On Mon, 8 Mar 2021 20:46:27 -0400 Jason Gunthorpe <jgg@xxxxxxxxxx> wrote: > On Mon, Mar 08, 2021 at 02:48:30PM -0700, Alex Williamson wrote: > > Using a vfio device, a notifier block can be registered to receive > > select device events. Notifiers can only be registered for contained > > devices, ie. they are available through a user context. Registration > > of a notifier increments the reference to that container context > > therefore notifiers must minimally respond to the release event by > > asynchronously removing notifiers. > > > > Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx> > > drivers/vfio/Kconfig | 1 + > > drivers/vfio/vfio.c | 35 +++++++++++++++++++++++++++++++++++ > > include/linux/vfio.h | 9 +++++++++ > > 3 files changed, 45 insertions(+) > > > > diff --git a/drivers/vfio/Kconfig b/drivers/vfio/Kconfig > > index 90c0525b1e0c..9a67675c9b6c 100644 > > +++ b/drivers/vfio/Kconfig > > @@ -23,6 +23,7 @@ menuconfig VFIO > > tristate "VFIO Non-Privileged userspace driver framework" > > select IOMMU_API > > select VFIO_IOMMU_TYPE1 if (X86 || S390 || ARM || ARM64) > > + select SRCU > > help > > VFIO provides a framework for secure userspace device drivers. > > See Documentation/driver-api/vfio.rst for more details. > > diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c > > index c47895539a1a..7f6d00e54e83 100644 > > +++ b/drivers/vfio/vfio.c > > @@ -105,6 +105,7 @@ struct vfio_device { > > struct list_head group_next; > > void *device_data; > > struct inode *inode; > > + struct srcu_notifier_head notifier; > > }; > > > > #ifdef CONFIG_VFIO_NOIOMMU > > @@ -601,6 +602,7 @@ struct vfio_device *vfio_group_create_device(struct vfio_group *group, > > device->ops = ops; > > device->device_data = device_data; > > dev_set_drvdata(dev, device); > > + srcu_init_notifier_head(&device->notifier); > > > > /* No need to get group_lock, caller has group reference */ > > vfio_group_get(group); > > @@ -1785,6 +1787,39 @@ static const struct file_operations vfio_device_fops = { > > .mmap = vfio_device_fops_mmap, > > }; > > > > +int vfio_device_register_notifier(struct vfio_device *device, > > + struct notifier_block *nb) > > +{ > > + int ret; > > + > > + /* Container ref persists until unregister on success */ > > + ret = vfio_group_add_container_user(device->group); > > I'm having trouble guessing why we need to refcount the group to add a > notifier to the device's notifier chain? > > I suppose it actually has to do with the MMIO mapping? But I don't > know what the relation is between MMIO mappings in the IOMMU and the > container? This could deserve a comment? Sure, I can add a comment. We want to make sure the device remains within an IOMMU context so long as we have a DMA mapping to the device MMIO, which could potentially manipulate the device. IOMMU context is managed a the group level. > > +void vfio_device_unregister_notifier(struct vfio_device *device, > > + struct notifier_block *nb) > > +{ > > + if (!srcu_notifier_chain_unregister(&device->notifier, nb)) > > + vfio_group_try_dissolve_container(device->group); > > +} > > +EXPORT_SYMBOL_GPL(vfio_device_unregister_notifier); > > Is the SRCU still needed with the new locking? With a cursory look I > only noticed this called under the reflck->lock ? When registering the notifier, the iommu->lock is held. During the callback, the same lock is acquired, so we'd have AB-BA otherwise. Thanks, Alex