lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 27 Dec 2023 22:14:56 +0800
From: Yi Liu <yi.l.liu@...el.com>
To: "Duan, Zhenzhong" <zhenzhong.duan@...el.com>, "joro@...tes.org"
	<joro@...tes.org>, "alex.williamson@...hat.com" <alex.williamson@...hat.com>,
	"jgg@...dia.com" <jgg@...dia.com>, "Tian, Kevin" <kevin.tian@...el.com>,
	"robin.murphy@....com" <robin.murphy@....com>, "baolu.lu@...ux.intel.com"
	<baolu.lu@...ux.intel.com>
CC: "cohuck@...hat.com" <cohuck@...hat.com>, "eric.auger@...hat.com"
	<eric.auger@...hat.com>, "nicolinc@...dia.com" <nicolinc@...dia.com>,
	"kvm@...r.kernel.org" <kvm@...r.kernel.org>, "mjrosato@...ux.ibm.com"
	<mjrosato@...ux.ibm.com>, "chao.p.peng@...ux.intel.com"
	<chao.p.peng@...ux.intel.com>, "yi.y.sun@...ux.intel.com"
	<yi.y.sun@...ux.intel.com>, "peterx@...hat.com" <peterx@...hat.com>,
	"jasowang@...hat.com" <jasowang@...hat.com>,
	"shameerali.kolothum.thodi@...wei.com"
	<shameerali.kolothum.thodi@...wei.com>, "lulu@...hat.com" <lulu@...hat.com>,
	"suravee.suthikulpanit@....com" <suravee.suthikulpanit@....com>,
	"iommu@...ts.linux.dev" <iommu@...ts.linux.dev>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"linux-kselftest@...r.kernel.org" <linux-kselftest@...r.kernel.org>,
	"joao.m.martins@...cle.com" <joao.m.martins@...cle.com>, "Zeng, Xin"
	<xin.zeng@...el.com>, "Zhao, Yan Y" <yan.y.zhao@...el.com>,
	"j.granados@...sung.com" <j.granados@...sung.com>
Subject: Re: [PATCH v7 9/9] iommu/vt-d: Add iotlb flush for nested domain

On 2023/12/27 17:27, Duan, Zhenzhong wrote:
> 
> 
>> -----Original Message-----
>> From: Liu, Yi L <yi.l.liu@...el.com>
>> Subject: [PATCH v7 9/9] iommu/vt-d: Add iotlb flush for nested domain
>>
>> From: Lu Baolu <baolu.lu@...ux.intel.com>
>>
>> This implements the .cache_invalidate_user() callback to support iotlb
>> flush for nested domain.
>>
>> Signed-off-by: Lu Baolu <baolu.lu@...ux.intel.com>
>> Co-developed-by: Yi Liu <yi.l.liu@...el.com>
>> Signed-off-by: Yi Liu <yi.l.liu@...el.com>
>> ---
>> drivers/iommu/intel/nested.c | 116
>> +++++++++++++++++++++++++++++++++++
>> 1 file changed, 116 insertions(+)
>>
>> diff --git a/drivers/iommu/intel/nested.c b/drivers/iommu/intel/nested.c
>> index b5a5563ab32c..c665e2647045 100644
>> --- a/drivers/iommu/intel/nested.c
>> +++ b/drivers/iommu/intel/nested.c
>> @@ -73,9 +73,125 @@ static void intel_nested_domain_free(struct
>> iommu_domain *domain)
>> 	kfree(to_dmar_domain(domain));
>> }
>>
>> +static void nested_flush_pasid_iotlb(struct intel_iommu *iommu,
>> +				     struct dmar_domain *domain, u64 addr,
>> +				     unsigned long npages, bool ih)
>> +{
>> +	u16 did = domain_id_iommu(domain, iommu);
>> +	unsigned long flags;
>> +
>> +	spin_lock_irqsave(&domain->lock, flags);
>> +	if (!list_empty(&domain->devices))
>> +		qi_flush_piotlb(iommu, did, IOMMU_NO_PASID, addr,
>> +				npages, ih, NULL);
> 
> Is it optimal to check if domain attached to iommu before trigger flush?
> Or the check is redundant if intel_nested_flush_cache() is the only call site.

I think it is possible that userspace issue an invalidation on a hwpt which
does not have any device attached.. Though this is something stupid. So
checking if any device attached before flushing still makes sense.

