From: Jacob Pan <jacob.jun.pan@linux.intel.com>
To: Alex Williamson <alex.williamson@redhat.com>
Cc: iommu@lists.linux-foundation.org,
LKML <linux-kernel@vger.kernel.org>,
Joerg Roedel <joro@8bytes.org>,
"Lu Baolu" <baolu.lu@linux.intel.com>,
David Woodhouse <dwmw2@infradead.org>,
Yi Liu <yi.l.liu@intel.com>, "Tian, Kevin" <kevin.tian@intel.com>,
Raj Ashok <ashok.raj@intel.com>,
"Christoph Hellwig" <hch@infradead.org>,
Jean-Philippe Brucker <jean-philippe@linaro.com>,
Eric Auger <eric.auger@redhat.com>,
Jonathan Corbet <corbet@lwn.net>,
jacob.jun.pan@linux.intel.com
Subject: Re: [PATCH v5 4/5] iommu/uapi: Handle data and argsz filled by users
Date: Tue, 21 Jul 2020 16:18:12 -0700 [thread overview]
Message-ID: <20200721161812.3ca8cf63@jacob-builder> (raw)
In-Reply-To: <20200717135954.6ddbbac9@x1.home>
On Fri, 17 Jul 2020 13:59:54 -0600
Alex Williamson <alex.williamson@redhat.com> wrote:
> On Thu, 16 Jul 2020 11:45:16 -0700
> Jacob Pan <jacob.jun.pan@linux.intel.com> wrote:
>
> > IOMMU UAPI data has a user filled argsz field which indicates the
> > data length comes with the API call. User data is not trusted,
> > argsz must be validated based on the current kernel data size,
> > mandatory data size, and feature flags.
> >
> > User data may also be extended, results in possible argsz increase.
> > Backward compatibility is ensured based on size and flags checking.
> >
> > This patch adds sanity checks in the IOMMU layer. In addition to
> > argsz, reserved/unused fields in padding, flags, and version are
> > also checked. Details are documented in
> > Documentation/userspace-api/iommu.rst
> >
> > Signed-off-by: Liu Yi L <yi.l.liu@intel.com>
> > Signed-off-by: Jacob Pan <jacob.jun.pan@linux.intel.com>
> > ---
> > drivers/iommu/iommu.c | 192
> > ++++++++++++++++++++++++++++++++++++++++++++++++--
> > include/linux/iommu.h | 20 ++++-- 2 files changed, 200
> > insertions(+), 12 deletions(-)
> >
> > diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
> > index d43120eb1dc5..fe30a940d19e 100644
> > --- a/drivers/iommu/iommu.c
> > +++ b/drivers/iommu/iommu.c
> > @@ -1950,36 +1950,214 @@ int iommu_attach_device(struct
> > iommu_domain *domain, struct device *dev) }
> > EXPORT_SYMBOL_GPL(iommu_attach_device);
> >
> > +/*
> > + * Check flags and other user privided data for valid
> > combinations. We also
> > + * make sure no reserved fields or unused flags are not set. This
> > is to ensure
> > + * not breaking userspace in the future when these fields or flags
> > are used.
> > + */
> > +static int iommu_check_cache_invl_data(struct
> > iommu_cache_invalidate_info *info) +{
> > + u32 mask;
> > +
> > + if (info->version != IOMMU_CACHE_INVALIDATE_INFO_VERSION_1)
> > + return -EINVAL;
> > +
> > + mask = (1 << IOMMU_CACHE_INV_TYPE_NR) - 1;
> > + if (info->cache & ~mask)
> > + return -EINVAL;
> > +
> > + if (info->granularity >= IOMMU_INV_GRANU_NR)
> > + return -EINVAL;
> > +
> > + switch (info->granularity) {
> > + case IOMMU_INV_GRANU_ADDR:
> > + mask = IOMMU_INV_ADDR_FLAGS_PASID |
> > + IOMMU_INV_ADDR_FLAGS_ARCHID |
> > + IOMMU_INV_ADDR_FLAGS_LEAF;
> > +
> > + if (info->granu.addr_info.flags & ~mask)
> > + return -EINVAL;
> > + break;
> > + case IOMMU_INV_GRANU_PASID:
> > + mask = IOMMU_INV_PASID_FLAGS_PASID |
> > + IOMMU_INV_PASID_FLAGS_ARCHID;
> > + if (info->granu.pasid_info.flags & ~mask)
> > + return -EINVAL;
> > +
> > + break;
> > + case IOMMU_INV_GRANU_DOMAIN:
> > + /* No flags to check */
> > + break;
> > + default:
> > + return -EINVAL;
> > + }
> > +
> > + if (info->padding[0] || info->padding[1])
> > + return -EINVAL;
> > +
> > + return 0;
> > +}
> > +
> > int iommu_cache_invalidate(struct iommu_domain *domain, struct
> > device *dev,
> > - struct iommu_cache_invalidate_info
> > *inv_info)
> > + void __user *uinfo)
> > {
> > + struct iommu_cache_invalidate_info inv_info = { 0 };
> > + u32 minsz, maxsz;
> > + int ret = 0;
> > +
> > if (unlikely(!domain->ops->cache_invalidate))
> > return -ENODEV;
> >
> > - return domain->ops->cache_invalidate(domain, dev,
> > inv_info);
> > + /* Current kernel data size is the max to be copied from
> > user */
> > + maxsz = sizeof(struct iommu_cache_invalidate_info);
> > +
> > + /*
> > + * No new spaces can be added before the variable sized
> > union, the
> > + * minimum size is the offset to the union.
> > + */
> > + minsz = offsetof(struct iommu_cache_invalidate_info,
> > granu); +
> > + /* Copy minsz from user to get flags and argsz */
> > + if (copy_from_user(&inv_info, uinfo, minsz))
> > + return -EFAULT;
> > +
> > + /* Fields before variable size union is mandatory */
> > + if (inv_info.argsz < minsz)
> > + return -EINVAL;
> > +
> > + /* PASID and address granu requires additional info beyond
> > minsz */
> > + if (inv_info.argsz == minsz &&
> > + ((inv_info.granularity == IOMMU_INV_GRANU_PASID) ||
> > + (inv_info.granularity ==
> > IOMMU_INV_GRANU_ADDR)))
> > + return -EINVAL;
> > + /*
> > + * User might be using a newer UAPI header which has a
> > larger data
> > + * size, we shall support the existing flags within the
> > current
> > + * size. Copy the remaining user data _after_ minsz but
> > not more
> > + * than the current kernel supported size.
> > + */
> > + if (copy_from_user((void *)&inv_info + minsz, uinfo +
> > minsz,
> > + min(inv_info.argsz, maxsz) -
> > minsz))
> > + return -EFAULT;
>
> To further clarify previous comments about maxsz usage:
>
> s/maxsz/sizeof(inv_info)/
>
Yes, will remove maxsz.
> > +
> > + /* Now the argsz is validated, check the content */
> > + ret = iommu_check_cache_invl_data(&inv_info);
> > + if (ret)
> > + return ret;
> > +
> > + return domain->ops->cache_invalidate(domain, dev,
> > &inv_info); }
> > EXPORT_SYMBOL_GPL(iommu_cache_invalidate);
>
>
> Remainder of comments for above provided in 1/5.
>
Got it.
> >
> > -int iommu_sva_bind_gpasid(struct iommu_domain *domain,
> > - struct device *dev, struct
> > iommu_gpasid_bind_data *data) +
> > +static int iommu_check_bind_data(struct iommu_gpasid_bind_data
> > *data) {
> > + u32 mask;
> > + int i;
> > +
> > + if (data->version != IOMMU_GPASID_BIND_VERSION_1)
> > + return -EINVAL;
> > +
> > + /* Check all supported format, for now just VT-d */
> > + mask = IOMMU_PASID_FORMAT_INTEL_VTD;
> > + if (data->format & ~mask)
> > + return -EINVAL;
> > +
> > + /* Check all flags */
> > + mask = IOMMU_SVA_GPASID_VAL;
> > + if (data->flags & ~mask)
> > + return -EINVAL;
> > +
> > + /* Check reserved padding fields */
> > + for (i = 0; i < 12; i++) {
> > + if (data->padding[i])
> > + return -EINVAL;
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +static int iommu_sva_prepare_bind_data(void __user *udata,
> > + struct
> > iommu_gpasid_bind_data *data) +{
> > + u32 minsz, maxsz;
> > +
> > + /* Current kernel data size is the max to be copied from
> > user */
> > + maxsz = sizeof(struct iommu_gpasid_bind_data);
> > + memset((void *)data, 0, maxsz);
>
> Let the caller pass a zero'd structure.
