Re: [PATCH v4 05/11] iommu/sva: Assign a PASID to mm on PASID allocation and free it on mm exit

[zhangfei.gao@xxxxxxxxxxx]

On 2022/4/16 上午5:00, Jacob Pan wrote:
> Hi zhangfei.gao@xxxxxxxxxxx,
>
> On Fri, 15 Apr 2022 19:52:03 +0800, "zhangfei.gao@xxxxxxxxxxx"
> <zhangfei.gao@xxxxxxxxxxx> wrote:
>
> > > > > A PASID might be still used even though it is freed on mm exit.
> > > > >
> > > > > process A:
> > > > > 	sva_bind();
> > > > > 	ioasid_alloc() = N; // Get PASID N for the mm
> > > > > 	fork(): // spawn process B
> > > > > 	exit();
> > > > > 	ioasid_free(N);
> > > > >
> > > > > process B:
> > > > > 	device uses PASID N -> failure
> > > > > 	sva_unbind();
> > > > >
> > > > > Dave Hansen suggests to take a refcount on the mm whenever binding the
> > > > > PASID to a device and drop the refcount on unbinding. The mm won't be
> > > > > dropped if the PASID is still bound to it.
> > > > >
> > > > > Fixes: 701fac40384f ("iommu/sva: Assign a PASID to mm on PASID
> > > > > allocation and free it on mm exit")
> Is process A's mm intended to be used by process B? Or you really should
> use PASID N on process B's mm? If the latter, it may work for a while until
> B changes mapping.
>
> It seems you are just extending the life of a defunct mm?

From nginx code, the master process init resources, then fork daemon 
process to take over,
then master process exit by itself.

src/core/nginx.c
main
ngx_ssl_init(log);    -> openssl engine -> bind_fn -> sva_bind()
ngx_daemon(cycle->log)

src/os/unix/ngx_daemon.c
ngx_daemon(ngx_log_t *log)
{
     int  fd;

     switch (fork()) {
     case -1:
         ngx_log_error(NGX_LOG_EMERG, log, ngx_errno, "fork() failed");
         return NGX_ERROR;

     case 0:
        // the fork daemon process
         break;

     default:
       // master process directly exit, and release mm as well as ioasid
         exit(0);
     }

      // only daemon process

Thanks

> Thanks,
>
> Jacob