search for: iotlb

This patch factors out IOTLB into a dedicated module in order to be reused by other modules like vringh. User may choose to enable the automatic retiring by specifying VHOST_IOTLB_FLAG_RETIRE flag to fit for the case of vhost device IOTLB implementation. Signed-off-by: Jason Wang <jasowang at redhat.com> --- MAINTAINER...

...t the end of this > > > report. Our analysis shows that the race occurs when invoking two > > > syscalls concurrently, write$vnet and ioctl$VHOST_RESET_OWNER. > > > > > > > > > Analysis: > > > We think the concurrent execution of vhost_process_iotlb_msg() and > > > vhost_dev_cleanup() causes the crash. > > > Both of functions can run concurrently (please see call sequence below), > > > and possibly, there is a race on dev->iotlb. > > > If the switch occurs right after vhost_dev_cleanup() frees > > &...

...t the end of this > > > report. Our analysis shows that the race occurs when invoking two > > > syscalls concurrently, write$vnet and ioctl$VHOST_RESET_OWNER. > > > > > > > > > Analysis: > > > We think the concurrent execution of vhost_process_iotlb_msg() and > > > vhost_dev_cleanup() causes the crash. > > > Both of functions can run concurrently (please see call sequence below), > > > and possibly, there is a race on dev->iotlb. > > > If the switch occurs right after vhost_dev_cleanup() frees > > &...

Commit d65026c6c62e7d9616c8ceb5a53b68bcdc050525 ("vhost: validate log when IOTLB is enabled") introduced a regression. The logic was originally: if (vq->iotlb) return 1; return A && B; After the patch the short-circuit logic for A was inverted: if (A || vq->iotlb) return A; return B; The correct logic is: if (!A || vq->iotlb)...

Commit d65026c6c62e7d9616c8ceb5a53b68bcdc050525 ("vhost: validate log when IOTLB is enabled") introduced a regression. The logic was originally: if (vq->iotlb) return 1; return A && B; After the patch the short-circuit logic for A was inverted: if (A || vq->iotlb) return A; return B; The correct logic is: if (!A || vq->iotlb)...

DaeRyong Jeong reports a race between vhost_dev_cleanup() and vhost_process_iotlb_msg(): Thread interleaving: CPU0 (vhost_process_iotlb_msg) CPU1 (vhost_dev_cleanup) (In the case of both VHOST_IOTLB_UPDATE and VHOST_IOTLB_INVALIDATE) ===== ===== vhost_umem_clean(dev->iotlb); if (!dev->iotlb) { ret = -EFAULT; break; } dev->iotlb = N...

...modified > version of Syzkaller), which we describe more at the end of this > report. Our analysis shows that the race occurs when invoking two > syscalls concurrently, write$vnet and ioctl$VHOST_RESET_OWNER. > > > Analysis: > We think the concurrent execution of vhost_process_iotlb_msg() and > vhost_dev_cleanup() causes the crash. > Both of functions can run concurrently (please see call sequence below), > and possibly, there is a race on dev->iotlb. > If the switch occurs right after vhost_dev_cleanup() frees > dev->iotlb, vhost_process_iotlb_msg() still...

...modified > version of Syzkaller), which we describe more at the end of this > report. Our analysis shows that the race occurs when invoking two > syscalls concurrently, write$vnet and ioctl$VHOST_RESET_OWNER. > > > Analysis: > We think the concurrent execution of vhost_process_iotlb_msg() and > vhost_dev_cleanup() causes the crash. > Both of functions can run concurrently (please see call sequence below), > and possibly, there is a race on dev->iotlb. > If the switch occurs right after vhost_dev_cleanup() frees > dev->iotlb, vhost_process_iotlb_msg() still...

Vq log_base is the userspace address of bitmap which has nothing to do with IOTLB. So it needs to be validated unconditionally otherwise we may try use 0 as log_base which may lead to pin pages that will lead unexpected result (e.g trigger BUG_ON() in set_bit_to_user()). Fixes: 6b1e6cc7855b0 ("vhost: new device IOTLB API") Reported-by: syzbot+6304bf97ef436580fede at s...

Vq log_base is the userspace address of bitmap which has nothing to do with IOTLB. So it needs to be validated unconditionally otherwise we may try use 0 as log_base which may lead to pin pages that will lead unexpected result (e.g trigger BUG_ON() in set_bit_to_user()). Fixes: 6b1e6cc7855b0 ("vhost: new device IOTLB API") Reported-by: syzbot+6304bf97ef436580fede at s...

