From: Jason Gunthorpe <jgg@nvidia.com>
To: Nicolin Chen <nicolinc@nvidia.com>
Cc: kevin.tian@intel.com, will@kernel.org, joro@8bytes.org,
suravee.suthikulpanit@amd.com, robin.murphy@arm.com,
dwmw2@infradead.org, baolu.lu@linux.intel.com, shuah@kernel.org,
linux-kernel@vger.kernel.org, iommu@lists.linux.dev,
linux-arm-kernel@lists.infradead.org,
linux-kselftest@vger.kernel.org, eric.auger@redhat.com,
jean-philippe@linaro.org, mdf@kernel.org, mshavit@google.com,
shameerali.kolothum.thodi@huawei.com, smostafa@google.com,
yi.l.liu@intel.com, aik@amd.com, zhangfei.gao@linaro.org,
patches@lists.linux.dev
Subject: Re: [PATCH v5 01/13] iommufd/viommu: Add IOMMUFD_OBJ_VDEVICE and IOMMU_VDEVICE_ALLOC ioctl
Date: Tue, 29 Oct 2024 12:58:24 -0300 [thread overview]
Message-ID: <20241029155824.GJ209124@nvidia.com> (raw)
In-Reply-To: <53025c827c44d68edb6469bfd940a8e8bc6147a5.1729897278.git.nicolinc@nvidia.com>
On Fri, Oct 25, 2024 at 04:50:30PM -0700, Nicolin Chen wrote:
> +/**
> + * struct iommu_vdevice_alloc - ioctl(IOMMU_VDEVICE_ALLOC)
> + * @size: sizeof(struct iommu_vdevice_alloc)
> + * @viommu_id: vIOMMU ID to associate with the virtual device
> + * @dev_id: The pyhsical device to allocate a virtual instance on the vIOMMU
> + * @__reserved: Must be 0
> + * @virt_id: Virtual device ID per vIOMMU, e.g. vSID of ARM SMMUv3, vDeviceID
> + * of AMD IOMMU, and vID of a nested Intel VT-d to a Context Table.
> + * @out_vdevice_id: Output virtual instance ID for the allocated object
How about:
@out_vdevice_id: Object handle for the vDevice. Pass to IOMMU_DESTORY
> + * Allocate a virtual device instance (for a physical device) against a vIOMMU.
> + * This instance holds the device's information (related to its vIOMMU) in a VM.
> + */
> +struct iommu_vdevice_alloc {
> + __u32 size;
> + __u32 viommu_id;
> + __u32 dev_id;
> + __u32 __reserved;
> + __aligned_u64 virt_id;
> + __u32 out_vdevice_id;
> + __u32 __reserved2;
Lets not have two u32 reserved, put the out_vdevice_id above virt_id
> diff --git a/drivers/iommu/iommufd/device.c b/drivers/iommu/iommufd/device.c
> index 5fd3dd420290..e50113305a9c 100644
> --- a/drivers/iommu/iommufd/device.c
> +++ b/drivers/iommu/iommufd/device.c
> @@ -277,6 +277,17 @@ EXPORT_SYMBOL_NS_GPL(iommufd_ctx_has_group, IOMMUFD);
> */
> void iommufd_device_unbind(struct iommufd_device *idev)
> {
> + u32 vdev_id = 0;
> +
> + /* idev->vdev object should be destroyed prior, yet just in case.. */
> + mutex_lock(&idev->igroup->lock);
> + if (idev->vdev)
Then should it have a WARN_ON here?
> + vdev_id = idev->vdev->obj.id;
> + mutex_unlock(&idev->igroup->lock);
> + /* Relying on xa_lock against a race with iommufd_destroy() */
> + if (vdev_id)
> + iommufd_object_remove(idev->ictx, NULL, vdev_id, 0);
That doesn't seem right, iommufd_object_remove() should never be used
to destroy an object that userspace created with an IOCTL, in fact
that just isn't allowed.
Ugh, there is worse here, we can't hold a long term reference on a
kernel owned object:
idev->vdev = vdev;
refcount_inc(&idev->obj.users);
As it prevents the kernel from disconnecting it.
