From: Baolu Lu <baolu.lu@linux.intel.com>
To: "Tian, Kevin" <kevin.tian@intel.com>,
Jason Gunthorpe <jgg@ziepe.ca>, Joerg Roedel <joro@8bytes.org>,
Will Deacon <will@kernel.org>,
Robin Murphy <robin.murphy@arm.com>,
Jean-Philippe Brucker <jean-philippe@linaro.org>,
Nicolin Chen <nicolinc@nvidia.com>,
"Liu, Yi L" <yi.l.liu@intel.com>,
Jacob Pan <jacob.jun.pan@linux.intel.com>,
Joel Granados <j.granados@samsung.com>
Cc: baolu.lu@linux.intel.com,
"iommu@lists.linux.dev" <iommu@lists.linux.dev>,
"virtualization@lists.linux-foundation.org"
<virtualization@lists.linux-foundation.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Jason Gunthorpe <jgg@nvidia.com>
Subject: Re: [PATCH v6 01/10] iommu: Introduce domain attachment handle
Date: Thu, 6 Jun 2024 13:33:29 +0800 [thread overview]
Message-ID: <ae7c05b0-104e-4c71-99aa-fed2a4f209fb@linux.intel.com> (raw)
In-Reply-To: <BN9PR11MB52767B3B1F441D9AA656AC258CF92@BN9PR11MB5276.namprd11.prod.outlook.com>
On 6/5/24 4:02 PM, Tian, Kevin wrote:
>> From: Lu Baolu <baolu.lu@linux.intel.com>
>> Sent: Monday, May 27, 2024 12:05 PM
>>
>> @@ -99,7 +99,9 @@ struct iommu_sva *iommu_sva_bind_device(struct device
>> *dev, struct mm_struct *mm
>>
>> /* Search for an existing domain. */
>> list_for_each_entry(domain, &mm->iommu_mm->sva_domains, next) {
>> - ret = iommu_attach_device_pasid(domain, dev, iommu_mm-
>>> pasid);
>> + handle->handle.domain = domain;
>> + ret = iommu_attach_device_pasid(domain, dev, iommu_mm-
>>> pasid,
>> + &handle->handle);
>
> move the setting of handle.domain into the helper?
Yes.
>
>> @@ -3382,11 +3383,9 @@ int iommu_attach_device_pasid(struct
>> iommu_domain *domain,
>> }
>> }
>>
>> - curr = xa_cmpxchg(&group->pasid_array, pasid, NULL, domain,
>> GFP_KERNEL);
>> - if (curr) {
>> - ret = xa_err(curr) ? : -EBUSY;
>> + ret = xa_insert(&group->pasid_array, pasid, handle, GFP_KERNEL);
>> + if (ret)
>> goto out_unlock;
>> - }
>
> this leads to a slightly different implication comparing to the old code.
>
> the domain pointer was always tracked in the old code but now the handle
> is optional.
>
> if iommu core only needs to know whether a pasid has been attached (as
> in this helper), it still works as xa_insert() will mark the entry as reserved
> if handle==NULL and next xa_insert() at the same index will fail due to
> the entry being reserved.
>
> But if certain path (other than iopf) in the iommu core needs to know
> the exact domain pointer then this change breaks it.
The iommu core should not fetch the domain pointer in paths other than
attach/detach/replace. There is currently no reference counter for an
iommu domain, hence fetching the domain for other purposes will
potentially lead to a use-after-free issue.
>
> Anyway some explanation is welcomed here for why this change is safe.
>
>> @@ -3414,7 +3413,7 @@ void iommu_detach_device_pasid(struct
>> iommu_domain *domain, struct device *dev,
>>
>> mutex_lock(&group->mutex);
>> __iommu_remove_group_pasid(group, pasid, domain);
>> - WARN_ON(xa_erase(&group->pasid_array, pasid) != domain);
>> + xa_erase(&group->pasid_array, pasid);
>
> if the entry is valid do we want to keep the WARN_ON() upon handle->domain?
The domain pointer has already been passed to the iommu driver in
__iommu_remove_group_pasid(). Therefore, the check for the pointer's
validity should be performed before calling
__iommu_remove_group_pasid(). Hence, in my view, using WARN_ON() around
xa_erase() is not very useful.
