From: Jason Gunthorpe <jgg@nvidia.com>
To: Shameerali Kolothum Thodi <shameerali.kolothum.thodi@huawei.com>
Cc: "iommu@lists.linux.dev" <iommu@lists.linux.dev>,
Joerg Roedel <joro@8bytes.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
Robin Murphy <robin.murphy@arm.com>,
Will Deacon <will@kernel.org>, Eric Auger <eric.auger@redhat.com>,
Jean-Philippe Brucker <jean-philippe@linaro.org>,
Moritz Fischer <mdf@kernel.org>,
Michael Shavit <mshavit@google.com>,
Nicolin Chen <nicolinc@nvidia.com>,
"patches@lists.linux.dev" <patches@lists.linux.dev>
Subject: Re: [PATCH v4 01/27] iommu/arm-smmu-v3: Check that the RID domain is S1 in SVA
Date: Tue, 30 Jan 2024 15:03:58 -0400 [thread overview]
Message-ID: <20240130190358.GE1455070@nvidia.com> (raw)
In-Reply-To: <c8cf99b2532644de9b38c44019bf83a2@huawei.com>
On Tue, Jan 30, 2024 at 05:11:36PM +0000, Shameerali Kolothum Thodi wrote:
> >
> > > > + if (smmu_domain->stage != ARM_SMMU_DOMAIN_S1)
> > > > + return -ENODEV;
> > >
> > > I think we need to do the above checks in
> > arm_smmu_sva_remove_dev_pasid()
> > > as well.
> >
> > The core won't call that unless a PASID is already attached, meaning
> > we already passed the above check in bind. So it shouldn't need to be
> > duplicated.
>
> I think it does in the error path. See __iommu_set_group_pasid() call.
> I haven't tested what happens if that returns error because of identity
> domain and then __iommu_remove_group_pasid() is called.
You are correct, but this is a problem in the core code :(
Driver should not have to deal with this unbalance. A set/remove
pairing should be enforced by the core.
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -3481,15 +3481,24 @@ EXPORT_SYMBOL_GPL(iommu_group_dma_owner_claimed);
static int __iommu_set_group_pasid(struct iommu_domain *domain,
struct iommu_group *group, ioasid_t pasid)
{
+ struct group_device *last_gdev;
struct group_device *device;
int ret = 0;
for_each_group_device(group, device) {
ret = domain->ops->set_dev_pasid(domain, device->dev, pasid);
if (ret)
- break;
+ goto err_revert;
}
+ return 0;
+err_revert:
+ last_gdev = device;
+ for_each_group_device(group, device) {
+ if (device == last_gdev)
+ break;
+ dev_iommu_ops(device->dev)->remove_dev_pasid(device->dev, pasid);
+ }
return ret;
}
@@ -3538,10 +3547,8 @@ int iommu_attach_device_pasid(struct iommu_domain *domain,
}
ret = __iommu_set_group_pasid(domain, group, pasid);
- if (ret) {
- __iommu_remove_group_pasid(group, pasid);
+ if (ret)
xa_erase(&group->pasid_array, pasid);
- }
out_unlock:
mutex_unlock(&group->mutex);
return ret;
> So as an exported function, still think it is better to check for domain
> type before accessing smmu_domain there.
After part 2 the remove path doesn't touch the RID so I prefer to
leave it in part 1 and it will be fully safe in part 2. It is just
more code that part 2 has to remove.
Thanks,
Jason
next prev parent reply other threads:[~2024-01-30 19:04 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-26 18:15 [PATCH v4 00/27] Update SMMUv3 to the modern iommu API (part 2/3) Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 01/27] iommu/arm-smmu-v3: Check that the RID domain is S1 in SVA Jason Gunthorpe
2024-01-30 8:46 ` Shameerali Kolothum Thodi
2024-01-30 16:04 ` Jason Gunthorpe
2024-01-30 17:11 ` Shameerali Kolothum Thodi
2024-01-30 19:03 ` Jason Gunthorpe [this message]
2024-01-26 18:15 ` [PATCH v4 02/27] iommu/arm-smmu-v3: Do not allow a SVA domain to be set on the wrong PASID Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 03/27] iommu/arm-smmu-v3: Do not ATC invalidate the entire domain Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 04/27] iommu/arm-smmu-v3: Add a type for the CD entry Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 05/27] iommu/arm-smmu-v3: Make CD programming use arm_smmu_write_entry() Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 06/27] iommu/arm-smmu-v3: Consolidate clearing a CD table entry Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 07/27] iommu/arm-smmu-v3: Move the CD generation for S1 domains into a function Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 08/27] iommu/arm-smmu-v3: Move allocation of the cdtable into arm_smmu_get_cd_ptr() Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 09/27] iommu/arm-smmu-v3: Allocate the CD table entry in advance Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 10/27] iommu/arm-smmu-v3: Move the CD generation for SVA into a function Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 11/27] iommu/arm-smmu-v3: Lift CD programming out of the SVA notifier code Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 12/27] iommu/arm-smmu-v3: Build the whole CD in arm_smmu_make_s1_cd() Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 13/27] iommu/arm-smmu-v3: Make smmu_domain->devices into an allocated list Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 14/27] iommu/arm-smmu-v3: Make changing domains be hitless for ATS Jason Gunthorpe
2024-01-31 11:20 ` Shameerali Kolothum Thodi
2024-01-31 14:12 ` Jason Gunthorpe
2024-01-31 14:29 ` Shameerali Kolothum Thodi
2024-01-26 18:15 ` [PATCH v4 15/27] iommu/arm-smmu-v3: Add ssid to struct arm_smmu_master_domain Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 16/27] iommu/arm-smmu-v3: Keep track of valid CD entries in the cd_table Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 17/27] iommu/arm-smmu-v3: Thread SSID through the arm_smmu_attach_*() interface Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 18/27] iommu/arm-smmu-v3: Make SVA allocate a normal arm_smmu_domain Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 19/27] iommu/arm-smmu-v3: Keep track of arm_smmu_master_domain for SVA Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 20/27] iommu: Add ops->domain_alloc_sva() Jason Gunthorpe
2024-02-19 22:47 ` Daniel Mentz
2024-02-20 14:09 ` Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 21/27] iommu/arm-smmu-v3: Put the SVA mmu notifier in the smmu_domain Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 22/27] iommu/arm-smmu-v3: Consolidate freeing the ASID/VMID Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 23/27] iommu/arm-smmu-v3: Move the arm_smmu_asid_xa to per-smmu like vmid Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 24/27] iommu/arm-smmu-v3: Bring back SVA BTM support Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 25/27] iommu/arm-smmu-v3: Allow IDENTITY/BLOCKED to be set while PASID is used Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 26/27] iommu/arm-smmu-v3: Allow a PASID to be set when RID is IDENTITY/BLOCKED Jason Gunthorpe
2024-01-26 18:15 ` [PATCH v4 27/27] iommu/arm-smmu-v3: Allow setting a S1 domain to a PASID Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240130190358.GE1455070@nvidia.com \
--to=jgg@nvidia.com \
--cc=eric.auger@redhat.com \
--cc=iommu@lists.linux.dev \
--cc=jean-philippe@linaro.org \
--cc=joro@8bytes.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mdf@kernel.org \
--cc=mshavit@google.com \
--cc=nicolinc@nvidia.com \
--cc=patches@lists.linux.dev \
--cc=robin.murphy@arm.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).