Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp3762241rwb; Fri, 30 Sep 2022 08:02:23 -0700 (PDT) X-Google-Smtp-Source: AMsMyM44+iYzymxcHfhRn7gGiVmrK5TVMXRLCe1YdWKhQFrYSwO0EK7KLz/+eka3zvgJSTlxQIRM X-Received: by 2002:aa7:db4d:0:b0:458:908f:a372 with SMTP id n13-20020aa7db4d000000b00458908fa372mr1607142edt.248.1664550143563; Fri, 30 Sep 2022 08:02:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664550143; cv=none; d=google.com; s=arc-20160816; b=KKnSesCNLAOAjGOipRz7SFwthQmySLLTtXJC7LwqLlYcAGtsYon0JCziA134+YiX8z nQsgnuqMWQyVwQd+EQBOsoYAXortKUXkaYndjmc7G38dlmw7OADWRTAReHGw4K4OEb92 d85Fk71C7EGSCdHYZ9Da46GLEyrR84OzWLlkvVL+hKZx//BcDsytr90MrWrPw5PjsRwv JCuMWto7Y4FH+4Q5XDV9oqLvKSdTox+jXitTH6RGPzBC8TYZIhRheuS8jmiTCkQ3ieJu cwSEq2Yux2/PXOeeJq5wr3PnDt0eiPH9gQRQQqSBE5vzr21GI5Mp3S7MJui0zR7nxp0/ oc4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=wCdVslnhSn2CeO4TuDZwFaybUgjtKPR+WU89M3AuIBM=; b=iNdTYy8gr/i1K2Lamx3Bm0TpgvOW173PWNa2FvkNWq/dMC6avOU+imWfiam5GSHspN m0PwxBfjiEdaXE62TbUZnsZbOs9siIGZ/t60oaDH2V0BGch0w/e45589Qyq/3eKW0Vna W66Hv10bX2XV7d/cuVG3qEPN6oI2fm6yelrCd8KZ5StmRt+FXMEKSoHLmJeISSbjo7DP JISab+QYrpVg0+gnI80I1Qvk0EPavbfWUT/iNcVOEfb2Uw6vBTfLtIaXxCYtKB06wXzR r5NnJpcV9/jBxq86VzKeNc0c4l1cziTmeElvpHKUItpmJJOSIfxFd4xO1ZVIm6r21tJ0 AXOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Fe5cv0sV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u23-20020a50a417000000b00453e1a11542si1866685edb.493.2022.09.30.08.01.56; Fri, 30 Sep 2022 08:02:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Fe5cv0sV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231758AbiI3Osz (ORCPT + 99 others); Fri, 30 Sep 2022 10:48:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57600 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231576AbiI3OsW (ORCPT ); Fri, 30 Sep 2022 10:48:22 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EBFA212C1D2 for ; Fri, 30 Sep 2022 07:48:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1664549297; x=1696085297; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=jASNJsRsaf5vJ4ndsb5wfnYQQP9W4VNqpMHgh8BGioo=; b=Fe5cv0sV0QSB9+9qhiNV8AAfoTHtPutcXvpcBOuC9zEcOL6sSsgW33iJ uUHXMvftM1Fz1YoThrtrg/cEqdXsCk8SUQJZwBD34bRNenY3nSEEIaTY+ haZh0zj3UWwLu2u9hyIAT6xdr0+J29wy0mV6GL9SqQnlinuHMVAwwFY7v 3yWXsvbVJyvoMURI3tZAaVE8dpIVN6uJM1EOnXaWgI4BFAeTiSo6Os/mz fvo3WJ84cY4fLeYebZMOsRt7zZlJoqi5YzZmFKNeiwVyM8W8Kwu9bLFAn k8kJBl4lY4zSrFzAvrBIPfH2sdKfzr9vdeCJy5sA+UDbsES4hrcNcrT6M Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10486"; a="282570785" X-IronPort-AV: E=Sophos;i="5.93,358,1654585200"; d="scan'208";a="282570785" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Sep 2022 07:48:16 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10486"; a="653563766" X-IronPort-AV: E=Sophos;i="5.93,358,1654585200"; d="scan'208";a="653563766" Received: from herrerop-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.38.128]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Sep 2022 07:48:11 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id 88F34104D64; Fri, 30 Sep 2022 17:48:02 +0300 (+03) From: "Kirill A. Shutemov" To: Dave Hansen , Andy Lutomirski , Peter Zijlstra Cc: x86@kernel.org, Kostya Serebryany , Andrey Ryabinin , Andrey Konovalov , Alexander Potapenko , Taras Madan , Dmitry Vyukov , "H . J . Lu" , Andi Kleen , Rick Edgecombe , Bharata B Rao , Jacob Pan , Ashok Raj , linux-mm@kvack.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv9 10/14] x86/mm, iommu/sva: Make LAM and SVM mutually exclusive Date: Fri, 30 Sep 2022 17:47:54 +0300 Message-Id: <20220930144758.30232-11-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220930144758.30232-1-kirill.shutemov@linux.intel.com> References: <20220930144758.30232-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org IOMMU and SVM-capable devices know nothing about LAM and only expect canonical addresses. Attempt to pass down tagged pointer will lead to address translation failure. By default do not allow to enable both LAM and use SVM in the same process. The new ARCH_FORCE_TAGGED_SVM arch_prctl() overrides the limitation. By using the arch_prctl() userspace takes responsibility to never pass tagged address to the device. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mmu.h | 6 ++++-- arch/x86/include/asm/mmu_context.h | 2 ++ arch/x86/include/uapi/asm/prctl.h | 1 + arch/x86/kernel/process_64.c | 13 +++++++++++++ drivers/iommu/iommu-sva-lib.c | 12 ++++++++++++ include/linux/mmu_context.h | 4 ++++ 6 files changed, 36 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/mmu.h b/arch/x86/include/asm/mmu.h index 2fdb390040b5..cce9b32b0d6d 100644 --- a/arch/x86/include/asm/mmu.h +++ b/arch/x86/include/asm/mmu.h @@ -9,9 +9,11 @@ #include /* Uprobes on this MM assume 32-bit code */ -#define MM_CONTEXT_UPROBE_IA32 BIT(0) +#define MM_CONTEXT_UPROBE_IA32 BIT(0) /* vsyscall page is accessible on this MM */ -#define MM_CONTEXT_HAS_VSYSCALL BIT(1) +#define MM_CONTEXT_HAS_VSYSCALL BIT(1) +/* Allow LAM and SVM coexisting */ +#define MM_CONTEXT_FORCE_TAGGED_SVM BIT(2) /* * x86 has arch-specific MMU state beyond what lives in mm_struct. diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h index b0e9ea23758b..6b9ac2c60cec 100644 --- a/arch/x86/include/asm/mmu_context.h +++ b/arch/x86/include/asm/mmu_context.h @@ -113,6 +113,8 @@ static inline void mm_reset_untag_mask(struct mm_struct *mm) mm->context.untag_mask = -1UL; } +#define arch_pgtable_dma_compat(mm) \ + (!mm_lam_cr3_mask(mm) || (mm->context.flags & MM_CONTEXT_FORCE_TAGGED_SVM)) #else static inline unsigned long mm_lam_cr3_mask(struct mm_struct *mm) diff --git a/arch/x86/include/uapi/asm/prctl.h b/arch/x86/include/uapi/asm/prctl.h index a31e27b95b19..7bd22defb558 100644 --- a/arch/x86/include/uapi/asm/prctl.h +++ b/arch/x86/include/uapi/asm/prctl.h @@ -23,5 +23,6 @@ #define ARCH_GET_UNTAG_MASK 0x4001 #define ARCH_ENABLE_TAGGED_ADDR 0x4002 #define ARCH_GET_MAX_TAG_BITS 0x4003 +#define ARCH_FORCE_TAGGED_SVM 0x4004 #endif /* _ASM_X86_PRCTL_H */ diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c index 1730c2fcc7ab..d7ec5c7f49a7 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -782,6 +782,13 @@ static int prctl_enable_tagged_addr(struct mm_struct *mm, unsigned long nr_bits) goto out; } +#ifdef CONFIG_IOMMU_SVA + if (pasid_valid(mm->pasid) && + !(mm->context.flags & MM_CONTEXT_FORCE_TAGGED_SVM)) { + ret = -EBUSY; + goto out; + } +#endif if (!nr_bits) { ret = -EINVAL; goto out; @@ -892,6 +899,12 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2) (unsigned long __user *)arg2); case ARCH_ENABLE_TAGGED_ADDR: return prctl_enable_tagged_addr(task->mm, arg2); + case ARCH_FORCE_TAGGED_SVM: + if (mmap_write_lock_killable(task->mm)) + return -EINTR; + task->mm->context.flags |= MM_CONTEXT_FORCE_TAGGED_SVM; + mmap_write_unlock(task->mm); + return 0; case ARCH_GET_MAX_TAG_BITS: if (!cpu_feature_enabled(X86_FEATURE_LAM)) return put_user(0, (unsigned long __user *)arg2); diff --git a/drivers/iommu/iommu-sva-lib.c b/drivers/iommu/iommu-sva-lib.c index 106506143896..593ae2472e2c 100644 --- a/drivers/iommu/iommu-sva-lib.c +++ b/drivers/iommu/iommu-sva-lib.c @@ -2,6 +2,8 @@ /* * Helpers for IOMMU drivers implementing SVA */ +#include +#include #include #include @@ -31,6 +33,15 @@ int iommu_sva_alloc_pasid(struct mm_struct *mm, ioasid_t min, ioasid_t max) min == 0 || max < min) return -EINVAL; + /* Serialize against address tagging enabling */ + if (mmap_write_lock_killable(mm)) + return -EINTR; + + if (!arch_pgtable_dma_compat(mm)) { + mmap_write_unlock(mm); + return -EBUSY; + } + mutex_lock(&iommu_sva_lock); /* Is a PASID already associated with this mm? */ if (pasid_valid(mm->pasid)) { @@ -46,6 +57,7 @@ int iommu_sva_alloc_pasid(struct mm_struct *mm, ioasid_t min, ioasid_t max) mm_pasid_set(mm, pasid); out: mutex_unlock(&iommu_sva_lock); + mmap_write_unlock(mm); return ret; } EXPORT_SYMBOL_GPL(iommu_sva_alloc_pasid); diff --git a/include/linux/mmu_context.h b/include/linux/mmu_context.h index b9b970f7ab45..115e2b518079 100644 --- a/include/linux/mmu_context.h +++ b/include/linux/mmu_context.h @@ -28,4 +28,8 @@ static inline void leave_mm(int cpu) { } # define task_cpu_possible(cpu, p) cpumask_test_cpu((cpu), task_cpu_possible_mask(p)) #endif +#ifndef arch_pgtable_dma_compat +#define arch_pgtable_dma_compat(mm) true +#endif + #endif -- 2.35.1