From: Nicolin Chen <nicolinc@nvidia.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Pranjal Shrivastava <praan@google.com>, <kevin.tian@intel.com>,
<corbet@lwn.net>, <will@kernel.org>, <bagasdotme@gmail.com>,
<robin.murphy@arm.com>, <joro@8bytes.org>,
<thierry.reding@gmail.com>, <vdumpa@nvidia.com>,
<jonathanh@nvidia.com>, <shuah@kernel.org>, <jsnitsel@redhat.com>,
<nathan@kernel.org>, <peterz@infradead.org>, <yi.l.liu@intel.com>,
<mshavit@google.com>, <zhangzekun11@huawei.com>,
<iommu@lists.linux.dev>, <linux-doc@vger.kernel.org>,
<linux-kernel@vger.kernel.org>,
<linux-arm-kernel@lists.infradead.org>,
<linux-tegra@vger.kernel.org>, <linux-kselftest@vger.kernel.org>,
<patches@lists.linux.dev>, <mochs@nvidia.com>,
<alok.a.tiwari@oracle.com>, <vasant.hegde@amd.com>
Subject: Re: [PATCH v2 13/22] iommufd: Add mmap interface
Date: Wed, 7 May 2025 20:49:36 -0700 [thread overview]
Message-ID: <aBwp0JviKskqbPXz@nvidia.com> (raw)
In-Reply-To: <20250507220809.GB232705@nvidia.com>
On Wed, May 07, 2025 at 07:08:09PM -0300, Jason Gunthorpe wrote:
> On Wed, May 07, 2025 at 02:09:31PM -0700, Nicolin Chen wrote:
> > I have another question: while I don't think my code is handling
> > this well either, how should we validate the input address is an
> > allowed one?
>
> The pgoff to mmap? If it isn't in the maple tree it is not allowed, if
> it isn't at the start of range it is not allowed, if the size is not
> exactly the same as the range it is not allowed.
Kevin suggested to allow a partial mmap, i.e allow the size to be
smaller than what the cookie describes. Yet, surely the mmap size
should not above the allocated size.
> > Because mmap() is per ictx, i.e. it's a global translation table.
>
> It's per-FD. The pgoff number space is per-fd calling mmap.
>
> > So, the following might happen: let's say we have two vIOMMUs in
> > the same ictx. Either vIOMMU has reported a cookie to index the
> > mtree for the real PFN range: call them PFN_RANGE0 (for vIOMMU0)
> > and PFN_RANGE1 (for vIOMMU1). What if a buggy VMM inverted these
> > cookies between the two vIOMMUs, so it would end up with vIOMMU0
> > accessing PFN_RANGE1?
>
> Oh well. That is too buggy for the kernel to do anything about. The
> mmap cookie comes out of the VIOMMU_ALLOC call and goes back into the
> mmap() call, if you mess it up or mix up the pointers then too bad.
>
> But if two VMMs are doing this then they each have their own iommufd
> and their own private numberspace and VMM A's VIOMMU cannot be mapped
> through VMM B's iommufd FD.
I was concerned about the one VM case, which uses the same ictx
and thus the same mtree.
So, an address translation table (like IOMMU) has a separate AS
(i.e. iommu_domain) for a device. This can limit the device from
accessing other device's memory. And it would be ideal for this
mmap interface (a translation site) to do the same.
