Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp1371342pxb; Thu, 16 Sep 2021 06:12:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx7jqroJWoQqwhBb8QJTFKld2oxLxd19YT+bM/PLcwMVBczPBW0zN+VpyiEG7eIgEt8mifg X-Received: by 2002:a17:906:d045:: with SMTP id bo5mr6192849ejb.461.1631797963827; Thu, 16 Sep 2021 06:12:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631797963; cv=none; d=google.com; s=arc-20160816; b=s8zEMHUhY3c3/XVR+AlHHJrv5oLAbplybhKG5eTPksq7QaxRQmWjNOLc4SAgyCThwW vV5pQjShIt/6+/mh52BOUb14UsaFaULL5qjb0S0K1O8Yff8Cm+LmJ4RVeoCkWRTEn2Gg CXrzHe8/evJeAsHZPGpo8JMiHl66VSa8v+jA6A9d1nljUO9d2Efz0Pe5GsZ4kc9TaZe8 YgkQmsD0p6XphBCw/riPvj8bekgWVZw4xzKBhKcy13YZo1obUTK6pWDp8X838yu91zba gxbccN3s1AuVs47z7kfjm/fGeGhdLeryoOM2B6YTK9QNlzAZQ/8g81vsOiJPCNzmRF1x Om9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:to:from:date:dkim-signature; bh=J1aPRVnPtvaDDmo3fez14oc8rYGiEsDWBCXDH/Wat7k=; b=0yv+lWWPLPH+ajmUDP5V3X945esQ9BNPNWJNTVqJZksJhZe2u9IMeRaw/VPL+6e835 YGTz0Dqr22L7PFnMknv+5nrQ3xK/obWGjcOKUYgG9dIOyp1tO9tpp/uEplw8x0gAGc5s Opu0snNRSCzSfjSuwgk0tv8FH0dyMbmhZvBPyBm8U15TRlX7tjwPSZOyaHNzrXIZwayh D45XZLw53TmkEph7oS7crTkk8pUTb8tFraJu+CoAM3+l4NGc9fqW75pNx4ocGS4l6tST k3+NiUapGF1lTPSHvaMLdAsHZVhSDvG114wv6W/9h5Mf+X2A9AVwcM1mAsLyCC7bUP0h JNwA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ziepe.ca header.s=google header.b=SCLGmpBO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hp35si4522415ejc.755.2021.09.16.06.12.18; Thu, 16 Sep 2021 06:12:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ziepe.ca header.s=google header.b=SCLGmpBO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239938AbhIPNLi (ORCPT + 99 others); Thu, 16 Sep 2021 09:11:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58000 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239837AbhIPNLh (ORCPT ); Thu, 16 Sep 2021 09:11:37 -0400 Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 70AABC061764 for ; Thu, 16 Sep 2021 06:10:17 -0700 (PDT) Received: by mail-qt1-x82c.google.com with SMTP id w17so5377320qta.9 for ; Thu, 16 Sep 2021 06:10:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ziepe.ca; s=google; h=date:from:to:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=J1aPRVnPtvaDDmo3fez14oc8rYGiEsDWBCXDH/Wat7k=; b=SCLGmpBOIX1LyEWjCtTQu5NsbhW1Y4X5/DmQl1XQ9jzusvOLM7zvEkOwz6LOAv+Yok sIWQ6uZy+RXJ3cFeYjVefKkQH0Bt0fEt6Hxm02pQYIdfhNmnfHNX2wDQS3f9HxEUckLT uEUNakxQ26CbdQlN/sagwI+fXugp4FI45KUk2U0+TghLUrgqPs4hSAaLgC+UJKOxxT4E Mc+H12o6j9K7ZldUlePbIj3QazJSlLYL+zG9bxUEh82jSSu4c3hLfm8TlsPXKZBK8Vfn QyTQKfWMizwsKJYk7EULgbEvpNxSTjzFuIhJlbPIm2aqRKQQZUDbcvQh309a66LJBzjd rwyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=J1aPRVnPtvaDDmo3fez14oc8rYGiEsDWBCXDH/Wat7k=; b=Td2WXzT+VP6TobMrJ2SnPjwj12O4L7s6gVZwsXie0e4EXHI6xEGiXZBI4RQC9KGBFR 71INpmkzKIFucI2XSU5q6k2YIwWBjxBWQqz/0ATh92gxjSE8xEFjgbdJi8i66NRSRQeK DKdh3tm8KLZ6M+0gWnP7Sp4D1ozzb8kRv2WoMwFVH9fFXxUnODwi2MsyvhQFjp9XetSE 1SU7UGnmoMvfESfQBcfk+cTg5zYQarvaMrtD2fmMsw8yKQfxqnz3F6S0Q9Vy9VlbFwCO t+B674NIV6lXlF6Dn34kLv9LIbsYChE6KFpy7LCDxA6Fv+FFdOlfG/nACEIrriEgg6y7 GPEg== X-Gm-Message-State: AOAM533wLDnCyzvSPF600lWvvGcbd+esWKWJ7QzxfXmHHhX2/45eiIXL RCWsEkBnMdXKIA8WBY2KEcU75g== X-Received: by 2002:ac8:7d42:: with SMTP id h2mr4861309qtb.220.1631797816616; Thu, 16 Sep 2021 06:10:16 -0700 (PDT) Received: from ziepe.ca ([206.223.160.26]) by smtp.gmail.com with ESMTPSA id r23sm1992140qtp.60.2021.09.16.06.10.