[PATCH v3 1/7] iommu: Introduce a replace API for device pasid

Fri, 28 Jun 2024 02:06:44 -0700 

Provide a high-level API to allow replacements of one domain with
another for specific pasid of a device. This is similar to
iommu_group_replace_domain() and it is expected to be used only by
IOMMUFD.

Co-developed-by: Lu Baolu <[email protected]>
Signed-off-by: Lu Baolu <[email protected]>
Signed-off-by: Yi Liu <[email protected]>
---
 drivers/iommu/iommu-priv.h |  3 ++
 drivers/iommu/iommu.c      | 80 ++++++++++++++++++++++++++++++++++++--
 2 files changed, 79 insertions(+), 4 deletions(-)

diff --git a/drivers/iommu/iommu-priv.h b/drivers/iommu/iommu-priv.h
index 5f731d994803..0949c02cee93 100644
--- a/drivers/iommu/iommu-priv.h
+++ b/drivers/iommu/iommu-priv.h
@@ -20,6 +20,9 @@ static inline const struct iommu_ops *dev_iommu_ops(struct 
device *dev)
 int iommu_group_replace_domain(struct iommu_group *group,
                               struct iommu_domain *new_domain);
 
+int iommu_replace_device_pasid(struct iommu_domain *domain,
+                              struct device *dev, ioasid_t pasid);
+
 int iommu_device_register_bus(struct iommu_device *iommu,
                              const struct iommu_ops *ops,
                              const struct bus_type *bus,
diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
index b3a1dabed2dd..2d64582b7c43 100644
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -3268,14 +3268,15 @@ bool iommu_group_dma_owner_claimed(struct iommu_group 
*group)
 EXPORT_SYMBOL_GPL(iommu_group_dma_owner_claimed);
 
 static int __iommu_set_group_pasid(struct iommu_domain *domain,
-                                  struct iommu_group *group, ioasid_t pasid)
+                                  struct iommu_group *group, ioasid_t pasid,
+                                  struct iommu_domain *old)
 {
        struct group_device *device, *last_gdev;
        int ret;
 
        for_each_group_device(group, device) {
                ret = domain->ops->set_dev_pasid(domain, device->dev,
-                                                pasid, NULL);
+                                                pasid, old);
                if (ret)
                        goto err_revert;
        }
@@ -3289,7 +3290,20 @@ static int __iommu_set_group_pasid(struct iommu_domain 
*domain,
 
                if (device == last_gdev)
                        break;
-               ops->remove_dev_pasid(device->dev, pasid, domain);
+               /* If no old domain, undo the succeeded devices/pasid */
+               if (!old) {
+                       ops->remove_dev_pasid(device->dev, pasid, domain);
+                       continue;
+               }
+
+               /*
+                * Rollback the succeeded devices/pasid to the old domain.
+                * And it is a driver bug to fail attaching with a previously
+                * good domain.
+                */
+               if (WARN_ON(old->ops->set_dev_pasid(old, device->dev,
+                                                   pasid, domain)))
+                       ops->remove_dev_pasid(device->dev, pasid, domain);
        }
        return ret;
 }
@@ -3348,7 +3362,7 @@ int iommu_attach_device_pasid(struct iommu_domain *domain,
                goto out_unlock;
        }
 
-       ret = __iommu_set_group_pasid(domain, group, pasid);
+       ret = __iommu_set_group_pasid(domain, group, pasid, NULL);
        if (ret)
                xa_erase(&group->pasid_array, pasid);
 out_unlock:
@@ -3357,6 +3371,64 @@ int iommu_attach_device_pasid(struct iommu_domain 
*domain,
 }
 EXPORT_SYMBOL_GPL(iommu_attach_device_pasid);
 
+/**
+ * iommu_replace_device_pasid - Replace the domain that a pasid is attached to
+ * @domain: the new iommu domain
+ * @dev: the attached device.
+ * @pasid: the pasid of the device.
+ *
+ * This API allows the pasid to switch domains. Return 0 on success, or an
+ * error. The pasid will keep the old configuration if replacement failed.
+ */
+int iommu_replace_device_pasid(struct iommu_domain *domain,
+                              struct device *dev, ioasid_t pasid)
+{
+       /* Caller must be a probed driver on dev */
+       struct iommu_group *group = dev->iommu_group;
+       void *curr;
+       int ret;
+
+       if (!domain->ops->set_dev_pasid)
+               return -EOPNOTSUPP;
+
+       if (!group)
+               return -ENODEV;
+
+       if (!dev_has_iommu(dev) || dev_iommu_ops(dev) != domain->owner ||
+           pasid == IOMMU_NO_PASID)
+               return -EINVAL;
+
+       mutex_lock(&group->mutex);
+       /*
+        * The recorded domain is inconsistent with the domain pasid is
+        * actually attached until pasid is attached to the new domain.
+        * This has race condition with the paths that do not hold
+        * group->mutex. E.g. the Page Request forwarding.
+        */
+       curr = xa_store(&group->pasid_array, pasid, domain, GFP_KERNEL);
+       if (!curr) {
+               xa_erase(&group->pasid_array, pasid);
+               ret = -EINVAL;
+               goto out_unlock;
+       }
+
+       ret = xa_err(curr);
+       if (ret)
+               goto out_unlock;
+
+       if (curr == domain)
+               goto out_unlock;
+
+       ret = __iommu_set_group_pasid(domain, group, pasid, curr);
+       if (ret)
+               WARN_ON(domain != xa_store(&group->pasid_array, pasid,
+                                          curr, GFP_KERNEL));
+out_unlock:
+       mutex_unlock(&group->mutex);
+       return ret;
+}
+EXPORT_SYMBOL_NS_GPL(iommu_replace_device_pasid, IOMMUFD_INTERNAL);
+
 /*
  * iommu_detach_device_pasid() - Detach the domain from pasid of device
  * @domain: the iommu domain.
-- 
2.34.1

Reply via email to