Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp958712iob; Fri, 13 May 2022 17:44:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyuwMLhmoJ3PyQNCoygUo2tgXTteAC0jNE72DP6uVxd+PbRgEAUZvUbLFNsdLl+mQF2k8SU X-Received: by 2002:adf:f346:0:b0:20a:c23f:fb14 with SMTP id e6-20020adff346000000b0020ac23ffb14mr5926929wrp.25.1652489047910; Fri, 13 May 2022 17:44:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652489047; cv=none; d=google.com; s=arc-20160816; b=lOl+oyGauGS2BrP4uJPB9l5mqBg/6sLVNMfFjCEmQhs8q9nDXnyUXYZ0/6vu9XfLt4 jeqcnN9j6nvm9hFzYF/s84ziy+ecTF/ilIUUTEebIdgage6JPtRgHSRgprs560IFfVFf RX493zg14oGvOhjS9htviKpd/B9rT2Z78u6jIAtvduxLaU2sGdrlQpCMQD9W68wqIpn4 k7yFhHo+USyBJdb3JACqxS1Z0sLQYcwHN3nj8+ZWWEjLKZKqfm3zl4Hj5PPlUP/YRq+u l46c7lR/zu80n+eLSpAVa9eK6kcbX4XB0t7T2DaYxhAckYudNb6aoL9ycLAPRJRMYL+8 inQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:to:content-language:subject:cc:user-agent:mime-version :date:message-id:dkim-signature; bh=kC9bhDleJEwfxZ0IbmpvJFtmRGrX9UsmIee+tMAUTpA=; b=T4fWY8jhFzZbf1DJ6ASygkM226wGI4a57brIv5DOmfUtc3EETZ/WhGH9m1DrIVNVnY fSipzOr9lzz2zAPa/CsKLnNTzFrMGQAlevwZx79U2n1eOQqR/wJGufXHkYK19xbrohnd OHea11P9ZeHJHEVzth6ut28gxAfIEGPkzt2Ex0a7CqdkQ3g4oGiF19D2BZjW71NbGsJI 5AyXQRXsRvAFsJNRmZg8EGJ+qSouMK5/EBN2EadkufOKgpmZI4z7zVlTSQvjKIIvSKWp iggchRyctZIsbbfXfLiOkeNXqT+y/LD+gBx2AOtTAqGEE6Z2xh97fjJk61vMRwP3C6d1 qNdA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=TlovMbEE; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id l12-20020a05600012cc00b0020a849e1c6asi3257445wrx.958.2022.05.13.17.44.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 May 2022 17:44:07 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=TlovMbEE; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id B5CC1319950; Fri, 13 May 2022 16:24:22 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343937AbiELMjZ (ORCPT + 99 others); Thu, 12 May 2022 08:39:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59842 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347397AbiELMjX (ORCPT ); Thu, 12 May 2022 08:39:23 -0400 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AA3F462136 for ; Thu, 12 May 2022 05:39:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1652359162; x=1683895162; h=message-id:date:mime-version:cc:subject:to:references: from:in-reply-to:content-transfer-encoding; bh=ylfevFr8DAKKlnOWSQ7Fkq7Eg5B5wM7FmiEl79rW8r0=; b=TlovMbEELLo704acggZyaGg5gKM1b0Cxno8mmr5dmO5xauAjEDbuQ5a6 Cp+sZt3+oQtqMO3sJdsBiEa6iEggcQt/UZz/URyAoCvVFvjO0jS7XoBrQ KtCaqg19enT38srfFJaKiB+qZRlOUTyiz26fu4kkfW9xQkaSwUuVawsNb QyLOsolhJrgLV7iDNY/xcbVZ5LDFO4z221xK5oD1IYQuUGKJl9l4Sm96+ glNaUkEKtJA61CV9iFXLVygPj/lM9bfsdpiowlV4Z8CiozRh6jMWqSTYD 0X4P1c+/Un1GQE5mk4GVDpd+t+t/4QszJJTm5yEJ/hnc9MVDYOHU8m+oJ Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10344"; a="249886272" X-IronPort-AV: E=Sophos;i="5.91,219,1647327600"; d="scan'208";a="249886272" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2022 05:39:22 -0700 X-IronPort-AV: E=Sophos;i="5.91,219,1647327600"; d="scan'208";a="594647779" Received: from hezhu1-mobl1.ccr.corp.intel.com (HELO [10.255.29.168]) ([10.255.29.168]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2022 05:39:18 -0700 Message-ID: Date: Thu, 12 May 2022 20:39:16 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1 Cc: baolu.lu@linux.intel.com, Joerg Roedel , Christoph Hellwig , Kevin Tian , Ashok Raj , Will Deacon , Robin Murphy , Jean-Philippe Brucker , Dave Jiang , Vinod Koul , Eric Auger , Liu Yi L , Jacob jun Pan , iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v6 08/12] iommu/sva: Use attach/detach_pasid_dev in SVA interfaces Content-Language: en-US To: Jason Gunthorpe References: <20220510061738.2761430-1-baolu.lu@linux.intel.com> <20220510061738.2761430-9-baolu.lu@linux.intel.com> <20220510152330.GG49344@nvidia.com> <749a7d62-3e6c-ef5c-beaf-6b7add495740@linux.intel.com> <20220511145319.GZ49344@nvidia.com> <05a68e1e-8e18-5914-ebe7-d7b1a4aaa2ec@linux.intel.com> <20220512115136.GV49344@nvidia.com> From: Baolu Lu In-Reply-To: <20220512115136.GV49344@nvidia.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-5.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,RDNS_NONE,SPF_HELO_NONE, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2022/5/12 19:51, Jason Gunthorpe wrote: > On Thu, May 12, 2022 at 11:02:39AM +0800, Baolu Lu wrote: >>>> + mutex_lock(&group->mutex); >>>> + domain = xa_load(&group->pasid_array, pasid); >>>> + if (domain && domain->type != type) >>>> + domain = NULL; >>>> + mutex_unlock(&group->mutex); >>>> + iommu_group_put(group); >>>> + >>>> + return domain; >>> This is bad locking, group->pasid_array values cannot be taken outside >>> the lock. >> >> It's not iommu core, but SVA (or other feature components) that manage >> the life cycle of a domain. The iommu core only provides a place to >> store the domain pointer. The feature components are free to fetch their >> domain pointers from iommu core as long as they are sure that the domain >> is alive during use. > > I'm not convinced. I'm sorry, I may not have explained it clearly. :-) This helper is safe for uses inside the IOMMU subsystem. We could trust ourselves that nobody will abuse this helper to obtain domains belonging to others as the pasid has been allocated for SVA code. No other code should be able to setup another type of domain for this pasid. The SVA code has its own lock mechanism to avoid using after free. Please correct me if I missed anything. :-) By the way, I can see some similar helpers in current IOMMU core. For example, struct iommu_domain *iommu_get_domain_for_dev(struct device *dev) { struct iommu_domain *domain; struct iommu_group *group; group = iommu_group_get(dev); if (!group) return NULL; domain = group->domain; iommu_group_put(group); return domain; } EXPORT_SYMBOL_GPL(iommu_get_domain_for_dev); Best regards, baolu