[v2,06/11] iommufd: IOMMU_HWPT_ALLOC allocation with user data

Message ID 20230511143844.22693-7-yi.l.liu@intel.com
State New
Headers
Series iommufd: Add nesting infrastructure |

Commit Message

Yi Liu May 11, 2023, 2:38 p.m. UTC
  IOMMU_HWPT_ALLOC already supports iommu_domain allocation for usersapce.
But it can only allocate hw_pagetables linked with IOAS. There are needs
to support hw_pagetable allocation with parameters specified by user. For
example, in nested translation, user needs to allocate hw_pagetable for
the stage-1 translation (e.g. a single I/O page table or a set of I/O page
tables) with user data. It also needs provide a stage-2 hw_pagetable which
is linked to the GPA IOAS.

This extends IOMMU_HWPT_ALLOC to accept user specified parameter and hwpt
ID in @pt_id field. Such as the user-managed stage-1 hwpt, which requires
a parent hwpt to point to stage-2 translation.

enum iommu_hwpt_type is defined to differentiate the user parameters use
by different usages. For the allocations that don't require user parameter,
IOMMU_HWPT_TYPE_DEFAULT is defined for backward compatibility. Other types
would be added by future iommu vendor driver extensions.

Co-developed-by: Nicolin Chen <nicolinc@nvidia.com>
Signed-off-by: Nicolin Chen <nicolinc@nvidia.com>
Signed-off-by: Yi Liu <yi.l.liu@intel.com>
---
 drivers/iommu/iommufd/hw_pagetable.c | 87 +++++++++++++++++++++++++---
 drivers/iommu/iommufd/main.c         |  2 +-
 include/uapi/linux/iommufd.h         | 32 +++++++++-
 3 files changed, 112 insertions(+), 9 deletions(-)
  

Comments

Liu, Jingqi May 17, 2023, 3:08 a.m. UTC | #1
On 5/11/2023 10:38 PM, Yi Liu wrote:
> IOMMU_HWPT_ALLOC already supports iommu_domain allocation for usersapce.
> But it can only allocate hw_pagetables linked with IOAS. There are needs
> to support hw_pagetable allocation with parameters specified by user. For
> example, in nested translation, user needs to allocate hw_pagetable for
> the stage-1 translation (e.g. a single I/O page table or a set of I/O page
> tables) with user data. It also needs provide a stage-2 hw_pagetable which
s/provide/to provide
> is linked to the GPA IOAS.
>
> This extends IOMMU_HWPT_ALLOC to accept user specified parameter and hwpt
> ID in @pt_id field. Such as the user-managed stage-1 hwpt, which requires
> a parent hwpt to point to stage-2 translation.
>
> enum iommu_hwpt_type is defined to differentiate the user parameters use
> by different usages. For the allocations that don't require user parameter,
s/parameter/parameters
> IOMMU_HWPT_TYPE_DEFAULT is defined for backward compatibility. Other types
> would be added by future iommu vendor driver extensions.
>
> Co-developed-by: Nicolin Chen <nicolinc@nvidia.com>
> Signed-off-by: Nicolin Chen <nicolinc@nvidia.com>
> Signed-off-by: Yi Liu <yi.l.liu@intel.com>
> ---
>   drivers/iommu/iommufd/hw_pagetable.c | 87 +++++++++++++++++++++++++---
>   drivers/iommu/iommufd/main.c         |  2 +-
>   include/uapi/linux/iommufd.h         | 32 +++++++++-
>   3 files changed, 112 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/iommu/iommufd/hw_pagetable.c b/drivers/iommu/iommufd/hw_pagetable.c
> index 73d7d9d07726..e84270eb6e49 100644
> --- a/drivers/iommu/iommufd/hw_pagetable.c
> +++ b/drivers/iommu/iommufd/hw_pagetable.c
> @@ -184,11 +184,15 @@ iommufd_hw_pagetable_alloc(struct iommufd_ctx *ictx, struct iommufd_ioas *ioas,
>   
>   int iommufd_hwpt_alloc(struct iommufd_ucmd *ucmd)
>   {
> +	struct iommufd_hw_pagetable *hwpt, *parent = NULL;
> +	union iommu_domain_user_data *data = NULL;
>   	struct iommu_hwpt_alloc *cmd = ucmd->cmd;
> -	struct iommufd_hw_pagetable *hwpt;
> +	struct iommufd_object *pt_obj;
> +	const struct iommu_ops *ops;
>   	struct iommufd_device *idev;
>   	struct iommufd_ioas *ioas;
> -	int rc;
> +	int klen = 0;
> +	int rc = 0;
>   
>   	if (cmd->flags || cmd->__reserved)
>   		return -EOPNOTSUPP;
> @@ -197,15 +201,81 @@ int iommufd_hwpt_alloc(struct iommufd_ucmd *ucmd)
>   	if (IS_ERR(idev))
>   		return PTR_ERR(idev);
>   
> -	ioas = iommufd_get_ioas(ucmd->ictx, cmd->pt_id);
> -	if (IS_ERR(ioas)) {
> -		rc = PTR_ERR(ioas);
> +	ops = dev_iommu_ops(idev->dev);
> +
> +	/*
> +	 * All drivers support IOMMU_HWPT_TYPE_DEFAULT, so pass it through.
> +	 * For any other hwpt_type, check the ops->domain_alloc_user_data_len
> +	 * presence and its result.
> +	 */
> +	if (cmd->hwpt_type != IOMMU_HWPT_TYPE_DEFAULT) {
> +		if (!ops->domain_alloc_user_data_len) {
> +			rc = -EOPNOTSUPP;
> +			goto out_put_idev;
> +		}
> +		klen = ops->domain_alloc_user_data_len(cmd->hwpt_type);
> +		if (WARN_ON(klen < 0)) {
> +			rc = -EINVAL;
> +			goto out_put_pt;
> +		}
Would it be better if the later check "klen" is moved here ?
     if (klen) {
                 [...]
     }
If this check fails here, there's no need to execute the code after it.
If this path is not executed, "klen" is 0, and there's no need to check it.
Do I understand it right ?