However, given that it is a global translation table, we don't
have many choices for the isolation, but only (as your remarks):
1) Check if the given vm_pgoff is in the mtree
2) Check if the given length doesn't cross the real PFN range
Thanks
Nicolin
next prev parent reply other threads:[~2025-05-08 3:50 UTC|newest]
Thread overview: 146+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-26 5:57 [PATCH v2 00/22] iommufd: Add vIOMMU infrastructure (Part-4 vCMDQ) Nicolin Chen
2025-04-26 5:57 ` [PATCH v2 01/22] iommufd/viommu: Add driver-allocated vDEVICE support Nicolin Chen
2025-04-27 6:23 ` Baolu Lu
2025-04-28 0:41 ` Tian, Kevin
2025-04-28 18:08 ` Nicolin Chen
2025-04-26 5:57 ` [PATCH v2 02/22] iommu: Pass in a driver-level user data structure to viommu_alloc op Nicolin Chen
2025-04-27 6:31 ` Baolu Lu
2025-04-28 17:19 ` Nicolin Chen
2025-04-28 17:28 ` Pranjal Shrivastava
2025-04-26 5:57 ` [PATCH v2 03/22] iommufd/viommu: Allow driver-specific user data for a vIOMMU object Nicolin Chen
2025-04-27 6:36 ` Baolu Lu
2025-04-28 17:52 ` Pranjal Shrivastava
2025-04-30 14:58 ` ALOK TIWARI
2025-04-26 5:57 ` [PATCH v2 04/22] iommu: Add iommu_copy_struct_to_user helper Nicolin Chen
2025-04-27 6:39 ` Baolu Lu
2025-04-28 17:50 ` Pranjal Shrivastava
2025-04-28 18:21 ` Nicolin Chen
2025-04-29 8:31 ` Pranjal Shrivastava
2025-04-26 5:58 ` [PATCH v2 05/22] iommufd: Add iommufd_struct_destroy to revert iommufd_viommu_alloc Nicolin Chen
2025-04-27 6:55 ` Baolu Lu
2025-04-28 17:24 ` Nicolin Chen
2025-04-26 5:58 ` [PATCH v2 06/22] iommufd/selftest: Support user_data in mock_viommu_alloc Nicolin Chen
2025-04-28 18:56 ` Pranjal Shrivastava
2025-04-26 5:58 ` [PATCH v2 07/22] iommufd/selftest: Add covearge for viommu data Nicolin Chen
2025-04-28 19:02 ` Pranjal Shrivastava
2025-04-26 5:58 ` [PATCH v2 08/22] iommufd: Abstract iopt_pin_pages and iopt_unpin_pages helpers Nicolin Chen
2025-04-27 7:22 ` Baolu Lu
2025-04-28 17:41 ` Nicolin Chen
2025-05-05 15:01 ` Jason Gunthorpe
2025-05-05 15:44 ` Nicolin Chen
2025-05-05 15:55 ` Jason Gunthorpe
2025-05-05 16:03 ` Nicolin Chen
2025-05-05 16:05 ` Jason Gunthorpe
2025-05-05 16:19 ` Nicolin Chen
2025-05-05 16:56 ` Jason Gunthorpe
2025-04-28 20:14 ` Pranjal Shrivastava
2025-04-28 22:12 ` Nicolin Chen
2025-04-28 23:34 ` Nicolin Chen
2025-04-29 18:03 ` Pranjal Shrivastava
2025-05-06 9:36 ` Tian, Kevin
2025-05-06 19:17 ` Nicolin Chen
2025-05-07 7:22 ` Tian, Kevin
2025-05-07 7:36 ` Nicolin Chen
2025-05-07 7:51 ` Tian, Kevin
2025-04-26 5:58 ` [PATCH v2 09/22] iommufd/viommu: Introduce IOMMUFD_OBJ_VCMDQ and its related struct Nicolin Chen
2025-04-28 1:09 ` Baolu Lu
2025-04-28 18:10 ` Nicolin Chen
2025-05-05 15:02 ` Jason Gunthorpe
2025-05-05 15:45 ` Nicolin Chen
2025-04-28 21:01 ` Pranjal Shrivastava
2025-04-26 5:58 ` [PATCH v2 10/22] iommufd/viommmu: Add IOMMUFD_CMD_VCMDQ_ALLOC ioctl Nicolin Chen
2025-04-28 1:32 ` Baolu Lu
2025-04-28 18:58 ` Nicolin Chen
2025-04-29 6:11 ` Baolu Lu
2025-04-28 12:12 ` Vasant Hegde
2025-04-28 20:02 ` Nicolin Chen
2025-04-29 5:34 ` Vasant Hegde
2025-04-29 6:45 ` Nicolin Chen
2025-04-29 10:22 ` Vasant Hegde
2025-04-29 17:14 ` Nicolin Chen
2025-04-30 4:22 ` Vasant Hegde
2025-04-30 8:01 ` Nicolin Chen
2025-04-30 10:21 ` Vasant Hegde
2025-05-06 9:25 ` Tian, Kevin
2025-05-06 20:12 ` Nicolin Chen
2025-05-07 7:25 ` Tian, Kevin
2025-05-07 7:37 ` Nicolin Chen
2025-05-07 12:33 ` Jason Gunthorpe
2025-05-07 20:51 ` Nicolin Chen
2025-04-28 21:34 ` Pranjal Shrivastava
2025-04-28 22:44 ` Nicolin Chen
2025-04-29 8:28 ` Pranjal Shrivastava
2025-04-29 18:10 ` Pranjal Shrivastava
2025-04-29 18:15 ` Nicolin Chen
2025-04-29 18:57 ` Pranjal Shrivastava
2025-04-26 5:58 ` [PATCH v2 11/22] iommufd: Add for-driver helpers iommufd_vcmdq_depend/undepend() Nicolin Chen
2025-04-28 2:22 ` Baolu Lu
2025-04-28 18:17 ` Nicolin Chen
2025-04-29 12:40 ` Pranjal Shrivastava
2025-04-29 17:10 ` Nicolin Chen
2025-04-29 17:59 ` Pranjal Shrivastava
2025-04-29 18:07 ` Nicolin Chen
2025-04-29 18:44 ` Pranjal Shrivastava
2025-04-26 5:58 ` [PATCH v2 12/22] iommufd/selftest: Add coverage for IOMMUFD_CMD_VCMDQ_ALLOC Nicolin Chen
2025-04-26 5:58 ` [PATCH v2 13/22] iommufd: Add mmap interface Nicolin Chen
2025-04-28 2:50 ` Baolu Lu
2025-04-28 18:54 ` Nicolin Chen
2025-05-05 16:50 ` Jason Gunthorpe
2025-05-05 17:21 ` Nicolin Chen
2025-05-05 17:28 ` Jason Gunthorpe
2025-05-05 20:07 ` Nicolin Chen
2025-05-06 9:22 ` Tian, Kevin
2025-05-06 12:55 ` Jason Gunthorpe
2025-05-06 12:54 ` Jason Gunthorpe
2025-05-06 20:54 ` Nicolin Chen
2025-05-07 12:36 ` Jason Gunthorpe
2025-05-07 20:49 ` Nicolin Chen
2025-04-29 20:24 ` Pranjal Shrivastava
2025-04-29 20:34 ` Pranjal Shrivastava
2025-04-29 20:39 ` Nicolin Chen
2025-04-29 20:55 ` Pranjal Shrivastava
2025-04-29 21:05 ` Nicolin Chen
2025-04-29 21:35 ` Pranjal Shrivastava
2025-04-29 21:46 ` Nicolin Chen
2025-04-29 21:57 ` Pranjal Shrivastava
2025-05-05 16:55 ` Jason Gunthorpe
2025-05-05 17:27 ` Nicolin Chen
2025-05-05 17:31 ` Jason Gunthorpe
2025-05-05 19:50 ` Nicolin Chen
2025-05-06 12:52 ` Jason Gunthorpe
2025-05-06 19:30 ` Nicolin Chen
2025-05-07 12:39 ` Jason Gunthorpe
2025-05-07 21:09 ` Nicolin Chen
2025-05-07 22:08 ` Jason Gunthorpe
