From: Nicolin Chen <nicolinc@nvidia.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: "Liu, Yi L" <yi.l.liu@intel.com>,
"joro@8bytes.org" <joro@8bytes.org>,
"alex.williamson@redhat.com" <alex.williamson@redhat.com>,
"Tian, Kevin" <kevin.tian@intel.com>,
"robin.murphy@arm.com" <robin.murphy@arm.com>,
"baolu.lu@linux.intel.com" <baolu.lu@linux.intel.com>,
"cohuck@redhat.com" <cohuck@redhat.com>,
"eric.auger@redhat.com" <eric.auger@redhat.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"mjrosato@linux.ibm.com" <mjrosato@linux.ibm.com>,
"chao.p.peng@linux.intel.com" <chao.p.peng@linux.intel.com>,
"yi.y.sun@linux.intel.com" <yi.y.sun@linux.intel.com>,
"peterx@redhat.com" <peterx@redhat.com>,
"jasowang@redhat.com" <jasowang@redhat.com>,
"shameerali.kolothum.thodi@huawei.com"
<shameerali.kolothum.thodi@huawei.com>,
"lulu@redhat.com" <lulu@redhat.com>,
"suravee.suthikulpanit@amd.com" <suravee.suthikulpanit@amd.com>,
"iommu@lists.linux.dev" <iommu@lists.linux.dev>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-kselftest@vger.kernel.org"
<linux-kselftest@vger.kernel.org>,
"Duan, Zhenzhong" <zhenzhong.duan@intel.com>
Subject: Re: [PATCH v3 09/17] iommufd: Add IOMMU_HWPT_INVALIDATE
Date: Wed, 2 Aug 2023 19:16:34 -0700 [thread overview]
Message-ID: <ZMsOAv9PjZpLaf4z@Asurada-Nvidia> (raw)
In-Reply-To: <ZMe0zQ/29/gLGBwZ@nvidia.com>
On Mon, Jul 31, 2023 at 10:19:09AM -0300, Jason Gunthorpe wrote:
> On Mon, Jul 31, 2023 at 10:07:32AM +0000, Liu, Yi L wrote:
> > > > + goto out_put_hwpt;
> > > > + }
> > > > +
> > > > + /*
> > > > + * Copy the needed fields before reusing the ucmd buffer, this
> > > > + * avoids memory allocation in this path.
> > > > + */
> > > > + user_ptr = cmd->data_uptr;
> > > > + user_data_len = cmd->data_len;
> > >
> > > Uhh, who checks that klen < the temporary stack struct?
> >
> > Take vtd as an example. The invalidate structure is struct iommu_hwpt_vtd_s1_invalidate[1].
> > The klen is sizeof(struct iommu_hwpt_vtd_s1_invalidate)[2]. iommu_hwpt_vtd_s1_invalidate
> > is also placed in the temporary stack struct (actually it is a union)[1]. So the klen should
> > be <= temporary stack.
>
> Ohh, I think I would add a few comments noting that the invalidate
> structs need to be added to that union. Easy to miss.
Added here:
- * Copy the needed fields before reusing the ucmd buffer, this
- * avoids memory allocation in this path.
+ * Copy the needed fields before reusing the ucmd buffer, this avoids
+ * memory allocation in this path. Again, user invalidate data struct
+ * must be added to the union ucmd_buffer.
> > It's not so explicit though. Perhaps worth to have a check like below in this patch?
> >
> > if (unlikely(klen > sizeof(union ucmd_buffer)))
> > return -EINVAL;
>
> Yes, stick this in the domain allocate path with a WARN_ON. The driver
> is broken to allocate a domain with an invalid size.
And here too with a WARN_ON_ONCE.
+ /*
+ * Either the driver is broken by having an invalid size, or the user
+ * invalidate data struct used by the driver is missing in the union.
+ */
+ if (WARN_ON_ONCE(hwpt->domain->ops->cache_invalidate_user &&
+ (!hwpt->domain->ops->cache_invalidate_user_data_len ||
+ hwpt->domain->ops->cache_invalidate_user_data_len >
+ sizeof(union ucmd_buffer)))) {
+ rc = -EINVAL;
+ goto out_abort;
+
+ }
Though I am making this cache_invalidate_user optional here, I
wonder if there actually could be a case that a user-managed
domain doesn't need a cache_invalidate_user op...
