| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220106022053.2406748-4-baolu.lu@linux.intel.com>
Date: Thu, 6 Jan 2022 10:20:48 +0800
From: Lu Baolu <baolu.lu@...ux.intel.com>
To: Joerg Roedel <joro@...tes.org>,
Alex Williamson <alex.williamson@...hat.com>,
Robin Murphy <robin.murphy@....com>,
Jason Gunthorpe <jgg@...dia.com>,
Christoph Hellwig <hch@...radead.org>,
Kevin Tian <kevin.tian@...el.com>,
Ashok Raj <ashok.raj@...el.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Bjorn Helgaas <bhelgaas@...gle.com>,
Will Deacon <will@...nel.org>,
Dan Williams <dan.j.williams@...el.com>, rafael@...nel.org,
Diana Craciun <diana.craciun@....nxp.com>,
Cornelia Huck <cohuck@...hat.com>,
Eric Auger <eric.auger@...hat.com>,
Liu Yi L <yi.l.liu@...el.com>,
Jacob jun Pan <jacob.jun.pan@...el.com>,
Chaitanya Kulkarni <kch@...dia.com>,
Stuart Yoder <stuyoder@...il.com>,
Laurentiu Tudor <laurentiu.tudor@....com>,
Thierry Reding <thierry.reding@...il.com>,
David Airlie <airlied@...ux.ie>,
Daniel Vetter <daniel@...ll.ch>,
Jonathan Hunter <jonathanh@...dia.com>,
Li Yang <leoyang.li@....com>,
Dmitry Osipenko <digetx@...il.com>,
iommu@...ts.linux-foundation.org, linux-pci@...r.kernel.org,
kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
Lu Baolu <baolu.lu@...ux.intel.com>
Subject: [PATCH v1 3/8] iommu: Extend iommu_at[de]tach_device() for multi-device groups
The iommu_attach/detach_device() interfaces were exposed for the device
drivers to attach/detach their own domains. The commit <426a273834eae>
("iommu: Limit iommu_attach/detach_device to device with their own group")
restricted them to singleton groups to avoid different device in a group
attaching different domain.
As we've introduced device DMA ownership into the iommu core. We can now
extend these interfaces for muliple-device groups, and "all devices are in
the same address space" is still guaranteed.
For multiple devices belonging to a same group, iommu_device_use_dma_api()
and iommu_attach_device() are exclusive. Therefore, when drivers decide to
use iommu_attach_domain(), they cannot call iommu_device_use_dma_api() at
the same time.
Signed-off-by: Jason Gunthorpe <jgg@...dia.com>
Signed-off-by: Lu Baolu <baolu.lu@...ux.intel.com>
---
drivers/iommu/iommu.c | 79 +++++++++++++++++++++++++++++++++----------
1 file changed, 62 insertions(+), 17 deletions(-)
diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
index ab8ab95969f5..2c9efd85e447 100644
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -47,6 +47,7 @@ struct iommu_group {
struct iommu_domain *domain;
struct list_head entry;
unsigned int owner_cnt;
+ unsigned int attach_cnt;
void *owner;
};
@@ -1921,27 +1922,59 @@ static int __iommu_attach_device(struct iommu_domain *domain,
return ret;
}
+/**
+ * iommu_attach_device() - attach external or UNMANAGED domain to device
+ * @domain: the domain about to attach
+ * @dev: the device about to be attached
+ *
+ * For devices belonging to the same group, iommu_device_use_dma_api() and
+ * iommu_attach_device() are exclusive. Therefore, when drivers decide to
+ * use iommu_attach_domain(), they cannot call iommu_device_use_dma_api()
+ * at the same time.
+ */
int iommu_attach_device(struct iommu_domain *domain, struct device *dev)
{
struct iommu_group *group;
- int ret;
+ int ret = 0;
+
+ if (domain->type != IOMMU_DOMAIN_UNMANAGED)
+ return -EINVAL;
group = iommu_group_get(dev);
if (!group)
return -ENODEV;
- /*
- * Lock the group to make sure the device-count doesn't
- * change while we are attaching
- */
mutex_lock(&group->mutex);
- ret = -EINVAL;
- if (iommu_group_device_count(group) != 1)
- goto out_unlock;
+ if (group->owner_cnt) {
+ /*
+ * Group has been used for kernel-api dma or claimed explicitly
+ * for exclusive occupation. For backward compatibility, device
+ * in a singleton group is allowed to ignore setting the
+ * drv.no_kernel_api_dma field.
+ */
+ if ((group->domain == group->default_domain &&
+ iommu_group_device_count(group) != 1) ||
+ group->owner) {
+ ret = -EBUSY;
+ goto unlock_out;
+ }
+ }
- ret = __iommu_attach_group(domain, group);
+ if (!group->attach_cnt) {
+ ret = __iommu_attach_group(domain, group);
+ if (ret)
+ goto unlock_out;
+ } else {
+ if (group->domain != domain) {
+ ret = -EPERM;
+ goto unlock_out;
+ }
+ }
-out_unlock:
+ group->owner_cnt++;
+ group->attach_cnt++;
+
+unlock_out:
mutex_unlock(&group->mutex);
iommu_group_put(group);
@@ -2182,23 +2215,35 @@ static void __iommu_detach_device(struct iommu_domain *domain,
trace_detach_device_from_domain(dev);
}
+/**
+ * iommu_detach_device() - detach external or UNMANAGED domain from device
+ * @domain: the domain about to detach
+ * @dev: the device about to be detached
+ *
+ * Paired with iommu_attach_device(), it detaches the domain from the device.
+ */
void iommu_detach_device(struct iommu_domain *domain, struct device *dev)
{
struct iommu_group *group;
+ if (WARN_ON(domain->type != IOMMU_DOMAIN_UNMANAGED))
+ return;
+
group = iommu_group_get(dev);
- if (!group)
+ if (WARN_ON(!group))
return;
mutex_lock(&group->mutex);
- if (iommu_group_device_count(group) != 1) {
- WARN_ON(1);
- goto out_unlock;
- }
+ if (WARN_ON(!group->attach_cnt || !group->owner_cnt ||
+ group->domain != domain))
+ goto unlock_out;
- __iommu_detach_group(domain, group);
+ group->attach_cnt--;
+ group->owner_cnt--;
+ if (!group->attach_cnt)
+ __iommu_detach_group(domain, group);
-out_unlock:
+unlock_out:
mutex_unlock(&group->mutex);
iommu_group_put(group);
}
--
2.25.1
Powered by blists - more mailing lists