Thanks,
Jingqi
> +	}
> +
> +	pt_obj = iommufd_get_object(ucmd->ictx, cmd->pt_id, IOMMUFD_OBJ_ANY);
> +	if (IS_ERR(pt_obj)) {
> +		rc = -EINVAL;
>   		goto out_put_idev;
>   	}
>   
> +	switch (pt_obj->type) {
> +	case IOMMUFD_OBJ_IOAS:
> +		ioas = container_of(pt_obj, struct iommufd_ioas, obj);
> +		break;
> +	case IOMMUFD_OBJ_HW_PAGETABLE:
> +		/* pt_id points HWPT only when hwpt_type is !IOMMU_HWPT_TYPE_DEFAULT */
> +		if (cmd->hwpt_type == IOMMU_HWPT_TYPE_DEFAULT) {
> +			rc = -EINVAL;
> +			goto out_put_pt;
> +		}
> +
> +		parent = container_of(pt_obj, struct iommufd_hw_pagetable, obj);
> +		/*
> +		 * Cannot allocate user-managed hwpt linking to auto_created
> +		 * hwpt. If the parent hwpt is already a user-managed hwpt,
> +		 * don't allocate another user-managed hwpt linking to it.
> +		 */
> +		if (parent->auto_domain || parent->parent) {
> +			rc = -EINVAL;
> +			goto out_put_pt;
> +		}
> +		ioas = parent->ioas;
> +		break;
> +	default:
> +		rc = -EINVAL;
> +		goto out_put_pt;
> +	}
> +
> +	if (klen) {
> +		if (!cmd->data_len) {
> +			rc = -EINVAL;
> +			goto out_put_pt;
> +		}
> +
> +		data = kzalloc(sizeof(*data), GFP_KERNEL);
> +		if (!data) {
> +			rc = -ENOMEM;
> +			goto out_put_pt;
> +		}
> +
> +		rc = copy_struct_from_user(data, sizeof(*data),
> +					   u64_to_user_ptr(cmd->data_uptr),
> +					   cmd->data_len);
> +		if (rc)
> +			goto out_free_data;
> +	}
> +
>   	mutex_lock(&ioas->mutex);
>   	hwpt = iommufd_hw_pagetable_alloc(ucmd->ictx, ioas, idev,
> -					  NULL, NULL, false);
> +					  parent, data, false);
>   	if (IS_ERR(hwpt)) {
>   		rc = PTR_ERR(hwpt);
>   		goto out_unlock;
> @@ -222,7 +292,10 @@ int iommufd_hwpt_alloc(struct iommufd_ucmd *ucmd)
>   	iommufd_object_abort_and_destroy(ucmd->ictx, &hwpt->obj);
>   out_unlock:
>   	mutex_unlock(&ioas->mutex);
> -	iommufd_put_object(&ioas->obj);
> +out_free_data:
> +	kfree(data);
> +out_put_pt:
> +	iommufd_put_object(pt_obj);
>   out_put_idev:
>   	iommufd_put_object(&idev->obj);
>   	return rc;
> diff --git a/drivers/iommu/iommufd/main.c b/drivers/iommu/iommufd/main.c
> index 5c24e8971f09..ac81403ba78e 100644
> --- a/drivers/iommu/iommufd/main.c
> +++ b/drivers/iommu/iommufd/main.c
> @@ -302,7 +302,7 @@ struct iommufd_ioctl_op {
>   static const struct iommufd_ioctl_op iommufd_ioctl_ops[] = {
>   	IOCTL_OP(IOMMU_DESTROY, iommufd_destroy, struct iommu_destroy, id),
>   	IOCTL_OP(IOMMU_HWPT_ALLOC, iommufd_hwpt_alloc, struct iommu_hwpt_alloc,
> -		 __reserved),
> +		 data_uptr),
>   	IOCTL_OP(IOMMU_DEVICE_GET_HW_INFO, iommufd_device_get_hw_info,
>   		 struct iommu_hw_info, __reserved),
>   	IOCTL_OP(IOMMU_IOAS_ALLOC, iommufd_ioas_alloc_ioctl,
