From: Jason Gunthorpe <jgg@nvidia.com>
To: Nicolin Chen <nicolinc@nvidia.com>
Cc: kevin.tian@intel.com, alex.williamson@redhat.com,
yi.l.liu@intel.com, joro@8bytes.org, will@kernel.org,
robin.murphy@arm.com, shuah@kernel.org,
linux-kernel@vger.kernel.org, iommu@lists.linux.dev,
kvm@vger.kernel.org, linux-kselftest@vger.kernel.org,
mjrosato@linux.ibm.com, farman@linux.ibm.com
Subject: Re: [PATCH v8 2/4] iommufd: Add iommufd_access_replace() API
Date: Wed, 26 Jul 2023 11:30:17 -0300 [thread overview]
Message-ID: <ZMEt+SMFBMKT3AoT@nvidia.com> (raw)
In-Reply-To: <5dfe3e9a9d511919cb105459ca9d96f013daadb4.1690226015.git.nicolinc@nvidia.com>
On Mon, Jul 24, 2023 at 12:47:05PM -0700, Nicolin Chen wrote:
> -int iommufd_access_attach(struct iommufd_access *access, u32 ioas_id)
> +static int iommufd_access_change_pt(struct iommufd_access *access, u32 ioas_id)
> {
> + struct iommufd_ioas *cur_ioas = access->ioas;
> struct iommufd_ioas *new_ioas;
> - int rc = 0;
> + int rc;
>
> - mutex_lock(&access->ioas_lock);
> - if (WARN_ON(access->ioas || access->ioas_unpin)) {
> - mutex_unlock(&access->ioas_lock);
> - return -EINVAL;
> - }
> + lockdep_assert_held(&access->ioas_lock);
>
> new_ioas = iommufd_get_ioas(access->ictx, ioas_id);
> - if (IS_ERR(new_ioas)) {
> - mutex_unlock(&access->ioas_lock);
> + if (IS_ERR(new_ioas))
> return PTR_ERR(new_ioas);
> - }
> +
> + if (cur_ioas)
> + __iommufd_access_detach(access);
The drop of the mutex while this function runs is racey with the rest
of this, we can mitigate it by blocking concurrent change while
detaching which is if access->ioas_unpin is set
> rc = iopt_add_access(&new_ioas->iopt, access);
> if (rc) {
> - mutex_unlock(&access->ioas_lock);
> iommufd_put_object(&new_ioas->obj);
> + if (cur_ioas)
> + WARN_ON(iommufd_access_change_pt(access,
> + cur_ioas->obj.id));
We've already dropped our ref to cur_ioas, so this is also racy with
destroy.
This is what I came up with:
diff --git a/drivers/iommu/iommufd/device.c b/drivers/iommu/iommufd/device.c
index 57c0e81f5073b2..e55d6e902edb98 100644
--- a/drivers/iommu/iommufd/device.c
+++ b/drivers/iommu/iommufd/device.c
@@ -758,64 +758,101 @@ void iommufd_access_destroy(struct iommufd_access *access)
}
EXPORT_SYMBOL_NS_GPL(iommufd_access_destroy, IOMMUFD);
-void iommufd_access_detach(struct iommufd_access *access)
+static int iommufd_access_change_ioas(struct iommufd_access *access,
+ struct iommufd_ioas *new_ioas)
{
struct iommufd_ioas *cur_ioas = access->ioas;
+ int rc;
+
+ lockdep_assert_held(&access->ioas_lock);
+
+ /* We are racing with a concurrent detach, bail */
+ if (access->ioas_unpin)
+ return -EBUSY;
+
+ if (IS_ERR(new_ioas))
+ return PTR_ERR(new_ioas);
+
+ if (cur_ioas == new_ioas)
+ return 0;
- mutex_lock(&access->ioas_lock);
- if (WARN_ON(!access->ioas))
- goto out;
/*
* Set ioas to NULL to block any further iommufd_access_pin_pages().
* iommufd_access_unpin_pages() can continue using access->ioas_unpin.
