Commit ada14b9f authored by Yi Liu's avatar Yi Liu Committed by Jason Gunthorpe
Browse files

iommu: Require passing new handles to APIs supporting handle 

Add kdoc to highligt the caller of iommu_[attach|replace]_group_handle()
and iommu_attach_device_pasid() should always provide a new handle. This
can avoid race with lockless reference to the handle. e.g. the
find_fault_handler() and iommu_report_device_fault() in the PRI path.

Link: https://patch.msgid.link/r/20250321171940.7213-2-yi.l.liu@intel.com


Reviewed-by: default avatarLu Baolu <baolu.lu@linux.intel.com>
Reviewed-by: default avatarJason Gunthorpe <jgg@nvidia.com>
Signed-off-by: default avatarYi Liu <yi.l.liu@intel.com>
Tested-by: default avatarNicolin Chen <nicolinc@nvidia.com>
Signed-off-by: default avatarJason Gunthorpe <jgg@nvidia.com>
parent 06d54f00

drivers/iommu/iommu.c

+9 −0
Original line number Diff line number Diff line
@@ -3365,6 +3365,9 @@ static void __iommu_remove_group_pasid(struct iommu_group *group, 
 * @pasid: the pasid of the device.

 * @handle: the attach handle.

 *

 * Caller should always provide a new handle to avoid race with the paths

 * that have lockless reference to handle if it intends to pass a valid handle.

 *

 * Return: 0 on success, or an error.

 */

int iommu_attach_device_pasid(struct iommu_domain *domain,
@@ -3525,6 +3528,9 @@ EXPORT_SYMBOL_NS_GPL(iommu_attach_handle_get, "IOMMUFD_INTERNAL"); 
 * This is a variant of iommu_attach_group(). It allows the caller to provide

 * an attach handle and use it when the domain is attached. This is currently

 * used by IOMMUFD to deliver the I/O page faults.

 *

 * Caller should always provide a new handle to avoid race with the paths

 * that have lockless reference to handle.

 */

int iommu_attach_group_handle(struct iommu_domain *domain,

			      struct iommu_group *group,
@@ -3594,6 +3600,9 @@ EXPORT_SYMBOL_NS_GPL(iommu_detach_group_handle, "IOMMUFD_INTERNAL"); 
 *

 * If the currently attached domain is a core domain (e.g. a default_domain),

 * it will act just like the iommu_attach_group_handle().

 *

 * Caller should always provide a new handle to avoid race with the paths

 * that have lockless reference to handle.

 */

int iommu_replace_group_handle(struct iommu_group *group,

			       struct iommu_domain *new_domain,