> Thanks
> Zhenzhong
> 
>> +	spin_unlock_irqrestore(&domain->lock, flags);
>> +}
>> +
>> +static void nested_flush_dev_iotlb(struct dmar_domain *domain, u64 addr,
>> +				   unsigned mask, u32 *fault)
>> +{
>> +	struct device_domain_info *info;
>> +	unsigned long flags;
>> +	u16 sid, qdep;
>> +
>> +	spin_lock_irqsave(&domain->lock, flags);
>> +	list_for_each_entry(info, &domain->devices, link) {
>> +		if (!info->ats_enabled)
>> +			continue;
>> +		sid = info->bus << 8 | info->devfn;
>> +		qdep = info->ats_qdep;
>> +		qi_flush_dev_iotlb(info->iommu, sid, info->pfsid,
>> +				   qdep, addr, mask, fault);
>> +		quirk_extra_dev_tlb_flush(info, addr, mask,
>> +					  IOMMU_NO_PASID, qdep);
>> +	}
>> +	spin_unlock_irqrestore(&domain->lock, flags);
>> +}
>> +
>> +static void intel_nested_flush_cache(struct dmar_domain *domain, u64
>> addr,
>> +				     unsigned long npages, u32 *error)
>> +{
>> +	struct iommu_domain_info *info;
>> +	unsigned long i;
>> +	unsigned mask;
>> +	u32 fault = 0;
>> +
>> +	if (npages == U64_MAX)
>> +		mask = 64 - VTD_PAGE_SHIFT;
>> +	else
>> +		mask = ilog2(__roundup_pow_of_two(npages));
>> +
>> +	xa_for_each(&domain->iommu_array, i, info) {
>> +		nested_flush_pasid_iotlb(info->iommu, domain, addr,
>> npages, 0);
>> +
>> +		if (domain->has_iotlb_device)
>> +			continue;
>> +
>> +		nested_flush_dev_iotlb(domain, addr, mask, &fault);
>> +		if (fault & (DMA_FSTS_ITE | DMA_FSTS_ICE))
>> +			break;
>> +	}
>> +
>> +	if (fault & DMA_FSTS_ICE)
>> +		*error |= IOMMU_HWPT_INVALIDATE_VTD_S1_ICE;
>> +	if (fault & DMA_FSTS_ITE)
>> +		*error |= IOMMU_HWPT_INVALIDATE_VTD_S1_ITE;
>> +}
>> +
>> +static int intel_nested_cache_invalidate_user(struct iommu_domain
>> *domain,
>> +					      struct iommu_user_data_array
>> *array)
>> +{
>> +	struct dmar_domain *dmar_domain = to_dmar_domain(domain);
>> +	struct iommu_hwpt_vtd_s1_invalidate inv_entry;
>> +	u32 processed = 0;
>> +	int ret = 0;
>> +	u32 index;
>> +
>> +	if (array->type != IOMMU_HWPT_INVALIDATE_DATA_VTD_S1) {
>> +		ret = -EINVAL;
>> +		goto out;
>> +	}
>> +
>> +	for (index = 0; index < array->entry_num; index++) {
>> +		ret = iommu_copy_struct_from_user_array(&inv_entry,
>> array,
>> +
>> 	IOMMU_HWPT_INVALIDATE_DATA_VTD_S1,
>> +							index, inv_error);
>> +		if (ret)
>> +			break;
>> +
>> +		if (inv_entry.flags & ~IOMMU_VTD_INV_FLAGS_LEAF) {
>> +			ret = -EOPNOTSUPP;
>> +			break;
>> +		}
>> +
>> +		if (!IS_ALIGNED(inv_entry.addr, VTD_PAGE_SIZE) ||
>> +		    ((inv_entry.npages == U64_MAX) && inv_entry.addr)) {
>> +			ret = -EINVAL;
>> +			break;
>> +		}
>> +
>> +		inv_entry.inv_error = 0;
>> +		intel_nested_flush_cache(dmar_domain, inv_entry.addr,
>> +					 inv_entry.npages,
>> &inv_entry.inv_error);
>> +
>> +		ret = iommu_respond_struct_to_user_array(array, index,
>> +							 (void *)&inv_entry,
>> +							 sizeof(inv_entry));
>> +		if (ret)
>> +			break;
>> +
>> +		processed++;
>> +	}
>> +
>> +out:
>> +	array->entry_num = processed;
>> +	return ret;
>> +}
>> +
>> static const struct iommu_domain_ops intel_nested_domain_ops = {
>> 	.attach_dev		= intel_nested_attach_dev,
>> 	.free			= intel_nested_domain_free,
>> +	.cache_invalidate_user	= intel_nested_cache_invalidate_user,
>> };
>>
>> struct iommu_domain *intel_nested_domain_alloc(struct iommu_domain
>> *parent,
>> --
>> 2.34.1
> 

-- 
Regards,
Yi Liu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