[v7,00/19] Add iommufd physical device operations for replace and alloc hwpt

Message ID	0-v7-6c0fd698eda2+5e3-iommufd_alloc_jgg@nvidia.com
Headers	show Return-Path: <linux-kselftest-owner@vger.kernel.org> From: Jason Gunthorpe <jgg@nvidia.com> To: iommu@lists.linux.dev, linux-kselftest@vger.kernel.org Cc: Lu Baolu <baolu.lu@linux.intel.com>, Kevin Tian <kevin.tian@intel.com>, kvm@vger.kernel.org, Lixiao Yang <lixiao.yang@intel.com>, Matthew Rosato <mjrosato@linux.ibm.com>, Nicolin Chen <nicolinc@nvidia.com>, Yi Liu <yi.l.liu@intel.com> Subject: [PATCH v7 00/19] Add iommufd physical device operations for replace and alloc hwpt Date: Mon, 15 May 2023 11:00:15 -0300 Message-Id: <0-v7-6c0fd698eda2+5e3-iommufd_alloc_jgg@nvidia.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain MIME-Version: 1.0 Precedence: bulk
Series	Add iommufd physical device operations for replace and alloc hwpt \| expand [v7,00/19] Add iommufd physical device operations for replace and alloc hwpt [v7,02/19] iommufd: Add iommufd_group [v7,03/19] iommufd: Replace the hwpt->devices list with iommufd_group [v7,05/19] iommufd: Keep track of each device's reserved regions instead of groups [v7,07/19] iommufd: Make sw_msi_start a group global [v7,11/19] iommufd: Fix locking around hwpt allocation [v7,13/19] iommu: Introduce a new iommu_group_replace_domain() API [v7,15/19] iommufd: Make destroy_rwsem use a lock class per object type [v7,17/19] iommufd: Add IOMMU_HWPT_ALLOC [v7,19/19] iommufd/selftest: Add a selftest for IOMMU_HWPT_ALLOC

