Re: [PATCH v1 12/14] iommu/arm-smmu-v3: Support IOMMU_DOMAIN_NESTED type of allocations
From: Nicolin Chen
Date: Thu Mar 09 2023 - 20:34:37 EST
On Thu, Mar 09, 2023 at 02:28:09PM +0000, Robin Murphy wrote:
> External email: Use caution opening links or attachments
>
>
> On 2023-03-09 13:20, Robin Murphy wrote:
> > On 2023-03-09 10:53, Nicolin Chen wrote:
> > > Add domain allocation support for IOMMU_DOMAIN_NESTED type. This includes
> > > the "finalise" part to log in the user space Stream Table Entry info.
> > >
> > > Co-developed-by: Eric Auger <eric.auger@xxxxxxxxxx>
> > > Signed-off-by: Eric Auger <eric.auger@xxxxxxxxxx>
> > > Signed-off-by: Nicolin Chen <nicolinc@xxxxxxxxxx>
> > > ---
> > > drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 38 +++++++++++++++++++--
> > > 1 file changed, 36 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> > > b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> > > index 5ff74edfbd68..1f318b5e0921 100644
> > > --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> > > +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> > > @@ -2214,6 +2214,19 @@ static int arm_smmu_domain_finalise(struct
> > > iommu_domain *domain,
> > > return 0;
> > > }
> > > + if (domain->type == IOMMU_DOMAIN_NESTED) {
> > > + if (!(smmu->features & ARM_SMMU_FEAT_TRANS_S1) ||
> > > + !(smmu->features & ARM_SMMU_FEAT_TRANS_S2)) {
> > > + dev_dbg(smmu->dev, "does not implement two stages\n");
> > > + return -EINVAL;
> > > + }
> > > + smmu_domain->stage = ARM_SMMU_DOMAIN_S1;
> > > + smmu_domain->s1_cfg.s1fmt = user_cfg->s1fmt;
> > > + smmu_domain->s1_cfg.s1cdmax = user_cfg->s1cdmax;
> > > + smmu_domain->s1_cfg.cdcfg.cdtab_dma = user_cfg->s1ctxptr;
> > > + return 0;
> >
> > How's that going to work? If the caller's asked for something we can't
> > provide, returning something else and hoping it fails later is not
> > sensible, we should just fail right here. It's even more worrying if
> > there's a chance it *won't* fail later, and a guest ends up with
> > "nested" translation giving it full access to host PA space :/
>
> Oops, apologies - in part thanks to the confusing indentation, I managed
> to miss the early return and misread this all being under the if
> condition for nesting not being supported. Sorry for the confusion :(
Perhaps this can help readability, considering that we have
multiple places checking the TRANS_S1 and TRANS_S2 features:
bool feat_has_s1 smmu->features & ARM_SMMU_FEAT_TRANS_S1;
bool feat_has_s2 smmu->features & ARM_SMMU_FEAT_TRANS_S2;
if (domain->type == IOMMU_DOMAIN_NESTED) {
if (!feat_has_s1 || !feat_has_s2) {
dev_dbg(smmu->dev, "does not implement two stages\n");
return -EINVAL;
}
...
return 0;
}
if (user_cfg_s2 && !feat_has_s2)
return -EINVAL;
...
if (!feat_has_s1)
smmu_domain->stage = ARM_SMMU_DOMAIN_S2;
if (!feat_has_s2)
smmu_domain->stage = ARM_SMMU_DOMAIN_S1;
Would you like this?
Thanks
Nic