Re: [PATCH 01/11] iommu: Add device dma ownership set/release interfaces

From: Bjorn Helgaas
Date: Mon Nov 15 2021 - 19:07:14 EST

Next message: Nick Terrell: "Re: Linux 5.16-rc1"
Previous message: tip-bot2 for Tony Luck: "[tip: x86/sgx] x86/sgx: Add SGX infrastructure to recover from poison"
In reply to: Lu Baolu: "Re: [PATCH 01/11] iommu: Add device dma ownership set/release interfaces"
Next in thread: Lu Baolu: "Re: [PATCH 01/11] iommu: Add device dma ownership set/release interfaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 15, 2021 at 10:05:42AM +0800, Lu Baolu wrote:
> From the perspective of who is initiating the device to do DMA, device
> DMA could be divided into the following types:
>
> DMA_OWNER_KERNEL: kernel device driver intiates the DMA
> DMA_OWNER_USER: userspace device driver intiates the DMA

s/intiates/initiates/ (twice)

As your first sentence suggests, the driver doesn't actually
*initiate* the DMA in either case. One of the drivers programs the
device, and the *device* initiates the DMA.

> DMA_OWNER_KERNEL and DMA_OWNER_USER are exclusive for all devices in
> same iommu group as an iommu group is the smallest granularity of device
> isolation and protection that the IOMMU subsystem can guarantee.

I think this basically says DMA_OWNER_KERNEL and DMA_OWNER_USER are
attributes of the iommu_group (not an individual device), and it
applies to all devices in the iommu_group. Below, you allude to the
fact that the interfaces are per-device. It's not clear to me why you
made a per-device interface instead of a per-group interface.

> This
> extends the iommu core to enforce this exclusion when devices are
> assigned to userspace.
>
> Basically two new interfaces are provided:
>
> int iommu_device_set_dma_owner(struct device *dev,
> enum iommu_dma_owner mode, struct file *user_file);
> void iommu_device_release_dma_owner(struct device *dev,
> enum iommu_dma_owner mode);
>
> Although above interfaces are per-device, DMA owner is tracked per group
> under the hood. An iommu group cannot have both DMA_OWNER_KERNEL
> and DMA_OWNER_USER set at the same time. Violation of this assumption
> fails iommu_device_set_dma_owner().
>
> Kernel driver which does DMA have DMA_OWNER_KENREL automatically
> set/released in the driver binding process (see next patch).

s/DMA_OWNER_KENREL/DMA_OWNER_KERNEL/

> Kernel driver which doesn't do DMA should not set the owner type (via a
> new suppress flag in next patch). Device bound to such driver is considered
> same as a driver-less device which is compatible to all owner types.
>
> Userspace driver framework (e.g. vfio) should set DMA_OWNER_USER for
> a device before the userspace is allowed to access it, plus a fd pointer to
> mark the user identity so a single group cannot be operated by multiple
> users simultaneously. Vice versa, the owner type should be released after
> the user access permission is withdrawn.

Next message: Nick Terrell: "Re: Linux 5.16-rc1"
Previous message: tip-bot2 for Tony Luck: "[tip: x86/sgx] x86/sgx: Add SGX infrastructure to recover from poison"
In reply to: Lu Baolu: "Re: [PATCH 01/11] iommu: Add device dma ownership set/release interfaces"
Next in thread: Lu Baolu: "Re: [PATCH 01/11] iommu: Add device dma ownership set/release interfaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]