Displaying 20 results from an estimated 59 matches for "vhost_iotlb_invalidate".
2023 Aug 24
1
[PATCH v2] vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE
...thread due to erroneous iotlb
entries") Forbade vhost iotlb msg with null size to prevent entries
with size = start = 0 and last = ULONG_MAX to end up in the iotlb.
Then commit 95932ab2ea07 ("vhost: allow batching hint without size")
only applied the check for VHOST_IOTLB_UPDATE and VHOST_IOTLB_INVALIDATE
message types to fix a regression observed with batching hit.
Still, the introduction of that check introduced a regression for
some users attempting to invalidate the whole ULONG_MAX range by
setting the size to 0. This is the case with qemu/smmuv3/vhost
integration which does not work anymore. I...
2015 Dec 31
4
[PATCH RFC] vhost: basic device IOTLB support
...v->work_lock);
+ spin_lock_init(&dev->iotlb_lock);
+ mutex_init(&dev->iotlb_req_mutex);
INIT_LIST_HEAD(&dev->work_list);
dev->worker = NULL;
+ dev->iotlb_request = NULL;
+ dev->iotlb_ctx = NULL;
+ dev->iotlb_file = NULL;
+ dev->pending_request.flags.type = VHOST_IOTLB_INVALIDATE;
for (i = 0; i < dev->nvqs; ++i) {
vq = dev->vqs[i];
@@ -393,12 +404,17 @@ void vhost_dev_init(struct vhost_dev *dev,
vq->indirect = NULL;
vq->heads = NULL;
vq->dev = dev;
+ vq->iotlb_request = NULL;
mutex_init(&vq->mutex);
vhost_vq_reset(dev, vq);...
2015 Dec 31
4
[PATCH RFC] vhost: basic device IOTLB support
...v->work_lock);
+ spin_lock_init(&dev->iotlb_lock);
+ mutex_init(&dev->iotlb_req_mutex);
INIT_LIST_HEAD(&dev->work_list);
dev->worker = NULL;
+ dev->iotlb_request = NULL;
+ dev->iotlb_ctx = NULL;
+ dev->iotlb_file = NULL;
+ dev->pending_request.flags.type = VHOST_IOTLB_INVALIDATE;
for (i = 0; i < dev->nvqs; ++i) {
vq = dev->vqs[i];
@@ -393,12 +404,17 @@ void vhost_dev_init(struct vhost_dev *dev,
vq->indirect = NULL;
vq->heads = NULL;
vq->dev = dev;
+ vq->iotlb_request = NULL;
mutex_init(&vq->mutex);
vhost_vq_reset(dev, vq);...
2015 Dec 31
0
[PATCH RFC] vhost: basic device IOTLB support
...&dev->iotlb_lock);
> + mutex_init(&dev->iotlb_req_mutex);
> INIT_LIST_HEAD(&dev->work_list);
> dev->worker = NULL;
> + dev->iotlb_request = NULL;
> + dev->iotlb_ctx = NULL;
> + dev->iotlb_file = NULL;
> + dev->pending_request.flags.type = VHOST_IOTLB_INVALIDATE;
>
> for (i = 0; i < dev->nvqs; ++i) {
> vq = dev->vqs[i];
> @@ -393,12 +404,17 @@ void vhost_dev_init(struct vhost_dev *dev,
> vq->indirect = NULL;
> vq->heads = NULL;
> vq->dev = dev;
> + vq->iotlb_request = NULL;
> mutex_init(&a...
2018 May 21
2
KASAN: use-after-free Read in vhost_chr_write_iter
...returning -EFAULT. Consequently, use-after-free
> > > occures
> > >
> > >
> > > Thread interleaving:
> > > CPU0 (vhost_process_iotlb_msg)??????????????? CPU1 (vhost_dev_cleanup)
> > > (In the case of both VHOST_IOTLB_UPDATE and
> > > VHOST_IOTLB_INVALIDATE)
> > > =====??????????????????????????? =====
> > > ??????????????????????????? vhost_umem_clean(dev->iotlb);
> > > if (!dev->iotlb) {
> > > ??????????? ret = -EFAULT;
> > > ??????????????? break;
> > > }
> > > ???????????????????...