> diff --git a/include/uapi/linux/iommufd.h b/include/uapi/linux/iommufd.h
> index e9d42838dcbd..699e735828db 100644
> --- a/include/uapi/linux/iommufd.h
> +++ b/include/uapi/linux/iommufd.h
> @@ -347,6 +347,14 @@ struct iommu_vfio_ioas {
>   };
>   #define IOMMU_VFIO_IOAS _IO(IOMMUFD_TYPE, IOMMUFD_CMD_VFIO_IOAS)
>   
> +/**
> + * enum iommu_hwpt_type - IOMMU HWPT Type
> + * @IOMMU_HWPT_TYPE_DEFAULT: default
> + */
> +enum iommu_hwpt_type {
> +	IOMMU_HWPT_TYPE_DEFAULT,
> +};
> +
>   /**
>    * struct iommu_hwpt_alloc - ioctl(IOMMU_HWPT_ALLOC)
>    * @size: sizeof(struct iommu_hwpt_alloc)
> @@ -355,12 +363,31 @@ struct iommu_vfio_ioas {
>    * @pt_id: The IOAS to connect this HWPT to
>    * @out_hwpt_id: The ID of the new HWPT
>    * @__reserved: Must be 0
> + * @hwpt_type: One of enum iommu_hwpt_type
> + * @data_len: Length of the type specific data
> + * @data_uptr: User pointer to the type specific data
>    *
>    * Explicitly allocate a hardware page table object. This is the same object
>    * type that is returned by iommufd_device_attach() and represents the
>    * underlying iommu driver's iommu_domain kernel object.
>    *
> - * A HWPT will be created with the IOVA mappings from the given IOAS.
> + * A kernel-managed HWPT will be created with the mappings from the given IOAS.
> + * The @hwpt_type for its allocation can be set to IOMMU_HWPT_TYPE_DEFAULT, or
> + * another type (being listed below) to specialize a kernel-managed HWPT.
> + *
> + * A user-managed HWPT will be created from a given parent HWPT via @pt_id, in
> + * which the parent HWPT must be allocated previously via the same ioctl from a
> + * given IOAS. The @hwpt_type must not be set to IOMMU_HWPT_TYPE_DEFAULT but a
> + * pre-defined type corresponding to the underlying IOMMU hardware.
> + *
> + * If the @hwpt_type is set to IOMMU_HWPT_TYPE_DEFAULT, both the @data_len and
> + * the @data_uptr will be ignored. Otherwise, both of them must be given.
> + *
> + * +==============================+=====================================+===========+
> + * | @hwpt_type                   |    Data structure in @data_uptr     |   @pt_id  |
> + * +------------------------------+-------------------------------------+-----------+
> + * | IOMMU_HWPT_TYPE_DEFAULT      |               N/A                   |    IOAS   |
> + * +------------------------------+-------------------------------------+-----------+
>    */
>   struct iommu_hwpt_alloc {
>   	__u32 size;
> @@ -369,6 +396,9 @@ struct iommu_hwpt_alloc {
>   	__u32 pt_id;
>   	__u32 out_hwpt_id;
>   	__u32 __reserved;
> +	__u32 hwpt_type;
> +	__u32 data_len;
> +	__aligned_u64 data_uptr;
>   };
>   #define IOMMU_HWPT_ALLOC _IO(IOMMUFD_TYPE, IOMMUFD_CMD_HWPT_ALLOC)
>
  
