From: Jason Gunthorpe <jgg@nvidia.com>
To: Nicolin Chen <nicolinc@nvidia.com>
Cc: kevin.tian@intel.com, alex.williamson@redhat.com,
yi.l.liu@intel.com, joro@8bytes.org, will@kernel.org,
robin.murphy@arm.com, shuah@kernel.org,
linux-kernel@vger.kernel.org, iommu@lists.linux.dev,
kvm@vger.kernel.org, linux-kselftest@vger.kernel.org,
mjrosato@linux.ibm.com, farman@linux.ibm.com
Subject: Re: [PATCH v8 2/4] iommufd: Add iommufd_access_replace() API
Date: Wed, 26 Jul 2023 11:30:17 -0300 [thread overview]
Message-ID: <ZMEt+SMFBMKT3AoT@nvidia.com> (raw)
In-Reply-To: <5dfe3e9a9d511919cb105459ca9d96f013daadb4.1690226015.git.nicolinc@nvidia.com>
On Mon, Jul 24, 2023 at 12:47:05PM -0700, Nicolin Chen wrote:
> -int iommufd_access_attach(struct iommufd_access *access, u32 ioas_id)
> +static int iommufd_access_change_pt(struct iommufd_access *access, u32 ioas_id)
> {
> + struct iommufd_ioas *cur_ioas = access->ioas;
> struct iommufd_ioas *new_ioas;
> - int rc = 0;
> + int rc;
>
> - mutex_lock(&access->ioas_lock);
> - if (WARN_ON(access->ioas || access->ioas_unpin)) {
> - mutex_unlock(&access->ioas_lock);
> - return -EINVAL;
> - }
> + lockdep_assert_held(&access->ioas_lock);
>
> new_ioas = iommufd_get_ioas(access->ictx, ioas_id);
> - if (IS_ERR(new_ioas)) {
> - mutex_unlock(&access->ioas_lock);
> + if (IS_ERR(new_ioas))
> return PTR_ERR(new_ioas);
> - }
> +
> + if (cur_ioas)
> + __iommufd_access_detach(access);
The drop of the mutex while this function runs is racey with the rest
of this, we can mitigate it by blocking concurrent change while
detaching which is if access->ioas_unpin is set
> rc = iopt_add_access(&new_ioas->iopt, access);
> if (rc) {
> - mutex_unlock(&access->ioas_lock);
> iommufd_put_object(&new_ioas->obj);
> + if (cur_ioas)
> + WARN_ON(iommufd_access_change_pt(access,
> + cur_ioas->obj.id));
We've already dropped our ref to cur_ioas, so this is also racy with
destroy.
This is what I came up with:
diff --git a/drivers/iommu/iommufd/device.c b/drivers/iommu/iommufd/device.c
index 57c0e81f5073b2..e55d6e902edb98 100644
--- a/drivers/iommu/iommufd/device.c
+++ b/drivers/iommu/iommufd/device.c
@@ -758,64 +758,101 @@ void iommufd_access_destroy(struct iommufd_access *access)
}
EXPORT_SYMBOL_NS_GPL(iommufd_access_destroy, IOMMUFD);
-void iommufd_access_detach(struct iommufd_access *access)
+static int iommufd_access_change_ioas(struct iommufd_access *access,
+ struct iommufd_ioas *new_ioas)
{
struct iommufd_ioas *cur_ioas = access->ioas;
+ int rc;
+
+ lockdep_assert_held(&access->ioas_lock);
+
+ /* We are racing with a concurrent detach, bail */
+ if (access->ioas_unpin)
+ return -EBUSY;
+
+ if (IS_ERR(new_ioas))
+ return PTR_ERR(new_ioas);
+
+ if (cur_ioas == new_ioas)
+ return 0;
- mutex_lock(&access->ioas_lock);
- if (WARN_ON(!access->ioas))
- goto out;
/*
* Set ioas to NULL to block any further iommufd_access_pin_pages().
* iommufd_access_unpin_pages() can continue using access->ioas_unpin.
*/
access->ioas = NULL;
-
- if (access->ops->unmap) {
+ if (cur_ioas && access->ops->unmap) {
mutex_unlock(&access->ioas_lock);
access->ops->unmap(access->data, 0, ULONG_MAX);
mutex_lock(&access->ioas_lock);
}
+
+ if (new_ioas) {
+ rc = iopt_add_access(&new_ioas->iopt, access);
+ if (rc) {
+ iommufd_put_object(&new_ioas->obj);
+ access->ioas = cur_ioas;
+ return rc;
+ }
+ iommufd_ref_to_users(&new_ioas->obj);
+ }
+
+ access->ioas = new_ioas;
+ access->ioas_unpin = new_ioas;
iopt_remove_access(&cur_ioas->iopt, access);
refcount_dec(&cur_ioas->obj.users);
-out:
- access->ioas_unpin = NULL;
+
+ return 0;
+}
+
+void iommufd_access_detach(struct iommufd_access *access)
+{
+ int rc;
+
+ mutex_lock(&access->ioas_lock);
+ if (WARN_ON(!access->ioas)) {
+ mutex_unlock(&access->ioas_lock);
+ return;
+ }
+ rc = iommufd_access_change_ioas(access, NULL);
+ WARN_ON(rc);
mutex_unlock(&access->ioas_lock);
}
EXPORT_SYMBOL_NS_GPL(iommufd_access_detach, IOMMUFD);
int iommufd_access_attach(struct iommufd_access *access, u32 ioas_id)
{
- struct iommufd_ioas *new_ioas;
- int rc = 0;
+ int rc;
mutex_lock(&access->ioas_lock);
- if (WARN_ON(access->ioas || access->ioas_unpin)) {
+ if (WARN_ON(access->ioas)) {
mutex_unlock(&access->ioas_lock);
return -EINVAL;
}
- new_ioas = iommufd_get_ioas(access->ictx, ioas_id);
- if (IS_ERR(new_ioas)) {
- mutex_unlock(&access->ioas_lock);
- return PTR_ERR(new_ioas);
- }
-
- rc = iopt_add_access(&new_ioas->iopt, access);
- if (rc) {
- mutex_unlock(&access->ioas_lock);
- iommufd_put_object(&new_ioas->obj);
- return rc;
- }
- iommufd_ref_to_users(&new_ioas->obj);
-
- access->ioas = new_ioas;
- access->ioas_unpin = new_ioas;
+ rc = iommufd_access_change_ioas(access,
+ iommufd_get_ioas(access->ictx, ioas_id));
mutex_unlock(&access->ioas_lock);
- return 0;
+ return rc;
}
EXPORT_SYMBOL_NS_GPL(iommufd_access_attach, IOMMUFD);
+int iommufd_access_replace(struct iommufd_access *access, u32 ioas_id)
+{
+ int rc;
+
+ mutex_lock(&access->ioas_lock);
+ if (!access->ioas) {
+ mutex_unlock(&access->ioas_lock);
+ return -ENOENT;
+ }
+ rc = iommufd_access_change_ioas(access,
+ iommufd_get_ioas(access->ictx, ioas_id));
+ mutex_unlock(&access->ioas_lock);
+ return rc;
+}
+EXPORT_SYMBOL_NS_GPL(iommufd_access_replace, IOMMUFD);
+
/**
* iommufd_access_notify_unmap - Notify users of an iopt to stop using it
* @iopt: iopt to work on
diff --git a/include/linux/iommufd.h b/include/linux/iommufd.h
index 0ac60256b65929..ffc3a949f8374f 100644
--- a/include/linux/iommufd.h
+++ b/include/linux/iommufd.h
@@ -49,6 +49,7 @@ iommufd_access_create(struct iommufd_ctx *ictx,
const struct iommufd_access_ops *ops, void *data, u32 *id);
void iommufd_access_destroy(struct iommufd_access *access);
int iommufd_access_attach(struct iommufd_access *access, u32 ioas_id);
+int iommufd_access_replace(struct iommufd_access *access, u32 ioas_id);
void iommufd_access_detach(struct iommufd_access *access);
void iommufd_ctx_get(struct iommufd_ctx *ictx);
Jason
next prev parent reply other threads:[~2023-07-26 14:30 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-24 19:47 [PATCH v8 0/4] cover-letter: Add IO page table replacement support Nicolin Chen
2023-07-24 19:47 ` [PATCH v8 1/4] vfio: Do not allow !ops->dma_unmap in vfio_pin/unpin_pages() Nicolin Chen
2023-07-26 17:33 ` Alex Williamson
2023-07-26 17:38 ` Jason Gunthorpe
2023-07-24 19:47 ` [PATCH v8 2/4] iommufd: Add iommufd_access_replace() API Nicolin Chen
2023-07-26 14:30 ` Jason Gunthorpe [this message]
2023-07-26 20:50 ` Nicolin Chen
2023-07-26 23:36 ` Jason Gunthorpe
2023-07-27 2:59 ` Nicolin Chen
2023-07-27 7:30 ` Nicolin Chen
2023-07-27 12:03 ` Jason Gunthorpe
2023-07-27 19:04 ` Nicolin Chen
2023-07-28 3:45 ` Tian, Kevin
2023-07-28 4:43 ` Nicolin Chen
2023-07-28 6:20 ` Tian, Kevin
2023-07-28 12:28 ` Jason Gunthorpe
2023-07-28 12:27 ` Jason Gunthorpe
2023-07-24 19:47 ` [PATCH v8 3/4] iommufd/selftest: Add IOMMU_TEST_OP_ACCESS_REPLACE_IOAS coverage Nicolin Chen
2023-07-26 17:04 ` Jason Gunthorpe
2023-07-24 19:47 ` [PATCH v8 4/4] vfio: Support IO page table replacement Nicolin Chen
2023-07-26 17:04 ` Jason Gunthorpe
2023-07-26 17:34 ` Alex Williamson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZMEt+SMFBMKT3AoT@nvidia.com \
--to=jgg@nvidia.com \
--cc=alex.williamson@redhat.com \
--cc=farman@linux.ibm.com \
--cc=iommu@lists.linux.dev \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mjrosato@linux.ibm.com \
--cc=nicolinc@nvidia.com \
--cc=robin.murphy@arm.com \
--cc=shuah@kernel.org \
--cc=will@kernel.org \
--cc=yi.l.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).