Message ID

0-v7-6c0fd698eda2+5e3-iommufd_alloc_jgg@nvidia.com

Headers

From: Jason Gunthorpe <jgg@nvidia.com>
To: iommu@lists.linux.dev, linux-kselftest@vger.kernel.org
Cc: Lu Baolu <baolu.lu@linux.intel.com>,
        Kevin Tian <kevin.tian@intel.com>, kvm@vger.kernel.org,
        Lixiao Yang <lixiao.yang@intel.com>,
        Matthew Rosato <mjrosato@linux.ibm.com>,
        Nicolin Chen <nicolinc@nvidia.com>, Yi Liu <yi.l.liu@intel.com>
Subject: [PATCH v7 00/19] Add iommufd physical device operations for replace
 and alloc hwpt
Date: Mon, 15 May 2023 11:00:15 -0300
Message-Id: <0-v7-6c0fd698eda2+5e3-iommufd_alloc_jgg@nvidia.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 I7AMJ3fe5ca17QSyhBxwkcXlZJ3Kd+LpwiLKJa+4w9MP9Hux9FcfnLug/hQ/QJGn/js61+yaZFEacw3ybc9YJIGFzAJ0VCwBoTJil+GhXU74JWhzvu+p1WGc+5G7sVO5zYCWh8XEIj6zx8DXLqembrGwe/F/xCcYSlPSUJp4vDazdE2TBUfktv64py2kGFHqolkPkFC04W27pHtzd4BVcLiHRAMHMibywad5tsDq1rAkV41QMbuC+XsprIKTRDdbIJymluswRzkkxT8i+CasKoJ3rA/oiOJlQuU1lsIIafjJdw6C5CRi1wNJU/IQ1frYOcMhQTzZMl9EhcXfxKCaE4cetml7oPXD3H32CvGaP4j/Gmf/ebtNX8AeJtKfSE32kuUcFxs4EAgP3lwoBSAuJ086zXwNFVCc3Ub44tlX6iPevheklbDSCC3iiMs+F9HieAWPVh24WOQaeXt7TJrh5dL6WjL5cZqVwbSKAkHfaeAh5HtEkpIGepielYFLeWQe3LigsC5wjZ0Vn0+vSSUg2w2287qpW9XQ/UWy2iO9VxH9JzV++OPWd5njOyts0TXpeiVfJuLuDgPF0ksNItWnToWZrBG2dDMSY43J/24w92W6GLMePygpIfeSWOTW9Rgrn1P0Tw0OvjRDE9fR92Q7GOyamweOtqml1bKksZDYobaUYtLkWY7izYLcJu647agHx9uf/fD9zjyYzuofcAIiaNnlrWDNrQHg+x6yB24EFr/K1rkyRHPwTiDtoKoHwGQpgcPSls0cpGjpZz54dsN9svt3kXoYS+VtBrw2gLyXYbbKjYD5l5cV2FHRcVrC+hfnssoY5EAvfmrO/0Zk01hv2mMtCLjJOGc51FXdbrslkKnOMON7pp4wphF6EcU2iR/60bIvFklJDkyl99wm+lijadPjb00I4mL7rpo29fy5FG0scIoyaOGx6yD9AUrHRGJzm0ZehnEAfHmKC8XNZvctHAnTCy3Nz3H8iQvtqpxRZAa8JrqgmnWgscQFdPOH5qKmme2FKLmlPBjeUQc1ftPKuWMMeILrbYZ5I7uQZDlFmvLinqM9kF31adE6k3+AD+paI6dkXLUjefnkcck2w9Z2w0KD4wbZ2VGAR0ASCTo7bpEsYf9hWm3m/iuAuNHZ/qs6CuGOaNaTEtX1VEleCQq6VTqPX1VKKcBahUNLwArif5nnFqut2epvSaZOgBKcXuH2nzaZI6Du/NDYwF6XMX8vkcbIsqSE4TIegSeFbZ7Ox8UjJcNcnacO/8iz3WEQi/2YdvWugaDMf0zteShXx49n7JjerNCs55HR7gpHAZUa17EU8PQc/zSerP2xcLRmDerGsI/yGOCaNY1kioMH5HfNAiP5Dy/ljnn0eOf6xTFvhmpMRvg3OFC3GhXldFNr0QpUrqIIRlH7syicPSXprkX8qe/uu2WMVZ+UOXlCaRJqzMG556vGy7JV5EytpM1nFXok0coy6IkqG2/1wCEMb5TKuDmovxbwYYMuyNL86vVAIcxBaHoMm3pIBMNulpMzBJOswChLbD0U73zwReBQ7hQFz3Vg32ho+j335CNjFPoL9a4yHOH0CmbyJJQmOv1H/G8m
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 34e9ba18-60ac-4fce-c832-08db554cc32e
X-MS-Exchange-CrossTenant-AuthSource: LV2PR12MB5869.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2023 14:00:38.4565
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 WPg/zLjoHTH8BFZZorsJ1e0nOK/Ap6b7VRYS1KVpx0sL2tTDbURufhPzX4IKz6bp
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7954
Precedence: bulk
List-ID: <linux-kselftest.vger.kernel.org>
X-Mailing-List: linux-kselftest@vger.kernel.org

Series

Add iommufd physical device operations for replace and alloc hwpt | expand

Message

Jason Gunthorpe May 15, 2023, 2 p.m. UTC

This is the basic functionality for iommufd to support
iommufd_device_replace() and IOMMU_HWPT_ALLOC for physical devices.

iommufd_device_replace() allows changing the HWPT associated with the
device to a new IOAS or HWPT. Replace does this in way that failure leaves
things unchanged, and utilizes the iommu iommu_group_replace_domain() API
to allow the iommu driver to perform an optional non-disruptive change.

IOMMU_HWPT_ALLOC allows HWPTs to be explicitly allocated by the user and
used by attach or replace. At this point it isn't very useful since the
HWPT is the same as the automatically managed HWPT from the IOAS. However
a following series will allow userspace to customize the created HWPT.

The implementation is complicated because we have to introduce some
per-iommu_group memory in iommufd and redo how we think about multi-device
groups to be more explicit. This solves all the locking problems in the
prior attempts.

This series is infrastructure work for the following series which:
 - Add replace for attach
 - Expose replace through VFIO APIs
 - Implement driver parameters for HWPT creation (nesting)

Once review of this is complete I will keep it on a side branch and
accumulate the following series when they are ready so we can have a
stable base and make more incremental progress. When we have all the parts
together to get a full implementation it can go to Linus.

This is on github: https://github.com/jgunthorpe/linux/commits/iommufd_hwpt

v7:
 - Rebase to v6.4-rc2, update to new signature of iommufd_get_ioas()
v6: https://lore.kernel.org/r/0-v6-fdb604df649a+369-iommufd_alloc_jgg@nvidia.com
 - Go back to the v4 locking arragnment with now both the attach/detach
   igroup->locks inside the functions, Kevin says he needs this for a
   followup series. This still fixes the syzkaller bug
 - Fix two more error unwind locking bugs where
   iommufd_object_abort_and_destroy(hwpt) would deadlock or be mislocked.
   Make sure fail_nth will catch these mistakes
 - Add a patch allowing objects to have different abort than destroy
   function, it allows hwpt abort to require the caller to continue
   to hold the lock and enforces this with lockdep.
v5: https://lore.kernel.org/r/0-v5-6716da355392+c5-iommufd_alloc_jgg@nvidia.com
 - Go back to the v3 version of the code, keep the comment changes from
   v4. Syzkaller says the group lock change in v4 didn't work.
 - Adjust the fail_nth test to cover the path syzkaller found. We need to
   have an ioas with a mapped page installed to inject a failure during
   domain attachment.
v4: https://lore.kernel.org/r/0-v4-9cd79ad52ee8+13f5-iommufd_alloc_jgg@nvidia.com
 - Refine comments and commit messages
 - Move the group lock into iommufd_hw_pagetable_attach()
 - Fix error unwind in iommufd_device_do_replace()
v3: https://lore.kernel.org/r/0-v3-61d41fd9e13e+1f5-iommufd_alloc_jgg@nvidia.com
 - Refine comments and commit messages
 - Adjust the flow in iommufd_device_auto_get_domain() so pt_id is only
   set on success
 - Reject replace on non-attached devices
 - Add missing __reserved check for IOMMU_HWPT_ALLOC
v2: https://lore.kernel.org/r/0-v2-51b9896e7862+8a8c-iommufd_alloc_jgg@nvidia.com
 - Use WARN_ON for the igroup->group test and move that logic to a
   function iommufd_group_try_get()
 - Change igroup->devices to igroup->device list
   Replace will need to iterate over all attached idevs
 - Rename to iommufd_group_setup_msi()
 - New patch to export iommu_get_resv_regions()
 - New patch to use per-device reserved regions instead of per-group
   regions
 - Split out the reorganizing of iommufd_device_change_pt() from the
   replace patch
 - Replace uses the per-dev reserved regions
 - Use stdev_id in a few more places in the selftest
 - Fix error handling in IOMMU_HWPT_ALLOC
 - Clarify comments
 - Rebase on v6.3-rc1
v1: https://lore.kernel.org/all/0-v1-7612f88c19f5+2f21-iommufd_alloc_jgg@nvidia.com/

Jason Gunthorpe (17):
  iommufd: Move isolated msi enforcement to iommufd_device_bind()
  iommufd: Add iommufd_group
  iommufd: Replace the hwpt->devices list with iommufd_group
  iommu: Export iommu_get_resv_regions()
  iommufd: Keep track of each device's reserved regions instead of
    groups
  iommufd: Use the iommufd_group to avoid duplicate MSI setup
  iommufd: Make sw_msi_start a group global
  iommufd: Move putting a hwpt to a helper function
  iommufd: Add enforced_cache_coherency to iommufd_hw_pagetable_alloc()
  iommufd: Allow a hwpt to be aborted after allocation
  iommufd: Fix locking around hwpt allocation
  iommufd: Reorganize iommufd_device_attach into
    iommufd_device_change_pt
  iommufd: Add iommufd_device_replace()
  iommufd: Make destroy_rwsem use a lock class per object type
  iommufd: Add IOMMU_HWPT_ALLOC
  iommufd/selftest: Return the real idev id from selftest mock_domain
  iommufd/selftest: Add a selftest for IOMMU_HWPT_ALLOC

Nicolin Chen (2):
  iommu: Introduce a new iommu_group_replace_domain() API
  iommufd/selftest: Test iommufd_device_replace()

 drivers/iommu/iommu-priv.h                    |  10 +
 drivers/iommu/iommu.c                         |  41 +-
 drivers/iommu/iommufd/device.c                | 553 +++++++++++++-----
 drivers/iommu/iommufd/hw_pagetable.c          | 112 +++-
 drivers/iommu/iommufd/io_pagetable.c          |  32 +-
 drivers/iommu/iommufd/iommufd_private.h       |  52 +-
 drivers/iommu/iommufd/iommufd_test.h          |   6 +
 drivers/iommu/iommufd/main.c                  |  24 +-
 drivers/iommu/iommufd/selftest.c              |  40 ++
 include/linux/iommufd.h                       |   1 +
 include/uapi/linux/iommufd.h                  |  26 +
 tools/testing/selftests/iommu/iommufd.c       |  67 ++-
 .../selftests/iommu/iommufd_fail_nth.c        |  67 ++-
 tools/testing/selftests/iommu/iommufd_utils.h |  63 +-
 14 files changed, 868 insertions(+), 226 deletions(-)
 create mode 100644 drivers/iommu/iommu-priv.h


base-commit: f1fcbaa18b28dec10281551dfe6ed3a3ed80e3d6

Comments

Yi Liu July 7, 2023, 8 a.m. UTC | #1

> From: Jason Gunthorpe <jgg@nvidia.com>
> Sent: Monday, May 15, 2023 10:00 PM
> 
> Replace allows all the devices in a group to move in one step to a new
> HWPT. Further, the HWPT move is done without going through a blocking
> domain so that the IOMMU driver can implement some level of
> non-distruption to ongoing DMA if that has meaning for it (eg for future
> special driver domains)
> 
> Replace uses a lot of the same logic as normal attach, except the actual
> domain change over has different restrictions, and we are careful to
> sequence things so that failure is going to leave everything the way it
> was, and not get trapped in a blocking domain or something if there is
> ENOMEM.
> 
> Reviewed-by: Lu Baolu <baolu.lu@linux.intel.com>
> Reviewed-by: Kevin Tian <kevin.tian@intel.com>
> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
> ---
>  drivers/iommu/iommufd/device.c | 99 ++++++++++++++++++++++++++++++++++
>  drivers/iommu/iommufd/main.c   |  1 +
>  2 files changed, 100 insertions(+)
> 
> diff --git a/drivers/iommu/iommufd/device.c b/drivers/iommu/iommufd/device.c
> index b7868c877d1c1c..ce758fbe3c525d 100644
> --- a/drivers/iommu/iommufd/device.c
> +++ b/drivers/iommu/iommufd/device.c
> @@ -4,6 +4,7 @@
>  #include <linux/iommufd.h>
>  #include <linux/slab.h>
>  #include <linux/iommu.h>
> +#include "../iommu-priv.h"
> 
>  #include "io_pagetable.h"
>  #include "iommufd_private.h"
> @@ -365,6 +366,84 @@ iommufd_device_do_attach(struct iommufd_device *idev,
>  	return NULL;
>  }
> 
> +static struct iommufd_hw_pagetable *
> +iommufd_device_do_replace(struct iommufd_device *idev,
> +			  struct iommufd_hw_pagetable *hwpt)
> +{
> +	struct iommufd_group *igroup = idev->igroup;
> +	struct iommufd_hw_pagetable *old_hwpt;
> +	unsigned int num_devices = 0;
> +	struct iommufd_device *cur;
> +	int rc;
> +
> +	mutex_lock(&idev->igroup->lock);
> +
> +	if (igroup->hwpt == NULL) {
> +		rc = -EINVAL;
> +		goto err_unlock;
> +	}
> +
> +	if (hwpt == igroup->hwpt) {
> +		mutex_unlock(&idev->igroup->lock);
> +		return NULL;
> +	}
> +
> +	/* Try to upgrade the domain we have */
> +	list_for_each_entry(cur, &igroup->device_list, group_item) {
> +		num_devices++;
> +		if (cur->enforce_cache_coherency) {
> +			rc = iommufd_hw_pagetable_enforce_cc(hwpt);
> +			if (rc)
> +				goto err_unlock;
> +		}
> +	}
> +
> +	old_hwpt = igroup->hwpt;
> +	if (hwpt->ioas != old_hwpt->ioas) {
> +		list_for_each_entry(cur, &igroup->device_list, group_item) {
> +			rc = iopt_table_enforce_dev_resv_regions(
> +				&hwpt->ioas->iopt, cur->dev, NULL);
> +			if (rc)
> +				goto err_unresv;
> +		}
> +	}
> +
> +	rc = iommufd_group_setup_msi(idev->igroup, hwpt);
> +	if (rc)
> +		goto err_unresv;
> +
> +	rc = iommu_group_replace_domain(igroup->group, hwpt->domain);
> +	if (rc)
> +		goto err_unresv;
> +
> +	if (hwpt->ioas != old_hwpt->ioas) {
> +		list_for_each_entry(cur, &igroup->device_list, group_item)
> +			iopt_remove_reserved_iova(&old_hwpt->ioas->iopt,
> +						  cur->dev);
> +	}
> +
> +	igroup->hwpt = hwpt;
> +
> +	/*
> +	 * Move the refcounts held by the device_list to the new hwpt. Retain a
> +	 * refcount for this thread as the caller will free it.
> +	 */
> +	refcount_add(num_devices, &hwpt->obj.users);
> +	if (num_devices > 1)
> +		WARN_ON(refcount_sub_and_test(num_devices - 1,
> +					      &old_hwpt->obj.users));
> +	mutex_unlock(&idev->igroup->lock);
> +
> +	/* Caller must destroy old_hwpt */
> +	return old_hwpt;
> +err_unresv:
> +	list_for_each_entry(cur, &igroup->device_list, group_item)
> +		iopt_remove_reserved_iova(&hwpt->ioas->iopt, cur->dev);
> +err_unlock:
> +	mutex_unlock(&idev->igroup->lock);
> +	return ERR_PTR(rc);
> +}
> +
>  typedef struct iommufd_hw_pagetable *(*attach_fn)(
>  	struct iommufd_device *idev, struct iommufd_hw_pagetable *hwpt);
> 
> @@ -523,6 +602,26 @@ int iommufd_device_attach(struct iommufd_device *idev, u32
> *pt_id)
>  }
>  EXPORT_SYMBOL_NS_GPL(iommufd_device_attach, IOMMUFD);
> 
> +/**
> + * iommufd_device_replace - Change the device's iommu_domain
> + * @idev: device to change
> + * @pt_id: Input a IOMMUFD_OBJ_IOAS, or IOMMUFD_OBJ_HW_PAGETABLE
> + *         Output the IOMMUFD_OBJ_HW_PAGETABLE ID
> + *
> + * This is the same as
> + *   iommufd_device_detach();
> + *   iommufd_device_attach();

One blank line here would fix a warning as below in "make htmldocs".

Documentation/userspace-api/iommufd:184: ./drivers/iommu/iommufd/device.c:665: WARNING: Definition list ends without a blank line; unexpected unindent.

Regards,
Yi Liu

> + * If it fails then no change is made to the attachment. The iommu driver may
> + * implement this so there is no disruption in translation. This can only be
> + * called if iommufd_device_attach() has already succeeded.
> + */
> +int iommufd_device_replace(struct iommufd_device *idev, u32 *pt_id)
> +{
> +	return iommufd_device_change_pt(idev, pt_id,
> +					&iommufd_device_do_replace);
> +}
> +EXPORT_SYMBOL_NS_GPL(iommufd_device_replace, IOMMUFD);
> +
>  /**
>   * iommufd_device_detach - Disconnect a device to an iommu_domain
>   * @idev: device to detach
> diff --git a/drivers/iommu/iommufd/main.c b/drivers/iommu/iommufd/main.c
> index 24f30f384df6f9..5b7f70543adb24 100644
> --- a/drivers/iommu/iommufd/main.c
> +++ b/drivers/iommu/iommufd/main.c
> @@ -466,5 +466,6 @@ module_exit(iommufd_exit);
>  MODULE_ALIAS_MISCDEV(VFIO_MINOR);
>  MODULE_ALIAS("devname:vfio/vfio");
>  #endif
> +MODULE_IMPORT_NS(IOMMUFD_INTERNAL);
>  MODULE_DESCRIPTION("I/O Address Space Management for passthrough devices");
>  MODULE_LICENSE("GPL");
> --
> 2.40.1