ; Tue, 12 Dec 2023 05:17:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1702387048; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Kbn/Pj7lGZv5FQhku3s01YJlXyJKSmX12DB6Cc5Zb3k=; b=RIDTSKQtyt/0vCclYSaCYcw+rEUtEude+BzAiqP0s/4apapYWvMr/0I+nDgOJ3AIWAo4eR wzP+fuNMGVXyaVqoFCLNx+uhIf9TWx1oK37dIpMjDVE1WCdXJo68OoibK6ccmEd52idWjw EXG7BhKfmo0jlqkZKANGIdCxyYUIW2k= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-267-r6trOJMmMXybz5kfVgFA4A-1; Tue, 12 Dec 2023 08:17:24 -0500 X-MC-Unique: r6trOJMmMXybz5kfVgFA4A-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id ED34928EC102; Tue, 12 Dec 2023 13:17:22 +0000 (UTC) Received: from max-p1.redhat.com (unknown [10.39.208.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id C38C31121306; Tue, 12 Dec 2023 13:17:19 +0000 (UTC) From: Maxime Coquelin To: mst@redhat.com, jasowang@redhat.com, xuanzhuo@linux.alibaba.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, xieyongji@bytedance.com, virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, david.marchand@redhat.com, lulu@redhat.com, casey@schaufler-ca.com Cc: Maxime Coquelin Subject: [PATCH v5 1/4] vduse: validate block features only with block devices Date: Tue, 12 Dec 2023 14:17:09 +0100 Message-ID: <20231212131712.1816324-2-maxime.coquelin@redhat.com> In-Reply-To: <20231212131712.1816324-1-maxime.coquelin@redhat.com> References: <20231212131712.1816324-1-maxime.coquelin@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.3 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" This patch is preliminary work to enable network device type support to VDUSE. As VIRTIO_BLK_F_CONFIG_WCE shares the same value as VIRTIO_NET_F_HOST_TSO4, we need to restrict its check to Virtio-blk device type. Acked-by: Jason Wang Reviewed-by: Xie Yongji Signed-off-by: Maxime Coquelin --- drivers/vdpa/vdpa_user/vduse_dev.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/vdpa/vdpa_user/vduse_dev.c b/drivers/vdpa/vdpa_user/vd= use_dev.c index 0ddd4b8abecb..0486ff672408 100644 --- a/drivers/vdpa/vdpa_user/vduse_dev.c +++ b/drivers/vdpa/vdpa_user/vduse_dev.c @@ -1671,13 +1671,14 @@ static bool device_is_allowed(u32 device_id) return false; } =20 -static bool features_is_valid(u64 features) +static bool features_is_valid(struct vduse_dev_config *config) { - if (!(features & (1ULL << VIRTIO_F_ACCESS_PLATFORM))) + if (!(config->features & (1ULL << VIRTIO_F_ACCESS_PLATFORM))) return false; =20 /* Now we only support read-only configuration space */ - if (features & (1ULL << VIRTIO_BLK_F_CONFIG_WCE)) + if ((config->device_id =3D=3D VIRTIO_ID_BLOCK) && + (config->features & (1ULL << VIRTIO_BLK_F_CONFIG_WCE))) return false; =20 return true; @@ -1704,7 +1705,7 @@ static bool vduse_validate_config(struct vduse_dev_co= nfig *config) if (!device_is_allowed(config->device_id)) return false; =20 - if (!features_is_valid(config->features)) + if (!features_is_valid(config)) return false; =20 return true; --=20 2.43.0 From nobody Sun Dec 28 04:40:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F838C4332F for ; Tue, 12 Dec 2023 13:17:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1376632AbjLLNRn (ORCPT ); Tue, 12 Dec 2023 08:17:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47610 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1376676AbjLLNRY (ORCPT ); Tue, 12 Dec 2023 08:17:24 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3250411D for ; Tue, 12 Dec 2023 05:17:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1702387049; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TaBsHxHFMnJzAJsTX2w35RpbTEwLYs4GFMNgU88u+kY=; b=R7qBGIDMF4nktJo9QlRXC6ufm0Nx89Sbz8xbIOx9lSkV366p6qqU1sVsgstkeI+vOIcqmy 2Hys5DcBiAkeq1773LdfRSaikpLv6/PQz5S8nJ9WhDu7dkTgfugMdHG7jba5Fu7TCa8Y8J pmzAVlwoneaOYJ6ZrLqElouxgfE+NIw= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-443-l1dVKqVbNjSHXwliPbYvYA-1; Tue, 12 Dec 2023 08:17:27 -0500 X-MC-Unique: l1dVKqVbNjSHXwliPbYvYA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 79687868A21; Tue, 12 Dec 2023 13:17:26 +0000 (UTC) Received: from max-p1.redhat.com (unknown [10.39.208.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 445881121306; Tue, 12 Dec 2023 13:17:23 +0000 (UTC) From: Maxime Coquelin To: mst@redhat.com, jasowang@redhat.com, xuanzhuo@linux.alibaba.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, xieyongji@bytedance.com, virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, david.marchand@redhat.com, lulu@redhat.com, casey@schaufler-ca.com Cc: Maxime Coquelin Subject: [PATCH v5 2/4] vduse: Temporarily disable control queue features Date: Tue, 12 Dec 2023 14:17:10 +0100 Message-ID: <20231212131712.1816324-3-maxime.coquelin@redhat.com> In-Reply-To: <20231212131712.1816324-1-maxime.coquelin@redhat.com> References: <20231212131712.1816324-1-maxime.coquelin@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.3 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Virtio-net driver control queue implementation is not safe when used with VDUSE. If the VDUSE application does not reply to control queue messages, it currently ends up hanging the kernel thread sending this command. Some work is on-going to make the control queue implementation robust with VDUSE. Until it is completed, let's disable control virtqueue and features that depend on it. Signed-off-by: Maxime Coquelin --- drivers/vdpa/vdpa_user/vduse_dev.c | 37 ++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/drivers/vdpa/vdpa_user/vduse_dev.c b/drivers/vdpa/vdpa_user/vd= use_dev.c index 0486ff672408..fe4b5c8203fd 100644 --- a/drivers/vdpa/vdpa_user/vduse_dev.c +++ b/drivers/vdpa/vdpa_user/vduse_dev.c @@ -28,6 +28,7 @@ #include #include #include +#include #include =20 #include "iova_domain.h" @@ -46,6 +47,30 @@ =20 #define IRQ_UNBOUND -1 =20 +#define VDUSE_NET_VALID_FEATURES_MASK \ + (BIT_ULL(VIRTIO_NET_F_CSUM) | \ + BIT_ULL(VIRTIO_NET_F_GUEST_CSUM) | \ + BIT_ULL(VIRTIO_NET_F_MTU) | \ + BIT_ULL(VIRTIO_NET_F_MAC) | \ + BIT_ULL(VIRTIO_NET_F_GUEST_TSO4) | \ + BIT_ULL(VIRTIO_NET_F_GUEST_TSO6) | \ + BIT_ULL(VIRTIO_NET_F_GUEST_ECN) | \ + BIT_ULL(VIRTIO_NET_F_GUEST_UFO) | \ + BIT_ULL(VIRTIO_NET_F_HOST_TSO4) | \ + BIT_ULL(VIRTIO_NET_F_HOST_TSO6) | \ + BIT_ULL(VIRTIO_NET_F_HOST_ECN) | \ + BIT_ULL(VIRTIO_NET_F_HOST_UFO) | \ + BIT_ULL(VIRTIO_NET_F_MRG_RXBUF) | \ + BIT_ULL(VIRTIO_NET_F_STATUS) | \ + BIT_ULL(VIRTIO_NET_F_HOST_USO) | \ + BIT_ULL(VIRTIO_F_ANY_LAYOUT) | \ + BIT_ULL(VIRTIO_RING_F_INDIRECT_DESC) | \ + BIT_ULL(VIRTIO_RING_F_EVENT_IDX) | \ + BIT_ULL(VIRTIO_F_VERSION_1) | \ + BIT_ULL(VIRTIO_F_ACCESS_PLATFORM) | \ + BIT_ULL(VIRTIO_F_RING_PACKED) | \ + BIT_ULL(VIRTIO_F_IN_ORDER)) + struct vduse_virtqueue { u16 index; u16 num_max; @@ -1782,6 +1807,16 @@ static struct attribute *vduse_dev_attrs[] =3D { =20 ATTRIBUTE_GROUPS(vduse_dev); =20 +static void vduse_dev_features_filter(struct vduse_dev_config *config) +{ + /* + * Temporarily filter out virtio-net's control virtqueue and features + * that depend on it while CVQ is being made more robust for VDUSE. + */ + if (config->device_id =3D=3D VIRTIO_ID_NET) + config->features &=3D VDUSE_NET_VALID_FEATURES_MASK; +} + static int vduse_create_dev(struct vduse_dev_config *config, void *config_buf, u64 api_version) { @@ -1797,6 +1832,8 @@ static int vduse_create_dev(struct vduse_dev_config *= config, if (!dev) goto err; =20 + vduse_dev_features_filter(config); + dev->api_version =3D api_version; dev->device_features =3D config->features; dev->device_id =3D config->device_id; --=20 2.43.0 From nobody Sun Dec 28 04:40:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19768C4332F for ; Tue, 12 Dec 2023 13:18:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1376791AbjLLNRw (ORCPT ); Tue, 12 Dec 2023 08:17:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53486 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1376689AbjLLNRa (ORCPT ); Tue, 12 Dec 2023 08:17:30 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 844041A8 for ; Tue, 12 Dec 2023 05:17:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1702387054; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=o0LIMgKiGBHNSKD8IIuTa7bPbj2RQDP2uV1SsEiFHOg=; b=SPhjUlnGPqs5kDa4l/waamJHx4odZztdVWqqSr+hKSIy7FmPAffxUtUr7AnSD0tYOZXg7Y bHEfT/Muz7z2d3XGkRbZ7evl4Zs/A+mXfqhL+6zHPZTHhwaFXYW4zgHde1YIHGaPx03Xiq 92gJRhc2DNAppavSelxALj7MvV0lz0Y= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-134-Grc6b-i-Ngq40wcOj_AIMg-1; Tue, 12 Dec 2023 08:17:30 -0500 X-MC-Unique: Grc6b-i-Ngq40wcOj_AIMg-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E213D28EC10B; Tue, 12 Dec 2023 13:17:29 +0000 (UTC) Received: from max-p1.redhat.com (unknown [10.39.208.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id C3E4E1121306; Tue, 12 Dec 2023 13:17:26 +0000 (UTC) From: Maxime Coquelin To: mst@redhat.com, jasowang@redhat.com, xuanzhuo@linux.alibaba.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, xieyongji@bytedance.com, virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, david.marchand@redhat.com, lulu@redhat.com, casey@schaufler-ca.com Cc: Maxime Coquelin Subject: [PATCH v5 3/4] vduse: enable Virtio-net device type Date: Tue, 12 Dec 2023 14:17:11 +0100 Message-ID: <20231212131712.1816324-4-maxime.coquelin@redhat.com> In-Reply-To: <20231212131712.1816324-1-maxime.coquelin@redhat.com> References: <20231212131712.1816324-1-maxime.coquelin@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.3 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" This patch adds Virtio-net device type to the supported devices types. Initialization fails if the device does not support VIRTIO_F_VERSION_1 feature, in order to guarantee the configuration space is read-only. Acked-by: Jason Wang Reviewed-by: Xie Yongji Signed-off-by: Maxime Coquelin --- drivers/vdpa/vdpa_user/vduse_dev.