lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAAywjhSzKM_bEm_VbPZFffY9sR3-p==gbVppSL+555D1kPg_3Q@mail.gmail.com>
Date: Mon, 15 Dec 2025 17:14:10 -0800
From: Samiullah Khawaja <skhawaja@...gle.com>
To: Nicolin Chen <nicolinc@...dia.com>
Cc: joro@...tes.org, will@...nel.org, robin.murphy@....com, afael@...nel.org, 
	lenb@...nel.org, bhelgaas@...gle.com, alex@...zbot.org, jgg@...dia.com, 
	kevin.tian@...el.com, baolu.lu@...ux.intel.com, 
	linux-arm-kernel@...ts.infradead.org, iommu@...ts.linux.dev, 
	linux-kernel@...r.kernel.org, linux-acpi@...r.kernel.org, 
	linux-pci@...r.kernel.org, kvm@...r.kernel.org, patches@...ts.linux.dev, 
	pjaroszynski@...dia.com, vsethi@...dia.com, helgaas@...nel.org, 
	etzhao1900@...il.com
Subject: Re: [PATCH v8 1/5] iommu: Lock group->mutex in iommu_deferred_attach()

On Mon, Dec 15, 2025 at 1:42 PM Nicolin Chen <nicolinc@...dia.com> wrote:
>
> The iommu_deferred_attach() function invokes __iommu_attach_device(), but
> doesn't hold the group->mutex like other __iommu_attach_device() callers.
>
> Though there is no pratical bug being triggered so far, it would be better
> to apply the same locking to this __iommu_attach_device(), since the IOMMU
> drivers nowaday are more aware of the group->mutex -- some of them use the
> iommu_group_mutex_assert() function that could be potentially in the path
> of an attach_dev callback function invoked by the __iommu_attach_device().
>
> Worth mentioning that the iommu_deferred_attach() will soon need to check
> group->resetting_domain that must be locked also.
>
> Thus, grab the mutex to guard __iommu_attach_device() like other callers.
>
> Reviewed-by: Jason Gunthorpe <jgg@...dia.com>
> Reviewed-by: Kevin Tian <kevin.tian@...el.com>
> Reviewed-by: Lu Baolu <baolu.lu@...ux.intel.com>
> Tested-by: Dheeraj Kumar Srivastava <dheerajkumar.srivastava@....com>
> Signed-off-by: Nicolin Chen <nicolinc@...dia.com>
> ---
>  drivers/iommu/iommu.c | 13 ++++++++++---
>  1 file changed, 10 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
> index 2ca990dfbb88..170e522b5bda 100644
> --- a/drivers/iommu/iommu.c
> +++ b/drivers/iommu/iommu.c
> @@ -2185,10 +2185,17 @@ EXPORT_SYMBOL_GPL(iommu_attach_device);
>
>  int iommu_deferred_attach(struct device *dev, struct iommu_domain *domain)
>  {
> -       if (dev->iommu && dev->iommu->attach_deferred)
> -               return __iommu_attach_device(domain, dev, NULL);
> +       /*
> +        * This is called on the dma mapping fast path so avoid locking. This is
> +        * racy, but we have an expectation that the driver will setup its DMAs
> +        * inside probe while being single threaded to avoid racing.
> +        */
> +       if (!dev->iommu || !dev->iommu->attach_deferred)
> +               return 0;
>
> -       return 0;
> +       guard(mutex)(&dev->iommu_group->mutex);
> +
> +       return __iommu_attach_device(domain, dev, NULL);
>  }
>
>  void iommu_detach_device(struct iommu_domain *domain, struct device *dev)
> --
> 2.43.0
>
>

Reviewed-by: Samiullah Khawaja <skhawaja@...gle.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