On Sat, Jun 14, 2025 at 12:14:48AM -0700, Nicolin Chen wrote: > To simplify the mappings from global VCMDQs to VINTFs' LVCMDQs, the design > chose to do static allocations and mappings in the global reset function. > > However, with the user-owned VINTF support, it exposes a security concern: > if user space VM only wants one LVCMDQ for a VINTF, statically mapping two > or more LVCMDQs creates a hidden VCMDQ that user space could DoS attack by > writing random stuff to overwhelm the kernel with unhandleable IRQs. > > Thus, to support the user-owned VINTF feature, a LVCMDQ mapping has to be > done dynamically. > > HW allows pre-assigning global VCMDQs in the CMDQ_ALLOC registers, without > finalizing the mappings by keeping CMDQV_CMDQ_ALLOCATED=0. So, add a pair > of map/unmap helper that simply sets/clears that bit. > > For kernel-owned VINTF0, move LVCMDQ mappings to tegra241_vintf_hw_init(), > and the unmappings to tegra241_vintf_hw_deinit(). > > For user-owned VINTFs that will be added, the mappings/unmappings will be > on demand upon an LVCMDQ allocation from the user space. > > However, the dynamic LVCMDQ mapping/unmapping can complicate the timing of > calling tegra241_vcmdq_hw_init/deinit(), which write LVCMDQ address space, > i.e. requiring LVCMDQ to be mapped. Highlight that with a note to the top > of either of them. > > Acked-by: Pranjal Shrivastava <praan@xxxxxxxxxx> > Signed-off-by: Nicolin Chen <nicolinc@xxxxxxxxxx> > --- > .../iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 37 +++++++++++++++++-- > 1 file changed, 33 insertions(+), 4 deletions(-) Reviewed-by: Jason Gunthorpe <jgg@xxxxxxxxxx> Jason
