From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 33FFCECE561 for ; Mon, 24 Sep 2018 12:08:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id ED57C20877 for ; Mon, 24 Sep 2018 12:08:09 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org ED57C20877 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-pci-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729625AbeIXSJ4 (ORCPT ); Mon, 24 Sep 2018 14:09:56 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:33522 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728516AbeIXSJz (ORCPT ); Mon, 24 Sep 2018 14:09:55 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8E0BB1596; Mon, 24 Sep 2018 05:08:07 -0700 (PDT) Received: from [10.4.12.111] (ostrya.Emea.Arm.com [10.4.12.111]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1213A3F6A8; Mon, 24 Sep 2018 05:08:03 -0700 (PDT) Subject: Re: [PATCH v3 02/10] iommu/sva: Bind process address spaces to devices To: Lu Baolu , "iommu@lists.linux-foundation.org" Cc: "joro@8bytes.org" , "linux-pci@vger.kernel.org" , "jcrouse@codeaurora.org" , "alex.williamson@redhat.com" , "Jonathan.Cameron@huawei.com" , "jacob.jun.pan@linux.intel.com" , "christian.koenig@amd.com" , "eric.auger@redhat.com" , "kevin.tian@intel.com" , "yi.l.liu@intel.com" , Andrew Murray , Will Deacon , Robin Murphy , "ashok.raj@intel.com" , "xuzaibo@huawei.com" , "liguozhu@hisilicon.com" , "okaya@codeaurora.org" , "bharatku@xilinx.com" , "ilias.apalodimas@linaro.org" , "shunyong.yang@hxt-semitech.com" References: <20180920170046.20154-1-jean-philippe.brucker@arm.com> <20180920170046.20154-3-jean-philippe.brucker@arm.com> From: Jean-Philippe Brucker Message-ID: <7cbd503a-c79e-3c40-7388-ce6c23f7f536@arm.com> Date: Mon, 24 Sep 2018 13:07:47 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-pci-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-pci@vger.kernel.org On 23/09/2018 04:05, Lu Baolu wrote: > Hi, > > On 09/21/2018 01:00 AM, Jean-Philippe Brucker wrote: >> Add bind() and unbind() operations to the IOMMU API. Bind() returns a >> PASID that drivers can program in hardware, to let their devices access an >> mm. This patch only adds skeletons for the device driver API, most of the >> implementation is still missing. > > Is it possible that a malicious process can unbind a pasid which is > used by another normal process? Yes, it's up to the device driver that calls unbind() to check that the caller is allowed to unbind this PASID. We can't do it ourselves since unbind() could also be called from a kernel thread for example from a cleanup function in some workqueue, outside the context of the process to unbind. Thanks, Jean > > It might happen in below sequence: > > > Process A                       Process B > =========                       ========= > iommu_sva_init_device(dev) > iommu_sva_bind_device(dev) > .... > device access mm of A with > #PASID returned above > .... >                                 iommu_sva_unbind_device(dev, #PASID) > .... > [unrecoverable errors] > > I didn't have a thorough consideration of this. Sorry if this has been > prevented. > > Best regards, > Lu Baolu From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jean-Philippe Brucker Subject: Re: [PATCH v3 02/10] iommu/sva: Bind process address spaces to devices Date: Mon, 24 Sep 2018 13:07:47 +0100 Message-ID: <7cbd503a-c79e-3c40-7388-ce6c23f7f536@arm.com> References: <20180920170046.20154-1-jean-philippe.brucker@arm.com> <20180920170046.20154-3-jean-philippe.brucker@arm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: Content-Language: en-US List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Lu Baolu , "iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org" Cc: "kevin.tian-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org" , "ashok.raj-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org" , "linux-pci-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , "ilias.apalodimas-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org" , Will Deacon , "okaya-sgV2jX0FEOL9JmXXK+q4OQ@public.gmane.org" , "alex.williamson-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org" , "liguozhu-C8/M+/jPZTeaMJb+Lgu22Q@public.gmane.org" , Robin Murphy , "christian.koenig-5C7GfCeVMHo@public.gmane.org" List-Id: iommu@lists.linux-foundation.org T24gMjMvMDkvMjAxOCAwNDowNSwgTHUgQmFvbHUgd3JvdGU6Cj4gSGksCj4gCj4gT24gMDkvMjEv MjAxOCAwMTowMCBBTSwgSmVhbi1QaGlsaXBwZSBCcnVja2VyIHdyb3RlOgo+PiBBZGQgYmluZCgp IGFuZCB1bmJpbmQoKSBvcGVyYXRpb25zIHRvIHRoZSBJT01NVSBBUEkuIEJpbmQoKSByZXR1cm5z IGEKPj4gUEFTSUQgdGhhdCBkcml2ZXJzIGNhbiBwcm9ncmFtIGluIGhhcmR3YXJlLCB0byBsZXQg dGhlaXIgZGV2aWNlcyBhY2Nlc3MgYW4KPj4gbW0uIFRoaXMgcGF0Y2ggb25seSBhZGRzIHNrZWxl dG9ucyBmb3IgdGhlIGRldmljZSBkcml2ZXIgQVBJLCBtb3N0IG9mIHRoZQo+PiBpbXBsZW1lbnRh dGlvbiBpcyBzdGlsbCBtaXNzaW5nLgo+IAo+IElzIGl0IHBvc3NpYmxlIHRoYXQgYSBtYWxpY2lv dXMgcHJvY2VzcyBjYW4gdW5iaW5kIGEgcGFzaWQgd2hpY2ggaXMKPiB1c2VkIGJ5IGFub3RoZXIg bm9ybWFsIHByb2Nlc3M/CgpZZXMsIGl0J3MgdXAgdG8gdGhlIGRldmljZSBkcml2ZXIgdGhhdCBj YWxscyB1bmJpbmQoKSB0byBjaGVjayB0aGF0IHRoZQpjYWxsZXIgaXMgYWxsb3dlZCB0byB1bmJp bmQgdGhpcyBQQVNJRC4gV2UgY2FuJ3QgZG8gaXQgb3Vyc2VsdmVzIHNpbmNlCnVuYmluZCgpIGNv dWxkIGFsc28gYmUgY2FsbGVkIGZyb20gYSBrZXJuZWwgdGhyZWFkIGZvciBleGFtcGxlIGZyb20g YQpjbGVhbnVwIGZ1bmN0aW9uIGluIHNvbWUgd29ya3F1ZXVlLCBvdXRzaWRlIHRoZSBjb250ZXh0 IG9mIHRoZSBwcm9jZXNzCnRvIHVuYmluZC4KClRoYW5rcywKSmVhbgoKPiAKPiBJdCBtaWdodCBo YXBwZW4gaW4gYmVsb3cgc2VxdWVuY2U6Cj4gCj4gCj4gUHJvY2VzcyBBwqDCoMKgwqDCoMKgwqDC oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgUHJvY2VzcyBCCj4gPT09PT09PT09wqDCoMKg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgPT09PT09PT09Cj4gaW9tbXVf c3ZhX2luaXRfZGV2aWNlKGRldikKPiBpb21tdV9zdmFfYmluZF9kZXZpY2UoZGV2KQo+IC4uLi4K PiBkZXZpY2UgYWNjZXNzIG1tIG9mIEEgd2l0aAo+ICNQQVNJRCByZXR1cm5lZCBhYm92ZQo+IC4u Li4KPiDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKg wqDCoMKgwqDCoCBpb21tdV9zdmFfdW5iaW5kX2RldmljZShkZXYsICNQQVNJRCkKPiAuLi4uCj4g W3VucmVjb3ZlcmFibGUgZXJyb3JzXQo+IAo+IEkgZGlkbid0IGhhdmUgYSB0aG9yb3VnaCBjb25z aWRlcmF0aW9uIG9mIHRoaXMuIFNvcnJ5IGlmIHRoaXMgaGFzIGJlZW4KPiBwcmV2ZW50ZWQuCj4g Cj4gQmVzdCByZWdhcmRzLAo+IEx1IEJhb2x1Cl9fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fCmlvbW11IG1haWxpbmcgbGlzdAppb21tdUBsaXN0cy5saW51eC1m b3VuZGF0aW9uLm9yZwpodHRwczovL2xpc3RzLmxpbnV4Zm91bmRhdGlvbi5vcmcvbWFpbG1hbi9s aXN0aW5mby9pb21tdQ==