| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200515161400.GZ18353@8bytes.org>
Date: Fri, 15 May 2020 18:14:00 +0200
From: Joerg Roedel <joro@...tes.org>
To: Robin Murphy <robin.murphy@....com>
Cc: iommu@...ts.linux-foundation.org, jroedel@...e.de,
linux-kernel@...r.kernel.org, Tom Murphy <murphyt7@....ie>,
jsnitsel@...hat.com
Subject: Re: [PATCH] iommu: Implement deferred domain attachment
On Fri, May 15, 2020 at 04:42:23PM +0100, Robin Murphy wrote:
> > struct iommu_domain *iommu_get_dma_domain(struct device *dev)
> > {
> > - return dev->iommu_group->default_domain;
> > + struct iommu_domain *domain = dev->iommu_group->default_domain;
> > +
> > + if (__iommu_is_attach_deferred(domain, dev))
> > + __iommu_attach_device_no_defer(domain, dev);
>
> This raises a red flag, since iommu-dma already has explicit deferred attach
> handling where it should need it, immediately after this is called to
> retrieve the domain. The whole thing smells to me like we should have an
> explicit special-case in iommu_probe_device() rather than hooking
> __iommu_attach_device() in general then having to bodge around the fallout
> elsewhere.
Good point, I missed that. But it didn't work for its only user, the
AMD IOMMU driver, the reason is that it calls iommu_attach_device(),
which in its code-path checks for deferred attaching again and bails
out, without do the real attachment.
But below updated fix should work. Jerry, could you please test it
again?
>From 4e262dedcd36c7572312c65e66416da74fc78047 Mon Sep 17 00:00:00 2001
From: Joerg Roedel <jroedel@...e.de>
Date: Fri, 15 May 2020 11:25:03 +0200
Subject: [PATCH] iommu: Fix deferred domain attachment
The IOMMU core code has support for deferring the attachment of a domain
to a device. This is needed in kdump kernels where the new domain must
not be attached to a device before the device driver takes it over.
When the AMD IOMMU driver got converted to use the dma-iommu
implementation, the deferred attaching got lost. The code in
dma-iommu.c has support for deferred attaching, but it calls into
iommu_attach_device() to actually do it. But iommu_attach_device()
will check if the device should be deferred in it code-path and do
nothing, breaking deferred attachment.
Provide a function in IOMMU core code to reliably attach a device to a
domain without any deferred checks and also without other safe-guards.
Cc: Jerry Snitselaar <jsnitsel@...hat.com>
Cc: Tom Murphy <murphyt7@....ie>
Reported-by: Jerry Snitselaar <jsnitsel@...hat.com>
Fixes: 795bbbb9b6f8 ("iommu/dma-iommu: Handle deferred devices")
Signed-off-by: Joerg Roedel <jroedel@...e.de>
---
drivers/iommu/dma-iommu.c | 4 ++--
drivers/iommu/iommu.c | 37 ++++++++++++++++++++++++++++++++-----
include/linux/iommu.h | 2 ++
3 files changed, 36 insertions(+), 7 deletions(-)
diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c
index ba128d1cdaee..403fda04ea98 100644
--- a/drivers/iommu/dma-iommu.c
+++ b/drivers/iommu/dma-iommu.c
@@ -362,8 +362,8 @@ static int iommu_dma_deferred_attach(struct device *dev,
return 0;
if (unlikely(ops->is_attach_deferred &&
- ops->is_attach_deferred(domain, dev)))
- return iommu_attach_device(domain, dev);
+ ops->is_attach_deferred(domain, dev)))
+ return iommu_attach_device_no_defer(domain, dev);
return 0;
}
diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
index 4050569188be..91dbdbc6d640 100644
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -23,6 +23,7 @@
#include <linux/property.h>
#include <linux/fsl/mc.h>
#include <linux/module.h>
+#include <linux/crash_dump.h>
#include <trace/events/iommu.h>
static struct kset *iommu_group_kset;
@@ -1889,13 +1890,19 @@ void iommu_domain_free(struct iommu_domain *domain)
}
EXPORT_SYMBOL_GPL(iommu_domain_free);
-static int __iommu_attach_device(struct iommu_domain *domain,
- struct device *dev)
+static bool __iommu_is_attach_deferred(struct iommu_domain *domain,
+ struct device *dev)
+{
+ if (!domain->ops->is_attach_deferred)
+ return false;
+
+ return domain->ops->is_attach_deferred(domain, dev);
+}
+
+static int __iommu_attach_device_no_defer(struct iommu_domain *domain,
+ struct device *dev)
{
int ret;
- if ((domain->ops->is_attach_deferred != NULL) &&
- domain->ops->is_attach_deferred(domain, dev))
- return 0;
if (unlikely(domain->ops->attach_dev == NULL))
return -ENODEV;
@@ -1903,9 +1910,29 @@ static int __iommu_attach_device(struct iommu_domain *domain,
ret = domain->ops->attach_dev(domain, dev);
if (!ret)
trace_attach_device_to_domain(dev);
+
return ret;
}
+static int __iommu_attach_device(struct iommu_domain *domain,
+ struct device *dev)
+{
+ if (__iommu_is_attach_deferred(domain, dev))
+ return 0;
+
+ return __iommu_attach_device_no_defer(domain, dev);
+}
+
+int iommu_attach_device_no_defer(struct iommu_domain *domain,
+ struct device *dev)
+{
+ /* Safe-Guard to only call this when needed */
+ if (!is_kdump_kernel())
+ return -ENODEV;
+
+ return __iommu_attach_device_no_defer(domain, dev);
+}
+
int iommu_attach_device(struct iommu_domain *domain, struct device *dev)
{
struct iommu_group *group;
diff --git a/include/linux/iommu.h b/include/linux/iommu.h
index 7cfd2dddb49d..f82b20a61d0b 100644
--- a/include/linux/iommu.h
+++ b/include/linux/iommu.h
@@ -449,6 +449,8 @@ extern struct iommu_group *iommu_group_get_by_id(int id);
extern void iommu_domain_free(struct iommu_domain *domain);
extern int iommu_attach_device(struct iommu_domain *domain,
struct device *dev);
+extern int iommu_attach_device_no_defer(struct iommu_domain *domain,
+ struct device *dev);
extern void iommu_detach_device(struct iommu_domain *domain,
struct device *dev);
extern int iommu_cache_invalidate(struct iommu_domain *domain,
--
2.25.1
Powered by blists - more mailing lists