From: Baolu Lu <baolu.lu@linux.intel.com>
To: Jacob Pan <jacob.jun.pan@linux.intel.com>
Cc: baolu.lu@linux.intel.com, LKML <linux-kernel@vger.kernel.org>,
iommu@lists.linux.dev, Jason Gunthorpe <jgg@nvidia.com>,
Joerg Roedel <joro@8bytes.org>,
dmaengine@vger.kernel.org, vkoul@kernel.org,
Robin Murphy <robin.murphy@arm.com>,
Will Deacon <will@kernel.org>,
David Woodhouse <dwmw2@infradead.org>,
Raj Ashok <ashok.raj@intel.com>,
"Tian, Kevin" <kevin.tian@intel.com>, Yi Liu <yi.l.liu@intel.com>,
"Yu, Fenghua" <fenghua.yu@intel.com>,
Dave Jiang <dave.jiang@intel.com>,
Tony Luck <tony.luck@intel.com>,
"Zanussi, Tom" <tom.zanussi@intel.com>
Subject: Re: [PATCH v2 7/8] iommu: Export iommu_get_dma_domain
Date: Wed, 29 Mar 2023 14:28:51 +0800 [thread overview]
Message-ID: <5d22bbeb-8630-9aa2-bc49-32b391ae577e@linux.intel.com> (raw)
In-Reply-To: <20230328084855.7b9cd981@jacob-builder>
On 3/28/23 11:48 PM, Jacob Pan wrote:
> On Tue, 28 Mar 2023 14:04:15 +0800, Baolu Lu<baolu.lu@linux.intel.com>
> wrote:
>
>> On 3/28/23 7:21 AM, Jacob Pan wrote:
>>> Devices that use ENQCMDS to submit work needs to retrieve its DMA
>>> domain. It can then attach PASID to the DMA domain for shared mapping
>>> (with RID) established by DMA API.
>>>
>>> Signed-off-by: Jacob Pan<jacob.jun.pan@linux.intel.com>
>>> ---
>>> drivers/iommu/iommu.c | 1 +
>>> include/linux/iommu.h | 5 +++++
>>> 2 files changed, 6 insertions(+)
>>>
>>> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
>>> index 10db680acaed..c51d343a75d2 100644
>>> --- a/drivers/iommu/iommu.c
>>> +++ b/drivers/iommu/iommu.c
>>> @@ -2118,6 +2118,7 @@ struct iommu_domain *iommu_get_dma_domain(struct
>>> device *dev) {
>>> return dev->iommu_group->default_domain;
>>> }
>>> +EXPORT_SYMBOL_GPL(iommu_get_dma_domain);
>> Directly exporting this function for external use seems unsafe. If the
>> caller is the kernel driver for this device, it's fine because default
>> domain remains unchanged during the life cycle of the driver. Otherwise,
>> using this function may cause UAF. Keep in mind that group's default
>> domain could be changed through sysfs.
> don't you have to unload the driver?
Yes, of cause.
Hence, the getting domain interfaces are only safe to be used in the
driver of the device.
Best regards,
baolu
next prev parent reply other threads:[~2023-03-29 6:28 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-27 23:21 [PATCH v2 0/8] Re-enable IDXD kernel workqueue under DMA API Jacob Pan
2023-03-27 23:21 ` [PATCH v2 1/8] iommu/vt-d: Use non-privileged mode for all PASIDs Jacob Pan
2023-03-28 4:55 ` Baolu Lu
2023-03-27 23:21 ` [PATCH v2 2/8] iommu/vt-d: Remove PASID supervisor request support Jacob Pan
2023-03-28 4:59 ` Baolu Lu
2023-03-27 23:21 ` [PATCH v2 3/8] iommu/sva: Support reservation of global SVA PASIDs Jacob Pan
2023-03-28 5:11 ` Baolu Lu
2023-03-28 15:21 ` Jacob Pan
2023-03-28 7:35 ` Tian, Kevin
2023-03-28 15:31 ` Jacob Pan
2023-03-28 15:55 ` Jason Gunthorpe
2023-03-28 16:32 ` Jacob Pan
2023-03-27 23:21 ` [PATCH v2 4/8] iommu/vt-d: Reserve RID_PASID from global SVA PASID space Jacob Pan
2023-03-28 5:20 ` Baolu Lu
2023-03-28 16:29 ` Jacob Pan
2023-03-28 20:52 ` Jacob Pan
2023-03-29 6:13 ` Baolu Lu
2023-03-29 8:20 ` Vasant Hegde
2023-03-27 23:21 ` [PATCH v2 5/8] iommu/vt-d: Make device pasid attachment explicit Jacob Pan
2023-03-28 5:49 ` Baolu Lu
2023-03-28 7:44 ` Tian, Kevin
2023-03-28 20:39 ` Jacob Pan
2023-03-29 6:18 ` Baolu Lu
2023-03-27 23:21 ` [PATCH v2 6/8] iommu/vt-d: Implement set_dev_pasid domain op Jacob Pan
2023-03-28 7:47 ` Tian, Kevin
2023-03-28 15:40 ` Jacob Pan
2023-03-29 3:04 ` Tian, Kevin
2023-03-29 6:22 ` Baolu Lu
2023-03-27 23:21 ` [PATCH v2 7/8] iommu: Export iommu_get_dma_domain Jacob Pan
2023-03-28 6:04 ` Baolu Lu
2023-03-28 7:52 ` Tian, Kevin
2023-03-28 15:48 ` Jacob Pan
2023-03-28 16:19 ` Jason Gunthorpe
2023-03-28 17:25 ` Jacob Pan
2023-03-28 15:48 ` Jacob Pan
2023-03-29 6:28 ` Baolu Lu [this message]
2023-03-27 23:21 ` [PATCH v2 8/8] dmaengine/idxd: Re-enable kernel workqueue under DMA API Jacob Pan
2023-03-28 18:16 ` Fenghua Yu
2023-03-28 20:23 ` Jacob Pan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5d22bbeb-8630-9aa2-bc49-32b391ae577e@linux.intel.com \
--to=baolu.lu@linux.intel.com \
--cc=ashok.raj@intel.com \
--cc=dave.jiang@intel.com \
--cc=dmaengine@vger.kernel.org \
--cc=dwmw2@infradead.org \
--cc=fenghua.yu@intel.com \
--cc=iommu@lists.linux.dev \
--cc=jacob.jun.pan@linux.intel.com \
--cc=jgg@nvidia.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=robin.murphy@arm.com \
--cc=tom.zanussi@intel.com \
--cc=tony.luck@intel.com \
--cc=vkoul@kernel.org \
--cc=will@kernel.org \
--cc=yi.l.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.