>
Sounds good.
> > +
> > + /*
> > + * No new spaces can be added before the variable sized
> > union, the
> > + * minimum size is the offset to the union.
> > + */
> > + minsz = offsetof(struct iommu_gpasid_bind_data, vendor);
> > +
> > + /* Copy minsz from user to get flags and argsz */
> > + if (copy_from_user(data, udata, minsz))
> > + return -EFAULT;
> > +
> > + /* Fields before variable size union is mandatory */
> > + if (data->argsz < minsz)
> > + return -EINVAL;
> > + /*
> > + * User might be using a newer UAPI header, we shall let
> > IOMMU vendor
> > + * driver decide on what size it needs. Since the guest
> > PASID bind data
> > + * can be vendor specific, larger argsz could be the
> > result of extension
> > + * for one vendor but it should not affect another vendor.
> > + * Copy the remaining user data _after_ minsz
> > + */
> > + if (copy_from_user((void *)data + minsz, udata + minsz,
> > + min(data->argsz, maxsz) - minsz))
>
>
> We could replace maxsz entirely with sizeof(*data)
will do.
>
> > + return -EFAULT;
> > +
> > + return iommu_check_bind_data(data);
> > +}
> > +
> > +int iommu_sva_bind_gpasid(struct iommu_domain *domain, struct
> > device *dev,
> > + void __user
> > *udata)
>
> iommu_uapi_sva_bind_gpasid(...
>
will do. make naming consistent for all UAPIs.
> > +{
> > +
> > + struct iommu_gpasid_bind_data data;
>
> = { 0 }
>
yes, callee does not need to zero out the data.
> > + int ret;
> > +
> > if (unlikely(!domain->ops->sva_bind_gpasid))
> > return -ENODEV;
> >
> > - return domain->ops->sva_bind_gpasid(domain, dev, data);
> > + ret = iommu_sva_prepare_bind_data(udata, &data);
> > + if (ret)
> > + return ret;
> > +
> > + return domain->ops->sva_bind_gpasid(domain, dev, &data);
> > }
> > EXPORT_SYMBOL_GPL(iommu_sva_bind_gpasid);
> >
> > int iommu_sva_unbind_gpasid(struct iommu_domain *domain, struct
> > device *dev,
> > - ioasid_t pasid)
> > + struct iommu_gpasid_bind_data *data)
> > {
> > if (unlikely(!domain->ops->sva_unbind_gpasid))
> > return -ENODEV;
> >
> > - return domain->ops->sva_unbind_gpasid(dev, pasid);
> > + return domain->ops->sva_unbind_gpasid(dev, data->hpasid);
> > }
> > EXPORT_SYMBOL_GPL(iommu_sva_unbind_gpasid);
> >
> > +int iommu_uapi_sva_unbind_gpasid(struct iommu_domain *domain,
> > struct device *dev,
> > + void __user *udata)
> > +{
> > + struct iommu_gpasid_bind_data data;
>
> = { 0 };
Ditto
>
> > + int ret;
> > +
> > + if (unlikely(!domain->ops->sva_bind_gpasid))
> > + return -ENODEV;
> > +
> > + ret = iommu_sva_prepare_bind_data(udata, &data);
> > + if (ret)
> > + return ret;
> > +
> > + return iommu_sva_unbind_gpasid(domain, dev, &data);
> > +}
> > +EXPORT_SYMBOL_GPL(iommu_uapi_sva_unbind_gpasid);
> > +
> > static void __iommu_detach_device(struct iommu_domain *domain,
> > struct device *dev)
> > {
> > diff --git a/include/linux/iommu.h b/include/linux/iommu.h
> > index 5f0b7859d2eb..439f34a7b5b2 100644
> > --- a/include/linux/iommu.h
> > +++ b/include/linux/iommu.h
> > @@ -432,11 +432,14 @@ extern void iommu_detach_device(struct
> > iommu_domain *domain, struct device *dev);
> > extern int iommu_cache_invalidate(struct iommu_domain *domain,
>
> uapi
got it.
