From: Jason Gunthorpe <jgg@nvidia.com>
To: Xu Yilun <yilun.xu@linux.intel.com>
Cc: kevin.tian@intel.com, will@kernel.org, aneesh.kumar@kernel.org,
iommu@lists.linux.dev, linux-kernel@vger.kernel.org,
joro@8bytes.org, robin.murphy@arm.com, shuah@kernel.org,
nicolinc@nvidia.com, aik@amd.com, dan.j.williams@intel.com,
baolu.lu@linux.intel.com, yilun.xu@intel.com
Subject: Re: [PATCH v5 4/8] iommufd: Destroy vdevice on idevice destroy
Date: Tue, 15 Jul 2025 10:37:37 -0300 [thread overview]
Message-ID: <20250715133737.GO2067380@nvidia.com> (raw)
In-Reply-To: <20250715063245.1799534-5-yilun.xu@linux.intel.com>
On Tue, Jul 15, 2025 at 02:32:41PM +0800, Xu Yilun wrote:
> Destroy iommufd_vdevice (vdev) on iommufd_idevice (idev) destruction so
> that vdev can't outlive idev.
>
> idev represents the physical device bound to iommufd, while the vdev
> represents the virtual instance of the physical device in the VM. The
> lifecycle of the vdev should not be longer than idev. This doesn't
> cause real problem on existing use cases cause vdev doesn't impact the
> physical device, only provides virtualization information. But to
> extend vdev for Confidential Computing (CC), there are needs to do
> secure configuration for the vdev, e.g. TSM Bind/Unbind. These
> configurations should be rolled back on idev destroy, or the external
> driver (VFIO) functionality may be impact.
>
> The idev is created by external driver so its destruction can't fail.
> The idev implements pre_destroy() op to actively remove its associated
> vdev before destroying itself. There are 3 cases on idev pre_destroy():
>
> 1. vdev is already destroyed by userspace. No extra handling needed.
> 2. vdev is still alive. Use iommufd_object_tombstone_user() to
> destroy vdev and tombstone the vdev ID.
> 3. vdev is being destroyed by userspace. The vdev ID is already
> freed, but vdev destroy handler is not completed. This requires
> multi-threads syncing - vdev holds idev's short term users
> reference until vdev destruction completes, idev leverages
> existing wait_shortterm mechanism for syncing.
>
> idev should also block any new reference to it after pre_destroy(),
> or the following wait shortterm would timeout. Introduce a 'destroying'
> flag, set it to true on idev pre_destroy(). Any attempt to reference
> idev should honor this flag under the protection of
> idev->igroup->lock.
>
> Originally-by: Nicolin Chen <nicolinc@nvidia.com>
> Suggested-by: Jason Gunthorpe <jgg@nvidia.com>
> Reviewed-by: Kevin Tian <kevin.tian@intel.com>
> Reviewed-by: Nicolin Chen <nicolinc@nvidia.com>
> Co-developed-by: Aneesh Kumar K.V (Arm) <aneesh.kumar@kernel.org>
> Signed-off-by: Aneesh Kumar K.V (Arm) <aneesh.kumar@kernel.org>
> Signed-off-by: Xu Yilun <yilun.xu@linux.intel.com>
> ---
> drivers/iommu/iommufd/device.c | 51 ++++++++++++++++++++++++
> drivers/iommu/iommufd/iommufd_private.h | 12 ++++++
> drivers/iommu/iommufd/main.c | 2 +
> drivers/iommu/iommufd/viommu.c | 52 +++++++++++++++++++++++--
> include/linux/iommufd.h | 1 +
> include/uapi/linux/iommufd.h | 5 +++
> 6 files changed, 119 insertions(+), 4 deletions(-)
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Jason
next prev parent reply other threads:[~2025-07-15 13:37 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-15 6:32 [PATCH v5 0/8] iommufd: Destroy vdevice on device unbind Xu Yilun
2025-07-15 6:32 ` [PATCH v5 1/8] iommufd/viommu: Roll back to use iommufd_object_alloc() for vdevice Xu Yilun
2025-07-15 6:32 ` [PATCH v5 2/8] iommufd: Add iommufd_object_tombstone_user() helper Xu Yilun
2025-07-15 6:32 ` [PATCH v5 3/8] iommufd: Add a pre_destroy() op for objects Xu Yilun
2025-07-15 13:19 ` Jason Gunthorpe
2025-07-15 6:32 ` [PATCH v5 4/8] iommufd: Destroy vdevice on idevice destroy Xu Yilun
2025-07-15 13:37 ` Jason Gunthorpe [this message]
2025-07-15 6:32 ` [PATCH v5 5/8] iommufd/vdevice: Remove struct device reference from struct vdevice Xu Yilun
2025-07-15 13:38 ` Jason Gunthorpe
2025-07-15 18:56 ` Nicolin Chen
2025-07-16 6:09 ` Xu Yilun
2025-07-15 20:44 ` kernel test robot
2025-07-15 6:32 ` [PATCH v5 6/8] iommufd/selftest: Explicitly skip tests for inapplicable variant Xu Yilun
2025-07-15 19:13 ` Nicolin Chen
2025-07-16 6:23 ` Xu Yilun
2025-07-15 6:32 ` [PATCH v5 7/8] iommufd/selftest: Add coverage for vdevice tombstone Xu Yilun
2025-07-15 19:03 ` Nicolin Chen
2025-07-15 6:32 ` [PATCH v5 8/8] iommufd: Rename some shortterm-related identifiers Xu Yilun
2025-07-15 13:39 ` Jason Gunthorpe
2025-07-15 19:13 ` Nicolin Chen
2025-07-15 19:33 ` [PATCH v5 0/8] iommufd: Destroy vdevice on device unbind Nicolin Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250715133737.GO2067380@nvidia.com \
--to=jgg@nvidia.com \
--cc=aik@amd.com \
--cc=aneesh.kumar@kernel.org \
--cc=baolu.lu@linux.intel.com \
--cc=dan.j.williams@intel.com \
--cc=iommu@lists.linux.dev \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nicolinc@nvidia.com \
--cc=robin.murphy@arm.com \
--cc=shuah@kernel.org \
--cc=will@kernel.org \
--cc=yilun.xu@intel.com \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.