From: Lu Baolu <baolu.lu@linux.intel.com>
To: Christoph Hellwig <hch@infradead.org>
Cc: Stuart Yoder <stuyoder@gmail.com>,
rafael@kernel.org, David Airlie <airlied@linux.ie>,
linux-pci@vger.kernel.org,
Thierry Reding <thierry.reding@gmail.com>,
Diana Craciun <diana.craciun@oss.nxp.com>,
Dmitry Osipenko <digetx@gmail.com>, Will Deacon <will@kernel.org>,
Ashok Raj <ashok.raj@intel.com>,
Jonathan Hunter <jonathanh@nvidia.com>,
Jason Gunthorpe <jgg@nvidia.com>,
Kevin Tian <kevin.tian@intel.com>,
Chaitanya Kulkarni <kch@nvidia.com>,
Alex Williamson <alex.williamson@redhat.com>,
kvm@vger.kernel.org, Bjorn Helgaas <bhelgaas@google.com>,
Dan Williams <dan.j.williams@intel.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Cornelia Huck <cohuck@redhat.com>,
linux-kernel@vger.kernel.org, Li Yang <leoyang.li@nxp.com>,
iommu@lists.linux-foundation.org,
Jacob jun Pan <jacob.jun.pan@intel.com>,
Daniel Vetter <daniel@ffwll.ch>,
Robin Murphy <robin.murphy@arm.com>
Subject: Re: [PATCH v3 01/18] iommu: Add device dma ownership set/release interfaces
Date: Tue, 7 Dec 2021 10:07:16 +0800 [thread overview]
Message-ID: <2872aa9f-c325-ca28-fb64-f86857ad3e91@linux.intel.com> (raw)
In-Reply-To: <Ya4hZ2F7MYusgmSB@infradead.org>
On 12/6/21 10:42 PM, Christoph Hellwig wrote:
> On Mon, Dec 06, 2021 at 09:58:46AM +0800, Lu Baolu wrote:
>> >From the perspective of who is initiating the device to do DMA, device
>> DMA could be divided into the following types:
>>
>> DMA_OWNER_DMA_API: Device DMAs are initiated by a kernel driver
>> through the kernel DMA API.
>> DMA_OWNER_PRIVATE_DOMAIN: Device DMAs are initiated by a kernel
>> driver with its own PRIVATE domain.
>> DMA_OWNER_PRIVATE_DOMAIN_USER: Device DMAs are initiated by
>> userspace.
>>
>> Different DMA ownerships are exclusive for all devices in the same iommu
>> group as an iommu group is the smallest granularity of device isolation
>> and protection that the IOMMU subsystem can guarantee. This extends the
>> iommu core to enforce this exclusion.
>>
>> Basically two new interfaces are provided:
>>
>> int iommu_device_set_dma_owner(struct device *dev,
>> enum iommu_dma_owner type, void *owner_cookie);
>> void iommu_device_release_dma_owner(struct device *dev,
>> enum iommu_dma_owner type);
>>
>> Although above interfaces are per-device, DMA owner is tracked per group
>> under the hood. An iommu group cannot have different dma ownership set
>> at the same time. Violation of this assumption fails
>> iommu_device_set_dma_owner().
>>
>> Kernel driver which does DMA have DMA_OWNER_DMA_API automatically set/
>> released in the driver binding/unbinding process (see next patch).
>>
>> Kernel driver which doesn't do DMA could avoid setting the owner type.
>> Device bound to such driver is considered same as a driver-less device
>> which is compatible to all owner types.
>>
>> Userspace driver framework (e.g. vfio) should set
>> DMA_OWNER_PRIVATE_DOMAIN_USER for a device before the userspace is allowed
>> to access it, plus a owner cookie pointer to mark the user identity so a
>> single group cannot be operated by multiple users simultaneously. Vice
>> versa, the owner type should be released after the user access permission
>> is withdrawn.
>>
>> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
>> Signed-off-by: Kevin Tian <kevin.tian@intel.com>
>> Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
>> ---
>> include/linux/iommu.h | 36 +++++++++++++++++
>> drivers/iommu/iommu.c | 93 +++++++++++++++++++++++++++++++++++++++++++
>> 2 files changed, 129 insertions(+)
>>
>> diff --git a/include/linux/iommu.h b/include/linux/iommu.h
>> index d2f3435e7d17..24676b498f38 100644
>> --- a/include/linux/iommu.h
>> +++ b/include/linux/iommu.h
>> @@ -162,6 +162,23 @@ enum iommu_dev_features {
>> IOMMU_DEV_FEAT_IOPF,
>> };
>>
>> +/**
>> + * enum iommu_dma_owner - IOMMU DMA ownership
>> + * @DMA_OWNER_NONE: No DMA ownership.
>> + * @DMA_OWNER_DMA_API: Device DMAs are initiated by a kernel driver through
>> + * the kernel DMA API.
>> + * @DMA_OWNER_PRIVATE_DOMAIN: Device DMAs are initiated by a kernel driver
>> + * which provides an UNMANAGED domain.
>> + * @DMA_OWNER_PRIVATE_DOMAIN_USER: Device DMAs are initiated by userspace,
>> + * kernel ensures that DMAs never go to kernel memory.
>> + */
>> +enum iommu_dma_owner {
>> + DMA_OWNER_NONE,
>> + DMA_OWNER_DMA_API,
>> + DMA_OWNER_PRIVATE_DOMAIN,
>> + DMA_OWNER_PRIVATE_DOMAIN_USER,
>> +};
>> +
>> #define IOMMU_PASID_INVALID (-1U)
>>
>> #ifdef CONFIG_IOMMU_API
>> @@ -681,6 +698,10 @@ struct iommu_sva *iommu_sva_bind_device(struct device *dev,
>> void iommu_sva_unbind_device(struct iommu_sva *handle);
>> u32 iommu_sva_get_pasid(struct iommu_sva *handle);
>>
>> +int iommu_device_set_dma_owner(struct device *dev, enum iommu_dma_owner owner,
>> + void *owner_cookie);
>> +void iommu_device_release_dma_owner(struct device *dev, enum iommu_dma_owner owner);
>> +
>> #else /* CONFIG_IOMMU_API */
>>
>> struct iommu_ops {};
>> @@ -1081,6 +1102,21 @@ static inline struct iommu_fwspec *dev_iommu_fwspec_get(struct device *dev)
>> {
>> return NULL;
>> }
>> +
>> +static inline int iommu_device_set_dma_owner(struct device *dev,
>> + enum iommu_dma_owner owner,
>> + void *owner_cookie)
>> +{
>> + if (owner != DMA_OWNER_DMA_API)
>> + return -EINVAL;
>> +
>> + return 0;
>> +}
>> +
>> +static inline void iommu_device_release_dma_owner(struct device *dev,
>> + enum iommu_dma_owner owner)
>> +{
>> +}
>> #endif /* CONFIG_IOMMU_API */
>>
>> /**
>> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
>> index 8b86406b7162..1de520a07518 100644
>> --- a/drivers/iommu/iommu.c
>> +++ b/drivers/iommu/iommu.c
>> @@ -48,6 +48,9 @@ struct iommu_group {
>> struct iommu_domain *default_domain;
>> struct iommu_domain *domain;
>> struct list_head entry;
>> + enum iommu_dma_owner dma_owner;
>> + refcount_t owner_cnt;
>
> owner_cnt is only manipulated under group->mutex, not need for a
> refcount_t here, a plain unsigned int while do it and will also
> simplify a fair bit of code as it avoid the need for atomic add/sub
> and test operations.
Fair enough.
>
>> +static int __iommu_group_set_dma_owner(struct iommu_group *group,
>> + enum iommu_dma_owner owner,
>> + void *owner_cookie)
>> +{
>
> As pointed out last time, please move the group->mutex locking into
> this helper, which makes it identical to the later added public
> function.
I didn't mean to ignore your comment. :-) As I replied, by placing the
lock out of the function, the helper could easily handle the error paths
(return directly without something like "goto out_unlock").
As the implementation of iommu_group_set_dma_owner() has been greatly
simplified, I agree with you now, we should move the group->mutex
locking into the helper and make it identical to the latter public
interface.
I will work towards this.
>
>> +static void __iommu_group_release_dma_owner(struct iommu_group *group,
>> + enum iommu_dma_owner owner)
>> +{
>
> Same here.
>
Ditto.
