From: Jason Gunthorpe <jgg@nvidia.com>
To: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Cc: nicolinc@nvidia.com, linux-kernel@vger.kernel.org,
robin.murphy@arm.com, will@kernel.org, joro@8bytes.org,
kevin.tian@intel.com, jsnitsel@redhat.com, vasant.hegde@amd.com,
iommu@lists.linux.dev, santosh.shukla@amd.com,
sairaj.arunkodilkar@amd.com, jon.grimm@amd.com,
prashanthpra@google.com, wvw@google.com, wnliu@google.com,
gptran@google.com, kpsingh@google.com, joao.m.martins@oracle.com,
alejandro.j.jimenez@oracle.com
Subject: Re: [PATCH v4 13/16] iommu/amd: Track host Domain ID mapping for each guest Domain ID
Date: Wed, 22 Oct 2025 17:08:19 -0300 [thread overview]
Message-ID: <20251022200819.GE262900@nvidia.com> (raw)
In-Reply-To: <20251021014324.5837-14-suravee.suthikulpanit@amd.com>
On Tue, Oct 21, 2025 at 01:43:21AM +0000, Suravee Suthikulpanit wrote:
> Each nested domain is assigned guest domain ID (gDomID), which guest OS
> programs into guest Device Table Entry (gDTE). For each gDomID, the driver
> assigns a corresponding host domain ID (hDomID), which will be programmed
> into the host Device Table Entry (hDTE).
>
> The gDTE to hDTE 1:1 mapping is stored in the nest parent domain using
> an xarray (struct protection_domain.gdomid_array). When invalidate the
> nest parent domain, the INVALIDATE_IOMMU_PAGES must be issued for each
> hDomID in the gdomid_array.
I think this should be stored in the viommu..
It is a small unrealistic detail but very pedantically the API allows
creating two VIOMMU's from the same NEST PARENT domain and if someone
did this then each of the VIOMMU should have its own private gDomID
number space and own separated xarray.
Allowing two VIOMMUs to share the same hDomID could be problematic
because we don't know the PASID layout is consistent.
> +static int iommu_flush_hdom_ids(struct amd_iommu *iommu,
> + u64 address, size_t size,
> + struct protection_domain *parent)
> +{
> + int ret = 0;
> + unsigned long i;
> + struct iommu_cmd cmd;
> + struct nested_domain *ndom;
> +
> + xa_for_each(&parent->gdomid_array, i, ndom) {
This doesn't seem right.. There could be many nested_domains sharing
the same gDomID..
I expect this xarray to have a struct like
struct gdomid {
refcount_t users;
u32 hdomid;
};
And each nested_domain will go into the viommu and either allocate a
new gdomid or ++users for the existing one. Inverse when destroying a
nested_domain.
> @@ -92,6 +92,49 @@ amd_iommu_alloc_domain_nested(struct iommufd_viommu *viommu, u32 flags,
> ndom->domain.type = IOMMU_DOMAIN_NESTED;
> ndom->viommu = aviommu;
>
> + /*
> + * Normally, when a guest has multiple pass-through devices,
> + * the IOMMU driver setup DTEs with the same stage-2 table and
> + * use the same host domain ID (hDomId). In case of nested translation,
> + * if the guest setup different stage-1 tables with same PASID,
> + * IOMMU would use the same TLB tag. This will results in TLB
> + * aliasing issue.
> + *
> + * The guest is assigning gDomIDs based on its own algorithm for managing
> + * cache tags of (DomID, PASID). Within a single viommu, the nest parent domain
> + * (w/ S2 table) is used by all DTEs. But we need to consistently map the gDomID
> + * to a single hDomID. This is done using an xarray in the nest parent domain to
> + * keep track of the gDomID mapping. When the S2 is changed, the INVALIDATE_IOMMU_PAGES
> + * command must be issued for each hDomID in the xarray.
> + *
> + * Since there is no invalidation support and no viommu yet, just always use a
> + * unique hDomID for now.
It is not "for now" anymore, this is the correct algorithm..
Jason
next prev parent reply other threads:[~2025-10-22 20:08 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-21 1:43 [PATCH v4 00/16] iommu/amd: Introduce Nested Translation support Suravee Suthikulpanit
2025-10-21 1:43 ` [PATCH v4 01/16] iommu/amd: Rename DEV_DOMID_MASK to DTE_DOMID_MASK Suravee Suthikulpanit
2025-11-08 17:25 ` Vasant Hegde
2025-10-21 1:43 ` [PATCH v4 02/16] iommu/amd: Make amd_iommu_pdom_id_alloc() non-static Suravee Suthikulpanit
2025-11-08 17:24 ` Vasant Hegde
2025-10-21 1:43 ` [PATCH v4 03/16] iommu/amd: Make amd_iommu_pdom_id_free() non-static Suravee Suthikulpanit
2025-11-08 17:26 ` Vasant Hegde
2025-10-21 1:43 ` [PATCH v4 04/16] iommu/amd: Make amd_iommu_device_flush_dte() non-static Suravee Suthikulpanit
2025-11-08 17:27 ` Vasant Hegde
2025-10-21 1:43 ` [PATCH v4 05/16] iommu/amd: Make amd_iommu_update_dte256() non-static Suravee Suthikulpanit
2025-11-08 17:27 ` Vasant Hegde
2025-10-21 1:43 ` [PATCH v4 06/16] iommu/amd: Make amd_iommu_make_clear_dte() non-static inline Suravee Suthikulpanit
2025-11-08 17:27 ` Vasant Hegde
2025-10-21 1:43 ` [PATCH v4 07/16] iommu/amd: Make amd_iommu_completion_wait() non-static Suravee Suthikulpanit
2025-11-08 17:32 ` Vasant Hegde
2025-10-21 1:43 ` [PATCH v4 08/16] iommufd: Introduce data struct for AMD nested domain allocation Suravee Suthikulpanit
2025-11-08 17:30 ` Vasant Hegde
2025-10-21 1:43 ` [PATCH v4 09/16] iommu/amd: Always enable GCR3TRPMode when supported Suravee Suthikulpanit
2025-10-23 2:24 ` Nicolin Chen
2025-11-08 17:39 ` Vasant Hegde
2025-11-11 13:59 ` Suthikulpanit, Suravee
2025-10-21 1:43 ` [PATCH v4 10/16] iommu/amd: Add support for nest parent domain allocation Suravee Suthikulpanit
2025-10-23 2:27 ` Nicolin Chen
2025-10-23 20:08 ` Suthikulpanit, Suravee
2025-10-21 1:43 ` [PATCH v4 11/16] iommu/amd: Introduce struct amd_iommu_viommu Suravee Suthikulpanit
2025-10-22 20:00 ` Jason Gunthorpe
2025-10-23 2:33 ` Nicolin Chen
2025-10-21 1:43 ` [PATCH v4 12/16] iommu/amd: Add support for nested domain allocation Suravee Suthikulpanit
2025-10-22 20:01 ` Jason Gunthorpe
2025-10-21 1:43 ` [PATCH v4 13/16] iommu/amd: Track host Domain ID mapping for each guest Domain ID Suravee Suthikulpanit
2025-10-22 20:08 ` Jason Gunthorpe [this message]
2025-11-05 10:50 ` Suthikulpanit, Suravee
2025-11-05 13:35 ` Jason Gunthorpe
2025-10-21 1:43 ` [PATCH v4 14/16] iommu/amd: Refactor persistent DTE bits programming into amd_iommu_make_clear_dte() Suravee Suthikulpanit
2025-10-23 2:49 ` Nicolin Chen
2025-10-21 1:43 ` [PATCH v4 15/16] iommu/amd: Refactor logic to program the host page table in DTE Suravee Suthikulpanit
2025-10-23 13:08 ` Jason Gunthorpe
2025-11-08 17:26 ` Vasant Hegde
2025-11-08 23:03 ` Jason Gunthorpe
2025-11-12 18:40 ` Suthikulpanit, Suravee
2025-11-17 18:08 ` Jason Gunthorpe
2025-10-21 1:43 ` [PATCH v4 16/16] iommu/amd: Add support for nested domain attach/detach Suravee Suthikulpanit
2025-10-23 13:17 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251022200819.GE262900@nvidia.com \
--to=jgg@nvidia.com \
--cc=alejandro.j.jimenez@oracle.com \
--cc=gptran@google.com \
--cc=iommu@lists.linux.dev \
--cc=joao.m.martins@oracle.com \
--cc=jon.grimm@amd.com \
--cc=joro@8bytes.org \
--cc=jsnitsel@redhat.com \
--cc=kevin.tian@intel.com \
--cc=kpsingh@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nicolinc@nvidia.com \
--cc=prashanthpra@google.com \
--cc=robin.murphy@arm.com \
--cc=sairaj.arunkodilkar@amd.com \
--cc=santosh.shukla@amd.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=vasant.hegde@amd.com \
--cc=will@kernel.org \
--cc=wnliu@google.com \
--cc=wvw@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox