From: Robin Murphy <firstname.lastname@example.org> To: Will Deacon <email@example.com>, Ashish Mhetre <firstname.lastname@example.org> Cc: email@example.com, firstname.lastname@example.org, email@example.com Subject: Re: [PATCH 1/2] iommu: Fix race condition during default domain allocation Date: Fri, 11 Jun 2021 13:49:13 +0100 [thread overview] Message-ID: <firstname.lastname@example.org> (raw) In-Reply-To: <20210611104524.GD15274@willie-the-truck> On 2021-06-11 11:45, Will Deacon wrote: > On Thu, Jun 10, 2021 at 09:46:53AM +0530, Ashish Mhetre wrote: >> Domain is getting created more than once during asynchronous multiple >> display heads(devices) probe. All the display heads share same SID and >> are expected to be in same domain. As iommu_alloc_default_domain() call >> is not protected, the group->default_domain and group->domain are ending >> up with different domains and leading to subsequent IOMMU faults. >> Fix this by protecting iommu_alloc_default_domain() call with group->mutex. > > Can you provide some more information about exactly what the h/w > configuration is, and the callstack which exhibits the race, please? It'll be basically the same as the issue reported long ago with PCI groups in the absence of ACS not being constructed correctly. Triggering the iommu_probe_device() replay in of_iommu_configure() off the back of driver probe is way too late and allows calls to happen in the wrong order, or indeed race in parallel as here. Fixing that is still on my radar, but will not be simple, and will probably go hand-in-hand with phasing out the bus ops (for the multiple-driver-coexistence problem). >> Signed-off-by: Ashish Mhetre <email@example.com> >> --- >> drivers/iommu/iommu.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c >> index 808ab70..2700500 100644 >> --- a/drivers/iommu/iommu.c >> +++ b/drivers/iommu/iommu.c >> @@ -273,7 +273,9 @@ int iommu_probe_device(struct device *dev) >> * support default domains, so the return value is not yet >> * checked. >> */ >> + mutex_lock(&group->mutex); >> iommu_alloc_default_domain(group, dev); >> + mutex_unlock(&group->mutex); > > It feels wrong to serialise this for everybody just to cater for systems > with aliasing SIDs between devices. If two or more devices are racing at this point then they're already going to be serialised by at least iommu_group_add_device(), so I doubt there would be much impact - only the first device through here will hold the mutex for any appreciable length of time. Every other path which modifies group->domain does so with the mutex held (note the "expected" default domain allocation flow in bus_iommu_probe() in particular), so not holding it here does seem like a straightforward oversight. Robin.
next prev parent reply other threads:[~2021-06-11 12:49 UTC|newest] Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-06-10 4:16 [PATCH 0/2] iommu/arm-smmu: Fix races in iommu domain/group creation Ashish Mhetre 2021-06-10 4:16 ` [PATCH 1/2] iommu: Fix race condition during default domain allocation Ashish Mhetre 2021-06-11 10:45 ` Will Deacon 2021-06-11 12:49 ` Robin Murphy [this message] 2021-06-17 5:51 ` Ashish Mhetre 2021-06-17 17:49 ` Will Deacon 2021-06-11 18:30 ` Krishna Reddy 2021-06-10 4:16 ` [PATCH 2/2] iommu/arm-smmu: Fix race condition during iommu_group creation Ashish Mhetre
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --subject='Re: [PATCH 1/2] iommu: Fix race condition during default domain allocation' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).