>
> > struct device *dev,
> > - struct
> > iommu_cache_invalidate_info *inv_info);
> > + void __user *uinfo);
> > +
> > extern int iommu_sva_bind_gpasid(struct iommu_domain *domain,
>
> uapi
>
got it.
> > - struct device *dev, struct iommu_gpasid_bind_data
> > *data);
> > + struct device *dev, void __user
> > *udata); +extern int iommu_uapi_sva_unbind_gpasid(struct
> > iommu_domain *domain,
> > + struct device *dev, void
> > __user *udata); extern int iommu_sva_unbind_gpasid(struct
> > iommu_domain *domain,
> > - struct device *dev, ioasid_t
> > pasid);
> > + struct device *dev, struct
> > iommu_gpasid_bind_data *data); extern struct iommu_domain
> > *iommu_get_domain_for_dev(struct device *dev); extern struct
> > iommu_domain *iommu_get_dma_domain(struct device *dev); extern int
> > iommu_map(struct iommu_domain *domain, unsigned long iova, @@
> > -1062,13 +1065,20 @@ iommu_cache_invalidate(struct iommu_domain
> > *domain, return -ENODEV; }
> > static inline int iommu_sva_bind_gpasid(struct iommu_domain
> > *domain,
> > - struct device *dev, struct
> > iommu_gpasid_bind_data *data)
> > + struct device *dev, void __user
> > *udata) {
> > return -ENODEV;
> > }
> >
> > static inline int iommu_sva_unbind_gpasid(struct iommu_domain
> > *domain,
> > - struct device *dev, int
> > pasid)
> > + struct device *dev,
> > void __user *udata) +{
> > + return -ENODEV;
> > +}
> > +
> > +static inline int __iommu_sva_unbind_gpasid(struct iommu_domain
> > *domain,
>
>
> These don't match the previous semantics. Thanks,
>
My mistake, will fix.
Thanks
> Alex
>
> > + struct device *dev,
> > + struct
> > iommu_gpasid_bind_data *data) {
> > return -ENODEV;
> > }
>
[Jacob Pan]
WARNING: multiple messages have this Message-ID (diff)
From: Jacob Pan <jacob.jun.pan@linux.intel.com>
To: Alex Williamson <alex.williamson@redhat.com>
Cc: "Tian, Kevin" <kevin.tian@intel.com>,
Raj Ashok <ashok.raj@intel.com>, Jonathan Corbet <corbet@lwn.net>,
Jean-Philippe Brucker <jean-philippe@linaro.com>,
LKML <linux-kernel@vger.kernel.org>,
Christoph Hellwig <hch@infradead.org>,
iommu@lists.linux-foundation.org,
David Woodhouse <dwmw2@infradead.org>
Subject: Re: [PATCH v5 4/5] iommu/uapi: Handle data and argsz filled by users
Date: Tue, 21 Jul 2020 16:18:12 -0700 [thread overview]
Message-ID: <20200721161812.3ca8cf63@jacob-builder> (raw)
In-Reply-To: <20200717135954.6ddbbac9@x1.home>
On Fri, 17 Jul 2020 13:59:54 -0600
Alex Williamson <alex.williamson@redhat.com> wrote:
> On Thu, 16 Jul 2020 11:45:16 -0700
> Jacob Pan <jacob.jun.pan@linux.intel.com> wrote:
>
> > IOMMU UAPI data has a user filled argsz field which indicates the
> > data length comes with the API call. User data is not trusted,
> > argsz must be validated based on the current kernel data size,
> > mandatory data size, and feature flags.
