Si-Wei Liu
2023-Aug-15 01:43 UTC
[PATCH RFC 3/4] vhost-vdpa: should restore 1:1 dma mapping before detaching driver
Signed-off-by: Si-Wei Liu <si-wei.liu at oracle.com> --- drivers/vhost/vdpa.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c index b43e868..62b0a01 100644 --- a/drivers/vhost/vdpa.c +++ b/drivers/vhost/vdpa.c @@ -131,6 +131,15 @@ static struct vhost_vdpa_as *vhost_vdpa_find_alloc_as(struct vhost_vdpa *v, return vhost_vdpa_alloc_as(v, asid); } +static void vhost_vdpa_reset_map(struct vhost_vdpa *v, u32 asid) +{ + struct vdpa_device *vdpa = v->vdpa; + const struct vdpa_config_ops *ops = vdpa->config; + + if (ops->reset_map) + ops->reset_map(vdpa, asid); +} + static int vhost_vdpa_remove_as(struct vhost_vdpa *v, u32 asid) { struct vhost_vdpa_as *as = asid_to_as(v, asid); @@ -140,6 +149,14 @@ static int vhost_vdpa_remove_as(struct vhost_vdpa *v, u32 asid) hlist_del(&as->hash_link); vhost_vdpa_iotlb_unmap(v, &as->iotlb, 0ULL, 0ULL - 1, asid); + /* + * Devices with on-chip IOMMU need to restore iotlb + * to 1:1 identity mapping before vhost-vdpa is going + * to be removed and detached from the device. Give + * them a chance to do so, as this cannot be done + * efficiently via the whole-range unmap call above. + */ + vhost_vdpa_reset_map(v, asid); kfree(as); return 0; -- 1.8.3.1
Jason Wang
2023-Aug-15 02:32 UTC
[PATCH RFC 3/4] vhost-vdpa: should restore 1:1 dma mapping before detaching driver
On Tue, Aug 15, 2023 at 9:45?AM Si-Wei Liu <si-wei.liu at oracle.com> wrote:> > Signed-off-by: Si-Wei Liu <si-wei.liu at oracle.com> > --- > drivers/vhost/vdpa.c | 17 +++++++++++++++++ > 1 file changed, 17 insertions(+) > > diff --git a/drivers/vhost/vdpa.c b/drivers/vhost/vdpa.c > index b43e868..62b0a01 100644 > --- a/drivers/vhost/vdpa.c > +++ b/drivers/vhost/vdpa.c > @@ -131,6 +131,15 @@ static struct vhost_vdpa_as *vhost_vdpa_find_alloc_as(struct vhost_vdpa *v, > return vhost_vdpa_alloc_as(v, asid); > } > > +static void vhost_vdpa_reset_map(struct vhost_vdpa *v, u32 asid) > +{ > + struct vdpa_device *vdpa = v->vdpa; > + const struct vdpa_config_ops *ops = vdpa->config; > + > + if (ops->reset_map) > + ops->reset_map(vdpa, asid); > +} > + > static int vhost_vdpa_remove_as(struct vhost_vdpa *v, u32 asid) > { > struct vhost_vdpa_as *as = asid_to_as(v, asid); > @@ -140,6 +149,14 @@ static int vhost_vdpa_remove_as(struct vhost_vdpa *v, u32 asid) > > hlist_del(&as->hash_link); > vhost_vdpa_iotlb_unmap(v, &as->iotlb, 0ULL, 0ULL - 1, asid); > + /* > + * Devices with on-chip IOMMU need to restore iotlb > + * to 1:1 identity mapping before vhost-vdpa is going > + * to be removed and detached from the device. Give > + * them a chance to do so, as this cannot be done > + * efficiently via the whole-range unmap call above. > + */Same question as before, if 1:1 is restored and the userspace doesn't do any IOTLB updating. It looks like a security issue? (Assuming IOVA is PA) Thanks> + vhost_vdpa_reset_map(v, asid); > kfree(as); > > return 0; > -- > 1.8.3.1 >