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/vdpa/vdpa_user/vduse_dev.c b/drivers/vdpa/vdpa_user/vd= use_dev.c index fe4b5c8203fd..fa62825be378 100644 --- a/drivers/vdpa/vdpa_user/vduse_dev.c +++ b/drivers/vdpa/vdpa_user/vduse_dev.c @@ -166,6 +166,7 @@ static struct workqueue_struct *vduse_irq_bound_wq; =20 static u32 allowed_device_id[] =3D { VIRTIO_ID_BLOCK, + VIRTIO_ID_NET, }; =20 static inline struct vduse_dev *vdpa_to_vduse(struct vdpa_device *vdpa) @@ -1706,6 +1707,10 @@ static bool features_is_valid(struct vduse_dev_confi= g *config) (config->features & (1ULL << VIRTIO_BLK_F_CONFIG_WCE))) return false; =20 + if ((config->device_id =3D=3D VIRTIO_ID_NET) && + !(config->features & (1ULL << VIRTIO_F_VERSION_1))) + return false; + return true; } =20 @@ -2068,6 +2073,7 @@ static const struct vdpa_mgmtdev_ops vdpa_dev_mgmtdev= _ops =3D { =20 static struct virtio_device_id id_table[] =3D { { VIRTIO_ID_BLOCK, VIRTIO_DEV_ANY_ID }, + { VIRTIO_ID_NET, VIRTIO_DEV_ANY_ID }, { 0 }, }; =20 --=20 2.43.0 From nobody Sun Dec 28 04:40:44 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50125C4332F for ; Tue, 12 Dec 2023 13:18:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1376748AbjLLNSB (ORCPT ); Tue, 12 Dec 2023 08:18:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47636 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1376674AbjLLNRm (ORCPT ); Tue, 12 Dec 2023 08:17:42 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B33F1197 for ; Tue, 12 Dec 2023 05:17:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1702387057; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=I+u1S2AY/jEGnaBOw0WBoMATED3t5u4RyQxPWcyrfwg=; b=ExqaaPmKwFJ8zDuyYBjpmRwzekFmNLNvXNqA69XKUlKZLVTGRqq7gLWBUhT0wX0QqDLK4B 4wJlnBiuDJjV7O0QA5QyRpyzCaD0Xd4F3XYNO/gurZeXcy9WkQ2xy4eoG5+d/xRhD3ffb8 h733sqmxe6YmWNy4EY0PXEhjYODafw4= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-673-4GXjYFpzO-GvKEOSKHlLSA-1; Tue, 12 Dec 2023 08:17:34 -0500 X-MC-Unique: 4GXjYFpzO-GvKEOSKHlLSA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 576E984A298; Tue, 12 Dec 2023 13:17:33 +0000 (UTC) Received: from max-p1.redhat.com (unknown [10.39.208.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 39C001121312; Tue, 12 Dec 2023 13:17:30 +0000 (UTC) From: Maxime Coquelin To: mst@redhat.com, jasowang@redhat.com, xuanzhuo@linux.alibaba.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, stephen.smalley.work@gmail.com, eparis@parisplace.org, xieyongji@bytedance.com, virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, david.marchand@redhat.com, lulu@redhat.com, casey@schaufler-ca.com Cc: Maxime Coquelin Subject: [PATCH v5 4/4] vduse: Add LSM hook to check Virtio device type Date: Tue, 12 Dec 2023 14:17:12 +0100 Message-ID: <20231212131712.1816324-5-maxime.coquelin@redhat.com> In-Reply-To: <20231212131712.1816324-1-maxime.coquelin@redhat.com> References: <20231212131712.1816324-1-maxime.coquelin@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.3 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" This patch introduces a LSM hook for devices creation, destruction (ioctl()) and opening (open()) operations, checking the application is allowed to perform these operations for the Virtio device type. Signed-off-by: Maxime Coquelin --- MAINTAINERS | 1 + drivers/vdpa/vdpa_user/vduse_dev.c | 13 ++++++++++++ include/linux/lsm_hook_defs.h | 2 ++ include/linux/security.h | 6 ++++++ include/linux/vduse.h | 14 +++++++++++++ security/security.c | 15 ++++++++++++++ security/selinux/hooks.c | 32 +++++++++++++++++++++++++++++ security/selinux/include/classmap.h | 2 ++ 8 files changed, 85 insertions(+) create mode 100644 include/linux/vduse.h diff --git a/MAINTAINERS b/MAINTAINERS index a0fb0df07b43..4e83b14358d2 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -23040,6 +23040,7 @@ F: drivers/net/virtio_net.c F: drivers/vdpa/ F: drivers/virtio/ F: include/linux/vdpa.h +F: include/linux/vduse.h F: include/linux/virtio*.h F: include/linux/vringh.h F: include/uapi/linux/virtio_*.h diff --git a/drivers/vdpa/vdpa_user/vduse_dev.c b/drivers/vdpa/vdpa_user/vd= use_dev.c index fa62825be378..59ab7eb62e20 100644 --- a/drivers/vdpa/vdpa_user/vduse_dev.c +++ b/drivers/vdpa/vdpa_user/vduse_dev.c @@ -8,6 +8,7 @@ * */ =20 +#include "linux/security.h" #include #include #include @@ -30,6 +31,7 @@ #include #include #include +#include =20 #include "iova_domain.h" =20 @@ -1442,6 +1444,10 @@ static int vduse_dev_open(struct inode *inode, struc= t file *file) if (dev->connected) goto unlock; =20 + ret =3D -EPERM; + if (security_vduse_perm_check(VDUSE_PERM_OPEN, dev->device_id)) + goto unlock; + ret =3D 0; dev->connected =3D true; file->private_data =3D dev; @@ -1664,6 +1670,9 @@ static int vduse_destroy_dev(char *name) if (!dev) return -EINVAL; =20 + if (security_vduse_perm_check(VDUSE_PERM_DESTROY, dev->device_id)) + return -EPERM; + mutex_lock(&dev->lock); if (dev->vdev || dev->connected) { mutex_unlock(&dev->lock); @@ -1828,6 +1837,10 @@ static int vduse_create_dev(struct vduse_dev_config = *config, int ret; struct vduse_dev *dev; =20 + ret =3D -EPERM; + if (security_vduse_perm_check(VDUSE_PERM_CREATE, config->device_id)) + goto err; + ret =3D -EEXIST; if (vduse_find_dev(config->name)) goto err; diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index ff217a5ce552..3930ab2ae974 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -419,3 +419,5 @@ LSM_HOOK(int, 0, uring_override_creds, const struct cre= d *new) LSM_HOOK(int, 0, uring_sqpoll, void) LSM_HOOK(int, 0, uring_cmd, struct io_uring_cmd *ioucmd) #endif /* CONFIG_IO_URING */ + +LSM_HOOK(int, 0, vduse_perm_check, enum vduse_op_perm op_perm, u32 device_= id) diff --git a/include/linux/security.h b/include/linux/security.h index 1d1df326c881..2a2054172394 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -32,6 +32,7 @@ #include #include #include +#include =20 struct linux_binprm; struct cred; @@ -484,6 +485,7 @@ int security_inode_notifysecctx(struct inode *inode, vo= id *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); +int security_vduse_perm_check(enum vduse_op_perm op_perm, u32 device_id); #else /* CONFIG_SECURITY */ =20 static inline int call_blocking_lsm_notifier(enum lsm_event event, void *d= ata) @@ -1395,6 +1397,10 @@ static inline int security_locked_down(enum lockdown= _reason what) { return 0; } +static inline int security_vduse_perm_check(enum vduse_op_perm op_perm, u3= 2 device_id) +{ + return 0; +} #endif /* CONFIG_SECURITY */ =20 #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/include/linux/vduse.h b/include/linux/vduse.h new file mode 