Re: [PATCH v1 3/8] iommu: Extend iommu_at[de]tach_device() for multi-device groups

From: Lu Baolu
Date: Wed Feb 16 2022 - 01:46:54 EST

Next message: Jens Wiklander: "Re: [PATCH v4 00/10] tee: shared memory updates"
Previous message: Limonciello, Mario: "RE: [PATCH 1/3] ata: ahci: Rename board_ahci_mobile"
Next in thread: Jason Gunthorpe: "Re: [PATCH v1 3/8] iommu: Extend iommu_at[de]tach_device() for multi-device groups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/15/22 9:47 PM, Jason Gunthorpe via iommu wrote:

On Tue, Feb 15, 2022 at 09:58:13AM +0100, Joerg Roedel wrote:

On Mon, Feb 14, 2022 at 11:46:26AM -0400, Jason Gunthorpe wrote:

On Mon, Feb 14, 2022 at 03:18:31PM +0000, Robin Murphy wrote:

Arguably, iommu_attach_device() could be renamed something like
iommu_attach_group_for_dev(), since that's effectively the semantic that all
the existing API users want anyway (even VFIO at the high level - the group
is the means for the user to assign their GPU/NIC/whatever device to their
process, not the end in itself). That's just a lot more churn.

Right

Okay, good point. I can live with an iommu_attach_group_for_dev()
interface, it is still better than making iommu_attach_device() silently
operate on whole groups.

I think this is what Lu's series currently does, it just doesn't do
the rename churn as Robin noted. Lu, why not add a note like Robin
explained to the kdoc so it is clear this api impacts the whole group?

I feel that the debate here is not about API name, but how should
iommu_attach/detach_device() be implemented and used.

It seems everyone agrees that for device assignment (where the I/O
address is owned by the user-space application), the iommu_group-based
APIs should always be used. Otherwise, the isolation and protection are
not guaranteed.

For kernel DMA (where the I/O address space is owned by the kernel
drivers), the device driver oriented interface should meet below
expectations:

- the concept of iommu_group should be transparent to the device
drivers;
- but internally, iommu core only allows a single domain to attach to
a group.

If the device driver uses default domain, the above expectations are
naturally met. But when the driver wants to attach its own domain, the
problem arises.

This series tries to use the DMA ownership mechanism to solve this. The
devices drivers explicitly declare that

- I know that the device I am driving shares the iommu_group with
others;
- Other device drivers with the same awareness can only be bound to the
devices in the shared group;
- We can sync with each other so that only a shared domain could be
attached to the devices in the group.

Another proposal (as suggested by Joerg) is to introduce the concept of
"sub-group". An iommu group could have one or multiple sub-groups with
non-aliased devices sitting in different sub-groups and use different
domains.

Above are what I get so far. If there's any misunderstanding, please
help to correct.

Best regards,
baolu

Next message: Jens Wiklander: "Re: [PATCH v4 00/10] tee: shared memory updates"
Previous message: Limonciello, Mario: "RE: [PATCH 1/3] ata: ahci: Rename board_ahci_mobile"
Next in thread: Jason Gunthorpe: "Re: [PATCH v1 3/8] iommu: Extend iommu_at[de]tach_device() for multi-device groups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]