> >
> > User data may also be extended, results in possible argsz increase.
> > Backward compatibility is ensured based on size and flags checking.
> >
> > This patch adds sanity checks in the IOMMU layer. In addition to
> > argsz, reserved/unused fields in padding, flags, and version are
> > also checked. Details are documented in
> > Documentation/userspace-api/iommu.rst
> >
> > Signed-off-by: Liu Yi L <yi.l.liu@intel.com>
> > Signed-off-by: Jacob Pan <jacob.jun.pan@linux.intel.com>
> > ---
> > drivers/iommu/iommu.c | 192
> > ++++++++++++++++++++++++++++++++++++++++++++++++--
> > include/linux/iommu.h | 20 ++++-- 2 files changed, 200
> > insertions(+), 12 deletions(-)
> >
> > diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
> > index d43120eb1dc5..fe30a940d19e 100644
> > --- a/drivers/iommu/iommu.c
> > +++ b/drivers/iommu/iommu.c
> > @@ -1950,36 +1950,214 @@ int iommu_attach_device(struct
> > iommu_domain *domain, struct device *dev) }
> > EXPORT_SYMBOL_GPL(iommu_attach_device);
> >
> > +/*
> > + * Check flags and other user privided data for valid
> > combinations. We also
> > + * make sure no reserved fields or unused flags are not set. This
> > is to ensure
> > + * not breaking userspace in the future when these fields or flags
> > are used.
> > + */
> > +static int iommu_check_cache_invl_data(struct
> > iommu_cache_invalidate_info *info) +{
> > + u32 mask;
> > +
> > + if (info->version != IOMMU_CACHE_INVALIDATE_INFO_VERSION_1)
> > + return -EINVAL;
> > +
> > + mask = (1 << IOMMU_CACHE_INV_TYPE_NR) - 1;
> > + if (info->cache & ~mask)
> > + return -EINVAL;
> > +
> > + if (info->granularity >= IOMMU_INV_GRANU_NR)
> > + return -EINVAL;
> > +
> > + switch (info->granularity) {
> > + case IOMMU_INV_GRANU_ADDR:
> > + mask = IOMMU_INV_ADDR_FLAGS_PASID |
> > + IOMMU_INV_ADDR_FLAGS_ARCHID |
> > + IOMMU_INV_ADDR_FLAGS_LEAF;
> > +
> > + if (info->granu.addr_info.flags & ~mask)
> > + return -EINVAL;
> > + break;
> > + case IOMMU_INV_GRANU_PASID:
> > + mask = IOMMU_INV_PASID_FLAGS_PASID |
> > + IOMMU_INV_PASID_FLAGS_ARCHID;
> > + if (info->granu.pasid_info.flags & ~mask)
> > + return -EINVAL;
> > +
> > + break;
> > + case IOMMU_INV_GRANU_DOMAIN:
> > + /* No flags to check */
> > + break;
> > + default:
> > + return -EINVAL;
> > + }
> > +
> > + if (info->padding[0] || info->padding[1])
> > + return -EINVAL;
> > +
> > + return 0;
> > +}
> > +
> > int iommu_cache_invalidate(struct iommu_domain *domain, struct
> > device *dev,
> > - struct iommu_cache_invalidate_info
> > *inv_info)
> > + void __user *uinfo)
> > {
> > + struct iommu_cache_invalidate_info inv_info = { 0 };
> > + u32 minsz, maxsz;
> > + int ret = 0;
> > +
> > if (unlikely(!domain->ops->cache_invalidate))
> > return -ENODEV;
> >
> > - return domain->ops->cache_invalidate(domain, dev,
> > inv_info);
> > + /* Current kernel data size is the max to be copied from
> > user */
> > + maxsz = sizeof(struct iommu_cache_invalidate_info);
> > +
> > + /*
> > + * No new spaces can be added before the variable sized
> > union, the
> > + * minimum size is the offset to the union.
