From patchwork Fri Sep 15 16:58:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Murphy X-Patchwork-Id: 13387259 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D0AE6EED61B for ; Fri, 15 Sep 2023 16:59:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=Z3GCCxrw61DsA//X5lsCy4aw2Ioi/15+pEZxDswJEWs=; b=wb3tq4Mz6UQatp bBUPKPpiRoM49DE4d7H1O5RK3VWEAenNR2G+qkte3ed0EDcCZVVyjdm3BEA/ev6cgixh2ANaSPfp+ sCDeunZ/EuyOKBrUYQ/xLiT50clAR7O6fvbHYuzZSSlUFyTOBuMNvEOIqP0NaNq9+9hPDDE7M1079 T+Yu/KGHtvVILa0vU+WSSy29oUD7rVZLMkdM1JcOqLmqaJ1ktp7HA+RDKENkLY5ox5nDyAMNmh0JM hC+APpzxI1T1ONtjAlWQsHfOg3ABr5dLq2GNku+OYtLiKTHk5EEf9zEQ/eLwoQHXkJhWJ/STFaSo5 crYeyxmc7P5x4JwzwjNA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qhC9R-00B5WQ-1X; Fri, 15 Sep 2023 16:58:41 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qhC9H-00B5QW-15 for linux-arm-kernel@lists.infradead.org; Fri, 15 Sep 2023 16:58:34 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4CD391FB; Fri, 15 Sep 2023 09:59:05 -0700 (PDT) Received: from e121345-lin.cambridge.arm.com (e121345-lin.cambridge.arm.com [10.1.196.40]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id F037E3F5A1; Fri, 15 Sep 2023 09:58:26 -0700 (PDT) From: Robin Murphy To: joro@8bytes.org, will@kernel.org Cc: iommu@lists.linux.dev, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, jgg@nvidia.com, baolu.lu@linux.intel.com Subject: [PATCH v3 3/7] iommu: Validate that devices match domains Date: Fri, 15 Sep 2023 17:58:07 +0100 Message-Id: X-Mailer: git-send-email 2.39.2.101.g768bb238c484.dirty In-Reply-To: References: MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230915_095831_440985_6BB74198 X-CRM114-Status: GOOD ( 16.19 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Before we can allow drivers to coexist, we need to make sure that one driver's domain ops can't misinterpret another driver's dev_iommu_priv data. To that end, add a token to the domain so we can remember how it was allocated - for now this may as well be the device ops, since they still correlate 1:1 with drivers. We can trust ourselves for internal default domain attachment, so add the check where it covers both the external attach interfaces. Reviewed-by: Lu Baolu Reviewed-by: Jason Gunthorpe Signed-off-by: Robin Murphy --- drivers/iommu/iommu.c | 13 +++++++++---- include/linux/iommu.h | 1 + 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c index 2f29ee9dea64..f4cc91227b22 100644 --- a/drivers/iommu/iommu.c +++ b/drivers/iommu/iommu.c @@ -2000,26 +2000,28 @@ EXPORT_SYMBOL_GPL(iommu_set_fault_handler); static struct iommu_domain *__iommu_domain_alloc(const struct bus_type *bus, unsigned type) { + const struct iommu_ops *ops = bus ? bus->iommu_ops : NULL; struct iommu_domain *domain; unsigned int alloc_type = type & IOMMU_DOMAIN_ALLOC_FLAGS; - if (bus == NULL || bus->iommu_ops == NULL) + if (!ops) return NULL; - domain = bus->iommu_ops->domain_alloc(alloc_type); + domain = ops->domain_alloc(alloc_type); if (!domain) return NULL; domain->type = type; + domain->owner = ops; /* * If not already set, assume all sizes by default; the driver * may override this later */ if (!domain->pgsize_bitmap) - domain->pgsize_bitmap = bus->iommu_ops->pgsize_bitmap; + domain->pgsize_bitmap = ops->pgsize_bitmap; if (!domain->ops) - domain->ops = bus->iommu_ops->default_domain_ops; + domain->ops = ops->default_domain_ops; if (iommu_is_dma_domain(domain) && iommu_get_dma_cookie(domain)) { iommu_domain_free(domain); @@ -2176,6 +2178,9 @@ static int __iommu_attach_group(struct iommu_domain *domain, group->domain != group->blocking_domain) return -EBUSY; + if (dev_iommu_ops(iommu_group_first_dev(group)) != domain->owner) + return -EINVAL; + return __iommu_group_set_domain(group, domain); } diff --git a/include/linux/iommu.h b/include/linux/iommu.h index a249e10c8e9f..75ffcac199e3 100644 --- a/include/linux/iommu.h +++ b/include/linux/iommu.h @@ -95,6 +95,7 @@ struct iommu_domain_geometry { struct iommu_domain { unsigned type; const struct iommu_domain_ops *ops; + const struct iommu_ops *owner; /* Whose domain_alloc we came from */ unsigned long pgsize_bitmap; /* Bitmap of page sizes in use */ struct iommu_domain_geometry geometry; struct iommu_dma_cookie *iova_cookie;