Tian, Kevin May 19, 2023, 9:41 a.m. UTC | #2
> From: Yi Liu <yi.l.liu@intel.com>
> Sent: Thursday, May 11, 2023 10:39 PM
> +	if (cmd->hwpt_type != IOMMU_HWPT_TYPE_DEFAULT) {
> +		if (!ops->domain_alloc_user_data_len) {
> +			rc = -EOPNOTSUPP;
> +			goto out_put_idev;
> +		}
> +		klen = ops->domain_alloc_user_data_len(cmd->hwpt_type);
> +		if (WARN_ON(klen < 0)) {
> +			rc = -EINVAL;
> +			goto out_put_pt;
> +		}
> +	}

What about passing the user pointer to the iommu driver which
then does the copy so we don't need an extra @data_len() 
callback for every driver?

> 
> +	switch (pt_obj->type) {
> +	case IOMMUFD_OBJ_IOAS:
> +		ioas = container_of(pt_obj, struct iommufd_ioas, obj);
> +		break;

this should fail if parent is specified.

> +	case IOMMUFD_OBJ_HW_PAGETABLE:
> +		/* pt_id points HWPT only when hwpt_type
> is !IOMMU_HWPT_TYPE_DEFAULT */
> +		if (cmd->hwpt_type == IOMMU_HWPT_TYPE_DEFAULT) {
> +			rc = -EINVAL;
> +			goto out_put_pt;
> +		}
> +
> +		parent = container_of(pt_obj, struct iommufd_hw_pagetable,
> obj);
> +		/*
> +		 * Cannot allocate user-managed hwpt linking to
> auto_created
> +		 * hwpt. If the parent hwpt is already a user-managed hwpt,
> +		 * don't allocate another user-managed hwpt linking to it.
> +		 */
> +		if (parent->auto_domain || parent->parent) {
> +			rc = -EINVAL;
> +			goto out_put_pt;
> +		}
> +		ioas = parent->ioas;

for nesting why is ioas required? In concept we can just pass NULL ioas
to iommufd_hw_pagetable_alloc() for this hwpt. If within that function
there is a need to toggle ioas for the parent it can always retrieve it
from the parent hwpt.
  
Nicolin Chen May 19, 2023, 7:34 p.m. UTC | #3
On Wed, May 17, 2023 at 11:08:12AM +0800, Liu, Jingqi wrote:

> > +     /*
> > +      * All drivers support IOMMU_HWPT_TYPE_DEFAULT, so pass it through.
> > +      * For any other hwpt_type, check the ops->domain_alloc_user_data_len
> > +      * presence and its result.
> > +      */
> > +     if (cmd->hwpt_type != IOMMU_HWPT_TYPE_DEFAULT) {
> > +             if (!ops->domain_alloc_user_data_len) {
> > +                     rc = -EOPNOTSUPP;
> > +                     goto out_put_idev;
> > +             }
> > +             klen = ops->domain_alloc_user_data_len(cmd->hwpt_type);
> > +             if (WARN_ON(klen < 0)) {
> > +                     rc = -EINVAL;
> > +                     goto out_put_pt;
> > +             }
> Would it be better if the later check "klen" is moved here ?
>     if (klen) {
>                 [...]
>     }
> If this check fails here, there's no need to execute the code after it.
> If this path is not executed, "klen" is 0, and there's no need to check it.
> Do I understand it right ?

Makes sense. And the klen value isn't really being used. So,
we may likely change it to a bool one. Also, I'm thinking of
forcing a !!cmd->data_len for a non-DEFAULT hwpt_type:

+	if (cmd->hwpt_type != IOMMU_HWPT_TYPE_DEFAULT) {
+		if (!cmd->data_len) {
+			rc = -EINVAL;
+			goto out_put_pt;
+		}
+		if (!ops->domain_alloc_user_data_len) {
+			rc = -EOPNOTSUPP;
+			goto out_put_pt;
+		}
+		if (!ops->hwpt_type_is_supported(cmd->hwpt_type)) {
+			rc = -EINVAL;
+			goto out_put_pt;
+		}

Then, for the latter part, simply:
+	if (cmd->data_len) {
+		// malloc data
+	}

Thanks
Nic
  
Nicolin Chen May 19, 2023, 7:48 p.m. UTC | #4
On Fri, May 19, 2023 at 09:41:00AM +0000, Tian, Kevin wrote:
> External email: Use caution opening links or attachments
> 
> 
> > From: Yi Liu <yi.l.liu@intel.com>
> > Sent: Thursday, May 11, 2023 10:39 PM
> > +     if (cmd->hwpt_type != IOMMU_HWPT_TYPE_DEFAULT) {
> > +             if (!ops->domain_alloc_user_data_len) {
> > +                     rc = -EOPNOTSUPP;
> > +                     goto out_put_idev;
> > +             }
> > +             klen = ops->domain_alloc_user_data_len(cmd->hwpt_type);
> > +             if (WARN_ON(klen < 0)) {
> > +                     rc = -EINVAL;
> > +                     goto out_put_pt;
> > +             }
> > +     }
> 
> What about passing the user pointer to the iommu driver which
> then does the copy so we don't need an extra @data_len()
> callback for every driver?

It's doable by letting the driver do copy_from_user(), yet I
recall that Jason suggested to keep it in the iommufd. Also,
we are reusing the ucmd_buffer for the user_data. And the klen
isn't really being used for its value here. So, it is likely
enough to have an ops->hwpt_type_is_supported.

> >
> > +     switch (pt_obj->type) {
> > +     case IOMMUFD_OBJ_IOAS:
> > +             ioas = container_of(pt_obj, struct iommufd_ioas, obj);
> > +             break;
> 
> this should fail if parent is specified.

I don't think that's necessaray: the parent is NULL by default
and only specified (if IOMMUFD_OBJ_HW_PAGETABLE) by the exact
pt_id/pt_obj here.

> > +     case IOMMUFD_OBJ_HW_PAGETABLE:
> > +             /* pt_id points HWPT only when hwpt_type
> > is !IOMMU_HWPT_TYPE_DEFAULT */
> > +             if (cmd->hwpt_type == IOMMU_HWPT_TYPE_DEFAULT) {
> > +                     rc = -EINVAL;
> > +                     goto out_put_pt;
> > +             }
> > +
> > +             parent = container_of(pt_obj, struct iommufd_hw_pagetable,
> > obj);
> > +             /*
> > +              * Cannot allocate user-managed hwpt linking to
> > auto_created
> > +              * hwpt. If the parent hwpt is already a user-managed hwpt,
> > +              * don't allocate another user-managed hwpt linking to it.
> > +              */
> > +             if (parent->auto_domain || parent->parent) {
> > +                     rc = -EINVAL;
> > +                     goto out_put_pt;
> > +             }
> > +             ioas = parent->ioas;
> 
> for nesting why is ioas required? In concept we can just pass NULL ioas
> to iommufd_hw_pagetable_alloc() for this hwpt. If within that function
> there is a need to toggle ioas for the parent it can always retrieve it
> from the parent hwpt.

Jason suggested this for simplicity. As I replied in another
email, a user hwpt still needs ioas's refcount and mutex, so
it would otherwise have a duplicated code in the beginning of
most of hwpt_ functions:
	if (hwpt->parent)
		ioas = hwpt->parent->ioas;
	else (hwpt->ioas)
		ioas = hwpt->ioas;
	else
		WARN_ON(1);

Thanks
Nic
  
Tian, Kevin May 24, 2023, 5:16 a.m. UTC | #5
> From: Nicolin Chen <nicolinc@nvidia.com>
> Sent: Saturday, May 20, 2023 3:48 AM
> 
> 
> > >
> > > +     switch (pt_obj->type) {
> > > +     case IOMMUFD_OBJ_IOAS:
> > > +             ioas = container_of(pt_obj, struct iommufd_ioas, obj);
> > > +             break;
> >
> > this should fail if parent is specified.
> 
> I don't think that's necessaray: the parent is NULL by default
> and only specified (if IOMMUFD_OBJ_HW_PAGETABLE) by the exact
> pt_id/pt_obj here.

