Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp2653967pxb; Mon, 18 Apr 2022 05:38:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzO+inGNAf7a6lkPH/18DCZQPJnItru1dfpP66dslfHJSTrmQ4RTGBv8Vwx6lPmxoxSDTNX X-Received: by 2002:a17:90b:4f82:b0:1d1:b8fd:7e36 with SMTP id qe2-20020a17090b4f8200b001d1b8fd7e36mr13821811pjb.194.1650285537772; Mon, 18 Apr 2022 05:38:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650285537; cv=none; d=google.com; s=arc-20160816; b=HbKIk9fJf2dtEG4D5YvscMZzGekXCALKS/63H/wqCxLYy3oN5ZfZ/E+OXP00ceH9xE Z9odnhQr1T62TmKRPNxILiYOuFUd3B4LRicpU1HvQhEUiuX6tq6Vca4Df7u5VLhRyr4f gvjCjprMJIu26yfbhmBjKDyC5NVHoX0tFkoOixnu6+cHD4qE9VDyf+mHyaUOEzoSsamj 0Pe87ezHAPvcqilXdrKPP+DpI4EZ1oyTijQcW6Wk92K1jdW2CLaqROMFF2/AaUcLl8rc SqGbVZD92XqJI/h10B0eCU7i0nUn8jl2z/Xnu5G7fmGIeh4RoAnf7SoF552Pm/K6TYzj 1VsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=plz43OYwJbuGor6gsifuY+vslqBP+Q5SlPzVZ1J6WgI=; b=Ob3nQbotQyfLanu87m1Y+p27EGxZL7Hp6inb3TN/u2Dbg5Io7fhotrTTxr2AkqFVGp eLM7KTx9GJmubt3XB8pDviYwU5XDa30Ymw4RF55gwvwtt7IVQd0NHZKTh0KAP8oxQL7L UNFLRgQF/CbkO3SDAzB+PgNE6AJFkIo7ZAa/Rs7LhP5mJ4uz+W6UH/0DLOmiKBySNNw/ dL7iumaS8SWwQPWvnbv/03i5E187KmApSA2TF2/fJTlPakUaVr/Me5x4OPzTlXR7nypV qcA/GIuMPRDz6Oo2v7akFq2pfb6Ye0ED6OMmtAZJFkpcabPYfUecRSZv79gc/qb8sZgX 2b+g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=BCOjcpbs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s11-20020a056a0008cb00b004fa3a8dff9csi9716007pfu.83.2022.04.18.05.38.43; Mon, 18 Apr 2022 05:38:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=BCOjcpbs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235484AbiDRAzS (ORCPT + 99 others); Sun, 17 Apr 2022 20:55:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50734 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235471AbiDRAzN (ORCPT ); Sun, 17 Apr 2022 20:55:13 -0400 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 659CB13E83 for ; Sun, 17 Apr 2022 17:52:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1650243156; x=1681779156; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=fs2/qIGv4fyYDOG7R+kyP0PpTRznXTY23uT57syakyY=; b=BCOjcpbsSFQcrnGJimygjVZhfzEI9jXYpqGAmIujGU+hvc4fe4QyppC9 LJr1XbvGdU8qxSN4y255qzaPTU1w6Sd+GYQ/LP5Pgt+/oA9TmwlIFbsgi OEmr5z9RuHrVXYVVoVKq9UscxMkI3RlrEV9HhY6kDtwgKIZ4+7QiK5GuH NKtR4Mh7+P0j110j/5AFox7GJN49onGnXwYCkq9Re5AxVeMP9JVyO50Vi lCSlHnWV0Xfm8hl3+9qa4fI8IkXdCytvO17rqT7BNZmAHoVtW7b5XZT/Y pQixMUeMnL5W4EiERJZNuqC8uKsWwuHLLAUcYoLa17T3xZZC6cpg7UPDY Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10320"; a="245313210" X-IronPort-AV: E=Sophos;i="5.90,267,1643702400"; d="scan'208";a="245313210" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Apr 2022 17:52:36 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,267,1643702400"; d="scan'208";a="701651279" Received: from allen-box.sh.intel.com ([10.239.159.48]) by fmsmga001.fm.intel.com with ESMTP; 17 Apr 2022 17:52:34 -0700 From: Lu Baolu To: Joerg Roedel Cc: Jason Gunthorpe , Kevin Tian , Liu Yi L , iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org Subject: [RESEND PATCH v8 02/11] driver core: Add dma_cleanup callback in bus_type Date: Mon, 18 Apr 2022 08:49:51 +0800 Message-Id: <20220418005000.897664-3-baolu.lu@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220418005000.897664-1-baolu.lu@linux.intel.com> References: <20220418005000.897664-1-baolu.lu@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The bus_type structure defines dma_configure() callback for bus drivers to configure DMA on the devices. This adds the paired dma_cleanup() callback and calls it during driver unbinding so that bus drivers can do some cleanup work. One use case for this paired DMA callbacks is for the bus driver to check for DMA ownership conflicts during driver binding, where multiple devices belonging to a same IOMMU group (the minimum granularity of isolation and protection) may be assigned to kernel drivers or user space respectively. Without this change, for example, the vfio driver has to listen to a bus BOUND_DRIVER event and then BUG_ON() in case of dma ownership conflict. This leads to bad user experience since careless driver binding operation may crash the system if the admin overlooks the group restriction. Aside from bad design, this leads to a security problem as a root user, even with lockdown=integrity, can force the kernel to BUG. With this change, the bus driver could check and set the DMA ownership in driver binding process and fail on ownership conflicts. The DMA ownership should be released during driver unbinding. Signed-off-by: Lu Baolu Reviewed-by: Greg Kroah-Hartman Reviewed-by: Jason Gunthorpe --- include/linux/device/bus.h | 3 +++ drivers/base/dd.c | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/include/linux/device/bus.h b/include/linux/device/bus.h index a039ab809753..d8b29ccd07e5 100644 --- a/include/linux/device/bus.h +++ b/include/linux/device/bus.h @@ -59,6 +59,8 @@ struct fwnode_handle; * bus supports. * @dma_configure: Called to setup DMA configuration on a device on * this bus. + * @dma_cleanup: Called to cleanup DMA configuration on a device on + * this bus. * @pm: Power management operations of this bus, callback the specific * device driver's pm-ops. * @iommu_ops: IOMMU specific operations for this bus, used to attach IOMMU @@ -103,6 +105,7 @@ struct bus_type { int (*num_vf)(struct device *dev); int (*dma_configure)(struct device *dev); + void (*dma_cleanup)(struct device *dev); const struct dev_pm_ops *pm; diff --git a/drivers/base/dd.c b/drivers/base/dd.c index 3fc3b5940bb3..94b7ac9bf459 100644 --- a/drivers/base/dd.c +++ b/drivers/base/dd.c @@ -671,6 +671,8 @@ static int really_probe(struct device *dev, struct device_driver *drv) if (dev->bus) blocking_notifier_call_chain(&dev->bus->p->bus_notifier, BUS_NOTIFY_DRIVER_NOT_BOUND, dev); + if (dev->bus && dev->bus->dma_cleanup) + dev->bus->dma_cleanup(dev); pinctrl_bind_failed: device_links_no_driver(dev); device_unbind_cleanup(dev); @@ -1199,6 +1201,9 @@ static void __device_release_driver(struct device *dev, struct device *parent) device_remove(dev); + if (dev->bus && dev->bus->dma_cleanup) + dev->bus->dma_cleanup(dev); + device_links_driver_cleanup(dev); device_unbind_cleanup(dev); -- 2.25.1