100644 index 000000000000..7a20dcc43997 --- /dev/null +++ b/include/linux/vduse.h @@ -0,0 +1,14 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _LINUX_VDUSE_H +#define _LINUX_VDUSE_H + +/* + * The permission required for a VDUSE device operation. + */ +enum vduse_op_perm { + VDUSE_PERM_CREATE, + VDUSE_PERM_DESTROY, + VDUSE_PERM_OPEN, +}; + +#endif /* _LINUX_VDUSE_H */ diff --git a/security/security.c b/security/security.c index dcb3e7014f9b..150abf85f97d 100644 --- a/security/security.c +++ b/security/security.c @@ -5337,3 +5337,18 @@ int security_uring_cmd(struct io_uring_cmd *ioucmd) return call_int_hook(uring_cmd, 0, ioucmd); } #endif /* CONFIG_IO_URING */ + +/** + * security_vduse_perm_check() - Check if a VDUSE device type operation is= allowed + * @op_perm: the operation type + * @device_id: the Virtio device ID + * + * Check whether the Virtio device creation is allowed + * + * Return: Returns 0 if permission is granted. + */ +int security_vduse_perm_check(enum vduse_op_perm op_perm, u32 device_id) +{ + return call_int_hook(vduse_perm_check, 0, op_perm, device_id); +} +EXPORT_SYMBOL(security_vduse_perm_check); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index feda711c6b7b..18845e4f682f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -21,6 +21,8 @@ * Copyright (C) 2016 Mellanox Technologies */ =20 +#include "av_permissions.h" +#include "linux/vduse.h" #include #include #include @@ -92,6 +94,7 @@ #include #include #include +#include =20 #include "avc.h" #include "objsec.h" @@ -6950,6 +6953,34 @@ static int selinux_uring_cmd(struct io_uring_cmd *io= ucmd) } #endif /* CONFIG_IO_URING */ =20 +static int selinux_vduse_perm_check(enum vduse_op_perm op_perm, u32 device= _id) +{ + u32 requested_op, requested_type, sid =3D current_sid(); + int ret; + + if (op_perm =3D=3D VDUSE_PERM_CREATE) + requested_op =3D VDUSE__CREATE; + else if (op_perm =3D=3D VDUSE__DESTROY) + requested_op =3D VDUSE__DESTROY; + else if (op_perm =3D=3D VDUSE_PERM_OPEN) + requested_op =3D VDUSE__OPEN; + else + return -EINVAL; + + ret =3D avc_has_perm(sid, sid, SECCLASS_VDUSE, requested_op, NULL); + if (ret) + return ret; + + if (device_id =3D=3D VIRTIO_ID_NET) + requested_type =3D VDUSE__NET; + else if (device_id =3D=3D VIRTIO_ID_BLOCK) + requested_type =3D VDUSE__BLOCK; + else + return -EINVAL; + + return avc_has_perm(sid, sid, SECCLASS_VDUSE, requested_type, NULL); +} + /* * IMPORTANT NOTE: When adding new hooks, please be careful to keep this o= rder: * 1. any hooks that don't belong to (2.) or (3.) below, @@ -7243,6 +7274,7 @@ static struct security_hook_list selinux_hooks[] __ro= _after_init =3D { #ifdef CONFIG_PERF_EVENTS LSM_HOOK_INIT(perf_event_alloc, selinux_perf_event_alloc), #endif + LSM_HOOK_INIT(vduse_perm_check, selinux_vduse_perm_check), }; =20 static __init int selinux_init(void) diff --git a/security/selinux/include/classmap.h b/security/selinux/include= /classmap.h index a3c380775d41..b0a358cbac1c 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -256,6 +256,8 @@ const struct security_class_mapping secclass_map[] =3D { { "override_creds", "sqpoll", "cmd", NULL } }, { "user_namespace", { "create", NULL } }, + { "vduse", + { "create", "destroy", "open", "net", "block", NULL} }, { NULL } }; =20 --=20 2.43.0