I didn't get. The uAPI describes that only hwpt not ioas can be specified
in the pt_id field as the parent.

If we don't check here it means the user can specify an ioas id as the
parent?
  
Nicolin Chen May 24, 2023, 5:40 a.m. UTC | #6
On Wed, May 24, 2023 at 05:16:35AM +0000, Tian, Kevin wrote:
 
> > From: Nicolin Chen <nicolinc@nvidia.com>
> > Sent: Saturday, May 20, 2023 3:48 AM
> >
> >
> > > >
> > > > +     switch (pt_obj->type) {
> > > > +     case IOMMUFD_OBJ_IOAS:
> > > > +             ioas = container_of(pt_obj, struct iommufd_ioas, obj);
> > > > +             break;
> > >
> > > this should fail if parent is specified.
> >
> > I don't think that's necessaray: the parent is NULL by default
> > and only specified (if IOMMUFD_OBJ_HW_PAGETABLE) by the exact
> > pt_id/pt_obj here.
> 
> I didn't get. The uAPI describes that only hwpt not ioas can be specified
> in the pt_id field as the parent.
>
> If we don't check here it means the user can specify an ioas id as the
> parent?

I meant that the parent pointer isn't specified at this line:
the declaration of the parent is simply NULL, and not touched
in this IOMMUFD_OBJ_IOAS case, as the parent pointer would be
only specified in the IOMMUFD_OBJ_HW_PAGETABLE case that is
behind this line.

We could add a sanity of the parent pointer, but that would
be just a NOP, right?

Thanks
Nic
  
Tian, Kevin May 24, 2023, 7:55 a.m. UTC | #7
> From: Nicolin Chen <nicolinc@nvidia.com>
> Sent: Wednesday, May 24, 2023 1:41 PM
> 
> On Wed, May 24, 2023 at 05:16:35AM +0000, Tian, Kevin wrote:
> 
> > > From: Nicolin Chen <nicolinc@nvidia.com>
> > > Sent: Saturday, May 20, 2023 3:48 AM
> > >
> > >
> > > > >
> > > > > +     switch (pt_obj->type) {
> > > > > +     case IOMMUFD_OBJ_IOAS:
> > > > > +             ioas = container_of(pt_obj, struct iommufd_ioas, obj);
> > > > > +             break;
> > > >
> > > > this should fail if parent is specified.
> > >
> > > I don't think that's necessaray: the parent is NULL by default
> > > and only specified (if IOMMUFD_OBJ_HW_PAGETABLE) by the exact
> > > pt_id/pt_obj here.
> >
> > I didn't get. The uAPI describes that only hwpt not ioas can be specified
> > in the pt_id field as the parent.
> >
> > If we don't check here it means the user can specify an ioas id as the
> > parent?
> 
> I meant that the parent pointer isn't specified at this line:
> the declaration of the parent is simply NULL, and not touched
> in this IOMMUFD_OBJ_IOAS case, as the parent pointer would be
> only specified in the IOMMUFD_OBJ_HW_PAGETABLE case that is
> behind this line.
> 

I see your point. As long as the type is IOAS the alloc request is
always interpreted as creating a s2 hwpt under the IOAS. Only
when it's HWPT type then it's treated as the parent.

I kept a wrong impression that there is another flag/field to mark
the parent requirement then there could be wrong combination
of setting that flag/field plus using an IOAS pt_id. 😊
  

Patch

diff --git a/drivers/iommu/iommufd/hw_pagetable.c b/drivers/iommu/iommufd/hw_pagetable.c
index 73d7d9d07726..e84270eb6e49 100644
--- a/drivers/iommu/iommufd/hw_pagetable.c
+++ b/drivers/iommu/iommufd/hw_pagetable.c
@@ -184,11 +184,15 @@  iommufd_hw_pagetable_alloc(struct iommufd_ctx *ictx, struct iommufd_ioas *ioas,
 
 int iommufd_hwpt_alloc(struct iommufd_ucmd *ucmd)
 {
+	struct iommufd_hw_pagetable *hwpt, *parent = NULL;
+	union iommu_domain_user_data *data = NULL;
 	struct iommu_hwpt_alloc *cmd = ucmd->cmd;
-	struct iommufd_hw_pagetable *hwpt;
+	struct iommufd_object *pt_obj;
+	const struct iommu_ops *ops;
 	struct iommufd_device *idev;
 	struct iommufd_ioas *ioas;
-	int rc;
+	int klen = 0;
+	int rc = 0;
 
 	if (cmd->flags || cmd->__reserved)
 		return -EOPNOTSUPP;
@@ -197,15 +201,81 @@  int iommufd_hwpt_alloc(struct iommufd_ucmd *ucmd)
 	if (IS_ERR(idev))
 		return PTR_ERR(idev);
 
-	ioas = iommufd_get_ioas(ucmd->ictx, cmd->pt_id);
-	if (IS_ERR(ioas)) {
-		rc = PTR_ERR(ioas);
+	ops = dev_iommu_ops(idev->dev);
+
+	/*
+	 * All drivers support IOMMU_HWPT_TYPE_DEFAULT, so pass it through.
+	 * For any other hwpt_type, check the ops->domain_alloc_user_data_len
+	 * presence and its result.
+	 */
+	if (cmd->hwpt_type != IOMMU_HWPT_TYPE_DEFAULT) {
+		if (!ops->domain_alloc_user_data_len) {
+			rc = -EOPNOTSUPP;
+			goto out_put_idev;
+		}
+		klen = ops->domain_alloc_user_data_len(cmd->hwpt_type);
+		if (WARN_ON(klen < 0)) {
+			rc = -EINVAL;
+			goto out_put_pt;
+		}
+	}
+
+	pt_obj = iommufd_get_object(ucmd->ictx, cmd->pt_id, IOMMUFD_OBJ_ANY);
+	if (IS_ERR(pt_obj)) {
+		rc = -EINVAL;
 		goto out_put_idev;
 	}
 
+	switch (pt_obj->type) {
+	case IOMMUFD_OBJ_IOAS:
+		ioas = container_of(pt_obj, struct iommufd_ioas, obj);
+		break;
+	case IOMMUFD_OBJ_HW_PAGETABLE:
+		/* pt_id points HWPT only when hwpt_type is !IOMMU_HWPT_TYPE_DEFAULT */
+		if (cmd->hwpt_type == IOMMU_HWPT_TYPE_DEFAULT) {
+			rc = -EINVAL;
+			goto out_put_pt;
+		}
+
+		parent = container_of(pt_obj, struct iommufd_hw_pagetable, obj);
+		/*
+		 * Cannot allocate user-managed hwpt linking to auto_created
+		 * hwpt. If the parent hwpt is already a user-managed hwpt,
+		 * don't allocate another user-managed hwpt linking to it.
+		 */
+		if (parent->auto_domain || parent->parent) {
+			rc = -EINVAL;
+			goto out_put_pt;
+		}
+		ioas = parent->ioas;
+		break;
+	default:
+		rc = -EINVAL;
+		goto out_put_pt;
+	}
+
+	if (klen) {
+		if (!cmd->data_len) {
+			rc = -EINVAL;
+			goto out_put_pt;
+		}
+
+		data = kzalloc(sizeof(*data), GFP_KERNEL);
+		if (!data) {
+			rc = -ENOMEM;
+			goto out_put_pt;
+		}
+
+		rc = copy_struct_from_user(data, sizeof(*data),
+					   u64_to_user_ptr(cmd->data_uptr),
+					   cmd->data_len);
+		if (rc)
+			goto out_free_data;
+	}
+
 	mutex_lock(&ioas->mutex);
 	hwpt = iommufd_hw_pagetable_alloc(ucmd->ictx, ioas, idev,
-					  NULL, NULL, false);
+					  parent, data, false);
 	if (IS_ERR(hwpt)) {
 		rc = PTR_ERR(hwpt);
 		goto out_unlock;
@@ -222,7 +292,10 @@  int iommufd_hwpt_alloc(struct iommufd_ucmd *ucmd)
 	iommufd_object_abort_and_destroy(ucmd->ictx, &hwpt->obj);
 out_unlock:
 	mutex_unlock(&ioas->mutex);
-	iommufd_put_object(&ioas->obj);
+out_free_data:
+	kfree(data);
+out_put_pt:
+	iommufd_put_object(pt_obj);
 out_put_idev:
 	iommufd_put_object(&idev->obj);
 	return rc;
diff --git a/drivers/iommu/iommufd/main.c b/drivers/iommu/iommufd/main.c
index 5c24e8971f09..ac81403ba78e 100644
--- a/drivers/iommu/iommufd/main.c
+++ b/drivers/iommu/iommufd/main.c
@@ -302,7 +302,7 @@  struct iommufd_ioctl_op {
 static const struct iommufd_ioctl_op iommufd_ioctl_ops[] = {
 	IOCTL_OP(IOMMU_DESTROY, iommufd_destroy, struct iommu_destroy, id),
 	IOCTL_OP(IOMMU_HWPT_ALLOC, iommufd_hwpt_alloc, struct iommu_hwpt_alloc,
-		 __reserved),
+		 data_uptr),
 	IOCTL_OP(IOMMU_DEVICE_GET_HW_INFO, iommufd_device_get_hw_info,
 		 struct iommu_hw_info, __reserved),
 	IOCTL_OP(IOMMU_IOAS_ALLOC, iommufd_ioas_alloc_ioctl,
diff --git a/include/uapi/linux/iommufd.h b/include/uapi/linux/iommufd.h
index e9d42838dcbd..699e735828db 100644
--- a/include/uapi/linux/iommufd.h
+++ b/include/uapi/linux/iommufd.h
@@ -347,6 +347,14 @@  struct iommu_vfio_ioas {
 };
 #define IOMMU_VFIO_IOAS _IO(IOMMUFD_TYPE, IOMMUFD_CMD_VFIO_IOAS)
 
