linux/drivers/iommu
David Woodhouse e57e58bd39 iommu/vt-d: Fix mm refcounting to hold mm_count not mm_users
Holding mm_users works OK for graphics, which was the first user of SVM
with VT-d. However, it works less well for other devices, where we actually
do a mmap() from the file descriptor to which the SVM PASID state is tied.

In this case on process exit we end up with a recursive reference count:
 - The MM remains alive until the file is closed and the driver's release()
   call ends up unbinding the PASID.
 - The VMA corresponding to the mmap() remains intact until the MM is
   destroyed.
 - Thus the file isn't closed, even when exit_files() runs, because the
   VMA is still holding a reference to it. And the MM remains alive…

To address this issue, we *stop* holding mm_users while the PASID is bound.
We already hold mm_count by virtue of the MMU notifier, and that can be
made to be sufficient.

It means that for a period during process exit, the fun part of mmput()
has happened and exit_mmap() has been called so the MM is basically
defunct. But the PGD still exists and the PASID is still bound to it.

During this period, we have to be very careful — exit_mmap() doesn't use
mm->mmap_sem because it doesn't expect anyone else to be touching the MM
(quite reasonably, since mm_users is zero). So we also need to fix the
fault handler to just report failure if mm_users is already zero, and to
temporarily bump mm_users while handling any faults.

Additionally, exit_mmap() calls mmu_notifier_release() *before* it tears
down the page tables, which is too early for us to flush the IOTLB for
this PASID. And __mmu_notifier_release() removes every notifier from the
list, so when exit_mmap() finally *does* tear down the mappings and
clear the page tables, we don't get notified. So we work around this by
clearing the PASID table entry in our MMU notifier release() callback.
That way, the hardware *can't* get any pages back from the page tables
before they get cleared.

Hardware designers have confirmed that the resulting 'PASID not present'
faults should be handled just as gracefully as 'page not present' faults,
the important criterion being that they don't perturb the operation for
any *other* PASID in the system.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Cc: stable@vger.kernel.org
2016-01-13 21:05:46 +00:00
..
amd_iommu_init.c IOMMU Updates for Linux v4.4 2015-11-05 16:12:10 -08:00
amd_iommu_proto.h IOMMU Updates for Linux v4.2 2015-06-23 18:27:19 -07:00
amd_iommu_types.h IOMMU Updates for Linux v4.4 2015-11-05 16:12:10 -08:00
amd_iommu_v2.c iommu/amd: Do proper access checking before calling handle_mm_fault() 2015-12-14 15:37:47 +01:00
amd_iommu.c mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd 2015-11-06 17:50:42 -08:00
arm-smmu-v3.c Merge branches 'x86/vt-d', 'arm/omap', 'arm/smmu', 's390', 'core' and 'x86/amd' into next 2015-11-02 20:03:34 +09:00
arm-smmu.c Merge branches 'x86/vt-d', 'arm/omap', 'arm/smmu', 's390', 'core' and 'x86/amd' into next 2015-11-02 20:03:34 +09:00
dma-iommu.c iommu/dma: Use correct offset in map_sg 2016-01-07 13:36:41 +01:00
dmar.c iommu/vt-d: Generalise DMAR MSI setup to allow for page request events 2015-10-15 13:22:41 +01:00
exynos-iommu.c iommu/exynos: Add callback for initializing devices from device tree 2015-05-29 10:50:08 +02:00
fsl_pamu_domain.c iommu/fsl: Convert to device_group call-back 2015-10-22 00:00:49 +02:00
fsl_pamu_domain.h iommu/fsl: Make use of domain_alloc and domain_free 2015-03-31 15:32:14 +02:00
fsl_pamu.c powerpc/fsl: Move fsl_guts.h out of arch/powerpc 2015-10-21 18:05:50 -05:00
fsl_pamu.h iommu/fsl: Various cleanups 2015-02-03 18:47:18 +01:00
intel_irq_remapping.c iommu/vt-d: Fix return value check of parse_ioapics_under_ir() 2015-11-02 19:57:31 +09:00
intel-iommu.c Revert "scatterlist: use sg_phys()" 2015-12-15 12:54:06 -08:00
intel-svm.c iommu/vt-d: Fix mm refcounting to hold mm_count not mm_users 2016-01-13 21:05:46 +00:00
io-pgtable-arm.c iommu/io-pgtable-arm: Don't use dma_to_phys() 2015-09-22 17:35:33 +01:00
io-pgtable.c iommu/io-pgtable-arm: Move init-fn declarations to io-pgtable.h 2015-08-13 19:51:04 +02:00
io-pgtable.h iommu/io-pgtable-arm: Move init-fn declarations to io-pgtable.h 2015-08-13 19:51:04 +02:00
iommu-sysfs.c iommu: Fix compile error in iommu-sysfs.c 2014-07-07 12:01:21 +02:00
iommu-traces.c iommu: Add iommu_error class event to iommu trace 2013-09-25 11:07:04 +02:00
iommu.c Revert "scatterlist: use sg_phys()" 2015-12-15 12:54:06 -08:00
iova.c iommu: Make the iova library a module 2015-07-28 15:48:01 +01:00
ipmmu-vmsa.c iommu/ipmmu-vmsa: Don't truncate ttbr if LPAE is not enabled 2015-12-28 17:10:52 +01:00
irq_remapping.c iommu/vt-d: Add a command line parameter for VT-d posted-interrupts 2015-10-01 15:06:54 +02:00
irq_remapping.h iommu, x86: Setup Posted-Interrupts capability for Intel iommu 2015-06-12 11:33:52 +02:00
Kconfig IOMMU Updates for Linux v4.4 2015-11-05 16:12:10 -08:00
Makefile IOMMU Updates for Linux v4.4 2015-11-05 16:12:10 -08:00
msm_iommu_dev.c iommu/msm: Use dev_get_platdata() 2014-11-04 15:03:39 +01:00
msm_iommu_hw-8xxx.h iommu/msm: Move mach includes to iommu directory 2013-08-06 11:18:03 -07:00
msm_iommu.c iommu/msm: Use BUG_ON instead of if () BUG() 2015-08-13 19:50:51 +02:00
msm_iommu.h iommu/msm: Move mach includes to iommu directory 2013-08-06 11:18:03 -07:00
of_iommu.c of: iommu: Silence misleading warning 2015-08-03 16:07:49 +02:00
omap-iommu-debug.c fs/seq_file: convert int seq_vprint/seq_printf/etc... returns to void 2015-09-11 15:21:34 -07:00
omap-iommu.c iommu/omap: Add support for configuring dsp iommus on DRA7xx 2015-10-14 14:35:47 +02:00
omap-iommu.h iommu/omap: Add support for configuring dsp iommus on DRA7xx 2015-10-14 14:35:47 +02:00
omap-iopgtable.h iommu/omap: Use BIT(x) macros in omap-iopgtable.h 2015-08-03 16:04:42 +02:00
rockchip-iommu.c Merge branches 'arm/rockchip', 'arm/exynos', 'arm/smmu', 'x86/vt-d', 'x86/amd', 'default-domains' and 'core' into next 2015-06-19 17:17:47 +02:00
s390-iommu.c s390/pci_dma: handle dma table failures 2015-11-09 09:10:49 +01:00
shmobile-iommu.c iommu/shmobile: Make use of domain_alloc and domain_free 2015-03-31 15:32:13 +02:00
shmobile-ipmmu.c iommu: drop owner assignment from platform_drivers 2014-10-20 16:20:42 +02:00
shmobile-ipmmu.h iommu/shmobile: Turn the flush_lock mutex into a spinlock 2014-01-07 15:35:25 +01:00
tegra-gart.c Merge branches 'iommu/fixes', 'x86/vt-d', 'x86/amd', 'arm/smmu', 'arm/tegra' and 'core' into next 2015-04-02 13:33:19 +02:00
tegra-smmu.c iommu/tegra-smmu: Parameterize number of TLB lines 2015-08-13 17:05:28 +02:00