2018 May 21
2
KASAN: use-after-free Read in vhost_chr_write_iter
...returning -EFAULT. Consequently, use-after-free
> > > occures
> > >
> > >
> > > Thread interleaving:
> > > CPU0 (vhost_process_iotlb_msg)??????????????? CPU1 (vhost_dev_cleanup)
> > > (In the case of both VHOST_IOTLB_UPDATE and
> > > VHOST_IOTLB_INVALIDATE)
> > > =====??????????????????????????? =====
> > > ??????????????????????????? vhost_umem_clean(dev->iotlb);
> > > if (!dev->iotlb) {
> > > ??????????? ret = -EFAULT;
> > > ??????????????? break;
> > > }
> > > ???????????????????...
2018 May 22
3
[PATCH net] vhost: synchronize IOTLB message with dev cleanup
DaeRyong Jeong reports a race between vhost_dev_cleanup() and
vhost_process_iotlb_msg():
Thread interleaving:
CPU0 (vhost_process_iotlb_msg) CPU1 (vhost_dev_cleanup)
(In the case of both VHOST_IOTLB_UPDATE and
VHOST_IOTLB_INVALIDATE)
===== =====
vhost_umem_clean(dev->iotlb);
if (!dev->iotlb) {
ret = -EFAULT;
break;
}
dev->iotlb = NULL;
The reason is we don't synchronize between them, fixing by protecting
vhost_process_iotlb_msg() with dev mutex.
Reported-by: DaeRyong Jeong <...
2018 May 18
3
KASAN: use-after-free Read in vhost_chr_write_iter
...process_iotlb_msg() still sees the non-null value and it
> keep executing without returning -EFAULT. Consequently, use-after-free
> occures
>
>
> Thread interleaving:
> CPU0 (vhost_process_iotlb_msg) CPU1 (vhost_dev_cleanup)
> (In the case of both VHOST_IOTLB_UPDATE and
> VHOST_IOTLB_INVALIDATE)
> ===== =====
> vhost_umem_clean(dev->iotlb);
> if (!dev->iotlb) {
> ret = -EFAULT;
> break;
> }
> dev->iotlb = NULL;
>
>
> Call Sequence:
> CPU0
> =====
> vhost_net_chr_write_iter
> vhost_chr_write_iter
>...
2018 May 18
3
KASAN: use-after-free Read in vhost_chr_write_iter
...process_iotlb_msg() still sees the non-null value and it
> keep executing without returning -EFAULT. Consequently, use-after-free
> occures
>
>
> Thread interleaving:
> CPU0 (vhost_process_iotlb_msg) CPU1 (vhost_dev_cleanup)
> (In the case of both VHOST_IOTLB_UPDATE and
> VHOST_IOTLB_INVALIDATE)
> ===== =====
> vhost_umem_clean(dev->iotlb);
> if (!dev->iotlb) {
> ret = -EFAULT;
> break;
> }
> dev->iotlb = NULL;
>
>
> Call Sequence:
> CPU0
> =====
> vhost_net_chr_write_iter
> vhost_chr_write_iter
>...
2018 Jan 23
5
[PATCH net 1/2] vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
We used to call mutex_lock() in vhost_dev_lock_vqs() which tries to
hold mutexes of all virtqueues. This may confuse lockdep to report a
possible deadlock because of trying to hold locks belong to same
class. Switch to use mutex_lock_nested() to avoid false positive.
Fixes: 6b1e6cc7855b0 ("vhost: new device IOTLB API")
Reported-by: syzbot+dbb7c1161485e61b0241 at
2018 Jan 23
5
[PATCH net 1/2] vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
We used to call mutex_lock() in vhost_dev_lock_vqs() which tries to
hold mutexes of all virtqueues. This may confuse lockdep to report a
possible deadlock because of trying to hold locks belong to same
class. Switch to use mutex_lock_nested() to avoid false positive.