Best regards,
baolu
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2021-12-07 2:07 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-06 1:58 [PATCH v3 00/18] Fix BUG_ON in vfio_iommu_group_notifier() Lu Baolu
2021-12-06 1:58 ` [PATCH v3 01/18] iommu: Add device dma ownership set/release interfaces Lu Baolu
2021-12-06 13:35 ` Joerg Roedel
2021-12-06 14:29 ` Christoph Hellwig
2021-12-06 15:01 ` Jason Gunthorpe via iommu
2021-12-07 1:52 ` Lu Baolu
2021-12-06 14:42 ` Christoph Hellwig
2021-12-07 2:07 ` Lu Baolu [this message]
2021-12-06 1:58 ` [PATCH v3 02/18] driver core: Add dma_cleanup callback in bus_type Lu Baolu
2021-12-06 1:58 ` [PATCH v3 03/18] driver core: platform: Rename platform_dma_configure() Lu Baolu
2021-12-06 7:53 ` Greg Kroah-Hartman
2021-12-06 14:13 ` Christoph Hellwig
2021-12-06 14:43 ` Greg Kroah-Hartman
2021-12-06 14:45 ` Jason Gunthorpe via iommu
2021-12-06 14:47 ` Christoph Hellwig
2021-12-06 15:04 ` Jason Gunthorpe via iommu
2021-12-07 1:21 ` Lu Baolu
2021-12-07 23:09 ` Dan Williams
2021-12-06 1:58 ` [PATCH v3 04/18] driver core: platform: Add driver dma ownership management Lu Baolu
2021-12-06 7:54 ` Greg Kroah-Hartman
2021-12-06 14:36 ` Christoph Hellwig
2021-12-06 15:06 ` Jason Gunthorpe via iommu
2021-12-07 2:57 ` Lu Baolu
2021-12-07 13:16 ` Jason Gunthorpe via iommu
2021-12-07 13:25 ` Christoph Hellwig
2021-12-07 13:30 ` Jason Gunthorpe via iommu
2021-12-09 1:20 ` Lu Baolu
2021-12-10 1:23 ` Lu Baolu
2021-12-13 0:50 ` Lu Baolu
2021-12-13 13:24 ` Jason Gunthorpe via iommu
2021-12-15 12:24 ` Lu Baolu
2021-12-14 16:35 ` Christoph Hellwig
2021-12-06 1:58 ` [PATCH v3 05/18] amba: " Lu Baolu
2021-12-06 1:58 ` [PATCH v3 06/18] bus: fsl-mc: " Lu Baolu
2021-12-06 1:58 ` [PATCH v3 07/18] PCI: " Lu Baolu
2021-12-06 1:58 ` [PATCH v3 08/18] PCI: pci_stub: Suppress kernel DMA ownership auto-claiming Lu Baolu
2021-12-06 1:58 ` [PATCH v3 09/18] PCI: portdrv: " Lu Baolu
2021-12-06 1:58 ` [PATCH v3 10/18] iommu: Add security context management for assigned devices Lu Baolu
2021-12-06 1:58 ` [PATCH v3 11/18] iommu: Expose group variants of dma ownership interfaces Lu Baolu
2021-12-06 1:58 ` [PATCH v3 12/18] iommu: Add iommu_at[de]tach_device_shared() for multi-device groups Lu Baolu
2021-12-06 14:43 ` Christoph Hellwig
2021-12-07 2:33 ` Lu Baolu
2021-12-06 1:58 ` [PATCH v3 13/18] vfio: Set DMA USER ownership for VFIO devices Lu Baolu
2021-12-06 1:58 ` [PATCH v3 14/18] vfio: Remove use of vfio_group_viable() Lu Baolu
2021-12-06 1:59 ` [PATCH v3 15/18] vfio: Delete the unbound_list Lu Baolu
2021-12-06 1:59 ` [PATCH v3 16/18] vfio: Remove iommu group notifier Lu Baolu
2021-12-06 1:59 ` [PATCH v3 17/18] iommu: Remove iommu group changes notifier Lu Baolu
2021-12-06 1:59 ` [PATCH v3 18/18] drm/tegra: Use the iommu dma_owner mechanism Lu Baolu
2021-12-06 12:40 ` Jason Gunthorpe via iommu
2021-12-07 2:34 ` Lu Baolu
2021-12-17 6:41 ` [PATCH v3 00/18] Fix BUG_ON in vfio_iommu_group_notifier() Lu Baolu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2872aa9f-c325-ca28-fb64-f86857ad3e91@linux.intel.com \
--to=baolu.lu@linux.intel.com \
--cc=airlied@linux.ie \
--cc=alex.williamson@redhat.com \
--cc=ashok.raj@intel.com \
--cc=bhelgaas@google.com \
--cc=cohuck@redhat.com \
--cc=dan.j.williams@intel.com \
--cc=daniel@ffwll.ch \
--cc=diana.craciun@oss.nxp.com \
--cc=digetx@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@infradead.org \
--cc=iommu@lists.linux-foundation.org \
--cc=jacob.jun.pan@intel.com \
--cc=jgg@nvidia.com \
--cc=jonathanh@nvidia.com \
--cc=kch@nvidia.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=leoyang.li@nxp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=rafael@kernel.org \
--cc=robin.murphy@arm.com \
--cc=stuyoder@gmail.com \
--cc=thierry.reding@gmail.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox