From: Lu Baolu <baolu.lu@linux.intel.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Joerg Roedel <joro@8bytes.org>,
Alex Williamson <alex.williamson@redhat.com>,
Bjorn Helgaas <bhelgaas@google.com>,
Jason Gunthorpe <jgg@nvidia.com>,
Christoph Hellwig <hch@infradead.org>,
Kevin Tian <kevin.tian@intel.com>,
Ashok Raj <ashok.raj@intel.com>
Cc: Will Deacon <will@kernel.org>,
Robin Murphy <robin.murphy@arm.com>,
Dan Williams <dan.j.williams@intel.com>,
rafael@kernel.org, Diana Craciun <diana.craciun@oss.nxp.com>,
Cornelia Huck <cohuck@redhat.com>,
Eric Auger <eric.auger@redhat.com>, Liu Yi L <yi.l.liu@intel.com>,
Jacob jun Pan <jacob.jun.pan@intel.com>,
Chaitanya Kulkarni <kch@nvidia.com>,
Stuart Yoder <stuyoder@gmail.com>,
Laurentiu Tudor <laurentiu.tudor@nxp.com>,
Thierry Reding <thierry.reding@gmail.com>,
David Airlie <airlied@linux.ie>, Daniel Vetter <daniel@ffwll.ch>,
Jonathan Hunter <jonathanh@nvidia.com>,
Li Yang <leoyang.li@nxp.com>, Dmitry Osipenko <digetx@gmail.com>,
iommu@lists.linux-foundation.org, linux-pci@vger.kernel.org,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Lu Baolu <baolu.lu@linux.intel.com>
Subject: [PATCH v8 02/11] driver core: Add dma_cleanup callback in bus_type
Date: Tue, 8 Mar 2022 13:44:12 +0800 [thread overview]
Message-ID: <20220308054421.847385-3-baolu.lu@linux.intel.com> (raw)
In-Reply-To: <20220308054421.847385-1-baolu.lu@linux.intel.com>
The bus_type structure defines dma_configure() callback for bus drivers
to configure DMA on the devices. This adds the paired dma_cleanup()
callback and calls it during driver unbinding so that bus drivers can do
some cleanup work.
One use case for this paired DMA callbacks is for the bus driver to check
for DMA ownership conflicts during driver binding, where multiple devices
belonging to a same IOMMU group (the minimum granularity of isolation and
protection) may be assigned to kernel drivers or user space respectively.
Without this change, for example, the vfio driver has to listen to a bus
BOUND_DRIVER event and then BUG_ON() in case of dma ownership conflict.
This leads to bad user experience since careless driver binding operation
may crash the system if the admin overlooks the group restriction. Aside
from bad design, this leads to a security problem as a root user, even with
lockdown=integrity, can force the kernel to BUG.
With this change, the bus driver could check and set the DMA ownership in
driver binding process and fail on ownership conflicts. The DMA ownership
should be released during driver unbinding.
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
---
include/linux/device/bus.h | 3 +++
drivers/base/dd.c | 5 +++++
2 files changed, 8 insertions(+)
diff --git a/include/linux/device/bus.h b/include/linux/device/bus.h
index a039ab809753..d8b29ccd07e5 100644
--- a/include/linux/device/bus.h
+++ b/include/linux/device/bus.h
@@ -59,6 +59,8 @@ struct fwnode_handle;
* bus supports.
* @dma_configure: Called to setup DMA configuration on a device on
* this bus.
+ * @dma_cleanup: Called to cleanup DMA configuration on a device on
+ * this bus.
* @pm: Power management operations of this bus, callback the specific
* device driver's pm-ops.