*/
access->ioas = NULL;
-
- if (access->ops->unmap) {
+ if (cur_ioas && access->ops->unmap) {
mutex_unlock(&access->ioas_lock);
access->ops->unmap(access->data, 0, ULONG_MAX);
mutex_lock(&access->ioas_lock);
}
+
+ if (new_ioas) {
+ rc = iopt_add_access(&new_ioas->iopt, access);
+ if (rc) {
+ iommufd_put_object(&new_ioas->obj);
+ access->ioas = cur_ioas;
+ return rc;
+ }
+ iommufd_ref_to_users(&new_ioas->obj);
+ }
+
+ access->ioas = new_ioas;
+ access->ioas_unpin = new_ioas;
iopt_remove_access(&cur_ioas->iopt, access);
refcount_dec(&cur_ioas->obj.users);
-out:
- access->ioas_unpin = NULL;
+
+ return 0;
+}
+
+void iommufd_access_detach(struct iommufd_access *access)
+{
+ int rc;
+
+ mutex_lock(&access->ioas_lock);
+ if (WARN_ON(!access->ioas)) {
+ mutex_unlock(&access->ioas_lock);
+ return;
+ }
+ rc = iommufd_access_change_ioas(access, NULL);
+ WARN_ON(rc);
mutex_unlock(&access->ioas_lock);
}
EXPORT_SYMBOL_NS_GPL(iommufd_access_detach, IOMMUFD);
int iommufd_access_attach(struct iommufd_access *access, u32 ioas_id)
{
- struct iommufd_ioas *new_ioas;
- int rc = 0;
+ int rc;
mutex_lock(&access->ioas_lock);
- if (WARN_ON(access->ioas || access->ioas_unpin)) {
+ if (WARN_ON(access->ioas)) {
mutex_unlock(&access->ioas_lock);
return -EINVAL;
}
- new_ioas = iommufd_get_ioas(access->ictx, ioas_id);
- if (IS_ERR(new_ioas)) {
- mutex_unlock(&access->ioas_lock);
- return PTR_ERR(new_ioas);
- }
-
- rc = iopt_add_access(&new_ioas->iopt, access);
- if (rc) {
- mutex_unlock(&access->ioas_lock);
- iommufd_put_object(&new_ioas->obj);
- return rc;
- }
- iommufd_ref_to_users(&new_ioas->obj);
-
- access->ioas = new_ioas;
- access->ioas_unpin = new_ioas;
+ rc = iommufd_access_change_ioas(access,
+ iommufd_get_ioas(access->ictx, ioas_id));
mutex_unlock(&access->ioas_lock);
- return 0;
+ return rc;
}
EXPORT_SYMBOL_NS_GPL(iommufd_access_attach, IOMMUFD);
+int iommufd_access_replace(struct iommufd_access *access, u32 ioas_id)
+{
+ int rc;
+
+ mutex_lock(&access->ioas_lock);
+ if (!access->ioas) {
+ mutex_unlock(&access->ioas_lock);
+ return -ENOENT;
+ }
+ rc = iommufd_access_change_ioas(access,
+ iommufd_get_ioas(access->ictx, ioas_id));
+ mutex_unlock(&access->ioas_lock);
+ return rc;
+}
+EXPORT_SYMBOL_NS_GPL(iommufd_access_replace, IOMMUFD);
+
/**
* iommufd_access_notify_unmap - Notify users of an iopt to stop using it
* @iopt: iopt to work on
diff --git a/include/linux/iommufd.h b/include/linux/iommufd.h
index 0ac60256b65929..ffc3a949f8374f 100644
--- a/include/linux/iommufd.h
+++ b/include/linux/iommufd.h
@@ -49,6 +49,7 @@ iommufd_access_create(struct iommufd_ctx *ictx,
const struct iommufd_access_ops *ops, void *data, u32 *id);
void iommufd_access_destroy(struct iommufd_access *access);
int iommufd_access_attach(struct iommufd_access *access, u32 ioas_id);
+int iommufd_access_replace(struct iommufd_access *access, u32 ioas_id);
void iommufd_access_detach(struct iommufd_access *access);
void iommufd_ctx_get(struct iommufd_ctx *ictx);
Jason
next prev parent reply other threads:[~2023-07-26 14:30 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-24 19:47 [PATCH v8 0/4] cover-letter: Add IO page table replacement support Nicolin Chen
2023-07-24 19:47 ` [PATCH v8 1/4] vfio: Do not allow !ops->dma_unmap in vfio_pin/unpin_pages() Nicolin Chen
2023-07-26 17:33 ` Alex Williamson
2023-07-26 17:38 ` Jason Gunthorpe
2023-07-24 19:47 ` [PATCH v8 2/4] iommufd: Add iommufd_access_replace() API Nicolin Chen
2023-07-26 14:30 ` Jason Gunthorpe [this message]
2023-07-26 20:50 ` Nicolin Chen
2023-07-26 23:36 ` Jason Gunthorpe
2023-07-27 2:59 ` Nicolin Chen
2023-07-27 7:30 ` Nicolin Chen
2023-07-27 12:03 ` Jason Gunthorpe
2023-07-27 19:04 ` Nicolin Chen
2023-07-28 3:45 ` Tian, Kevin
2023-07-28 4:43 ` Nicolin Chen
2023-07-28 6:20 ` Tian, Kevin
2023-07-28 12:28 ` Jason Gunthorpe
2023-07-28 12:27 ` Jason Gunthorpe
2023-07-24 19:47 ` [PATCH v8 3/4] iommufd/selftest: Add IOMMU_TEST_OP_ACCESS_REPLACE_IOAS coverage Nicolin Chen
2023-07-26 17:04 ` Jason Gunthorpe
2023-07-24 19:47 ` [PATCH v8 4/4] vfio: Support IO page table replacement Nicolin Chen
2023-07-26 17:04 ` Jason Gunthorpe
2023-07-26 17:34 ` Alex Williamson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZMEt+SMFBMKT3AoT@nvidia.com \
--to=jgg@nvidia.com \
--cc=alex.williamson@redhat.com \
--cc=farman@linux.ibm.com \
--cc=iommu@lists.linux.dev \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mjrosato@linux.ibm.com \
--cc=nicolinc@nvidia.com \
--cc=robin.murphy@arm.com \
--cc=shuah@kernel.org \
--cc=will@kernel.org \
--cc=yi.l.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.