On Mon, Jan 13, 2025 at 03:12:25PM -0400, Jason Gunthorpe wrote: > On Fri, Jan 10, 2025 at 01:58:21PM -0800, Nicolin Chen wrote: > > Hmm, it seems that I haven't got your first narrative straight.. > > > > Would you mind elaborate "copy_to_user() can block while waiting > > on a page fault"? When would this happen? > > copy_to_user() is a sleeping function that sleeps if the user memory > is non-present. So userspace can cause copy_to_user to copy to > anything, including memory that is non-present and will take along > time to page fault in. Eg perhaps by abusing userfaultfd. > > We should not allow userspace to globally DOS the iommu driver this > way. > > So do not hold locks that are also held by the HW event path across > copy_to_user(). I see. Thanks for explaining. I will add a patch fixing the fault read() and change the veventq read() accordingly. Nicolin
