lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BN9PR11MB5276B467ADCC57BC6571CA458C77A@BN9PR11MB5276.namprd11.prod.outlook.com>
Date: Fri, 13 Jun 2025 07:31:48 +0000
From: "Tian, Kevin" <kevin.tian@...el.com>
To: Jason Gunthorpe <jgg@...pe.ca>
CC: "Aneesh Kumar K.V (Arm)" <aneesh.kumar@...nel.org>,
	"iommu@...ts.linux.dev" <iommu@...ts.linux.dev>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Joerg Roedel
	<joro@...tes.org>, Will Deacon <will@...nel.org>, Robin Murphy
	<robin.murphy@....com>
Subject: RE: [RFC PATCH] iommufd: Destroy vdevice on device unbind

> From: Jason Gunthorpe <jgg@...pe.ca>
> Sent: Friday, June 13, 2025 1:27 AM
> 
> On Thu, Jun 12, 2025 at 08:05:37AM +0000, Tian, Kevin wrote:
> > The initial v5 patch [1] from Nicolin was similar to what this
> > patch does. Jason explained [2] why it's unsafe to destroy "userspace
> > created" objects behind the scene. And a general rule in iommufd is
> > to not take long term references on kernel owned objects.
> >
> > [1]
> https://lore.kernel.org/all/53025c827c44d68edb6469bfd940a8e8bc6147a5.1
> 729897278.git.nicolinc@...dia.com/
> > [2] https://lore.kernel.org/all/20241029184801.GW6956@nvidia.com/
> 
> Yes, we have a problem here where we both can't let VFIO go away while
> the vdevice is present nor can we let the vdevice be fully deleted.
> 
> At that point it wasn't such a big deal, but the new stuff seems to
> make vdevice more complicated that it cannot out live the idevice.
> 
> Probably the answer is to tombstone the vdevice in the xarray so the
> ID is still there and userspace can still destroy it while destroying
> everything linked to it?
> 

yeah that seems to be the option if the said life-cycle dependency
cannot be removed...

conceptually it's still a bit unclean as the user needs to know that
the vdevice object is special after idevice is unbound i.e. it can only
be destroyed instead of supporting any other kind of operations.

hmm if the user needs to build certain knowledge anyway can we 
go one step further to state that the vdevice will be destroyed
automatically once its idevice is unbound so the user shouldn't
attempt to explicitly destroy it again after unbind?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