lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20251124191648.GJ153257@nvidia.com>
Date: Mon, 24 Nov 2025 15:16:48 -0400
From: Jason Gunthorpe <jgg@...dia.com>
To: Nicolin Chen <nicolinc@...dia.com>
Cc: Baolu Lu <baolu.lu@...ux.intel.com>, joro@...tes.org, afael@...nel.org,
	bhelgaas@...gle.com, alex@...zbot.org, kevin.tian@...el.com,
	will@...nel.org, robin.murphy@....com, lenb@...nel.org,
	linux-arm-kernel@...ts.infradead.org, iommu@...ts.linux.dev,
	linux-kernel@...r.kernel.org, linux-acpi@...r.kernel.org,
	linux-pci@...r.kernel.org, kvm@...r.kernel.org,
	patches@...ts.linux.dev, pjaroszynski@...dia.com, vsethi@...dia.com,
	helgaas@...nel.org, etzhao1900@...il.com
Subject: Re: [PATCH v5 3/5] iommu: Add iommu_driver_get_domain_for_dev()
 helper

On Wed, Nov 12, 2025 at 09:41:20AM -0800, Nicolin Chen wrote:
> Hi Baolu,
> 
> On Wed, Nov 12, 2025 at 01:58:51PM +0800, Baolu Lu wrote:
> > On 11/11/25 13:12, Nicolin Chen wrote:
> > > +/**
> > > + * iommu_get_domain_for_dev() - Return the DMA API domain pointer
> > > + * @dev - Device to query
> > > + *
> > > + * This function can be called within a driver bound to dev. The returned
> > > + * pointer is valid for the lifetime of the bound driver.
> > > + *
> > > + * It should not be called by drivers with driver_managed_dma = true.
> > 
> > "driver_managed_dma != true" means the driver will use the default
> > domain allocated by the iommu core during iommu probe.
> 
> Hmm, I am not very sure. Jason's remarks pointed out that There
> is an exception in host1x_client_iommu_detach():
> https://lore.kernel.org/all/20250924191055.GJ2617119@nvidia.com/
> 
> Where the group->domain could be NULL, i.e. not attached to the
> default domain?

That is impossible these days, the group->domain is always something.

For host1x it changes the domain and ignores the driver_managed_dma
safety mechanism to do it, so it is kind of broken.

> > > + */
> > >   struct iommu_domain *iommu_get_domain_for_dev(struct device *dev)
> > >   {
> > >   	/* Caller must be a probed driver on dev */
> > > @@ -2225,10 +2234,29 @@ struct iommu_domain *iommu_get_domain_for_dev(struct device *dev)
> > >   	if (!group)
> > >   		return NULL;
> > > +	lockdep_assert_not_held(&group->mutex);
> > 
> > ...
> > 	if (WARN_ON(!dev->driver || !group->owner_cnt || group->owner))
> > 		return NULL;
> 
> With that, could host1x_client_iommu_detach() trigger WARN_ON?

I don't really know but I strongly suspect that host1x has a NULL
dev->driver in some cases.

I think the best you could do is detect that a driver is bound and
that driver_managed_dma != true, host1x should still be OK with it,
but in practice it only effects VFIO.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