Thanks
Nicolin
next prev parent reply other threads:[~2023-08-03 2:16 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-24 11:03 [PATCH v3 00/17] iommufd: Add nesting infrastructure Yi Liu
2023-07-24 11:03 ` [PATCH v3 01/17] iommu: Add new iommu op to create domains owned by userspace Yi Liu
2023-07-28 9:37 ` Tian, Kevin
2023-07-28 16:56 ` Jason Gunthorpe
2023-07-31 12:44 ` Liu, Yi L
2023-07-31 13:19 ` Jason Gunthorpe
2023-08-03 2:28 ` Nicolin Chen
2023-07-24 11:03 ` [PATCH v3 02/17] iommu: Add nested domain support Yi Liu
2023-07-28 9:38 ` Tian, Kevin
2023-07-28 16:59 ` Jason Gunthorpe
2023-08-03 2:36 ` Nicolin Chen
2023-08-03 2:53 ` Liu, Yi L
2023-08-03 3:04 ` Nicolin Chen
2023-07-24 11:03 ` [PATCH v3 03/17] iommufd/hw_pagetable: Use domain_alloc_user op for domain allocation Yi Liu
2023-07-28 9:39 ` Tian, Kevin
2023-07-24 11:03 ` [PATCH v3 04/17] iommufd: Pass in hwpt_type/parent/user_data to iommufd_hw_pagetable_alloc() Yi Liu
2023-07-28 9:49 ` Tian, Kevin
2023-07-24 11:03 ` [PATCH v3 05/17] iommufd/hw_pagetable: Do not populate user-managed hw_pagetables Yi Liu
2023-07-28 9:51 ` Tian, Kevin
2023-07-24 11:03 ` [PATCH v3 06/17] iommufd: Only enforce IOMMU_RESV_SW_MSI when attaching user-managed HWPT Yi Liu
2023-07-28 10:02 ` Tian, Kevin
2023-07-28 17:06 ` Jason Gunthorpe
2023-07-24 11:03 ` [PATCH v3 07/17] iommufd: Add IOMMU_RESV_IOVA_RANGES Yi Liu
2023-07-28 10:07 ` Tian, Kevin
2023-07-28 17:16 ` Jason Gunthorpe
2023-07-31 6:14 ` Tian, Kevin
2023-07-31 13:12 ` Jason Gunthorpe
2023-07-28 17:44 ` Jason Gunthorpe
2023-07-31 6:21 ` Tian, Kevin
2023-07-31 9:53 ` Liu, Yi L
2023-07-31 13:23 ` Jason Gunthorpe
2023-08-01 2:40 ` Tian, Kevin
2023-08-01 18:22 ` Jason Gunthorpe
2023-08-02 1:09 ` Tian, Kevin
2023-08-02 12:22 ` Jason Gunthorpe
2023-08-03 1:23 ` Nicolin Chen
2023-08-03 1:25 ` Tian, Kevin
2023-08-03 2:17 ` Nicolin Chen
2023-07-24 11:03 ` [PATCH v3 08/17] iommufd: IOMMU_HWPT_ALLOC allocation with user data Yi Liu
2023-07-28 17:55 ` Jason Gunthorpe
2023-07-28 19:10 ` Nicolin Chen
2023-07-31 7:22 ` Liu, Yi L
2023-07-31 6:31 ` Tian, Kevin
2023-07-31 13:16 ` Jason Gunthorpe
2023-08-01 2:35 ` Tian, Kevin
2023-08-02 23:42 ` Nicolin Chen
2023-08-02 23:43 ` Jason Gunthorpe
2023-08-03 0:53 ` Nicolin Chen
2023-08-03 16:47 ` Jason Gunthorpe
2023-07-24 11:03 ` [PATCH v3 09/17] iommufd: Add IOMMU_HWPT_INVALIDATE Yi Liu
2023-07-28 18:02 ` Jason Gunthorpe
2023-07-31 10:07 ` Liu, Yi L
2023-07-31 13:19 ` Jason Gunthorpe
2023-08-03 2:16 ` Nicolin Chen [this message]
2023-08-03 3:07 ` Liu, Yi L
2023-08-03 3:13 ` Nicolin Chen
2023-08-03 2:56 ` Liu, Yi L
2023-08-03 2:07 ` Nicolin Chen
2023-07-24 11:03 ` [PATCH v3 10/17] iommufd/selftest: Add a helper to get test device Yi Liu
2023-07-24 11:04 ` [PATCH v3 11/17] iommufd/selftest: Add IOMMU_TEST_OP_DEV_[ADD|DEL]_RESERVED to add/del reserved regions to selftest device Yi Liu
2023-07-24 11:04 ` [PATCH v3 12/17] iommufd/selftest: Add .get_resv_regions() for mock_dev Yi Liu
2023-07-24 11:04 ` [PATCH v3 13/17] iommufd/selftest: Add coverage for IOMMU_RESV_IOVA_RANGES Yi Liu
2023-07-24 11:04 ` [PATCH v3 14/17] iommufd/selftest: Add domain_alloc_user() support in iommu mock Yi Liu
2023-07-24 11:04 ` [PATCH v3 15/17] iommufd/selftest: Add coverage for IOMMU_HWPT_ALLOC with user data Yi Liu
2023-07-24 11:04 ` [PATCH v3 16/17] iommufd/selftest: Add IOMMU_TEST_OP_MD_CHECK_IOTLB test op Yi Liu
2023-07-24 11:04 ` [PATCH v3 17/17] iommufd/selftest: Add coverage for IOMMU_HWPT_INVALIDATE ioctl Yi Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZMsOAv9PjZpLaf4z@Asurada-Nvidia \
--to=nicolinc@nvidia.com \
--cc=alex.williamson@redhat.com \
--cc=baolu.lu@linux.intel.com \
--cc=chao.p.peng@linux.intel.com \
--cc=cohuck@redhat.com \
--cc=eric.auger@redhat.com \
--cc=iommu@lists.linux.dev \
--cc=jasowang@redhat.com \
--cc=jgg@nvidia.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=lulu@redhat.com \
--cc=mjrosato@linux.ibm.com \
--cc=peterx@redhat.com \
--cc=robin.murphy@arm.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=yi.l.liu@intel.com \
--cc=yi.y.sun@linux.intel.com \
--cc=zhenzhong.duan@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.