Re: [RFC v1 6/8] mshv: command line option to skip devices in PV-IOMMU

From: Wei Liu
Date: Tue Aug 03 2021 - 17:56:57 EST


On Wed, Aug 04, 2021 at 12:20:42AM +0530, Praveen Kumar wrote:
> On 09-07-2021 17:13, Wei Liu wrote:
> > Some devices may have been claimed by the hypervisor already. One such
> > example is a user can assign a NIC for debugging purpose.
> >
> > Ideally Linux should be able to tell retrieve that information, but
> > there is no way to do that yet. And designing that new mechanism is
> > going to take time.
> >
> > Provide a command line option for skipping devices. This is a stopgap
> > solution, so it is intentionally undocumented. Hopefully we can retire
> > it in the future.
> >
> > Signed-off-by: Wei Liu <wei.liu@xxxxxxxxxx>
> > ---
> > drivers/iommu/hyperv-iommu.c | 45 ++++++++++++++++++++++++++++++++++++
> > 1 file changed, 45 insertions(+)
> >
> > diff --git a/drivers/iommu/hyperv-iommu.c b/drivers/iommu/hyperv-iommu.c
> > index 043dcff06511..353da5036387 100644
> > --- a/drivers/iommu/hyperv-iommu.c
> > +++ b/drivers/iommu/hyperv-iommu.c
> > @@ -349,6 +349,16 @@ static const struct irq_domain_ops hyperv_root_ir_domain_ops = {
> >
> > #ifdef CONFIG_HYPERV_ROOT_PVIOMMU
> >
> > +/* The IOMMU will not claim these PCI devices. */
> > +static char *pci_devs_to_skip;
> > +static int __init mshv_iommu_setup_skip(char *str) {
> > + pci_devs_to_skip = str;
> > +
> > + return 0;
> > +}
> > +/* mshv_iommu_skip=(SSSS:BB:DD.F)(SSSS:BB:DD.F) */
> > +__setup("mshv_iommu_skip=", mshv_iommu_setup_skip);
> > +
> > /* DMA remapping support */
> > struct hv_iommu_domain {
> > struct iommu_domain domain;
> > @@ -774,6 +784,41 @@ static struct iommu_device *hv_iommu_probe_device(struct device *dev)
> > if (!dev_is_pci(dev))
> > return ERR_PTR(-ENODEV);
> >
> > + /*
> > + * Skip the PCI device specified in `pci_devs_to_skip`. This is a
> > + * temporary solution until we figure out a way to extract information
> > + * from the hypervisor what devices it is already using.
> > + */
> > + if (pci_devs_to_skip && *pci_devs_to_skip) {
> > + int pos = 0;
> > + int parsed;
> > + int segment, bus, slot, func;
> > + struct pci_dev *pdev = to_pci_dev(dev);
> > +
> > + do {
> > + parsed = 0;
> > +
> > + sscanf(pci_devs_to_skip + pos,
> > + " (%x:%x:%x.%x) %n",
> > + &segment, &bus, &slot, &func, &parsed);
> > +
> > + if (parsed <= 0)
> > + break;
> > +
> > + if (pci_domain_nr(pdev->bus) == segment &&
> > + pdev->bus->number == bus &&
> > + PCI_SLOT(pdev->devfn) == slot &&
> > + PCI_FUNC(pdev->devfn) == func)
> > + {
> > + dev_info(dev, "skipped by MSHV IOMMU\n");
> > + return ERR_PTR(-ENODEV);
> > + }
> > +
> > + pos += parsed;
> > +
> > + } while (pci_devs_to_skip[pos]);
>
> Is there a possibility of pci_devs_to_skip + pos > sizeof(pci_devs_to_skip)
> and also a valid memory ?

pos should point to the last parsed position. If parsing fails pos does
not get updated and the code breaks out of the loop. If parsing is
success pos should point to either the start of next element of '\0'
(end of string). To me this is good enough.

> I would recommend to have a check of size as well before accessing the
> array content, just to be safer accessing any memory.
>

What check do you have in mind?

Wei.

> > + }
> > +
> > vdev = kzalloc(sizeof(*vdev), GFP_KERNEL);
> > if (!vdev)
> > return ERR_PTR(-ENOMEM);
> >
>
> Regards,
>
> ~Praveen.