Re: [PATCH v6 01/10] iommufd/viommu: Add IOMMUFD_OBJ_VDEVICE and IOMMU_VDEVICE_ALLOC ioctl

linux-doc.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Nicolin Chen <nicolinc@nvidia.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: <kevin.tian@intel.com>, <corbet@lwn.net>, <joro@8bytes.org>,
	<suravee.suthikulpanit@amd.com>, <will@kernel.org>,
	<robin.murphy@arm.com>, <dwmw2@infradead.org>, <shuah@kernel.org>,
	<iommu@lists.linux.dev>, <linux-doc@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>, <linux-kselftest@vger.kernel.org>,
	<baolu.lu@linux.intel.com>, <eric.auger@redhat.com>,
	<jean-philippe@linaro.org>, <mdf@kernel.org>,
	<mshavit@google.com>, <shameerali.kolothum.thodi@huawei.com>,
	<smostafa@google.com>, <yi.l.liu@intel.com>, <aik@amd.com>,
	<zhangfei.gao@linaro.org>, <patches@lists.linux.dev>
Subject: Re: [PATCH v6 01/10] iommufd/viommu: Add IOMMUFD_OBJ_VDEVICE and IOMMU_VDEVICE_ALLOC ioctl
Date: Thu, 31 Oct 2024 09:56:37 -0700	[thread overview]
Message-ID: <ZyO2xfe95Y1TCaqG@Asurada-Nvidia> (raw)
In-Reply-To: <20241031132941.GL10193@nvidia.com>

On Thu, Oct 31, 2024 at 10:29:41AM -0300, Jason Gunthorpe wrote:
> On Wed, Oct 30, 2024 at 02:35:27PM -0700, Nicolin Chen wrote:
> > +void iommufd_vdevice_destroy(struct iommufd_object *obj)
> > +{
> > +	struct iommufd_vdevice *vdev =
> > +		container_of(obj, struct iommufd_vdevice, obj);
> > +	struct iommufd_viommu *viommu = vdev->viommu;
> > +
> > +	/* xa_cmpxchg is okay to fail if alloc returned -EEXIST previously */
> > +	xa_cmpxchg(&viommu->vdevs, vdev->id, vdev, NULL, GFP_KERNEL);
> 
> There are crazy races that would cause this not to work. Another
> thread could have successfully destroyed whatever caused EEXIST and
> the successfully registered this same vdev to the same id. Then this
> will wrongly erase the other threads entry.
>
> It would be better to skip the erase directly if the EEXIST unwind is
> being taken.

Hmm, is the "another thread" an alloc() or a destroy()? It doesn't
seem to me that there could be another destroy() on the same object
since this current destroy() is the abort to an unfinalized object.
And it doesn't seem that another alloc() will get the same vdev ptr
since every vdev allocation in the alloc() will be different?

That being said, I think we could play safer with the followings:
-------------------------------------------------------------------
@@ -88,7 +88,6 @@ void iommufd_vdevice_destroy(struct iommufd_object *obj)
                container_of(obj, struct iommufd_vdevice, obj);
        struct iommufd_viommu *viommu = vdev->viommu;

-       /* xa_cmpxchg is okay to fail if alloc returned -EEXIST previously */
        xa_cmpxchg(&viommu->vdevs, vdev->id, vdev, NULL, GFP_KERNEL);
        refcount_dec(&viommu->obj.users);
        put_device(vdev->dev);
@@ -128,18 +127,19 @@ int iommufd_vdevice_alloc_ioctl(struct iommufd_ucmd *ucmd)
                goto out_put_idev;
        }

+       curr = xa_cmpxchg(&viommu->vdevs, virt_id, NULL, vdev, GFP_KERNEL);
+       if (curr) {
+               iommufd_object_abort(ucmd->ictx, &vdev->obj);
+               rc = xa_err(curr) ?: -EEXIST;
+               goto out_put_idev;
+       }
+
        vdev->id = virt_id;
        vdev->dev = idev->dev;
        get_device(idev->dev);
        vdev->viommu = viommu;
        refcount_inc(&viommu->obj.users);

