[PATCH v6 23/25] iommu/tegra241-cmdqv: Do not statically map LVCMDQs
Jason Gunthorpe
jgg at nvidia.com
Mon Jun 16 08:44:14 PDT 2025
On Sat, Jun 14, 2025 at 12:14:48AM -0700, Nicolin Chen wrote:
> To simplify the mappings from global VCMDQs to VINTFs' LVCMDQs, the design
> chose to do static allocations and mappings in the global reset function.
>
> However, with the user-owned VINTF support, it exposes a security concern:
> if user space VM only wants one LVCMDQ for a VINTF, statically mapping two
> or more LVCMDQs creates a hidden VCMDQ that user space could DoS attack by
> writing random stuff to overwhelm the kernel with unhandleable IRQs.
>
> Thus, to support the user-owned VINTF feature, a LVCMDQ mapping has to be
> done dynamically.
>
> HW allows pre-assigning global VCMDQs in the CMDQ_ALLOC registers, without
> finalizing the mappings by keeping CMDQV_CMDQ_ALLOCATED=0. So, add a pair
> of map/unmap helper that simply sets/clears that bit.
>
> For kernel-owned VINTF0, move LVCMDQ mappings to tegra241_vintf_hw_init(),
> and the unmappings to tegra241_vintf_hw_deinit().
>
> For user-owned VINTFs that will be added, the mappings/unmappings will be
> on demand upon an LVCMDQ allocation from the user space.
>
> However, the dynamic LVCMDQ mapping/unmapping can complicate the timing of
> calling tegra241_vcmdq_hw_init/deinit(), which write LVCMDQ address space,
> i.e. requiring LVCMDQ to be mapped. Highlight that with a note to the top
> of either of them.
>
> Acked-by: Pranjal Shrivastava <praan at google.com>
> Signed-off-by: Nicolin Chen <nicolinc at nvidia.com>
> ---
> .../iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 37 +++++++++++++++++--
> 1 file changed, 33 insertions(+), 4 deletions(-)
Reviewed-by: Jason Gunthorpe <jgg at nvidia.com>
Jason
More information about the linux-arm-kernel
mailing list