Fixes: 6b1e6cc7855b0 ("vhost: new device IOTLB API")
Reported-by: syzbot+dbb7c1161485e61b0241 at
2020 Jun 18
6
[PATCH RFC 0/5] support batched IOTLB updating in vhost-vdpa
...a accepts userspace mapping via IOTLB API, and it
can only forward one mapping to IOMMU or device through IOMMU API or
dma_map(). Though set_map() is deisgend to have the capability to pass
an rbtree based mapping to vDPA device, it's still be called at least
once for each VHOST_IOTLB_UPDATE or VHOST_IOTLB_INVALIDATE. This is
because vhost-vdpa doesn't know the userspace start or stop then
updating.
So this patch introduces two flags as hints for vhost-vdpa to call
set_map() only when userspace finish a batch of IOTLB updating.
So instead of:
1) VHOST_IOTLB_UPDATE/VHOST_IOTLB_INVALIDATE -> set_map() (...
2020 Jul 01
5
[PATCH 0/5]
...a accepts userspace mapping via IOTLB API, and it
can only forward one mapping to IOMMU or device through IOMMU API or
dma_map(). Though set_map() is designed to have the capability to pass
an rbtree based mapping to vDPA device, it's still be called at least
once for each VHOST_IOTLB_UPDATE or VHOST_IOTLB_INVALIDATE. This is
because vhost-vdpa doesn't know the userspace start or stop then
updating.
So this patch introduces two flags as hints for vhost-vdpa to call
set_map() only when userspace finish a batch of IOTLB updating.
So instead of:
1) VHOST_IOTLB_UPDATE/VHOST_IOTLB_INVALIDATE -> set_map() (...
2020 Jun 28
2
[PATCH RFC 4/5] vhost-vdpa: support IOTLB batching hints
...v, struct vhost_vdpa, vdev);
> + struct vdpa_device *vdpa = v->vdpa;
> + const struct vdpa_config_ops *ops = vdpa->config;
> int r = 0;
>
> r = vhost_dev_check_owner(dev);
> @@ -668,6 +676,14 @@ static int vhost_vdpa_process_iotlb_msg(struct vhost_dev *dev,
> case VHOST_IOTLB_INVALIDATE:
> vhost_vdpa_unmap(v, msg->iova, msg->size);
> break;
> + case VHOST_IOTLB_BATCH_BEGIN:
> + v->in_batch = true;
> + break;
> + case VHOST_IOTLB_BATCH_END:
> + if (v->in_batch && ops->set_map)
> + ops->set_map(vdpa, dev->iotlb);
> +...
2020 Jun 28
2
[PATCH RFC 4/5] vhost-vdpa: support IOTLB batching hints
...v, struct vhost_vdpa, vdev);
> + struct vdpa_device *vdpa = v->vdpa;
> + const struct vdpa_config_ops *ops = vdpa->config;
> int r = 0;
>
> r = vhost_dev_check_owner(dev);
> @@ -668,6 +676,14 @@ static int vhost_vdpa_process_iotlb_msg(struct vhost_dev *dev,
> case VHOST_IOTLB_INVALIDATE:
> vhost_vdpa_unmap(v, msg->iova, msg->size);
> break;
> + case VHOST_IOTLB_BATCH_BEGIN:
> + v->in_batch = true;
> + break;
> + case VHOST_IOTLB_BATCH_END:
> + if (v->in_batch && ops->set_map)
> + ops->set_map(vdpa, dev->iotlb);
> +...
2016 Apr 27
2
[RFC PATCH V2 2/2] vhost: device IOTLB API
...6 +280,10 @@ static void vhost_vq_reset(struct vhost_dev *dev,
> vq->call_ctx = NULL;
> vq->call = NULL;
> vq->log_ctx = NULL;
> + vq->iotlb_call = NULL;
> + vq->iotlb_call_ctx = NULL;
> + vq->iotlb_request = NULL;
> + vq->pending_request.flags.type = VHOST_IOTLB_INVALIDATE;
> vq->umem = NULL;
> vq->is_le = virtio_legacy_is_little_endian();
> vhost_vq_reset_user_be(vq);
> @@ -387,8 +391,10 @@ void vhost_dev_init(struct vhost_dev *dev,
> dev->log_ctx = NULL;
> dev->log_file = NULL;
> dev->umem = NULL;
> + dev->iotlb...
2016 Apr 27
2
[RFC PATCH V2 2/2] vhost: device IOTLB API
...6 +280,10 @@ static void vhost_vq_reset(struct vhost_dev *dev,
> vq->call_ctx = NULL;
> vq->call = NULL;
> vq->log_ctx = NULL;
> + vq->iotlb_call = NULL;
> + vq->iotlb_call_ctx = NULL;
> + vq->iotlb_request = NULL;
> + vq->pending_request.flags.type = VHOST_IOTLB_INVALIDATE;
> vq->umem = NULL;
> vq->is_le = virtio_legacy_is_little_endian();
> vhost_vq_reset_user_be(vq);
> @@ -387,8 +391,10 @@ void vhost_dev_init(struct vhost_dev *dev,
> dev->log_ctx = NULL;
> dev->log_file = NULL;
> dev->umem = NULL;
> + dev->iotlb...
2020 Feb 05
1
[PATCH] vhost: introduce vDPA based backend
...#define VHOST_ACCESS_RO????? 0x1
>>>> #define VHOST_ACCESS_WO????? 0x2
>>>> #define VHOST_ACCESS_RW????? 0x3
>>>> ??? __u8 perm;
>>>> #define VHOST_IOTLB_MISS?????????? 1
>>>> #define VHOST_IOTLB_UPDATE???????? 2
>>>> #define VHOST_IOTLB_INVALIDATE???? 3
>>>> #define VHOST_IOTLB_ACCESS_FAIL??? 4
>>>> ??? __u8 type;
>>>> };
>>>>
>>>> #define VHOST_IOTLB_MSG 0x1
>>>> #define VHOST_IOTLB_MSG_V2 0x2
>>>>
>>>> struct vhost_msg {
>>>> ???...
2020 Feb 05
2
[PATCH] vhost: introduce vDPA based backend
...alignment requirement */
struct vhost_iotlb_msg {
??? __u64 iova;
??? __u64 size;
??? __u64 uaddr;
#define VHOST_ACCESS_RO????? 0x1
#define VHOST_ACCESS_WO????? 0x2
#define VHOST_ACCESS_RW????? 0x3
??? __u8 perm;
#define VHOST_IOTLB_MISS?????????? 1
#define VHOST_IOTLB_UPDATE???????? 2
#define VHOST_IOTLB_INVALIDATE???? 3
#define VHOST_IOTLB_ACCESS_FAIL??? 4
??? __u8 type;
};
#define VHOST_IOTLB_MSG 0x1
#define VHOST_IOTLB_MSG_V2 0x2
struct vhost_msg {
??? int type;
??? union {
??? ??? struct vhost_iotlb_msg iotlb;
??? ??? __u8 padding[64];
??? };
};
struct vhost_msg_v2 {
??? __u32 type;
??? __u32 r...
2020 Feb 05
2
[PATCH] vhost: introduce vDPA based backend
...alignment requirement */
struct vhost_iotlb_msg {
??? __u64 iova;
??? __u64 size;
??? __u64 uaddr;
#define VHOST_ACCESS_RO????? 0x1
#define VHOST_ACCESS_WO????? 0x2
#define VHOST_ACCESS_RW????? 0x3
??? __u8 perm;
#define VHOST_IOTLB_MISS?????????? 1
#define VHOST_IOTLB_UPDATE???????? 2
#define VHOST_IOTLB_INVALIDATE???? 3
#define VHOST_IOTLB_ACCESS_FAIL??? 4
??? __u8 type;
};
#define VHOST_IOTLB_MSG 0x1
#define VHOST_IOTLB_MSG_V2 0x2
struct vhost_msg {
??? int type;
??? union {
??? ??? struct vhost_iotlb_msg iotlb;
??? ??? __u8 padding[64];
??? };
};
struct vhost_msg_v2 {
??? __u32 type;
??? __u32 r...