From: Jason Gunthorpe <jgg@nvidia.com>
To: Xu Yilun <yilun.xu@linux.intel.com>
Cc: kevin.tian@intel.com, will@kernel.org, aneesh.kumar@kernel.org,
iommu@lists.linux.dev, linux-kernel@vger.kernel.org,
joro@8bytes.org, robin.murphy@arm.com, shuah@kernel.org,
nicolinc@nvidia.com, aik@amd.com, dan.j.williams@intel.com,
baolu.lu@linux.intel.com, yilun.xu@intel.com
Subject: Re: [PATCH v4 2/7] iommufd: Add iommufd_object_tombstone_user() helper
Date: Fri, 11 Jul 2025 14:44:02 -0300 [thread overview]
Message-ID: <20250711174402.GG1951027@nvidia.com> (raw)
In-Reply-To: <20250709040234.1773573-3-yilun.xu@linux.intel.com>
On Wed, Jul 09, 2025 at 12:02:29PM +0800, Xu Yilun wrote:
> Add the iommufd_object_tombstone_user() helper, which allows the caller
> to destroy an iommufd object created by userspace.
>
> This is useful on some destroy paths when the kernel caller finds the
> object should have been removed by userspace but is still alive. With
> this helper, the caller destroys the object but leave the object ID
> reserved (so called tombstone). The tombstone prevents repurposing the
> object ID without awareness of the original user.
>
> Since this happens for abnormal userspace behavior, for simplicity, the
> tombstoned object ID would be permanently leaked until
> iommufd_fops_release(). I.e. the original user gets an error when
> calling ioctl(IOMMU_DESTROY) on that ID.
>
> The first use case would be to ensure the iommufd_vdevice can't outlive
> the associated iommufd_device.
>
> Suggested-by: Jason Gunthorpe <jgg@nvidia.com>
> Reviewed-by: Lu Baolu <baolu.lu@linux.intel.com>
> Co-developed-by: Aneesh Kumar K.V (Arm) <aneesh.kumar@kernel.org>
> Signed-off-by: Aneesh Kumar K.V (Arm) <aneesh.kumar@kernel.org>
> Signed-off-by: Xu Yilun <yilun.xu@linux.intel.com>
> ---
> drivers/iommu/iommufd/iommufd_private.h | 23 ++++++++++++++++++++++-
> drivers/iommu/iommufd/main.c | 24 ++++++++++++++++++++++--
> 2 files changed, 44 insertions(+), 3 deletions(-)
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Jason
next prev parent reply other threads:[~2025-07-11 17:44 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-09 4:02 [PATCH v4 0/7] iommufd: Destroy vdevice on device unbind Xu Yilun
2025-07-09 4:02 ` [PATCH v4 1/7] iommufd/viommu: Roll back to use iommufd_object_alloc() for vdevice Xu Yilun
2025-07-10 7:32 ` Tian, Kevin
2025-07-10 18:26 ` Nicolin Chen
2025-07-11 17:42 ` Jason Gunthorpe
2025-07-09 4:02 ` [PATCH v4 2/7] iommufd: Add iommufd_object_tombstone_user() helper Xu Yilun
2025-07-10 7:35 ` Tian, Kevin
2025-07-10 19:08 ` Nicolin Chen
2025-07-11 15:02 ` Xu Yilun
2025-07-11 19:39 ` Nicolin Chen
2025-07-11 21:33 ` Jason Gunthorpe
2025-07-11 22:04 ` Nicolin Chen
2025-07-11 17:44 ` Jason Gunthorpe [this message]
2025-07-09 4:02 ` [PATCH v4 3/7] iommufd: Add a pre_destroy() op for objects Xu Yilun
2025-07-10 7:40 ` Tian, Kevin
2025-07-10 17:15 ` Jason Gunthorpe
2025-07-11 3:16 ` Tian, Kevin
2025-07-11 9:38 ` Xu Yilun
2025-07-11 22:09 ` Nicolin Chen
2025-07-09 4:02 ` [PATCH v4 4/7] iommufd: Destroy vdevice on idevice destroy Xu Yilun
2025-07-10 8:03 ` Tian, Kevin
2025-07-12 2:22 ` Nicolin Chen
2025-07-12 17:47 ` Xu Yilun
2025-07-14 16:40 ` Xu Yilun
2025-07-14 16:53 ` Jason Gunthorpe
2025-07-14 17:34 ` Nicolin Chen
2025-07-14 18:03 ` Xu Yilun
2025-07-12 2:26 ` Nicolin Chen
2025-07-09 4:02 ` [PATCH v4 5/7] iommufd/vdevice: Remove struct device reference from struct vdevice Xu Yilun
2025-07-10 8:04 ` Tian, Kevin
2025-07-12 2:27 ` Nicolin Chen
2025-07-09 4:02 ` [PATCH v4 6/7] iommufd/selftest: Explicitly skip tests for inapplicable variant Xu Yilun
2025-07-10 8:06 ` Tian, Kevin
2025-07-12 2:39 ` Nicolin Chen
2025-07-09 4:02 ` [PATCH v4 7/7] iommufd/selftest: Add coverage for vdevice tombstone Xu Yilun
2025-07-10 8:10 ` Tian, Kevin
2025-07-10 9:25 ` Xu Yilun
2025-07-11 3:12 ` Tian, Kevin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250711174402.GG1951027@nvidia.com \
--to=jgg@nvidia.com \
--cc=aik@amd.com \
--cc=aneesh.kumar@kernel.org \
--cc=baolu.lu@linux.intel.com \
--cc=dan.j.williams@intel.com \
--cc=iommu@lists.linux.dev \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nicolinc@nvidia.com \
--cc=robin.murphy@arm.com \
--cc=shuah@kernel.org \
--cc=will@kernel.org \
--cc=yilun.xu@intel.com \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.