2025-05-08 3:49 ` Nicolin Chen [this message]
2025-05-08 9:15 ` Tian, Kevin
2025-05-08 12:12 ` Jason Gunthorpe
2025-05-08 17:14 ` Nicolin Chen
2025-05-05 18:47 ` Pranjal Shrivastava
2025-04-26 5:58 ` [PATCH v2 14/22] iommufd/selftest: Add coverage for the new " Nicolin Chen
2025-04-26 5:58 ` [PATCH v2 15/22] Documentation: userspace-api: iommufd: Update vCMDQ Nicolin Chen
2025-04-28 14:31 ` Bagas Sanjaya
2025-04-28 19:00 ` Nicolin Chen
2025-04-26 5:58 ` [PATCH v2 16/22] iommu/arm-smmu-v3-iommufd: Add vsmmu_alloc impl op Nicolin Chen
2025-04-29 21:36 ` Pranjal Shrivastava
2025-04-26 5:58 ` [PATCH v2 17/22] iommu/arm-smmu-v3-iommufd: Support implementation-defined hw_info Nicolin Chen
2025-04-29 21:44 ` Pranjal Shrivastava
2025-04-26 5:58 ` [PATCH v2 18/22] iommu/tegra241-cmdqv: Use request_threaded_irq Nicolin Chen
2025-04-29 21:47 ` Pranjal Shrivastava
2025-04-26 5:58 ` [PATCH v2 19/22] iommu/tegra241-cmdqv: Simplify deinit flow in tegra241_cmdqv_remove_vintf() Nicolin Chen
2025-04-29 22:05 ` Pranjal Shrivastava
2025-04-26 5:58 ` [PATCH v2 20/22] iommu/tegra241-cmdqv: Do not statically map LVCMDQs Nicolin Chen
2025-04-29 20:43 ` ALOK TIWARI
2025-04-29 22:32 ` Pranjal Shrivastava
2025-04-29 22:37 ` Nicolin Chen
2025-04-26 5:58 ` [PATCH v2 21/22] iommu/tegra241-cmdqv: Add user-space use support Nicolin Chen
2025-04-29 19:47 ` ALOK TIWARI
2025-04-29 21:12 ` Nicolin Chen
2025-04-30 21:59 ` Pranjal Shrivastava
2025-04-30 22:39 ` Nicolin Chen
2025-05-01 0:54 ` Nicolin Chen
2025-05-01 21:46 ` Pranjal Shrivastava
2025-05-01 21:45 ` Pranjal Shrivastava
2025-04-26 5:58 ` [PATCH v2 22/22] iommu/tegra241-cmdqv: Add IOMMU_VEVENTQ_TYPE_TEGRA241_CMDQV support Nicolin Chen
2025-04-30 15:07 ` ALOK TIWARI
2025-04-30 22:03 ` Pranjal Shrivastava
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aBwp0JviKskqbPXz@nvidia.com \
--to=nicolinc@nvidia.com \
--cc=alok.a.tiwari@oracle.com \
--cc=bagasdotme@gmail.com \
--cc=corbet@lwn.net \
--cc=iommu@lists.linux.dev \
--cc=jgg@nvidia.com \
--cc=jonathanh@nvidia.com \
--cc=joro@8bytes.org \
--cc=jsnitsel@redhat.com \
--cc=kevin.tian@intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-tegra@vger.kernel.org \
--cc=mochs@nvidia.com \
--cc=mshavit@google.com \
--cc=nathan@kernel.org \
--cc=patches@lists.linux.dev \
--cc=peterz@infradead.org \
--cc=praan@google.com \
--cc=robin.murphy@arm.com \
--cc=shuah@kernel.org \
--cc=thierry.reding@gmail.com \
--cc=vasant.hegde@amd.com \
--cc=vdumpa@nvidia.com \
--cc=will@kernel.org \
--cc=yi.l.liu@intel.com \
--cc=zhangzekun11@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).