Re: [PATCH rc v4] iommufd/fault: Use a separate spinlock to protect fault->deliver list

[Jason Gunthorpe]

On Fri, Jan 17, 2025 at 11:29:01AM -0800, Nicolin Chen wrote:
> The fault->mutex was to serialize the fault read()/write() fops and the
> iommufd_fault_auto_response_faults(), mainly for fault->response. Also,
> it was conveniently used to fence the fault->deliver in poll() fop and
> iommufd_fault_iopf_handler().
> 
> However, copy_from/to_user() may sleep if pagefaults are enabled. Thus,
> they could take a long time to wait for user pages to swap in, blocking
> iommufd_fault_iopf_handler() and its caller that is typically a shared
> IRQ handler of an IOMMU driver, resulting in a potential global DOS.
> 
> Instead of reusing the mutex to protect the fault->deliver list, add a
> separate spinlock to do the job, so iommufd_fault_iopf_handler() would
> no longer be blocked by copy_from/to_user().
> 
> Add a free_list in iommufd_auto_response_faults(), so the spinlock can
> simply fence a fast list_for_each_entry_safe routine.
> 
> Provide two deliver list helpers for iommufd_fault_fops_read() to use:
>  - Fetch the first iopf_group out of the fault->deliver list
>  - Restore an iopf_group back to the head of the fault->deliver list
> 
> Lastly, move the mutex closer to the response in the fault structure,
> and update its kdoc accordingly.
> 
> Fixes: 07838f7fd529 ("iommufd: Add iommufd fault object")
> Cc: stable@xxxxxxxxxxxxxxx
> Suggested-by: Jason Gunthorpe <jgg@xxxxxxxxxx>
> Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx>
> Reviewed-by: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>
> Signed-off-by: Nicolin Chen <nicolinc@xxxxxxxxxx>
> ---

Applied

Thanks,
Jason