[PATCH v2 11/19] iommu/arm-smmu-v3: Do not change the STE twice during arm_smmu_attach_dev()
Nicolin Chen
nicolinc at nvidia.com
Mon Dec 4 18:46:01 PST 2023
On Mon, Nov 13, 2023 at 01:53:18PM -0400, Jason Gunthorpe wrote:
> This was needed because the STE code required the STE to be in
> ABORT/BYPASS inorder to program a cdtable or S2 STE. Now that the STE code
> can automatically handle all transitions we can remove this step
> from the attach_dev flow.
>
> A few small bugs exist because of this:
>
> 1) If the core code does BLOCKED -> UNMANAGED with disable_bypass=false
> then there will be a moment where the STE points at BYPASS. Since
> this can be done by VFIO/IOMMUFD it is a small security race.
>
> 2) If the core code does IDENTITY -> DMA then any IOMMU_RESV_DIRECT
> regions will temporarily become BLOCKED. We'd like drivers to
> work in a way that allows IOMMU_RESV_DIRECT to be continuously
> functional during these transitions.
>
> Make arm_smmu_release_device() put the STE back to the correct
> ABORT/BYPASS setting. Fix a bug where a IOMMU_RESV_DIRECT was ignored on
> this path.
>
> Notice this subtly depends on the prior arm_smmu_asid_lock change as the
> STE must be put to non-paging before removing the device for the linked
> list to avoid races with arm_smmu_share_asid().
>
> Signed-off-by: Jason Gunthorpe <jgg at nvidia.com>
Reviewed-by: Nicolin Chen <nicolinc at nvidia.com>
More information about the linux-arm-kernel
mailing list