From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 382E0C4338F for ; Fri, 30 Jul 2021 06:16:54 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 00C0E60F4B for ; Fri, 30 Jul 2021 06:16:53 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 00C0E60F4B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.intel.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Content-Type: Content-Transfer-Encoding:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date:Message-ID:From: References:To:Subject:Cc:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=y0/qvDr7exzqB7gZ+rNgWVJ859K6iqLwvzRLWIDSVPA=; b=qQkcSgH4GqUXJjFYFQGQQvVyh3 7m+CvygaSact3O54gvzQVEGV4nwBol8+TqXqv691ZJPNzI0mVpygjBFfhmuV3LQWmkQ2pYB6swxKi 46mvhCG82DvgMleujeAfQpS9hg3u+YKrqcBdWRE2iCvQnXc/XNFbcdfdYj3VRam9R31R3dkywxBG5 xJY5Q3pfhC14smelK8UwfmlrP18F/avBXreSKPPqNvlfc8tpknagiqmwmC3A/AYOZ/Nx5H5h0ODzB RfwWYbQc8qEzlBNflXns98KuVQPHOWs/FYpmhjDMG/zBy7lsG3qF19wUc1qdh9rwXjFistzRfzDru 8Q/C8gQw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1m9LnI-007QDL-HC; Fri, 30 Jul 2021 06:14:53 +0000 Received: from mga11.intel.com ([192.55.52.93]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1m9LmY-007Po3-RM for linux-arm-kernel@lists.infradead.org; Fri, 30 Jul 2021 06:14:08 +0000 X-IronPort-AV: E=McAfee;i="6200,9189,10060"; a="209926256" X-IronPort-AV: E=Sophos;i="5.84,281,1620716400"; d="scan'208";a="209926256" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Jul 2021 23:14:06 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.84,281,1620716400"; d="scan'208";a="465345398" Received: from allen-box.sh.intel.com (HELO [10.239.159.118]) ([10.239.159.118]) by orsmga008.jf.intel.com with ESMTP; 29 Jul 2021 23:14:03 -0700 Cc: baolu.lu@linux.intel.com, iommu@lists.linux-foundation.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, suravee.suthikulpanit@amd.com, john.garry@huawei.com, dianders@chromium.org Subject: Re: [PATCH v2 22/24] iommu: Allow enabling non-strict mode dynamically To: Robin Murphy , joro@8bytes.org, will@kernel.org References: From: Lu Baolu Message-ID: <94645a8e-471d-2daa-d385-95a337025721@linux.intel.com> Date: Fri, 30 Jul 2021 14:11:44 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210729_231406_998377_F8E9564E X-CRM114-Status: GOOD ( 32.98 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 7/28/21 11:58 PM, Robin Murphy wrote: > Allocating and enabling a flush queue is in fact something we can > reasonably do while a DMA domain is active, without having to rebuild it > from scratch. Thus we can allow a strict -> non-strict transition from > sysfs without requiring to unbind the device's driver, which is of > particular interest to users who want to make selective relaxations to > critical devices like the one serving their root filesystem. > > Disabling and draining a queue also seems technically possible to > achieve without rebuilding the whole domain, but would certainly be more > involved. Furthermore there's not such a clear use-case for tightening > up security *after* the device may already have done whatever it is that > you don't trust it not to do, so we only consider the relaxation case. > > Signed-off-by: Robin Murphy > --- > drivers/iommu/iommu.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > > diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c > index 25c1adc1ec67..be399d630953 100644 > --- a/drivers/iommu/iommu.c > +++ b/drivers/iommu/iommu.c > @@ -3200,6 +3200,13 @@ static int iommu_change_dev_def_domain(struct iommu_group *group, > goto out; > } > > + /* We can bring up a flush queue without tearing down the domain */ > + if (type == IOMMU_DOMAIN_DMA_FQ && prev_dom->type == IOMMU_DOMAIN_DMA) { > + prev_dom->type = IOMMU_DOMAIN_DMA_FQ; > + ret = iommu_dma_init_fq(prev_dom); > + goto out; > + } > + > /* Sets group->default_domain to the newly allocated domain */ > ret = iommu_group_alloc_default_domain(dev->bus, group, type); > if (ret) > @@ -3240,9 +3247,9 @@ static int iommu_change_dev_def_domain(struct iommu_group *group, > } > > /* > - * Changing the default domain through sysfs requires the users to ubind the > - * drivers from the devices in the iommu group. Return failure if this doesn't > - * meet. > + * Changing the default domain through sysfs requires the users to unbind the > + * drivers from the devices in the iommu group, except for a DMA -> DMA-FQ > + * transition. Return failure if this isn't met. > * > * We need to consider the race between this and the device release path. > * device_lock(dev) is used here to guarantee that the device release path > @@ -3318,7 +3325,8 @@ static ssize_t iommu_group_store_type(struct iommu_group *group, > > /* Check if the device in the group still has a driver bound to it */ > device_lock(dev); > - if (device_is_bound(dev)) { > + if (device_is_bound(dev) && !(req_type == IOMMU_DOMAIN_DMA_FQ && > + group->default_domain->type == IOMMU_DOMAIN_DMA)) { > pr_err_ratelimited("Device is still bound to driver\n"); > ret = -EBUSY; > goto out; > Reviewed-by: Lu Baolu Best regards, baolu _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel