From: Jason Gunthorpe <jgg@nvidia.com>
To: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Cc: nicolinc@nvidia.com, linux-kernel@vger.kernel.org,
robin.murphy@arm.com, will@kernel.org, joro@8bytes.org,
kevin.tian@intel.com, jsnitsel@redhat.com, vasant.hegde@amd.com,
iommu@lists.linux.dev, santosh.shukla@amd.com,
sairaj.arunkodilkar@amd.com, jon.grimm@amd.com,
prashanthpra@google.com, wvw@google.com, wnliu@google.com,
gptran@google.com, kpsingh@google.com, joao.m.martins@oracle.com,
alejandro.j.jimenez@oracle.com
Subject: Re: [PATCH v3 15/15] iommu/amd: Add support for nested domain attach/detach
Date: Fri, 10 Oct 2025 20:20:24 -0300 [thread overview]
Message-ID: <20251010232024.GP3901471@nvidia.com> (raw)
In-Reply-To: <20251009235755.4497-16-suravee.suthikulpanit@amd.com>
On Thu, Oct 09, 2025 at 11:57:55PM +0000, Suravee Suthikulpanit wrote:
> Introduce set_dte_nested() to program guest translation settings in
> the host DTE when attaches the nested domain to a device.
>
> In addition, introduce struct amd_iommu_viommu, which stores reference to
> the nest parent domain assigned during the call to struct
> iommu_ops.viommu_init(). Information in the nest parent domain is needed
> when setting up the DTE for nested translation.
>
> Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
> ---
> drivers/iommu/amd/amd_iommu.h | 3 ++
> drivers/iommu/amd/amd_iommu_types.h | 8 ++++
> drivers/iommu/amd/iommu.c | 8 ++--
> drivers/iommu/amd/nested.c | 66 +++++++++++++++++++++++++++++
> 4 files changed, 81 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/iommu/amd/amd_iommu.h b/drivers/iommu/amd/amd_iommu.h
> index cfb63de7732a..98351b0cb9a0 100644
> --- a/drivers/iommu/amd/amd_iommu.h
> +++ b/drivers/iommu/amd/amd_iommu.h
> @@ -190,6 +190,9 @@ struct iommu_dev_data *search_dev_data(struct amd_iommu *iommu, u16 devid);
> int amd_iommu_completion_wait(struct amd_iommu *iommu);
>
> /* DTE */
> +void amd_iommu_set_dte_v1(struct iommu_dev_data *dev_data,
> + struct protection_domain *domain, u16 domid,
> + struct dev_table_entry *new);
> int amd_iommu_device_flush_dte(struct iommu_dev_data *dev_data);
> void amd_iommu_update_dte256(struct amd_iommu *iommu,
> struct iommu_dev_data *dev_data,
> diff --git a/drivers/iommu/amd/amd_iommu_types.h b/drivers/iommu/amd/amd_iommu_types.h
> index a68b5c2fc0a2..683ee288c636 100644
> --- a/drivers/iommu/amd/amd_iommu_types.h
> +++ b/drivers/iommu/amd/amd_iommu_types.h
> @@ -17,6 +17,7 @@
> #include <linux/list.h>
> #include <linux/spinlock.h>
> #include <linux/pci.h>
> +#include <linux/iommufd.h>
> #include <linux/irqreturn.h>
> #include <linux/io-pgtable.h>
>
> @@ -420,6 +421,7 @@
> #define DTE_FLAG_HAD (3ULL << 7)
> #define DTE_MODE_MASK GENMASK_ULL(11, 9)
> #define DTE_HOST_TRP GENMASK_ULL(51, 12)
> +#define DTE_FLAG_PPR BIT_ULL(52)
> #define DTE_FLAG_GIOV BIT_ULL(54)
> #define DTE_FLAG_GV BIT_ULL(55)
> #define DTE_GLX GENMASK_ULL(57, 56)
> @@ -590,6 +592,11 @@ struct pdom_iommu_info {
> u32 refcnt; /* Count of attached dev/pasid per domain/IOMMU */
> };
>
> +struct amd_iommu_viommu {
> + struct iommufd_viommu core;
> + struct protection_domain *parent; /* nest parent domain for this viommu */
> +};
This alone is not enough, the core code needs to allocate this
memory too. Make adding the viommu to be its own patch before adding
allocating the nested domain and move these hunks:
> @@ -607,6 +614,7 @@ struct nested_domain {
> struct iommu_domain domain; /* generic domain handle used by iommu core code */
> u16 id; /* the domain id written to the device table */
> struct iommu_hwpt_amd_guest gdte; /* Guest vIOMMU DTE */
> + struct amd_iommu_viommu *viommu; /* AMD hw-viommu this nested domain belong to */
Into the nested domain allocation patch.
> @@ -2044,9 +2044,9 @@ static void set_dte_gcr3_table(struct amd_iommu *iommu,
> target->data[2] |= FIELD_PREP(DTE_GPT_LEVEL_MASK, GUEST_PGTABLE_4_LEVEL);
> }
>
> -static void set_dte_v1(struct iommu_dev_data *dev_data,
> - struct protection_domain *domain, u16 domid,
> - struct dev_table_entry *new)
> +void amd_iommu_set_dte_v1(struct iommu_dev_data *dev_data,
> + struct protection_domain *domain, u16 domid,
> + struct dev_table_entry *new)
> {
Give the function the right name in the patch that adds it?
> diff --git a/drivers/iommu/amd/nested.c b/drivers/iommu/amd/nested.c
> index 3307c925d3c1..ca3d3001c87f 100644
> --- a/drivers/iommu/amd/nested.c
> +++ b/drivers/iommu/amd/nested.c
> @@ -63,6 +63,7 @@ amd_iommu_alloc_domain_nested(struct iommufd_viommu *viommu, u32 flags,
> const struct iommu_user_data *user_data)
> {
> int ret;
> + struct amd_iommu_viommu *aviommu = container_of(viommu, struct amd_iommu_viommu, core);
> struct iommu_hwpt_amd_guest gdte;
> struct nested_domain *ndom;
>
> @@ -85,6 +86,7 @@ amd_iommu_alloc_domain_nested(struct iommufd_viommu *viommu, u32 flags,
>
> ndom->domain.ops = &nested_domain_ops;
> ndom->domain.type = IOMMU_DOMAIN_NESTED;
> + ndom->viommu = aviommu;
> memcpy(&ndom->gdte, &gdte, sizeof(gdte));
These hunks to the nesting domain allocation patch
> +static void set_dte_nested(struct amd_iommu *iommu,
> + struct iommu_domain *dom,
> + struct iommu_dev_data *dev_data)
> +{
> + struct protection_domain *parent;
> + struct dev_table_entry new = {0};
> + struct nested_domain *ndom = to_ndomain(dom);
> + struct iommu_hwpt_amd_guest *gdte = &ndom->gdte;
> +
> + /*
> + * The nest parent domain is attached during the call to the
> + * struct iommu_ops.viommu_init(), which will be stored as part
> + * of the struct amd_iommu_viommu.parent.
> + */
> + if (WARN_ON(!ndom->viommu || !ndom->viommu->parent))
> + return;
> +
> + parent = ndom->viommu->parent;
> + amd_iommu_make_clear_dte(dev_data, &new);
> +
> + /*
> + * Use nested domain ID to program DTE.
> + * See amd_iommu_alloc_domain_nested().
> + */
> + amd_iommu_set_dte_v1(dev_data, parent, ndom->id, &new);
> +
> + /* Guest PPR */
> + new.data[0] |= gdte->dte[0] & DTE_FLAG_PPR;
> +
> + /* Guest translation stuff */
> + new.data[0] |= gdte->dte[0] & (DTE_GLX | DTE_FLAG_GV | DTE_FLAG_GIOV);
> +
> + /* GCR3 table */
> + new.data[0] |= gdte->dte[0] & DTE_GCR3_14_12;
> + new.data[1] |= gdte->dte[1] & (DTE_GCR3_30_15 | DTE_GCR3_51_31);
> +
> + /* Guest paging mode */
> + new.data[2] |= gdte->dte[2] & DTE_GPT_LEVEL_MASK;
> +
> + amd_iommu_update_dte256(iommu, dev_data, &new);
> +}
This looks good
> +static int nested_attach_device(struct iommu_domain *dom, struct device *dev)
> +{
> + struct iommu_dev_data *dev_data = dev_iommu_priv_get(dev);
> + struct amd_iommu *iommu = get_amd_iommu_from_dev_data(dev_data);
> + int ret = 0;
> +
> + if (WARN_ON(dom->type != IOMMU_DOMAIN_NESTED))
> + return -EINVAL;
> +
> + mutex_lock(&dev_data->mutex);
> +
> + /* Update device table entry */
> + set_dte_nested(iommu, dom, dev_data);
> + amd_iommu_device_flush_dte(dev_data);
> + amd_iommu_completion_wait(iommu);
> +
> + mutex_unlock(&dev_data->mutex);
Where does the code record the ndom->id to push invalidates when the
S2 is changed? Seems like an important thing to be missing!
Shouldn't all this attach related stuff be in here too??
ret = pdom_attach_iommu(iommu, domain);
dev_data->domain = domain;
spin_lock_irqsave(&domain->lock, flags);
list_add(&dev_data->list, &domain->dev_list);
spin_unlock_irqrestore(&domain->lock, flags);
At a bare minimum if the series is going to stop here then it must
also do correct invalidation for any S2 changes.
Given that, I'd suggest to also fix the domain id's with the xarray so
you don't have to redo the invalidation logic.
Jason
next prev parent reply other threads:[~2025-10-10 23:20 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-09 23:57 [PATCH v3 00/15] iommu/amd: Introduce Nested Translation support Suravee Suthikulpanit
2025-10-09 23:57 ` [PATCH v3 01/15] iommu/amd: Rename DEV_DOMID_MASK to DTE_DOMID_MASK Suravee Suthikulpanit
2025-10-13 10:51 ` Sairaj Kodilkar
2025-10-14 2:08 ` Suthikulpanit, Suravee
2025-10-09 23:57 ` [PATCH v3 02/15] iommu/amd: Make amd_iommu_pdom_id_alloc() non-static Suravee Suthikulpanit
2025-10-09 23:57 ` [PATCH v3 03/15] iommu/amd: Make amd_iommu_pdom_id_free() non-static Suravee Suthikulpanit
2025-10-09 23:57 ` [PATCH v3 04/15] iommu/amd: Make amd_iommu_device_flush_dte() non-static Suravee Suthikulpanit
2025-10-09 23:57 ` [PATCH v3 05/15] iommu/amd: Make amd_iommu_update_dte256() non-static Suravee Suthikulpanit
2025-10-09 23:57 ` [PATCH v3 06/15] iommu/amd: Make amd_iommu_make_clear_dte() non-static inline Suravee Suthikulpanit
2025-10-09 23:57 ` [PATCH v3 07/15] iommu/amd: Make amd_iommu_completion_wait() non-static Suravee Suthikulpanit
2025-10-09 23:57 ` [PATCH v3 08/15] iommufd: Introduce data struct for AMD nested domain allocation Suravee Suthikulpanit
2025-10-09 23:57 ` [PATCH v3 09/15] iommu/amd: Always enable GCR3TRPMode when supported Suravee Suthikulpanit
2025-10-10 22:37 ` Jason Gunthorpe
2025-10-09 23:57 ` [PATCH v3 10/15] iommu/amd: Add support for nest parent domain allocation Suravee Suthikulpanit
2025-10-10 22:38 ` Jason Gunthorpe
2025-10-09 23:57 ` [PATCH v3 11/15] iommu/amd: Add support for nested " Suravee Suthikulpanit
2025-10-10 22:54 ` Jason Gunthorpe
2025-10-09 23:57 ` [PATCH v3 12/15] iommu/amd: Validate guest DTE for nested translation Suravee Suthikulpanit
2025-10-10 22:55 ` Jason Gunthorpe
2025-10-09 23:57 ` [PATCH v3 13/15] iommu/amd: Refactor persistent DTE bits programming into amd_iommu_make_clear_dte() Suravee Suthikulpanit
2025-10-10 22:56 ` Jason Gunthorpe
2025-10-09 23:57 ` [PATCH v3 14/15] iommu/amd: Refactor logic to program the host page table in DTE Suravee Suthikulpanit
2025-10-10 23:09 ` Jason Gunthorpe
2025-10-21 1:26 ` Suthikulpanit, Suravee
2025-10-09 23:57 ` [PATCH v3 15/15] iommu/amd: Add support for nested domain attach/detach Suravee Suthikulpanit
2025-10-10 23:20 ` Jason Gunthorpe [this message]
2025-10-20 23:17 ` Suthikulpanit, Suravee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251010232024.GP3901471@nvidia.com \
--to=jgg@nvidia.com \
--cc=alejandro.j.jimenez@oracle.com \
--cc=gptran@google.com \
--cc=iommu@lists.linux.dev \
--cc=joao.m.martins@oracle.com \
--cc=jon.grimm@amd.com \
--cc=joro@8bytes.org \
--cc=jsnitsel@redhat.com \
--cc=kevin.tian@intel.com \
--cc=kpsingh@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nicolinc@nvidia.com \
--cc=prashanthpra@google.com \
--cc=robin.murphy@arm.com \
--cc=sairaj.arunkodilkar@amd.com \
--cc=santosh.shukla@amd.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=vasant.hegde@amd.com \
--cc=will@kernel.org \
--cc=wnliu@google.com \
--cc=wvw@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox