Re: [PATCH v9 1/4] iommu: Move def_domain type check for untrusted device into core

Mon, 23 Nov 2020 05:56:01 -0800 

Hi Will,

On 2020/11/23 21:03, Will Deacon wrote:

Hi Baolu,

On Mon, Nov 23, 2020 at 08:55:17PM +0800, Lu Baolu wrote:

On 2020/11/23 20:04, Will Deacon wrote:

On Sat, Nov 21, 2020 at 09:56:17PM +0800, Lu Baolu wrote:

@@ -1645,13 +1655,10 @@ struct __group_domain_type {
   static int probe_get_default_domain_type(struct device *dev, void *data)
   {
-       const struct iommu_ops *ops = dev->bus->iommu_ops;
        struct __group_domain_type *gtype = data;
        unsigned int type = 0;
-       if (ops->def_domain_type)
-               type = ops->def_domain_type(dev);
-
+       type = iommu_get_mandatory_def_domain_type(dev);


afaict, this code is only called from probe_alloc_default_domain(), which
has:

          /* Ask for default domain requirements of all devices in the group */
          __iommu_group_for_each_dev(group, &gtype,
                                     probe_get_default_domain_type);

          if (!gtype.type)
                  gtype.type = iommu_def_domain_type;

so is there actually a need to introduce the new
iommu_get_mandatory_def_domain_type() function, given that a type of 0
always ends up resolving to the default domain type?


Another consumer of this helper is in the next patch:

+       dev_def_dom = iommu_get_mandatory_def_domain_type(dev);
+
+       /* Check if user requested domain is supported by the device or not */
+       if (!type) {
+               /*
+                * If the user hasn't requested any specific type of domain and
+                * if the device supports both the domains, then default to the
+                * domain the device was booted with
+                */
+               type = iommu_get_def_domain_type(dev);
+       } else if (dev_def_dom && type != dev_def_dom) {
+               dev_err_ratelimited(prev_dev, "Device cannot be in %s domain\n",
+                                   iommu_domain_type_str(type));
+               ret = -EINVAL;
+               goto out;
+       }

I also added the untrusted device check in
iommu_get_mandatory_def_domain_type(), so that we don't need to care
about this in multiple places.


I see, but isn't this also setting the default domain type in the case that
it gets back a type of 0? I think it would be nice to avoid having both
iommu_get_mandatory_def_domain_type() and iommu_get_def_domain_type() of we
can, as it's really not clear which one to use when and what is meant by
"mandatory" imo.


Yes, agreed. I will remove iommu_get_mandatory_def_domain_type() and
keep iommu_get_def_domain_type() as the only helper in the next version.

Best regards,
baolu

Reply via email to