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Sep 2021 06:10:15 -0700 (PDT) Received: from jgg by mlx with local (Exim 4.94) (envelope-from ) id 1mQr9a-001MiL-Tq; Thu, 16 Sep 2021 10:10:14 -0300 Date: Thu, 16 Sep 2021 10:10:14 -0300 From: Jason Gunthorpe To: Oded Gabbay , "Linux-Kernel@Vger. Kernel. Org" , Greg Kroah-Hartman , Christian =?utf-8?B?S8O2bmln?= , Gal Pressman , Yossi Leybovich , Maling list - DRI developers , linux-rdma , Linux Media Mailing List , Doug Ledford , Dave Airlie , Alex Deucher , Leon Romanovsky , Christoph Hellwig , amd-gfx list , "moderated list:DMA BUFFER SHARING FRAMEWORK" Subject: Re: [PATCH v6 0/2] Add p2p via dmabuf to habanalabs Message-ID: <20210916131014.GK3544071@ziepe.ca> References: <20210912165309.98695-1-ogabbay@kernel.org> <20210914161218.GF3544071@ziepe.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 16, 2021 at 02:31:34PM +0200, Daniel Vetter wrote: > On Wed, Sep 15, 2021 at 10:45:36AM +0300, Oded Gabbay wrote: > > On Tue, Sep 14, 2021 at 7:12 PM Jason Gunthorpe wrote: > > > > > > On Tue, Sep 14, 2021 at 04:18:31PM +0200, Daniel Vetter wrote: > > > > On Sun, Sep 12, 2021 at 07:53:07PM +0300, Oded Gabbay wrote: > > > > > Hi, > > > > > Re-sending this patch-set following the release of our user-space TPC > > > > > compiler and runtime library. > > > > > > > > > > I would appreciate a review on this. > > > > > > > > I think the big open we have is the entire revoke discussions. Having the > > > > option to let dma-buf hang around which map to random local memory ranges, > > > > without clear ownership link and a way to kill it sounds bad to me. > > > > > > > > I think there's a few options: > > > > - We require revoke support. But I've heard rdma really doesn't like that, > > > > I guess because taking out an MR while holding the dma_resv_lock would > > > > be an inversion, so can't be done. Jason, can you recap what exactly the > > > > hold-up was again that makes this a no-go? > > > > > > RDMA HW can't do revoke. > > Like why? I'm assuming when the final open handle or whatever for that MR > is closed, you do clean up everything? Or does that MR still stick around > forever too? It is a combination of uAPI and HW specification. revoke here means you take a MR object and tell it to stop doing DMA without causing the MR object to be destructed. All the drivers can of course destruct the MR, but doing such a destruction without explicit synchronization with user space opens things up to a serious use-after potential that could be a security issue. When the open handle closes the userspace is synchronized with the kernel and we can destruct the HW objects safely. So, the special HW feature required is 'stop doing DMA but keep the object in an error state' which isn't really implemented, and doesn't extend very well to other object types beyond simple MRs. > 1. User A opens gaudi device, sets up dma-buf export > > 2. User A registers that with RDMA, or anything else that doesn't support > revoke. > > 3. User A closes gaudi device > > 4. User B opens gaudi device, assumes that it has full control over the > device and uploads some secrets, which happen to end up in the dma-buf > region user A set up I would expect this is blocked so long as the DMABUF exists - eg the DMABUF will hold a fget on the FD of #1 until the DMABUF is closed, so that #3 can't actually happen. > It's not mlocked memory, it's mlocked memory and I can exfiltrate > it. That's just bug, don't make buggy drivers :) Jason