> > + */
> > + minsz = offsetof(struct iommu_cache_invalidate_info,
> > granu); +
> > + /* Copy minsz from user to get flags and argsz */
> > + if (copy_from_user(&inv_info, uinfo, minsz))
> > + return -EFAULT;
> > +
> > + /* Fields before variable size union is mandatory */
> > + if (inv_info.argsz < minsz)
> > + return -EINVAL;
> > +
> > + /* PASID and address granu requires additional info beyond
> > minsz */
> > + if (inv_info.argsz == minsz &&
> > + ((inv_info.granularity == IOMMU_INV_GRANU_PASID) ||
> > + (inv_info.granularity ==
> > IOMMU_INV_GRANU_ADDR)))
> > + return -EINVAL;
> > + /*
> > + * User might be using a newer UAPI header which has a
> > larger data
> > + * size, we shall support the existing flags within the
> > current
> > + * size. Copy the remaining user data _after_ minsz but
> > not more
> > + * than the current kernel supported size.
> > + */
> > + if (copy_from_user((void *)&inv_info + minsz, uinfo +
> > minsz,
> > + min(inv_info.argsz, maxsz) -
> > minsz))
> > + return -EFAULT;
>
> To further clarify previous comments about maxsz usage:
>
> s/maxsz/sizeof(inv_info)/
>
Yes, will remove maxsz.
> > +
> > + /* Now the argsz is validated, check the content */
> > + ret = iommu_check_cache_invl_data(&inv_info);
> > + if (ret)
> > + return ret;
> > +
> > + return domain->ops->cache_invalidate(domain, dev,
> > &inv_info); }
> > EXPORT_SYMBOL_GPL(iommu_cache_invalidate);
>
>
> Remainder of comments for above provided in 1/5.
>
Got it.
> >
> > -int iommu_sva_bind_gpasid(struct iommu_domain *domain,
> > - struct device *dev, struct
> > iommu_gpasid_bind_data *data) +
> > +static int iommu_check_bind_data(struct iommu_gpasid_bind_data
> > *data) {
> > + u32 mask;
> > + int i;
> > +
> > + if (data->version != IOMMU_GPASID_BIND_VERSION_1)
> > + return -EINVAL;
> > +
> > + /* Check all supported format, for now just VT-d */
> > + mask = IOMMU_PASID_FORMAT_INTEL_VTD;
> > + if (data->format & ~mask)
> > + return -EINVAL;
> > +
> > + /* Check all flags */
> > + mask = IOMMU_SVA_GPASID_VAL;
> > + if (data->flags & ~mask)
> > + return -EINVAL;
> > +
> > + /* Check reserved padding fields */
> > + for (i = 0; i < 12; i++) {
> > + if (data->padding[i])
> > + return -EINVAL;
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +static int iommu_sva_prepare_bind_data(void __user *udata,
> > + struct
> > iommu_gpasid_bind_data *data) +{
> > + u32 minsz, maxsz;
> > +
> > + /* Current kernel data size is the max to be copied from
> > user */
> > + maxsz = sizeof(struct iommu_gpasid_bind_data);
> > + memset((void *)data, 0, maxsz);
>
> Let the caller pass a zero'd structure.
>
Sounds good.
> > +
> > + /*
> > + * No new spaces can be added before the variable sized
> > union, the
> > + * minimum size is the offset to the union.
> > + */
> > + minsz = offsetof(struct iommu_gpasid_bind_data, vendor);
> > +
> > + /* Copy minsz from user to get flags and argsz */
> > + if (copy_from_user(data, udata, minsz))
> > + return -EFAULT;
> > +
> > + /* Fields before variable size union is mandatory */
> > + if (data->argsz < minsz)
> > + return -EINVAL;
> > + /*
> > + * User might be using a newer UAPI header, we shall let
> > IOMMU vendor
> > + * driver decide on what size it needs. Since the guest
> > PASID bind data
> > + * can be vendor specific, larger argsz could be the
> > result of extension
> > + * for one vendor but it should not affect another vendor.
> > + * Copy the remaining user data _after_ minsz
> > + */
> > + if (copy_from_user((void *)data + minsz, udata + minsz,
> > + min(data->argsz, maxsz) - minsz))
>
>
> We could replace maxsz entirely with sizeof(*data)
will do.
>
> > + return -EFAULT;
> > +
> > + return iommu_check_bind_data(data);
> > +}
> > +
> > +int iommu_sva_bind_gpasid(struct iommu_domain *domain, struct
> > device *dev,
> > + void __user
> > *udata)
>
> iommu_uapi_sva_bind_gpasid(...
>
will do. make naming consistent for all UAPIs.
> > +{
> > +
> > + struct iommu_gpasid_bind_data data;
>
> = { 0 }
>
yes, callee does not need to zero out the data.
> > + int ret;
> > +
> > if (unlikely(!domain->ops->sva_bind_gpasid))
> > return -ENODEV;
> >
> > - return domain->ops->sva_bind_gpasid(domain, dev, data);
> > + ret = iommu_sva_prepare_bind_data(udata, &data);
> > + if (ret)
> > + return ret;
> > +
> > + return domain->ops->sva_bind_gpasid(domain, dev, &data);
> > }
> > EXPORT_SYMBOL_GPL(iommu_sva_bind_gpasid);
> >
> > int iommu_sva_unbind_gpasid(struct iommu_domain *domain, struct
> > device *dev,
> > - ioasid_t pasid)
> > + struct iommu_gpasid_bind_data *data)
> > {
> > if (unlikely(!domain->ops->sva_unbind_gpasid))
> > return -ENODEV;
> >
> > - return domain->ops->sva_unbind_gpasid(dev, pasid);
> > + return domain->ops->sva_unbind_gpasid(dev, data->hpasid);
> > }
> > EXPORT_SYMBOL_GPL(iommu_sva_unbind_gpasid);
> >
> > +int iommu_uapi_sva_unbind_gpasid(struct iommu_domain *domain,
> > struct device *dev,
> > + void __user *udata)
> > +{
> > + struct iommu_gpasid_bind_data data;
>
> = { 0 };
Ditto
>
> > + int ret;
> > +
> > + if (unlikely(!domain->ops->sva_bind_gpasid))
> > + return -ENODEV;
> > +
> > + ret = iommu_sva_prepare_bind_data(udata, &data);
> > + if (ret)
> > + return ret;
> > +
> > + return iommu_sva_unbind_gpasid(domain, dev, &data);
> > +}
> > +EXPORT_SYMBOL_GPL(iommu_uapi_sva_unbind_gpasid);
> > +
> > static void __iommu_detach_device(struct iommu_domain *domain,
> > struct device *dev)
> > {
> > diff --git a/include/linux/iommu.h b/include/linux/iommu.h
> > index 5f0b7859d2eb..439f34a7b5b2 100644
> > --- a/include/linux/iommu.h
> > +++ b/include/linux/iommu.h
> > @@ -432,11 +432,14 @@ extern void iommu_detach_device(struct
> > iommu_domain *domain, struct device *dev);
> > extern int iommu_cache_invalidate(struct iommu_domain *domain,
>
> uapi
got it.
>
> > struct device *dev,
> > - struct
> > iommu_cache_invalidate_info *inv_info);
> > + void __user *uinfo);
> > +
> > extern int iommu_sva_bind_gpasid(struct iommu_domain *domain,
>
> uapi
>
got it.
> > - struct device *dev, struct iommu_gpasid_bind_data
> > *data);
> > + struct device *dev, void __user
> > *udata); +extern int iommu_uapi_sva_unbind_gpasid(struct
> > iommu_domain *domain,
> > + struct device *dev, void
> > __user *udata); extern int iommu_sva_unbind_gpasid(struct
> > iommu_domain *domain,
> > - struct device *dev, ioasid_t
> > pasid);
> > + struct device *dev, struct
> > iommu_gpasid_bind_data *data); extern struct iommu_domain
> > *iommu_get_domain_for_dev(struct device *dev); extern struct
> > iommu_domain *iommu_get_dma_domain(struct device *dev); extern int
> > iommu_map(struct iommu_domain *domain, unsigned long iova, @@
> > -1062,13 +1065,20 @@ iommu_cache_invalidate(struct iommu_domain
> > *domain, return -ENODEV; }
> > static inline int iommu_sva_bind_gpasid(struct iommu_domain
> > *domain,
> > - struct device *dev, struct
> > iommu_gpasid_bind_data *data)
> > + struct device *dev, void __user
> > *udata) {
> > return -ENODEV;
> > }
> >
> > static inline int iommu_sva_unbind_gpasid(struct iommu_domain
> > *domain,
> > - struct device *dev, int
> > pasid)
> > + struct device *dev,
> > void __user *udata) +{
> > + return -ENODEV;
> > +}
> > +
> > +static inline int __iommu_sva_unbind_gpasid(struct iommu_domain
> > *domain,
>
>
> These don't match the previous semantics. Thanks,
>
My mistake, will fix.
Thanks
> Alex
>
> > + struct device *dev,
> > + struct
> > iommu_gpasid_bind_data *data) {
> > return -ENODEV;
> > }
>
[Jacob Pan]
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2020-07-21 23:11 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-16 18:45 [PATCH v5 0/5] IOMMU user API enhancement Jacob Pan
2020-07-16 18:45 ` Jacob Pan
2020-07-16 18:45 ` [PATCH v5 1/5] docs: IOMMU user API Jacob Pan
2020-07-16 18:45 ` Jacob Pan
2020-07-17 13:32 ` Auger Eric
2020-07-17 13:32 ` Auger Eric
2020-07-20 23:06 ` Jacob Pan
2020-07-20 23:06 ` Jacob Pan
2020-07-17 19:37 ` Alex Williamson
2020-07-17 19:37 ` Alex Williamson
2020-07-21 1:46 ` Jacob Pan
2020-07-21 1:46 ` Jacob Pan
2020-07-16 18:45 ` [PATCH v5 2/5] iommu/uapi: Add argsz for user filled data Jacob Pan
2020-07-16 18:45 ` Jacob Pan
2020-07-17 13:44 ` Auger Eric
2020-07-17 13:44 ` Auger Eric
2020-07-21 1:52 ` Jacob Pan
2020-07-21 1:52 ` Jacob Pan
2020-07-16 18:45 ` [PATCH v5 3/5] iommu/uapi: Use named union for user data Jacob Pan
2020-07-16 18:45 ` Jacob Pan
2020-07-17 13:49 ` Auger Eric
2020-07-17 13:49 ` Auger Eric
2020-07-16 18:45 ` [PATCH v5 4/5] iommu/uapi: Handle data and argsz filled by users Jacob Pan
2020-07-16 18:45 ` Jacob Pan
2020-07-17 15:58 ` Auger Eric
2020-07-17 15:58 ` Auger Eric
2020-07-21 22:13 ` Jacob Pan
2020-07-21 22:13 ` Jacob Pan
2020-07-17 19:59 ` Alex Williamson
2020-07-17 19:59 ` Alex Williamson
2020-07-21 23:18 ` Jacob Pan [this message]
2020-07-21 23:18 ` Jacob Pan
2020-07-16 18:45 ` [PATCH v5 5/5] iommu/vt-d: Check UAPI data processed by IOMMU core Jacob Pan
2020-07-16 18:45 ` Jacob Pan
2020-07-17 1:15 ` Lu Baolu
2020-07-17 1:15 ` Lu Baolu
2020-07-17 16:03 ` Auger Eric
2020-07-17 16:03 ` Auger Eric
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200721161812.3ca8cf63@jacob-builder \
--to=jacob.jun.pan@linux.intel.com \
--cc=alex.williamson@redhat.com \
--cc=ashok.raj@intel.com \
--cc=baolu.lu@linux.intel.com \
--cc=corbet@lwn.net \
--cc=dwmw2@infradead.org \
--cc=eric.auger@redhat.com \
--cc=hch@infradead.org \
--cc=iommu@lists.linux-foundation.org \
--cc=jean-philippe@linaro.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=yi.l.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.