From: Jason Gunthorpe <jgg@nvidia.com>
To: "Tian, Kevin" <kevin.tian@intel.com>
Cc: "Liu, Yi L" <yi.l.liu@intel.com>,
"alex.williamson@redhat.com" <alex.williamson@redhat.com>,
"chao.p.peng@linux.intel.com" <chao.p.peng@linux.intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"yi.y.sun@linux.intel.com" <yi.y.sun@linux.intel.com>,
Matthew Rosato <mjrosato@linux.ibm.com>,
Tony Krowiak <akrowiak@linux.ibm.com>,
Halil Pasic <pasic@linux.ibm.com>,
Jason Herne <jjherne@linux.ibm.com>
Subject: Re: [iommufd 2/2] vfio/ap: validate iova during dma_unmap and trigger irq disable
Date: Thu, 24 Nov 2022 08:59:24 -0400 [thread overview]
Message-ID: <Y39qrCtw0d0dfbLt@nvidia.com> (raw)
In-Reply-To: <BN9PR11MB5276E07F9CB1A006FAC9E4098C0F9@BN9PR11MB5276.namprd11.prod.outlook.com>
On Thu, Nov 24, 2022 at 07:08:06AM +0000, Tian, Kevin wrote:
> > From: Liu, Yi L <yi.l.liu@intel.com>
> > Sent: Wednesday, November 23, 2022 9:49 PM
> >
> > From: Matthew Rosato <mjrosato@linux.ibm.com>
> >
> > vfio_iommufd_bind() creates an access which has an unmap callback, which
> > can be called immediately. So dma_unmap() callback should tolerate the
> > unmaps that come before the emulated device is opened.
> >
> > To achieve above, vfio_ap_mdev_dma_unmap() needs to validate that
> > unmap
> > request matches with one or more of these stashed values before
> > attempting unpins.
> >
> > Currently, each mapped iova is stashed in its associated vfio_ap_queue;
> > Each stashed iova represents IRQ that was enabled for a queue. Therefore,
> > if a match is found, trigger IRQ disable for this queue to ensure that
> > underlying firmware will no longer try to use the associated pfn after
> > the page is unpinned. IRQ disable will also handle the associated unpin.
> >
> > Cc: Tony Krowiak <akrowiak@linux.ibm.com>
> > Cc: Halil Pasic <pasic@linux.ibm.com>
> > Cc: Jason Herne <jjherne@linux.ibm.com>
> > Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
> > Signed-off-by: Yi Liu <yi.l.liu@intel.com>
> > ---
> > drivers/s390/crypto/vfio_ap_ops.c | 24 +++++++++++++++++++++++-
> > 1 file changed, 23 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/s390/crypto/vfio_ap_ops.c
> > b/drivers/s390/crypto/vfio_ap_ops.c
> > index bb7776d20792..62bfca2bbe6d 100644
> > --- a/drivers/s390/crypto/vfio_ap_ops.c
> > +++ b/drivers/s390/crypto/vfio_ap_ops.c
> > @@ -1535,13 +1535,35 @@ static int vfio_ap_mdev_set_kvm(struct
> > ap_matrix_mdev *matrix_mdev,
> > return 0;
> > }
> >
> > +static void unmap_iova(struct ap_matrix_mdev *matrix_mdev, u64 iova,
> > u64 length)
> > +{
> > + struct ap_queue_table *qtable = &matrix_mdev->qtable;
> > + u64 iova_pfn_end = (iova + length - 1) >> PAGE_SHIFT;
> > + u64 iova_pfn_start = iova >> PAGE_SHIFT;
> > + struct vfio_ap_queue *q;
> > + int loop_cursor;
> > + u64 pfn;
> > +
> > + hash_for_each(qtable->queues, loop_cursor, q, mdev_qnode) {
> > + pfn = q->saved_iova >> PAGE_SHIFT;
> > + if (pfn >= iova_pfn_start && pfn <= iova_pfn_end) {
> > + vfio_ap_irq_disable(q);
> > + break;
>
> does this need a WARN_ON if the length is more than one page?
The iova and length are the range being invalidated, the driver has no
control over them and length is probably multiple pages.
But this test doesn't look right?
if (iova > q->saved_iova && q->saved_iova < iova + length)
Since the page was pinned we can assume iova and length are already
PAGE_SIZE aligned.
Jason
next prev parent reply other threads:[~2022-11-24 12:59 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-23 13:48 [iommufd 0/2] Make mdev driver dma_unmap callback tolerant to unmaps come before device open Yi Liu
2022-11-23 13:48 ` [iommufd 1/2] i915/gvt: Move kvmgt_protect_table_init() and gvt_cache_init() into init Yi Liu
2022-11-24 7:07 ` Tian, Kevin
2022-11-24 9:15 ` Yi Liu
2022-11-25 6:04 ` Zhenyu Wang
2022-11-25 9:06 ` Yi Liu
2022-11-28 6:28 ` Tian, Kevin
2022-11-28 10:22 ` Wang, Zhi A
2022-11-28 13:10 ` Yi Liu
2022-11-23 13:48 ` [iommufd 2/2] vfio/ap: validate iova during dma_unmap and trigger irq disable Yi Liu
2022-11-24 7:08 ` Tian, Kevin
2022-11-24 12:59 ` Jason Gunthorpe [this message]
2022-11-28 6:31 ` Tian, Kevin
2022-11-28 15:32 ` Matthew Rosato
2022-11-28 15:40 ` Matthew Rosato
2022-11-28 20:28 ` Jason Gunthorpe
2022-11-29 2:43 ` Tian, Kevin
2022-11-29 9:42 ` Yi Liu
2022-11-24 6:50 ` [iommufd 0/2] Make mdev driver dma_unmap callback tolerant to unmaps come before device open Tian, Kevin
2022-11-24 9:44 ` Yi Liu
2022-11-25 6:06 ` Zhenyu Wang
2022-11-25 8:58 ` Yi Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y39qrCtw0d0dfbLt@nvidia.com \
--to=jgg@nvidia.com \
--cc=akrowiak@linux.ibm.com \
--cc=alex.williamson@redhat.com \
--cc=chao.p.peng@linux.intel.com \
--cc=jjherne@linux.ibm.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=mjrosato@linux.ibm.com \
--cc=pasic@linux.ibm.com \
--cc=yi.l.liu@intel.com \
--cc=yi.y.sun@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.