Re: [PATCH v2 1/2] iommu/virtio: Make use of ops->iotlb_sync_map

From: Jason Gunthorpe
Date: Mon Sep 25 2023 - 09:29:48 EST

Next message: Anup Patel: "Re: [PATCH 1/7] RISC-V: Detect XVentanaCondOps from ISA string"
Previous message: Alexandra Winter: "Re: [PATCH net-next v4 09/18] net/smc: introduce SMC-D loopback device"
In reply to: Robin Murphy: "Re: [PATCH v2 1/2] iommu/virtio: Make use of ops->iotlb_sync_map"
Next in thread: Robin Murphy: "Re: [PATCH v2 1/2] iommu/virtio: Make use of ops->iotlb_sync_map"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Sep 25, 2023 at 02:07:50PM +0100, Robin Murphy wrote:
> On 2023-09-23 00:33, Jason Gunthorpe wrote:
> > On Fri, Sep 22, 2023 at 07:07:40PM +0100, Robin Murphy wrote:
> >
> > > virtio isn't setting ops->pgsize_bitmap for the sake of direct mappings
> > > either; it sets it once it's discovered any instance, since apparently it's
> > > assuming that all instances must support identical page sizes, and thus once
> > > it's seen one it can work "normally" per the core code's assumptions. It's
> > > also I think the only driver which has a "finalise" bodge but *can* still
> > > properly support map-before-attach, by virtue of having to replay mappings
> > > to every new endpoint anyway.
> >
> > Well it can't quite do that since it doesn't know the geometry - it
> > all is sort of guessing and hoping it doesn't explode on replay. If it
> > knows the geometry it wouldn't need finalize...
>
> I think it's entirely reasonable to assume that any direct mappings
> specified for a device are valid for that device and its IOMMU. However, in
> the particular case of virtio, it really shouldn't ever have direct mappings
> anyway, since even if the underlying hardware did have any, the host can
> enforce the actual direct-mapping aspect itself, and just present them as
> unusable regions to the guest.

I assume this machinery is for the ARM GIC ITS page....

> Again, that's irrelevant. It can only be about whether the actual
> ->map_pages call succeeds or not. A driver could well know up-front that all
> instances support the same pgsize_bitmap and aperture, and set both at
> ->domain_alloc time, yet still be unable to handle an actual mapping without
> knowing which instance(s) that needs to interact with (e.g. omap-iommu).

I think this is a different issue. The domain is supposed to represent
the actual io pte storage, and the storage is supposed to exist even
when the domain is not attached to anything.

As we said with tegra-gart, it is a bug in the driver if all the
mappings disappear when the last device is detached from the domain.
Driver bugs like this turn into significant issues with vfio/iommufd
as this will result in warn_on's and memory leaking.

So, I disagree that this is something we should be allowing in the API
design. map_pages should succeed (memory allocation failures aside) if
a IOVA within the aperture and valid flags are presented. Regardless
of the attachment status. Calling map_pages with an IOVA outside the
aperture should be a caller bug.

It looks omap is just mis-designed to store the pgd in the omap_iommu,
not the omap_iommu_domain :( pgd is clearly a per-domain object in our
API. And why does every instance need its own copy of the identical
pgd?

Jason

Next message: Anup Patel: "Re: [PATCH 1/7] RISC-V: Detect XVentanaCondOps from ISA string"
Previous message: Alexandra Winter: "Re: [PATCH net-next v4 09/18] net/smc: introduce SMC-D loopback device"
In reply to: Robin Murphy: "Re: [PATCH v2 1/2] iommu/virtio: Make use of ops->iotlb_sync_map"
Next in thread: Robin Murphy: "Re: [PATCH v2 1/2] iommu/virtio: Make use of ops->iotlb_sync_map"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]