-       curr = xa_cmpxchg(&viommu->vdevs, virt_id, NULL, vdev, GFP_KERNEL);
-       if (curr) {
-               rc = xa_err(curr) ?: -EEXIST;
-               goto out_abort;
-       }
-
        cmd->out_vdevice_id = vdev->obj.id;
        rc = iommufd_ucmd_respond(ucmd, sizeof(*cmd));
        if (rc)
-------------------------------------------------------------------

Thanks
Nicolin

next prev parent reply	other threads:[~2024-10-31 16:57 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-30 21:35 [PATCH v6 00/10] iommufd: Add vIOMMU infrastructure (Part-2: vDEVICE) Nicolin Chen
2024-10-30 21:35 ` [PATCH v6 01/10] iommufd/viommu: Add IOMMUFD_OBJ_VDEVICE and IOMMU_VDEVICE_ALLOC ioctl Nicolin Chen
2024-10-31 13:29   ` Jason Gunthorpe
2024-10-31 16:56     ` Nicolin Chen [this message]
2024-10-31 17:04       ` Jason Gunthorpe
2024-10-31 18:46         ` Nicolin Chen
2024-11-07 10:11   ` Alexey Kardashevskiy
2024-11-07 16:31     ` Nicolin Chen
2024-11-07 18:50       ` Jason Gunthorpe
2024-10-30 21:35 ` [PATCH v6 02/10] iommufd/selftest: Add IOMMU_VDEVICE_ALLOC test coverage Nicolin Chen
2024-10-30 21:35 ` [PATCH v6 03/10] iommu/viommu: Add cache_invalidate to iommufd_viommu_ops Nicolin Chen
2024-10-30 21:35 ` [PATCH v6 04/10] iommufd: Allow hwpt_id to carry viommu_id for IOMMU_HWPT_INVALIDATE Nicolin Chen
2024-10-30 21:35 ` [PATCH v6 05/10] iommu: Add iommu_copy_struct_from_full_user_array helper Nicolin Chen
2024-10-31 15:33   ` Jason Gunthorpe
2024-10-30 21:35 ` [PATCH v6 06/10] iommufd/viommu: Add iommufd_viommu_find_dev helper Nicolin Chen
2024-10-31 13:30   ` Jason Gunthorpe
2024-10-30 21:35 ` [PATCH v6 07/10] iommufd/selftest: Add mock_viommu_cache_invalidate Nicolin Chen
2024-10-30 21:35 ` [PATCH v6 08/10] iommufd/selftest: Add IOMMU_TEST_OP_DEV_CHECK_CACHE test command Nicolin Chen
2024-10-31 15:34   ` Jason Gunthorpe
2024-10-30 21:35 ` [PATCH v6 09/10] iommufd/selftest: Add vIOMMU coverage for IOMMU_HWPT_INVALIDATE ioctl Nicolin Chen
2024-10-31 15:36   ` Jason Gunthorpe
2024-10-30 21:35 ` [PATCH v6 10/10] Documentation: userspace-api: iommufd: Update vDEVICE Nicolin Chen
2024-10-31  6:28 ` [PATCH v6 00/10] iommufd: Add vIOMMU infrastructure (Part-2: vDEVICE) Zhangfei Gao
2024-10-31 11:59   ` Jason Gunthorpe
2024-10-31 16:43     ` Nicolin Chen
2024-10-31 16:41   ` Nicolin Chen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZyO2xfe95Y1TCaqG@Asurada-Nvidia \
    --to=nicolinc@nvidia.com \
    --cc=aik@amd.com \
    --cc=baolu.lu@linux.intel.com \
    --cc=corbet@lwn.net \
    --cc=dwmw2@infradead.org \
    --cc=eric.auger@redhat.com \
    --cc=iommu@lists.linux.dev \
    --cc=jean-philippe@linaro.org \
    --cc=jgg@nvidia.com \
    --cc=joro@8bytes.org \
    --cc=kevin.tian@intel.com \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=mdf@kernel.org \
    --cc=mshavit@google.com \
    --cc=patches@lists.linux.dev \
    --cc=robin.murphy@arm.com \
    --cc=shameerali.kolothum.thodi@huawei.com \
    --cc=shuah@kernel.org \
    --cc=smostafa@google.com \
    --cc=suravee.suthikulpanit@amd.com \
    --cc=will@kernel.org \
    --cc=yi.l.liu@intel.com \
    --cc=zhangfei.gao@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).