lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 15 Sep 2022 00:53:36 -0700
From:   Nicolin Chen <nicolinc@...dia.com>
To:     <joro@...tes.org>, <suravee.suthikulpanit@....com>,
        <will@...nel.org>, <robin.murphy@....com>, <robdclark@...il.com>,
        <dwmw2@...radead.org>, <baolu.lu@...ux.intel.com>,
        <agross@...nel.org>, <bjorn.andersson@...aro.org>,
        <matthias.bgg@...il.com>, <orsonzhai@...il.com>,
        <baolin.wang@...ux.alibaba.com>, <zhang.lyra@...il.com>,
        <jean-philippe@...aro.org>, <sricharan@...eaurora.org>
CC:     <jgg@...dia.com>, <kevin.tian@...el.com>,
        <konrad.dybcio@...ainline.org>, <yong.wu@...iatek.com>,
        <thierry.reding@...il.com>, <vdumpa@...dia.com>,
        <jonathanh@...dia.com>, <tglx@...utronix.de>,
        <shameerali.kolothum.thodi@...wei.com>,
        <christophe.jaillet@...adoo.fr>, <thunder.leizhen@...wei.com>,
        <quic_saipraka@...cinc.com>, <jon@...id-run.com>,
        <yangyingliang@...wei.com>, <iommu@...ts.linux.dev>,
        <linux-kernel@...r.kernel.org>,
        <linux-arm-kernel@...ts.infradead.org>,
        <linux-arm-msm@...r.kernel.org>,
        <linux-mediatek@...ts.infradead.org>,
        <linux-tegra@...r.kernel.org>,
        <virtualization@...ts.linux-foundation.org>
Subject: [PATCH v3 3/6] iommu: Add return value rules to attach_dev op and APIs

Cases like VFIO wish to attach a device to an existing domain that was
not allocated specifically from the device. This raises a condition
where the IOMMU driver can fail the domain attach because the domain and
device are incompatible with each other.

This is a soft failure that can be resolved by using a different domain.

Provide a dedicated errno EINVAL from the IOMMU driver during attach that
the reason why the attach failed is because of domain incompatibility.

VFIO can use this to know that the attach is a soft failure and it should
continue searching. Otherwise, the attach will be a hard failure and VFIO
will return the code to userspace.

Update kdocs to add rules of return value to the attach_dev op and APIs.

Suggested-by: Jason Gunthorpe <jgg@...dia.com>
Signed-off-by: Nicolin Chen <nicolinc@...dia.com>
---
 drivers/iommu/iommu.c | 24 ++++++++++++++++++++++++
 include/linux/iommu.h | 12 ++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
index 3a808146b50f..e4d2ee99a264 100644
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -1975,6 +1975,18 @@ static int __iommu_attach_device(struct iommu_domain *domain,
 	return ret;
 }
 
+/**
+ * iommu_attach_device - Attach a device to an IOMMU domain
+ * @domain: IOMMU domain to attach
+ * @dev: Device that will be attached
+ *
+ * Returns 0 on success and error code on failure
+ *
+ * Note that EINVAL may be returned as a soft failure if the domain and device
+ * are incompatible: if the domain has already been used or configured in some
+ * way, attaching the same device to a different domain may succeed. Otherwise,
+ * it may still represent some fundamental problem.
+ */
 int iommu_attach_device(struct iommu_domain *domain, struct device *dev)
 {
 	struct iommu_group *group;
@@ -2101,6 +2113,18 @@ static int __iommu_attach_group(struct iommu_domain *domain,
 	return ret;
 }
 
+/**
+ * iommu_attach_group - Attach an IOMMU group to an IOMMU domain
+ * @domain: IOMMU domain to attach
+ * @group: IOMMU group that will be attached
+ *
+ * Returns 0 on success and error code on failure
+ *
+ * Note that EINVAL may be returned as a soft failure if the domain and group
+ * are incompatible: if the domain has already been used or configured in some
+ * way, attaching the same group to a different domain may succeed. Otherwise,
+ * it may still represent some fundamental problem.
+ */
 int iommu_attach_group(struct iommu_domain *domain, struct iommu_group *group)
 {
 	int ret;
diff --git a/include/linux/iommu.h b/include/linux/iommu.h
index ea30f00dc145..90960fa8cd91 100644
--- a/include/linux/iommu.h
+++ b/include/linux/iommu.h
@@ -266,6 +266,18 @@ struct iommu_ops {
 /**
  * struct iommu_domain_ops - domain specific operations
  * @attach_dev: attach an iommu domain to a device
+ *  Return:
+ * * 0		- success
+ * * EINVAL	- the device and domain are incompatible. If this is due to some
+ *		  previous configuration of the domain, drivers shouldn't log an
+ *		  error, since it is legitimate for a caller to test reuse of an
+ *		  existing domain. Otherwise, it may still represent some other
+ *		  fundamental problem
+ * * ENOMEM	- out of memory
+ * * ENOSPC	- non-ENOMEM type of resource allocation failures
+ * * EBUSY	- device is attached to a domain and cannot be changed
+ * * ENODEV	- device specific errors, not able to be attached
+ * * <others>	- treated as ENODEV by the caller. Use is discouraged
  * @detach_dev: detach an iommu domain from a device
  * @map: map a physically contiguous memory region to an iommu domain
  * @map_pages: map a physically contiguous set of pages of the same size to
-- 
2.17.1

Powered by blists - more mailing lists