From: Baolu Lu <baolu.lu@linux.intel.com>
To: "Tian, Kevin" <kevin.tian@intel.com>,
Jason Gunthorpe <jgg@ziepe.ca>, Joerg Roedel <joro@8bytes.org>,
Will Deacon <will@kernel.org>,
Robin Murphy <robin.murphy@arm.com>,
Jean-Philippe Brucker <jean-philippe@linaro.org>,
Nicolin Chen <nicolinc@nvidia.com>,
"Liu, Yi L" <yi.l.liu@intel.com>,
Jacob Pan <jacob.jun.pan@linux.intel.com>,
Joel Granados <j.granados@samsung.com>
Cc: baolu.lu@linux.intel.com,
"iommu@lists.linux.dev" <iommu@lists.linux.dev>,
"virtualization@lists.linux-foundation.org"
<virtualization@lists.linux-foundation.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Jason Gunthorpe <jgg@nvidia.com>
Subject: Re: [PATCH v6 01/10] iommu: Introduce domain attachment handle
Date: Thu, 6 Jun 2024 13:33:29 +0800 [thread overview]
Message-ID: <ae7c05b0-104e-4c71-99aa-fed2a4f209fb@linux.intel.com> (raw)
In-Reply-To: <BN9PR11MB52767B3B1F441D9AA656AC258CF92@BN9PR11MB5276.namprd11.prod.outlook.com>
On 6/5/24 4:02 PM, Tian, Kevin wrote:
>> From: Lu Baolu <baolu.lu@linux.intel.com>
>> Sent: Monday, May 27, 2024 12:05 PM
>>
>> @@ -99,7 +99,9 @@ struct iommu_sva *iommu_sva_bind_device(struct device
>> *dev, struct mm_struct *mm
>>
>> /* Search for an existing domain. */
>> list_for_each_entry(domain, &mm->iommu_mm->sva_domains, next) {
>> - ret = iommu_attach_device_pasid(domain, dev, iommu_mm-
>>> pasid);
>> + handle->handle.domain = domain;
>> + ret = iommu_attach_device_pasid(domain, dev, iommu_mm-
>>> pasid,
>> + &handle->handle);
>
> move the setting of handle.domain into the helper?
Yes.
>
>> @@ -3382,11 +3383,9 @@ int iommu_attach_device_pasid(struct
>> iommu_domain *domain,
>> }
>> }
>>
>> - curr = xa_cmpxchg(&group->pasid_array, pasid, NULL, domain,
>> GFP_KERNEL);
>> - if (curr) {
>> - ret = xa_err(curr) ? : -EBUSY;
>> + ret = xa_insert(&group->pasid_array, pasid, handle, GFP_KERNEL);
>> + if (ret)
>> goto out_unlock;
>> - }
>
> this leads to a slightly different implication comparing to the old code.
>
> the domain pointer was always tracked in the old code but now the handle
> is optional.
>
> if iommu core only needs to know whether a pasid has been attached (as
> in this helper), it still works as xa_insert() will mark the entry as reserved
> if handle==NULL and next xa_insert() at the same index will fail due to
> the entry being reserved.
>
> But if certain path (other than iopf) in the iommu core needs to know
> the exact domain pointer then this change breaks it.
The iommu core should not fetch the domain pointer in paths other than
attach/detach/replace. There is currently no reference counter for an
iommu domain, hence fetching the domain for other purposes will
potentially lead to a use-after-free issue.
>
> Anyway some explanation is welcomed here for why this change is safe.
>
>> @@ -3414,7 +3413,7 @@ void iommu_detach_device_pasid(struct
>> iommu_domain *domain, struct device *dev,
>>
>> mutex_lock(&group->mutex);
>> __iommu_remove_group_pasid(group, pasid, domain);
>> - WARN_ON(xa_erase(&group->pasid_array, pasid) != domain);
>> + xa_erase(&group->pasid_array, pasid);
>
> if the entry is valid do we want to keep the WARN_ON() upon handle->domain?
The domain pointer has already been passed to the iommu driver in
__iommu_remove_group_pasid(). Therefore, the check for the pointer's
validity should be performed before calling
__iommu_remove_group_pasid(). Hence, in my view, using WARN_ON() around
xa_erase() is not very useful.
Best regards,
baolu
next prev parent reply other threads:[~2024-06-06 5:35 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-27 4:05 [PATCH v6 00/10] IOMMUFD: Deliver IO page faults to user space Lu Baolu
2024-05-27 4:05 ` [PATCH v6 01/10] iommu: Introduce domain attachment handle Lu Baolu
2024-06-05 8:02 ` Tian, Kevin
2024-06-06 5:33 ` Baolu Lu [this message]
2024-06-12 13:10 ` Jason Gunthorpe
2024-06-13 3:04 ` Baolu Lu
2024-05-27 4:05 ` [PATCH v6 02/10] iommu: Remove sva handle list Lu Baolu
2024-06-05 8:15 ` Tian, Kevin
2024-06-06 6:06 ` Baolu Lu
2024-06-07 9:35 ` Tian, Kevin
2024-06-12 13:05 ` Jason Gunthorpe
2024-06-13 4:06 ` Baolu Lu
2024-05-27 4:05 ` [PATCH v6 03/10] iommu: Add attach handle to struct iopf_group Lu Baolu
2024-06-05 8:23 ` Tian, Kevin
2024-06-06 6:18 ` Baolu Lu
2024-06-12 13:37 ` Jason Gunthorpe
2024-06-13 4:23 ` Baolu Lu
2024-06-13 11:49 ` Jason Gunthorpe
2024-06-14 1:16 ` Baolu Lu
2024-05-27 4:05 ` [PATCH v6 04/10] iommu: Extend domain attach group with handle support Lu Baolu
2024-06-12 13:41 ` Jason Gunthorpe
2024-06-13 4:47 ` Baolu Lu
2024-05-27 4:05 ` [PATCH v6 05/10] iommufd: Add fault and response message definitions Lu Baolu
2024-06-05 8:28 ` Tian, Kevin
2024-06-06 6:27 ` Baolu Lu
2024-06-07 9:38 ` Tian, Kevin
2024-06-12 13:19 ` Jason Gunthorpe
2024-06-12 13:50 ` Jason Gunthorpe
2024-06-13 6:32 ` Baolu Lu
2024-06-13 4:54 ` Baolu Lu
2024-06-12 13:52 ` Jason Gunthorpe
2024-06-13 6:40 ` Baolu Lu
2024-05-27 4:05 ` [PATCH v6 06/10] iommufd: Add iommufd fault object Lu Baolu
2024-06-07 9:17 ` Tian, Kevin
2024-06-08 9:58 ` Baolu Lu
2024-06-12 13:25 ` Jason Gunthorpe
2024-06-13 6:44 ` Baolu Lu
2024-06-12 13:23 ` Jason Gunthorpe
2024-06-17 7:32 ` Tian, Kevin
2024-05-27 4:05 ` [PATCH v6 07/10] iommufd: Fault-capable hwpt attach/detach/replace Lu Baolu
2024-06-07 9:30 ` Tian, Kevin
2024-06-09 7:23 ` Baolu Lu
2024-06-17 7:37 ` Tian, Kevin
2024-05-27 4:05 ` [PATCH v6 08/10] iommufd: Associate fault object with iommufd_hw_pgtable Lu Baolu
2024-06-07 9:30 ` Tian, Kevin
2024-05-27 4:05 ` [PATCH v6 09/10] iommufd/selftest: Add IOPF support for mock device Lu Baolu
2024-05-27 4:05 ` [PATCH v6 10/10] iommufd/selftest: Add coverage for IOPF test Lu Baolu
2024-06-12 13:54 ` [PATCH v6 00/10] IOMMUFD: Deliver IO page faults to user space Jason Gunthorpe
2024-06-13 6:46 ` Baolu Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ae7c05b0-104e-4c71-99aa-fed2a4f209fb@linux.intel.com \
--to=baolu.lu@linux.intel.com \
--cc=iommu@lists.linux.dev \
--cc=j.granados@samsung.com \
--cc=jacob.jun.pan@linux.intel.com \
--cc=jean-philippe@linaro.org \
--cc=jgg@nvidia.com \
--cc=jgg@ziepe.ca \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nicolinc@nvidia.com \
--cc=robin.murphy@arm.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=will@kernel.org \
--cc=yi.l.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox