Re: [PATCH 01/12] iommu: Add new iommu op to create domains owned by userspace
From: Nicolin Chen
Date: Wed Apr 12 2023 - 20:44:30 EST
Hi Jason,
On Thu, Mar 09, 2023 at 08:56:06PM -0400, Jason Gunthorpe wrote:
> On Thu, Mar 09, 2023 at 12:08:59AM -0800, Yi Liu wrote:
> > diff --git a/include/linux/iommu.h b/include/linux/iommu.h
> > index 3ef84ee359d2..a269bc62a31c 100644
> > --- a/include/linux/iommu.h
> > +++ b/include/linux/iommu.h
> > @@ -229,6 +229,7 @@ struct iommu_iotlb_gather {
> > * after use. Return the data buffer if success, or ERR_PTR on
> > * failure.
> > * @domain_alloc: allocate iommu domain
> > + * @domain_alloc_user: allocate user iommu domain
> > * @probe_device: Add device to iommu driver handling
> > * @release_device: Remove device from iommu driver handling
> > * @probe_finalize: Do final setup work after the device is added to an IOMMU
> > @@ -266,6 +267,9 @@ struct iommu_ops {
> >
> > /* Domain allocation and freeing by the iommu driver */
> > struct iommu_domain *(*domain_alloc)(unsigned iommu_domain_type);
> > + struct iommu_domain *(*domain_alloc_user)(struct device *dev,
> > + struct iommu_domain *parent,
> > + const void *user_data);
>
> Since the kernel does the copy from user and manages the zero fill
> compat maybe this user_data have a union like Robin suggested.
>
> But yes, this is the idea.
>
> Reviewed-by: Jason Gunthorpe <jgg@xxxxxxxxxx>
We pass in a read-only data to this ->domain_alloc_user() while
it also returns NULL on failure, matching ->domain_alloc(). So,
there seems to be no error feedback pathway from the driver to
user space.
Robin remarked in the SMMU series that an STE configuration can
fail. So, a proper error feedback is required for this callback
too.
To return a driver/HW specific error, I think we could define a
"u8 out_error" in the user_data structure. So, we probably need
a non-const pass-in here. What do you think?
Thanks
Nic