I came up with this that seems like it will work. Maybe we will need
to improve it later. Instead of using the idev, just keep the raw
struct device. We can hold a refcount on the struct device without
races. There is no need for the idev igroup lock since the xa_lock
does everything we need.
diff --git a/drivers/iommu/iommufd/device.c b/drivers/iommu/iommufd/device.c
index e50113305a9c47..5fd3dd42029015 100644
--- a/drivers/iommu/iommufd/device.c
+++ b/drivers/iommu/iommufd/device.c
@@ -277,17 +277,6 @@ EXPORT_SYMBOL_NS_GPL(iommufd_ctx_has_group, IOMMUFD);
*/
void iommufd_device_unbind(struct iommufd_device *idev)
{
- u32 vdev_id = 0;
-
- /* idev->vdev object should be destroyed prior, yet just in case.. */
- mutex_lock(&idev->igroup->lock);
- if (idev->vdev)
- vdev_id = idev->vdev->obj.id;
- mutex_unlock(&idev->igroup->lock);
- /* Relying on xa_lock against a race with iommufd_destroy() */
- if (vdev_id)
- iommufd_object_remove(idev->ictx, NULL, vdev_id, 0);
-
iommufd_object_destroy_user(idev->ictx, &idev->obj);
}
EXPORT_SYMBOL_NS_GPL(iommufd_device_unbind, IOMMUFD);
diff --git a/drivers/iommu/iommufd/driver.c b/drivers/iommu/iommufd/driver.c
index 9849474f429f98..6e870bce2a0cd0 100644
--- a/drivers/iommu/iommufd/driver.c
+++ b/drivers/iommu/iommufd/driver.c
@@ -46,6 +46,6 @@ struct device *iommufd_viommu_find_dev(struct iommufd_viommu *viommu,
lockdep_assert_held(&viommu->vdevs.xa_lock);
vdev = xa_load(&viommu->vdevs, vdev_id);
- return vdev ? vdev->idev->dev : NULL;
+ return vdev ? vdev->dev : NULL;
}
EXPORT_SYMBOL_NS_GPL(iommufd_viommu_find_dev, IOMMUFD);
diff --git a/drivers/iommu/iommufd/iommufd_private.h b/drivers/iommu/iommufd/iommufd_private.h
index 365cf5a56cdf20..275f954235940c 100644
--- a/drivers/iommu/iommufd/iommufd_private.h
+++ b/drivers/iommu/iommufd/iommufd_private.h
@@ -152,9 +152,6 @@ static inline void iommufd_put_object(struct iommufd_ctx *ictx,
wake_up_interruptible_all(&ictx->destroy_wait);
}
-int iommufd_verify_unfinalized_object(struct iommufd_ctx *ictx,
- struct iommufd_object *to_verify);
-
void iommufd_object_abort(struct iommufd_ctx *ictx, struct iommufd_object *obj);
void iommufd_object_abort_and_destroy(struct iommufd_ctx *ictx,
struct iommufd_object *obj);
@@ -391,7 +388,6 @@ struct iommufd_device {
struct iommufd_object obj;
struct iommufd_ctx *ictx;
struct iommufd_group *igroup;
- struct iommufd_vdevice *vdev;
struct list_head group_item;
/* always the physical device */
struct device *dev;
@@ -523,7 +519,7 @@ void iommufd_vdevice_abort(struct iommufd_object *obj);
struct iommufd_vdevice {
struct iommufd_object obj;
struct iommufd_ctx *ictx;
- struct iommufd_device *idev;
+ struct device *dev;
struct iommufd_viommu *viommu;
u64 id; /* per-vIOMMU virtual ID */
};
diff --git a/drivers/iommu/iommufd/main.c b/drivers/iommu/iommufd/main.c
index 696ac9e0e74b89..c90fe15af98be4 100644
--- a/drivers/iommu/iommufd/main.c
+++ b/drivers/iommu/iommufd/main.c
@@ -43,9 +43,10 @@ void iommufd_object_finalize(struct iommufd_ctx *ictx,
{
void *old;
- old = xa_store(&ictx->objects, obj->id, obj, GFP_KERNEL);
+ old = xa_cmpxchg(&ictx->objects, obj->id, XA_ZERO_ENTRY, obj,
+ GFP_KERNEL);
/* obj->id was returned from xa_alloc() so the xa_store() cannot fail */
- WARN_ON(old);
+ WARN_ON(old != XA_ZERO_ENTRY);
}
/* Undo _iommufd_object_alloc() if iommufd_object_finalize() was not called */
@@ -89,26 +90,6 @@ struct iommufd_object *iommufd_get_object(struct iommufd_ctx *ictx, u32 id,
return obj;
}
-int iommufd_verify_unfinalized_object(struct iommufd_ctx *ictx,
- struct iommufd_object *to_verify)
-{
- XA_STATE(xas, &ictx->objects, 0);
- struct iommufd_object *obj;
- int rc = 0;
-
- if (!to_verify || !to_verify->id)
- return -EINVAL;
- xas.xa_index = to_verify->id;
-
- xa_lock(&ictx->objects);
- obj = xas_load(&xas);
- /* Being an unfinalized object, the loaded obj is a reserved space */
- if (obj != XA_ZERO_ENTRY)
- rc = -ENOENT;
- xa_unlock(&ictx->objects);
- return rc;
-}
-
static int iommufd_object_dec_wait_shortterm(struct iommufd_ctx *ictx,
struct iommufd_object *to_destroy)
{
diff --git a/drivers/iommu/iommufd/viommu.c b/drivers/iommu/iommufd/viommu.c
index 2b9a9a80298d8e..e7385676f17659 100644
--- a/drivers/iommu/iommufd/viommu.c
+++ b/drivers/iommu/iommufd/viommu.c
@@ -55,12 +55,6 @@ int iommufd_viommu_alloc_ioctl(struct iommufd_ucmd *ucmd)
goto out_put_hwpt;
}
- rc = iommufd_verify_unfinalized_object(ucmd->ictx, &viommu->obj);
- if (rc) {
- kfree(viommu);
- goto out_put_hwpt;
- }
-
viommu->type = cmd->type;
viommu->ictx = ucmd->ictx;
viommu->hwpt = hwpt_paging;
@@ -95,27 +89,18 @@ void iommufd_vdevice_abort(struct iommufd_object *obj)
struct iommufd_vdevice *old,
*vdev = container_of(obj, struct iommufd_vdevice, obj);
struct iommufd_viommu *viommu = vdev->viommu;
- struct iommufd_device *idev = vdev->idev;
-
- lockdep_assert_held(&idev->igroup->lock);
old = xa_cmpxchg(&viommu->vdevs, vdev->id, vdev, NULL, GFP_KERNEL);
if (old)
WARN_ON(old != vdev);
refcount_dec(&viommu->obj.users);
- refcount_dec(&idev->obj.users);
- idev->vdev = NULL;
+ put_device(vdev->dev);
}
void iommufd_vdevice_destroy(struct iommufd_object *obj)
{
- struct iommufd_vdevice *vdev =
- container_of(obj, struct iommufd_vdevice, obj);
-
- mutex_lock(&vdev->idev->igroup->lock);
iommufd_vdevice_abort(obj);
- mutex_unlock(&vdev->idev->igroup->lock);
}
int iommufd_vdevice_alloc_ioctl(struct iommufd_ucmd *ucmd)
@@ -140,30 +125,16 @@ int iommufd_vdevice_alloc_ioctl(struct iommufd_ucmd *ucmd)
goto out_put_viommu;
}
- mutex_lock(&idev->igroup->lock);
- if (idev->vdev) {
- rc = -EEXIST;
- goto out_unlock_igroup;
- }
-
vdev = iommufd_object_alloc(ucmd->ictx, vdev, IOMMUFD_OBJ_VDEVICE);
if (IS_ERR(vdev)) {
rc = PTR_ERR(vdev);
goto out_unlock_igroup;
}
- rc = iommufd_verify_unfinalized_object(ucmd->ictx, &vdev->obj);
- if (rc) {
- kfree(vdev);
- goto out_unlock_igroup;
- }
-
- vdev->idev = idev;
vdev->id = virt_id;
+ vdev->dev = idev->dev;
+ get_device(idev->dev);
vdev->viommu = viommu;
-
- idev->vdev = vdev;
- refcount_inc(&idev->obj.users);
refcount_inc(&viommu->obj.users);
curr = xa_cmpxchg(&viommu->vdevs, virt_id, NULL, vdev, GFP_KERNEL);
@@ -182,7 +153,6 @@ int iommufd_vdevice_alloc_ioctl(struct iommufd_ucmd *ucmd)
out_abort:
iommufd_object_abort_and_destroy(ucmd->ictx, &vdev->obj);
out_unlock_igroup:
- mutex_unlock(&idev->igroup->lock);
iommufd_put_object(ucmd->ictx, &idev->obj);
out_put_viommu:
iommufd_put_object(ucmd->ictx, &viommu->obj);
next prev parent reply other threads:[~2024-10-29 17:36 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-25 23:50 [PATCH v5 00/13] iommufd: Add vIOMMU infrastructure (Part-2: vDEVICE) Nicolin Chen
2024-10-25 23:50 ` [PATCH v5 01/13] iommufd/viommu: Add IOMMUFD_OBJ_VDEVICE and IOMMU_VDEVICE_ALLOC ioctl Nicolin Chen
2024-10-28 3:11 ` Tian, Kevin
2024-10-28 20:18 ` Nicolin Chen
2024-10-29 15:58 ` Jason Gunthorpe [this message]
2024-10-29 17:29 ` Nicolin Chen
2024-10-29 18:48 ` Jason Gunthorpe
2024-10-29 19:30 ` Nicolin Chen
2024-10-30 0:08 ` Jason Gunthorpe
2024-10-25 23:50 ` [PATCH v5 02/13] iommufd/selftest: Add IOMMU_VDEVICE_ALLOC test coverage Nicolin Chen
2024-10-29 8:19 ` Tian, Kevin
2024-10-29 15:58 ` Jason Gunthorpe
2024-10-25 23:50 ` [PATCH v5 03/13] iommu/viommu: Add cache_invalidate to iommufd_viommu_ops Nicolin Chen
2024-10-29 8:19 ` Tian, Kevin
2024-10-25 23:50 ` [PATCH v5 04/13] iommufd/hw_pagetable: Enforce invalidation op on vIOMMU-based hwpt_nested Nicolin Chen
2024-10-29 8:22 ` Tian, Kevin
2024-10-29 16:04 ` Jason Gunthorpe
2024-10-30 0:41 ` Tian, Kevin
2024-10-29 16:01 ` Jason Gunthorpe
2024-10-25 23:50 ` [PATCH v5 05/13] iommufd: Allow hwpt_id to carry viommu_id for IOMMU_HWPT_INVALIDATE Nicolin Chen
2024-10-29 8:23 ` Tian, Kevin
2024-10-29 19:09 ` Jason Gunthorpe
2024-10-29 19:45 ` Nicolin Chen
2024-10-25 23:50 ` [PATCH v5 06/13] iommu: Add iommu_copy_struct_from_full_user_array helper Nicolin Chen
2024-10-29 8:24 ` Tian, Kevin
2024-10-30 4:08 ` Nicolin Chen
2024-10-25 23:50 ` [PATCH v5 07/13] iommufd/viommu: Add iommufd_viommu_find_dev helper Nicolin Chen
2024-10-27 15:02 ` Zhangfei Gao
2024-10-27 22:49 ` Nicolin Chen
2024-10-29 8:25 ` Tian, Kevin
2024-10-25 23:50 ` [PATCH v5 08/13] iommufd/selftest: Add mock_viommu_cache_invalidate Nicolin Chen
2024-10-29 8:25 ` Tian, Kevin
2024-10-25 23:50 ` [PATCH v5 09/13] iommufd/selftest: Add IOMMU_TEST_OP_DEV_CHECK_CACHE test command Nicolin Chen
2024-10-29 8:25 ` Tian, Kevin
2024-10-25 23:50 ` [PATCH v5 10/13] iommufd/selftest: Add vIOMMU coverage for IOMMU_HWPT_INVALIDATE ioctl Nicolin Chen
2024-10-29 8:26 ` Tian, Kevin
2024-10-25 23:50 ` [PATCH v5 11/13] Documentation: userspace-api: iommufd: Update vDEVICE Nicolin Chen
2024-10-29 8:40 ` Tian, Kevin
2024-10-25 23:50 ` [PATCH v5 12/13] iommu/arm-smmu-v3: Add arm_vsmmu_cache_invalidate Nicolin Chen
2024-10-29 8:42 ` Tian, Kevin
2024-10-25 23:50 ` [PATCH v5 13/13] iommu/arm-smmu-v3: Allow ATS for IOMMU_DOMAIN_NESTED Nicolin Chen
2024-10-28 3:03 ` [PATCH v5 00/13] iommufd: Add vIOMMU infrastructure (Part-2: vDEVICE) Tian, Kevin
2024-10-28 14:17 ` Jason Gunthorpe
2024-10-29 8:51 ` Tian, Kevin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241029155824.GJ209124@nvidia.com \
--to=jgg@nvidia.com \
--cc=aik@amd.com \
--cc=baolu.lu@linux.intel.com \
--cc=dwmw2@infradead.org \
--cc=eric.auger@redhat.com \
--cc=iommu@lists.linux.dev \
--cc=jean-philippe@linaro.org \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mdf@kernel.org \
--cc=mshavit@google.com \
--cc=nicolinc@nvidia.com \
--cc=patches@lists.linux.dev \
--cc=robin.murphy@arm.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=shuah@kernel.org \
--cc=smostafa@google.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=will@kernel.org \
--cc=yi.l.liu@intel.com \
--cc=zhangfei.gao@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).