| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200730151703.5daf8ad4@x1.home>
Date: Thu, 30 Jul 2020 15:17:03 -0600
From: Alex Williamson <alex.williamson@...hat.com>
To: Lu Baolu <baolu.lu@...ux.intel.com>
Cc: Joerg Roedel <joro@...tes.org>,
Robin Murphy <robin.murphy@....com>,
Jean-Philippe Brucker <jean-philippe@...aro.org>,
Cornelia Huck <cohuck@...hat.com>,
Kevin Tian <kevin.tian@...el.com>,
Ashok Raj <ashok.raj@...el.com>,
Dave Jiang <dave.jiang@...el.com>,
Liu Yi L <yi.l.liu@...el.com>,
iommu@...ts.linux-foundation.org, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org
Subject: Re: [PATCH v3 4/4] vfio/type1: Use iommu_aux_at(de)tach_group()
APIs
On Thu, 30 Jul 2020 10:41:32 +0800
Lu Baolu <baolu.lu@...ux.intel.com> wrote:
> Hi Alex,
>
> On 7/30/20 4:32 AM, Alex Williamson wrote:
> > On Tue, 14 Jul 2020 13:57:03 +0800
> > Lu Baolu <baolu.lu@...ux.intel.com> wrote:
> >
> >> Replace iommu_aux_at(de)tach_device() with iommu_aux_at(de)tach_group().
> >> It also saves the IOMMU_DEV_FEAT_AUX-capable physcail device in the
> >> vfio_group data structure so that it could be reused in other places.
> >>
> >> Signed-off-by: Lu Baolu <baolu.lu@...ux.intel.com>
> >> ---
> >> drivers/vfio/vfio_iommu_type1.c | 44 ++++++---------------------------
> >> 1 file changed, 7 insertions(+), 37 deletions(-)
> >>
> >> diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
> >> index 5e556ac9102a..f8812e68de77 100644
> >> --- a/drivers/vfio/vfio_iommu_type1.c
> >> +++ b/drivers/vfio/vfio_iommu_type1.c
> >> @@ -100,6 +100,7 @@ struct vfio_dma {
> >> struct vfio_group {
> >> struct iommu_group *iommu_group;
> >> struct list_head next;
> >> + struct device *iommu_device;
> >> bool mdev_group; /* An mdev group */
> >> bool pinned_page_dirty_scope;
> >> };
> >> @@ -1627,45 +1628,13 @@ static struct device *vfio_mdev_get_iommu_device(struct device *dev)
> >> return NULL;
> >> }
> >>
> >> -static int vfio_mdev_attach_domain(struct device *dev, void *data)
> >> -{
> >> - struct iommu_domain *domain = data;
> >> - struct device *iommu_device;
> >> -
> >> - iommu_device = vfio_mdev_get_iommu_device(dev);
> >> - if (iommu_device) {
> >> - if (iommu_dev_feature_enabled(iommu_device, IOMMU_DEV_FEAT_AUX))
> >> - return iommu_aux_attach_device(domain, iommu_device);
> >> - else
> >> - return iommu_attach_device(domain, iommu_device);
> >> - }
> >> -
> >> - return -EINVAL;
> >> -}
> >> -
> >> -static int vfio_mdev_detach_domain(struct device *dev, void *data)
> >> -{
> >> - struct iommu_domain *domain = data;
> >> - struct device *iommu_device;
> >> -
> >> - iommu_device = vfio_mdev_get_iommu_device(dev);
> >> - if (iommu_device) {
> >> - if (iommu_dev_feature_enabled(iommu_device, IOMMU_DEV_FEAT_AUX))
> >> - iommu_aux_detach_device(domain, iommu_device);
> >> - else
> >> - iommu_detach_device(domain, iommu_device);
> >> - }
> >> -
> >> - return 0;
> >> -}
> >> -
> >> static int vfio_iommu_attach_group(struct vfio_domain *domain,
> >> struct vfio_group *group)
> >> {
> >> if (group->mdev_group)
> >> - return iommu_group_for_each_dev(group->iommu_group,
> >> - domain->domain,
> >> - vfio_mdev_attach_domain);
> >> + return iommu_aux_attach_group(domain->domain,
> >> + group->iommu_group,
> >> + group->iommu_device);
> >
> > No, we previously iterated all devices in the group and used the aux
> > interface only when we have an iommu_device supporting aux. If we
> > simply assume an mdev group only uses an aux domain we break existing
> > users, ex. SR-IOV VF backed mdevs. Thanks,
>
> Oh, yes. Sorry! I didn't consider the physical device backed mdevs
> cases.
>
> Looked into this part of code, it seems that there's a lock issue here.
> The group->mutex is held in iommu_group_for_each_dev() and will be
> acquired again in iommu_attach_device().
These are two different groups. We walk the devices in the mdev's
group with iommu_group_for_each_dev(), holding the mdev's group lock,
but we call iommu_attach_device() with iommu_device, which results in
acquiring the lock for the iommu_device's group.
> How about making it like:
>
> static int vfio_iommu_attach_group(struct vfio_domain *domain,
> struct vfio_group *group)
> {
> if (group->mdev_group) {
> struct device *iommu_device = group->iommu_device;
>
> if (WARN_ON(!iommu_device))
> return -EINVAL;
>
> if (iommu_dev_feature_enabled(iommu_device,
> IOMMU_DEV_FEAT_AUX))
> return iommu_aux_attach_device(domain->domain,
> iommu_device);
> else
> return iommu_attach_device(domain->domain,
> iommu_device);
> } else {
> return iommu_attach_group(domain->domain,
> group->iommu_group);
> }
> }
>
> The caller (vfio_iommu_type1_attach_group) has guaranteed that all mdevs
> in an iommu group should be derived from a same physical device.
Have we? iommu_attach_device() will fail if the group is not
singleton, but that's just encouraging us to use the _attach_group()
interface where the _attach_device() interface is relegated to special
cases. Ideally we'd get out of those special cases and create an
_attach_group() for aux that doesn't further promote these notions.
> Any thoughts?
See my reply to Kevin, I'm thinking we need to provide a callback that
can enlighten the IOMMU layer to be able to do _attach_group() with
aux or separate IOMMU backed devices. Thanks,
Alex
Powered by blists - more mailing lists