From: Yi Liu <yi.l.liu@intel.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: <iommu@lists.linux.dev>, Joerg Roedel <joro@8bytes.org>,
Robin Murphy <robin.murphy@arm.com>,
Will Deacon <will@kernel.org>,
Lu Baolu <baolu.lu@linux.intel.com>,
Jean-Philippe Brucker <jean-philippe@linaro.org>,
Joerg Roedel <jroedel@suse.de>, Kevin Tian <kevin.tian@intel.com>,
<patches@lists.linux.dev>, Tony Zhu <tony.zhu@intel.com>,
Zhangfei Gao <zhangfei.gao@linaro.org>
Subject: Re: [PATCH rc] iommu: Validate the PASID in iommu_attach_device_pasid()
Date: Wed, 27 Mar 2024 22:42:16 +0800 [thread overview]
Message-ID: <23c76cd9-2927-41e7-ad30-57a4220dd776@intel.com> (raw)
In-Reply-To: <20240327142759.GH946323@nvidia.com>
On 2024/3/27 22:27, Jason Gunthorpe wrote:
> On Wed, Mar 27, 2024 at 10:14:45PM +0800, Yi Liu wrote:
>> On 2024/3/27 21:41, Jason Gunthorpe wrote:
>>> The SVA code checks that the PASID is valid for the device when assigning
>>> the PASID to the MM, but the normal PAGING related path does not check it.
>>>> Devices that don't support PASID or PASID values too large for the device
>>> should not invoke the driver callback. The drivers should rely on the
>>> core code for this enforcement.
>>
>> I agree it is reasonable to enforce it in the core. But I'm not sure if a
>> fix tag is needed or not. As far as I know, intel iommu driver supports
>> attaching both the SVA and DMA type (PAGING) domain to pasid. Intel iommu
>> driver checks the max pasid in intel_pasid_get_entry() of
>> drivers/iommu/intel/pasid.c.
>> I'm not sure about ARM and AMD side, if the two drivers only support SVA
>> domain, and have the max pasid check. Then fix tag may be not necessary as
>> all the related paths are in good shape on the max pasid check before this
>> fix. :)
>
> Ah, I could not find the max pasid check in the Intel driver.
I see. May have a look at the below code. When get pasid entry, it would
check the pasid against the return value of intel_pasid_get_dev_max_id(dev)
https://github.com/torvalds/linux/blob/7033999ecd7b8cf9ea59265035a0150961e023ee/drivers/iommu/intel/pasid.c#L137
>
>>> Fixes: 16603704559c7a68 ("iommu: Add attach/detach_dev_pasid iommu interfaces")
>>> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
>>> ---
>>> drivers/iommu/iommu.c | 11 ++++++++++-
>>> 1 file changed, 10 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
>>> index 098869007c69e5..a95a483def2d2a 100644
>>> --- a/drivers/iommu/iommu.c
>>> +++ b/drivers/iommu/iommu.c
>>> @@ -3354,6 +3354,7 @@ int iommu_attach_device_pasid(struct iommu_domain *domain,
>>> {
>>> /* Caller must be a probed driver on dev */
>>> struct iommu_group *group = dev->iommu_group;
>>> + struct group_device *device;
>>> void *curr;
>>> int ret;
>>> @@ -3363,10 +3364,18 @@ int iommu_attach_device_pasid(struct iommu_domain *domain,
>>> if (!group)
>>> return -ENODEV;
>>> - if (!dev_has_iommu(dev) || dev_iommu_ops(dev) != domain->owner)
>>> + if (!dev_has_iommu(dev) || dev_iommu_ops(dev) != domain->owner ||
>>> + pasid == IOMMU_NO_PASID)
>>
>> perhaps this can be a separate patch as it means this API does not support
>> NO_PASID attachment.
>
> It never did? For something like Intel you can't use this API to
> change the RID's domain, it would break things. It is all the same
> topic - missing PASID validation.
aha, yes. one patch is ok to me as well. :)
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
> That alone is worth the fixes :)
--
Regards,
Yi Liu
next prev parent reply other threads:[~2024-03-27 14:38 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-27 13:41 [PATCH rc] iommu: Validate the PASID in iommu_attach_device_pasid() Jason Gunthorpe
2024-03-27 14:14 ` Yi Liu
2024-03-27 14:27 ` Jason Gunthorpe
2024-03-27 14:42 ` Yi Liu [this message]
2024-03-27 14:46 ` Yi Liu
2024-03-27 16:37 ` Jason Gunthorpe
2024-03-28 3:23 ` Tian, Kevin
2024-03-28 5:40 ` Joerg Roedel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=23c76cd9-2927-41e7-ad30-57a4220dd776@intel.com \
--to=yi.l.liu@intel.com \
--cc=baolu.lu@linux.intel.com \
--cc=iommu@lists.linux.dev \
--cc=jean-philippe@linaro.org \
--cc=jgg@nvidia.com \
--cc=joro@8bytes.org \
--cc=jroedel@suse.de \
--cc=kevin.tian@intel.com \
--cc=patches@lists.linux.dev \
--cc=robin.murphy@arm.com \
--cc=tony.zhu@intel.com \
--cc=will@kernel.org \
--cc=zhangfei.gao@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox