Re: [PATCH 01/11] iommu: Add device dma ownership set/release interfaces

From: Lu Baolu
Date: Mon Nov 15 2021 - 21:01:27 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.10 380/575] ibmvnic: dont stop queue in xmit"
Previous message: Greg Kroah-Hartman: "[PATCH 5.10 381/575] ibmvnic: Process crqs after enabling interrupts"
In reply to: Bjorn Helgaas: "Re: [PATCH 01/11] iommu: Add device dma ownership set/release interfaces"
Next in thread: Lu Baolu: "[PATCH 06/11] iommu: Expose group variants of dma ownership interfaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Bjorn,

On 11/16/21 4:38 AM, Bjorn Helgaas wrote:

On Mon, Nov 15, 2021 at 10:05:42AM +0800, Lu Baolu wrote:

From the perspective of who is initiating the device to do DMA, device
DMA could be divided into the following types:

DMA_OWNER_KERNEL: kernel device driver intiates the DMA
DMA_OWNER_USER: userspace device driver intiates the DMA

s/intiates/initiates/ (twice)

Yes.

As your first sentence suggests, the driver doesn't actually
*initiate* the DMA in either case. One of the drivers programs the
device, and the *device* initiates the DMA.

You are right. I could rephrase it as:

"From the perspective of who is controlling the device to do DMA ..."

DMA_OWNER_KERNEL and DMA_OWNER_USER are exclusive for all devices in
same iommu group as an iommu group is the smallest granularity of device
isolation and protection that the IOMMU subsystem can guarantee.

I think this basically says DMA_OWNER_KERNEL and DMA_OWNER_USER are
attributes of the iommu_group (not an individual device), and it
applies to all devices in the iommu_group. Below, you allude to the
fact that the interfaces are per-device. It's not clear to me why you
made a per-device interface instead of a per-group interface.

Yes, the attributes are of the iommu_group. We have both per-device and
per-iommu_group interfaces. The former is for device drivers and the
latter is only for vfio who has an iommu_group based iommu abstract.

This
extends the iommu core to enforce this exclusion when devices are
assigned to userspace.

Basically two new interfaces are provided:

int iommu_device_set_dma_owner(struct device *dev,
enum iommu_dma_owner mode, struct file *user_file);
void iommu_device_release_dma_owner(struct device *dev,
enum iommu_dma_owner mode);

Although above interfaces are per-device, DMA owner is tracked per group
under the hood. An iommu group cannot have both DMA_OWNER_KERNEL
and DMA_OWNER_USER set at the same time. Violation of this assumption
fails iommu_device_set_dma_owner().

Kernel driver which does DMA have DMA_OWNER_KENREL automatically
set/released in the driver binding process (see next patch).

s/DMA_OWNER_KENREL/DMA_OWNER_KERNEL/

Yes. Sorry for the typo.

Kernel driver which doesn't do DMA should not set the owner type (via a
new suppress flag in next patch). Device bound to such driver is considered
same as a driver-less device which is compatible to all owner types.

Userspace driver framework (e.g. vfio) should set DMA_OWNER_USER for
a device before the userspace is allowed to access it, plus a fd pointer to
mark the user identity so a single group cannot be operated by multiple
users simultaneously. Vice versa, the owner type should be released after
the user access permission is withdrawn.

Best regards,
baolu

Next message: Greg Kroah-Hartman: "[PATCH 5.10 380/575] ibmvnic: dont stop queue in xmit"
Previous message: Greg Kroah-Hartman: "[PATCH 5.10 381/575] ibmvnic: Process crqs after enabling interrupts"
In reply to: Bjorn Helgaas: "Re: [PATCH 01/11] iommu: Add device dma ownership set/release interfaces"
Next in thread: Lu Baolu: "[PATCH 06/11] iommu: Expose group variants of dma ownership interfaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]