* @iommu_ops: IOMMU specific operations for this bus, used to attach IOMMU
@@ -103,6 +105,7 @@ struct bus_type {
int (*num_vf)(struct device *dev);
int (*dma_configure)(struct device *dev);
+ void (*dma_cleanup)(struct device *dev);
const struct dev_pm_ops *pm;
diff --git a/drivers/base/dd.c b/drivers/base/dd.c
index f47cab21430f..7c3c9b4c3deb 100644
--- a/drivers/base/dd.c
+++ b/drivers/base/dd.c
@@ -665,6 +665,8 @@ static int really_probe(struct device *dev, struct device_driver *drv)
if (dev->bus)
blocking_notifier_call_chain(&dev->bus->p->bus_notifier,
BUS_NOTIFY_DRIVER_NOT_BOUND, dev);
+ if (dev->bus && dev->bus->dma_cleanup)
+ dev->bus->dma_cleanup(dev);
pinctrl_bind_failed:
device_links_no_driver(dev);
devres_release_all(dev);
@@ -1208,6 +1210,9 @@ static void __device_release_driver(struct device *dev, struct device *parent)
else if (drv->remove)
drv->remove(dev);
+ if (dev->bus && dev->bus->dma_cleanup)
+ dev->bus->dma_cleanup(dev);
+
device_links_driver_cleanup(dev);
devres_release_all(dev);
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Lu Baolu <baolu.lu@linux.intel.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Joerg Roedel <joro@8bytes.org>,
Alex Williamson <alex.williamson@redhat.com>,
Bjorn Helgaas <bhelgaas@google.com>,
Jason Gunthorpe <jgg@nvidia.com>,
Christoph Hellwig <hch@infradead.org>,
Kevin Tian <kevin.tian@intel.com>,
Ashok Raj <ashok.raj@intel.com>
Cc: kvm@vger.kernel.org, rafael@kernel.org,
David Airlie <airlied@linux.ie>,
linux-pci@vger.kernel.org,
Thierry Reding <thierry.reding@gmail.com>,
Diana Craciun <diana.craciun@oss.nxp.com>,
Dmitry Osipenko <digetx@gmail.com>, Will Deacon <will@kernel.org>,
Stuart Yoder <stuyoder@gmail.com>,
Jonathan Hunter <jonathanh@nvidia.com>,
Chaitanya Kulkarni <kch@nvidia.com>,
Dan Williams <dan.j.williams@intel.com>,
Cornelia Huck <cohuck@redhat.com>,
linux-kernel@vger.kernel.org, Li Yang <leoyang.li@nxp.com>,
iommu@lists.linux-foundation.org,
Jacob jun Pan <jacob.jun.pan@intel.com>,
Daniel Vetter <daniel@ffwll.ch>,
Robin Murphy <robin.murphy@arm.com>
Subject: [PATCH v8 02/11] driver core: Add dma_cleanup callback in bus_type
Date: Tue, 8 Mar 2022 13:44:12 +0800 [thread overview]
Message-ID: <20220308054421.847385-3-baolu.lu@linux.intel.com> (raw)
In-Reply-To: <20220308054421.847385-1-baolu.lu@linux.intel.com>
The bus_type structure defines dma_configure() callback for bus drivers
to configure DMA on the devices. This adds the paired dma_cleanup()
callback and calls it during driver unbinding so that bus drivers can do
some cleanup work.
One use case for this paired DMA callbacks is for the bus driver to check
for DMA ownership conflicts during driver binding, where multiple devices
belonging to a same IOMMU group (the minimum granularity of isolation and
protection) may be assigned to kernel drivers or user space respectively.
Without this change, for example, the vfio driver has to listen to a bus
BOUND_DRIVER event and then BUG_ON() in case of dma ownership conflict.
This leads to bad user experience since careless driver binding operation
may crash the system if the admin overlooks the group restriction. Aside
from bad design, this leads to a security problem as a root user, even with
lockdown=integrity, can force the kernel to BUG.
With this change, the bus driver could check and set the DMA ownership in
driver binding process and fail on ownership conflicts. The DMA ownership
should be released during driver unbinding.
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
---
include/linux/device/bus.h | 3 +++
drivers/base/dd.c | 5 +++++
2 files changed, 8 insertions(+)
diff --git a/include/linux/device/bus.h b/include/linux/device/bus.h
index a039ab809753..d8b29ccd07e5 100644
--- a/include/linux/device/bus.h
+++ b/include/linux/device/bus.h
@@ -59,6 +59,8 @@ struct fwnode_handle;
* bus supports.
* @dma_configure: Called to setup DMA configuration on a device on
* this bus.
+ * @dma_cleanup: Called to cleanup DMA configuration on a device on
+ * this bus.
* @pm: Power management operations of this bus, callback the specific
* device driver's pm-ops.
* @iommu_ops: IOMMU specific operations for this bus, used to attach IOMMU
@@ -103,6 +105,7 @@ struct bus_type {
int (*num_vf)(struct device *dev);
int (*dma_configure)(struct device *dev);
+ void (*dma_cleanup)(struct device *dev);
const struct dev_pm_ops *pm;
diff --git a/drivers/base/dd.c b/drivers/base/dd.c
index f47cab21430f..7c3c9b4c3deb 100644
--- a/drivers/base/dd.c
+++ b/drivers/base/dd.c
@@ -665,6 +665,8 @@ static int really_probe(struct device *dev, struct device_driver *drv)
if (dev->bus)
blocking_notifier_call_chain(&dev->bus->p->bus_notifier,
BUS_NOTIFY_DRIVER_NOT_BOUND, dev);
+ if (dev->bus && dev->bus->dma_cleanup)
+ dev->bus->dma_cleanup(dev);
pinctrl_bind_failed:
device_links_no_driver(dev);
devres_release_all(dev);
@@ -1208,6 +1210,9 @@ static void __device_release_driver(struct device *dev, struct device *parent)
else if (drv->remove)
drv->remove(dev);
+ if (dev->bus && dev->bus->dma_cleanup)
+ dev->bus->dma_cleanup(dev);
+
device_links_driver_cleanup(dev);
devres_release_all(dev);
--
2.25.1
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2022-03-08 5:46 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-08 5:44 [PATCH v8 00/11] Fix BUG_ON in vfio_iommu_group_notifier() Lu Baolu
2022-03-08 5:44 ` Lu Baolu
2022-03-08 5:44 ` [PATCH v8 01/11] iommu: Add DMA ownership management interfaces Lu Baolu
2022-03-08 5:44 ` Lu Baolu
2022-03-08 13:37 ` Robin Murphy
2022-03-08 13:37 ` Robin Murphy
2022-03-08 5:44 ` Lu Baolu [this message]
2022-03-08 5:44 ` [PATCH v8 02/11] driver core: Add dma_cleanup callback in bus_type Lu Baolu
2022-03-08 5:44 ` [PATCH v8 03/11] amba: Stop sharing platform_dma_configure() Lu Baolu
2022-03-08 5:44 ` Lu Baolu
2022-03-08 5:44 ` [PATCH v8 04/11] bus: platform, amba, fsl-mc, PCI: Add device DMA ownership management Lu Baolu
2022-03-08 5:44 ` [PATCH v8 04/11] bus: platform,amba,fsl-mc,PCI: " Lu Baolu
2022-03-08 13:39 ` Robin Murphy
2022-03-08 13:39 ` Robin Murphy
2022-03-08 5:44 ` [PATCH v8 05/11] PCI: pci_stub: Set driver_managed_dma Lu Baolu
2022-03-08 5:44 ` Lu Baolu
2022-03-08 5:44 ` [PATCH v8 06/11] PCI: portdrv: " Lu Baolu
2022-03-08 5:44 ` Lu Baolu
2022-03-08 5:44 ` [PATCH v8 07/11] vfio: Set DMA ownership for VFIO devices Lu Baolu
2022-03-08 5:44 ` Lu Baolu
2022-03-08 5:44 ` [PATCH v8 08/11] vfio: Remove use of vfio_group_viable() Lu Baolu
2022-03-08 5:44 ` Lu Baolu
2022-03-08 5:44 ` [PATCH v8 09/11] vfio: Delete the unbound_list Lu Baolu
2022-03-08 5:44 ` Lu Baolu
2022-03-08 5:44 ` [PATCH v8 10/11] vfio: Remove iommu group notifier Lu Baolu
2022-03-08 5:44 ` Lu Baolu
2022-03-08 5:44 ` [PATCH v8 11/11] iommu: Remove iommu group changes notifier Lu Baolu
2022-03-08 5:44 ` Lu Baolu
2022-03-10 9:46 ` [PATCH v8 00/11] Fix BUG_ON in vfio_iommu_group_notifier() Eric Auger
2022-03-10 9:46 ` Eric Auger
2022-03-15 0:21 ` Jason Gunthorpe
2022-03-15 0:21 ` Jason Gunthorpe via iommu
2022-04-08 7:57 ` Joerg Roedel
2022-04-08 7:57 ` Joerg Roedel
2022-04-08 12:22 ` Lu Baolu
2022-04-08 12:22 ` Lu Baolu
2022-04-08 12:23 ` Jason Gunthorpe
2022-04-08 12:23 ` Jason Gunthorpe via iommu
2022-04-08 14:00 ` Joerg Roedel
2022-04-08 14:00 ` Joerg Roedel
2022-04-08 14:17 ` Jason Gunthorpe
2022-04-08 14:17 ` Jason Gunthorpe via iommu
2022-04-08 15:37 ` Joerg Roedel
2022-04-08 15:37 ` Joerg Roedel
2022-04-08 15:59 ` Bjorn Helgaas
2022-04-08 15:59 ` Bjorn Helgaas
2022-04-08 16:07 ` Alex Williamson
2022-04-08 16:07 ` Alex Williamson
2022-04-08 20:24 ` Jason Gunthorpe
2022-04-08 20:24 ` Jason Gunthorpe via iommu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220308054421.847385-3-baolu.lu@linux.intel.com \
--to=baolu.lu@linux.intel.com \
--cc=airlied@linux.ie \
--cc=alex.williamson@redhat.com \
--cc=ashok.raj@intel.com \
--cc=bhelgaas@google.com \
--cc=cohuck@redhat.com \
--cc=dan.j.williams@intel.com \
--cc=daniel@ffwll.ch \
--cc=diana.craciun@oss.nxp.com \
--cc=digetx@gmail.com \
--cc=eric.auger@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@infradead.org \
--cc=iommu@lists.linux-foundation.org \
--cc=jacob.jun.pan@intel.com \
--cc=jgg@nvidia.com \
--cc=jonathanh@nvidia.com \
--cc=joro@8bytes.org \
--cc=kch@nvidia.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=laurentiu.tudor@nxp.com \
--cc=leoyang.li@nxp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=rafael@kernel.org \
--cc=robin.murphy@arm.com \
--cc=stuyoder@gmail.com \
--cc=thierry.reding@gmail.com \
--cc=will@kernel.org \
--cc=yi.l.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.