Merge tag 'irq-urgent-2023-03-05' of git://git.kernel.org/pub/scm/linux/kernel/git...

[linux-2.6-block.git] / kernel / irq / msi.c

diff --git a/kernel/irq/msi.c b/kernel/irq/msi.c
index d169ee0c1799b392b599d088e0844761e7a27f3d..7a97bcb086bf39e92f9ac0cf6fb29c946631d2aa 100644 (file)
--- a/kernel/irq/msi.c
+++ b/kernel/irq/msi.c
@@ -1648,3 +1648,30 @@ struct msi_domain_info *msi_get_domain_info(struct irq_domain *domain)
 {
        return (struct msi_domain_info *)domain->host_data;
 }
+
+/**
+ * msi_device_has_isolated_msi - True if the device has isolated MSI
+ * @dev: The device to check
+ *
+ * Isolated MSI means that HW modeled by an irq_domain on the path from the
+ * initiating device to the CPU will validate that the MSI message specifies an
+ * interrupt number that the device is authorized to trigger. This must block
+ * devices from triggering interrupts they are not authorized to trigger.
+ * Currently authorization means the MSI vector is one assigned to the device.
+ *
+ * This is interesting for securing VFIO use cases where a rouge MSI (eg created
+ * by abusing a normal PCI MemWr DMA) must not allow the VFIO userspace to
+ * impact outside its security domain, eg userspace triggering interrupts on
+ * kernel drivers, a VM triggering interrupts on the hypervisor, or a VM
+ * triggering interrupts on another VM.
+ */
+bool msi_device_has_isolated_msi(struct device *dev)
+{
+       struct irq_domain *domain = dev_get_msi_domain(dev);
+
+       for (; domain; domain = domain->parent)
+               if (domain->flags & IRQ_DOMAIN_FLAG_ISOLATED_MSI)
+                       return true;
+       return arch_is_isolated_msi();
+}
+EXPORT_SYMBOL_GPL(msi_device_has_isolated_msi);