Best regards,
baolu
next prev parent reply other threads:[~2024-06-06 5:35 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-27 4:05 [PATCH v6 00/10] IOMMUFD: Deliver IO page faults to user space Lu Baolu
2024-05-27 4:05 ` [PATCH v6 01/10] iommu: Introduce domain attachment handle Lu Baolu
2024-06-05 8:02 ` Tian, Kevin
2024-06-06 5:33 ` Baolu Lu [this message]
2024-06-12 13:10 ` Jason Gunthorpe
2024-06-13 3:04 ` Baolu Lu
2024-05-27 4:05 ` [PATCH v6 02/10] iommu: Remove sva handle list Lu Baolu
2024-06-05 8:15 ` Tian, Kevin
2024-06-06 6:06 ` Baolu Lu
2024-06-07 9:35 ` Tian, Kevin
2024-06-12 13:05 ` Jason Gunthorpe
2024-06-13 4:06 ` Baolu Lu
2024-05-27 4:05 ` [PATCH v6 03/10] iommu: Add attach handle to struct iopf_group Lu Baolu
2024-06-05 8:23 ` Tian, Kevin
2024-06-06 6:18 ` Baolu Lu
2024-06-12 13:37 ` Jason Gunthorpe
2024-06-13 4:23 ` Baolu Lu
2024-06-13 11:49 ` Jason Gunthorpe
2024-06-14 1:16 ` Baolu Lu
2024-05-27 4:05 ` [PATCH v6 04/10] iommu: Extend domain attach group with handle support Lu Baolu
2024-06-12 13:41 ` Jason Gunthorpe
2024-06-13 4:47 ` Baolu Lu
2024-05-27 4:05 ` [PATCH v6 05/10] iommufd: Add fault and response message definitions Lu Baolu
2024-06-05 8:28 ` Tian, Kevin
2024-06-06 6:27 ` Baolu Lu
2024-06-07 9:38 ` Tian, Kevin
2024-06-12 13:19 ` Jason Gunthorpe
2024-06-12 13:50 ` Jason Gunthorpe
2024-06-13 6:32 ` Baolu Lu
2024-06-13 4:54 ` Baolu Lu
2024-06-12 13:52 ` Jason Gunthorpe
2024-06-13 6:40 ` Baolu Lu
2024-05-27 4:05 ` [PATCH v6 06/10] iommufd: Add iommufd fault object Lu Baolu
2024-06-07 9:17 ` Tian, Kevin
2024-06-08 9:58 ` Baolu Lu
2024-06-12 13:25 ` Jason Gunthorpe
2024-06-13 6:44 ` Baolu Lu
2024-06-12 13:23 ` Jason Gunthorpe
2024-06-17 7:32 ` Tian, Kevin
2024-05-27 4:05 ` [PATCH v6 07/10] iommufd: Fault-capable hwpt attach/detach/replace Lu Baolu
2024-06-07 9:30 ` Tian, Kevin
2024-06-09 7:23 ` Baolu Lu
2024-06-17 7:37 ` Tian, Kevin
2024-05-27 4:05 ` [PATCH v6 08/10] iommufd: Associate fault object with iommufd_hw_pgtable Lu Baolu
2024-06-07 9:30 ` Tian, Kevin
2024-05-27 4:05 ` [PATCH v6 09/10] iommufd/selftest: Add IOPF support for mock device Lu Baolu
2024-05-27 4:05 ` [PATCH v6 10/10] iommufd/selftest: Add coverage for IOPF test Lu Baolu
2024-06-12 13:54 ` [PATCH v6 00/10] IOMMUFD: Deliver IO page faults to user space Jason Gunthorpe
2024-06-13 6:46 ` Baolu Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ae7c05b0-104e-4c71-99aa-fed2a4f209fb@linux.intel.com \
--to=baolu.lu@linux.intel.com \
--cc=iommu@lists.linux.dev \
--cc=j.granados@samsung.com \
--cc=jacob.jun.pan@linux.intel.com \
--cc=jean-philippe@linaro.org \
--cc=jgg@nvidia.com \
--cc=jgg@ziepe.ca \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nicolinc@nvidia.com \
--cc=robin.murphy@arm.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=will@kernel.org \
--cc=yi.l.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.