...p to isolate the memory mapping. The vhost/vhost-vDPA is also extend for the userspace to: - query the number of virtqueue groups and address spaces supported by the device - query the virtqueue group for a specific virtqueue - assocaite a virtqueue group with an address space - send ASID based IOTLB commands This will help userspace VMM(Qemu) to detect whether the control vq could be supported and isolate memory mappings of control virtqueue from the others. To demonstrate the usage, vDPA simulator is extended to support setting MAC address via a emulated control virtqueue. Please refer patc...

...p to isolate the memory mapping. The vhost/vhost-vDPA is also extend for the userspace to: - query the number of virtqueue groups and address spaces supported by the device - query the virtqueue group for a specific virtqueue - assocaite a virtqueue group with an address space - send ASID based IOTLB commands This will help userspace VMM(Qemu) to detect whether the control vq could be supported and isolate memory mappings of control virtqueue from the others. To demonstrate the usage, vDPA simulator is extended to support setting MAC address via a emulated control virtqueue. Please refer patc...

On 2015/12/31 15:13, Jason Wang wrote: > This patch tries to implement an device IOTLB for vhost. This could be > used with for co-operation with userspace(qemu) implementation of > iommu for a secure DMA environment in guest. > > The idea is simple. When vhost meets an IOTLB miss, it will request > the assistance of userspace to do the translation, this is done > t...

On Tue, May 24, 2016 at 05:36:22PM +0800, Jason Wang wrote: > This patch tries to implement an device IOTLB for vhost. This could be > used with for co-operation with userspace IOMMU implementation (qemu) > for a secure DMA environment (DMAR) in guest. > > The idea is simple. When vhost meets an IOTLB miss, it will request > the assistance of userspace to do the translation, this is done...

On Thu, Jun 18, 2020 at 01:56:25PM +0800, Jason Wang wrote: > This patches extend the vhost IOTLB API to accept batch updating hints > form userspace. When userspace wants update the device IOTLB in a > batch, it may do: > > 1) Write vhost_iotlb_msg with VHOST_IOTLB_BATCH_BEGIN flag > 2) Perform a batch of IOTLB updating via VHOST_IOTLB_UPDATE/INVALIDATE > 3) Write vhost_iotl...

On Thu, Jun 18, 2020 at 01:56:25PM +0800, Jason Wang wrote: > This patches extend the vhost IOTLB API to accept batch updating hints > form userspace. When userspace wants update the device IOTLB in a > batch, it may do: > > 1) Write vhost_iotlb_msg with VHOST_IOTLB_BATCH_BEGIN flag > 2) Perform a batch of IOTLB updating via VHOST_IOTLB_UPDATE/INVALIDATE > 3) Write vhost_iotl...

On 2016/1/4 14:22, Jason Wang wrote: > > > On 01/04/2016 09:39 AM, Yang Zhang wrote: >> On 2015/12/31 15:13, Jason Wang wrote: >>> This patch tries to implement an device IOTLB for vhost. This could be >>> used with for co-operation with userspace(qemu) implementation of >>> iommu for a secure DMA environment in guest. >>> >>> The idea is simple. When vhost meets an IOTLB miss, it will request >>> the assistance of userspace to...

On 2016/1/4 14:22, Jason Wang wrote: > > > On 01/04/2016 09:39 AM, Yang Zhang wrote: >> On 2015/12/31 15:13, Jason Wang wrote: >>> This patch tries to implement an device IOTLB for vhost. This could be >>> used with for co-operation with userspace(qemu) implementation of >>> iommu for a secure DMA environment in guest. >>> >>> The idea is simple. When vhost meets an IOTLB miss, it will request >>> the assistance of userspace to...

On Thu, Apr 28, 2016 at 02:37:16PM +0800, Jason Wang wrote: > > > On 04/27/2016 07:45 PM, Michael S. Tsirkin wrote: > > On Fri, Mar 25, 2016 at 10:34:34AM +0800, Jason Wang wrote: > >> This patch tries to implement an device IOTLB for vhost. This could be > >> used with for co-operation with userspace(qemu) implementation of DMA > >> remapping. > >> > >> The idea is simple. When vhost meets an IOTLB miss, it will request > >> the assistance of userspace to do the translation, this...

On Thu, Apr 28, 2016 at 02:37:16PM +0800, Jason Wang wrote: > > > On 04/27/2016 07:45 PM, Michael S. Tsirkin wrote: > > On Fri, Mar 25, 2016 at 10:34:34AM +0800, Jason Wang wrote: > >> This patch tries to implement an device IOTLB for vhost. This could be > >> used with for co-operation with userspace(qemu) implementation of DMA > >> remapping. > >> > >> The idea is simple. When vhost meets an IOTLB miss, it will request > >> the assistance of userspace to do the translation, this...