+/**
+ * enum iommu_hwpt_type - IOMMU HWPT Type
+ * @IOMMU_HWPT_TYPE_DEFAULT: default
+ */
+enum iommu_hwpt_type {
+	IOMMU_HWPT_TYPE_DEFAULT,
+};
+
 /**
  * struct iommu_hwpt_alloc - ioctl(IOMMU_HWPT_ALLOC)
  * @size: sizeof(struct iommu_hwpt_alloc)
@@ -355,12 +363,31 @@  struct iommu_vfio_ioas {
  * @pt_id: The IOAS to connect this HWPT to
  * @out_hwpt_id: The ID of the new HWPT
  * @__reserved: Must be 0
+ * @hwpt_type: One of enum iommu_hwpt_type
+ * @data_len: Length of the type specific data
+ * @data_uptr: User pointer to the type specific data
  *
  * Explicitly allocate a hardware page table object. This is the same object
  * type that is returned by iommufd_device_attach() and represents the
  * underlying iommu driver's iommu_domain kernel object.
  *
- * A HWPT will be created with the IOVA mappings from the given IOAS.
+ * A kernel-managed HWPT will be created with the mappings from the given IOAS.
+ * The @hwpt_type for its allocation can be set to IOMMU_HWPT_TYPE_DEFAULT, or
+ * another type (being listed below) to specialize a kernel-managed HWPT.
+ *
+ * A user-managed HWPT will be created from a given parent HWPT via @pt_id, in
+ * which the parent HWPT must be allocated previously via the same ioctl from a
+ * given IOAS. The @hwpt_type must not be set to IOMMU_HWPT_TYPE_DEFAULT but a
+ * pre-defined type corresponding to the underlying IOMMU hardware.
+ *
+ * If the @hwpt_type is set to IOMMU_HWPT_TYPE_DEFAULT, both the @data_len and
+ * the @data_uptr will be ignored. Otherwise, both of them must be given.
+ *
+ * +==============================+=====================================+===========+
+ * | @hwpt_type                   |    Data structure in @data_uptr     |   @pt_id  |
+ * +------------------------------+-------------------------------------+-----------+
+ * | IOMMU_HWPT_TYPE_DEFAULT      |               N/A                   |    IOAS   |
+ * +------------------------------+-------------------------------------+-----------+
  */
 struct iommu_hwpt_alloc {
 	__u32 size;
@@ -369,6 +396,9 @@  struct iommu_hwpt_alloc {
 	__u32 pt_id;
 	__u32 out_hwpt_id;
 	__u32 __reserved;
+	__u32 hwpt_type;
+	__u32 data_len;
+	__aligned_u64 data_uptr;
 };
 #define IOMMU_HWPT_ALLOC _IO(IOMMUFD_TYPE, IOMMUFD_CMD_HWPT_ALLOC)