[01/17] iommu: Add new iommu op to create domains owned by userspace

Message ID 20230209043153.14964-2-yi.l.liu@intel.com
State New
Headers
Series Add Intel VT-d nested translation |

Commit Message

Yi Liu Feb. 9, 2023, 4:31 a.m. UTC
  From: Lu Baolu <baolu.lu@linux.intel.com>

Introduce a new iommu_domain op to create domains owned by userspace,
e.g. through iommufd. These domains have a few different properties
compares to kernel owned domains:

 - They may be MANAGED domains, but created with special parameters.
   For instance aperture size changes/number of levels, different
   IOPTE formats, or other things necessary to make a vIOMMU work

 - We have to track all the memory allocations with GFP_KERNEL_ACCOUNT
   to make the cgroup sandbox stronger

 - Device-specialty domains, such as NESTED domains can be created by
   iommufd.

The new op clearly says the domain is being created by IOMMUFD, that
the domain is intended for userspace use, and it provides a way to pass
a driver specific uAPI structure to customize the created domain to
exactly what the vIOMMU userspace driver requires.

iommu drivers that cannot support VFIO/IOMMUFD should not support this
op. This includes any driver that cannot provide a fully functional
UNMANAGED domain.

This op chooses to make the special parameters opaque to the core. This
suits the current usage model where accessing any of the IOMMU device
special parameters does require a userspace driver that matches the
kernel driver. If a need for common parameters, implemented similarly
by several drivers, arises then there is room in the design to grow a
generic parameter set as well.

This new op for now is only supposed to be used by iommufd, hence no
wrapper for it. iommufd would call the callback directly. As for domain
free, iommufd would use iommu_domain_free().

Suggested-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Yi Liu <yi.l.liu@intel.com>
---
 include/linux/iommu.h | 4 ++++
 1 file changed, 4 insertions(+)
  

Comments

Tian, Kevin Feb. 10, 2023, 8:24 a.m. UTC | #1
> From: Liu, Yi L <yi.l.liu@intel.com>
> Sent: Thursday, February 9, 2023 12:32 PM
> 
> From: Lu Baolu <baolu.lu@linux.intel.com>
> 
> Introduce a new iommu_domain op to create domains owned by userspace,
> e.g. through iommufd. These domains have a few different properties
> compares to kernel owned domains:
> 
>  - They may be MANAGED domains, but created with special parameters.
>    For instance aperture size changes/number of levels, different
>    IOPTE formats, or other things necessary to make a vIOMMU work
> 

what is *MANAGED* domain?

today we only have the separation between DMA domain and
UNMANAGED domain.

soon with Jason's cleanup all domains are called UNMANAGED.
  
Baolu Lu Feb. 11, 2023, 3:16 a.m. UTC | #2
On 2023/2/10 16:24, Tian, Kevin wrote:
>> From: Liu, Yi L <yi.l.liu@intel.com>
>> Sent: Thursday, February 9, 2023 12:32 PM
>>
>> From: Lu Baolu <baolu.lu@linux.intel.com>
>>
>> Introduce a new iommu_domain op to create domains owned by userspace,
>> e.g. through iommufd. These domains have a few different properties
>> compares to kernel owned domains:
>>
>>   - They may be MANAGED domains, but created with special parameters.
>>     For instance aperture size changes/number of levels, different
>>     IOPTE formats, or other things necessary to make a vIOMMU work
>>
> 
> what is *MANAGED* domain?
> 
> today we only have the separation between DMA domain and
> UNMANAGED domain.
> 
> soon with Jason's cleanup all domains are called UNMANAGED.

It should be UNMANAGED domain.

Best regards,
baolu
  

Patch

diff --git a/include/linux/iommu.h b/include/linux/iommu.h
index 97b398d19fd2..214e3eb9bc86 100644
--- a/include/linux/iommu.h
+++ b/include/linux/iommu.h
@@ -230,6 +230,7 @@  struct iommu_iotlb_gather {
  *           after use. Return the data buffer if success, or ERR_PTR on
  *	      failure.
  * @domain_alloc: allocate iommu domain
+ * @domain_alloc_user: allocate user iommu domain
  * @probe_device: Add device to iommu driver handling
  * @release_device: Remove device from iommu driver handling
  * @probe_finalize: Do final setup work after the device is added to an IOMMU
@@ -262,6 +263,9 @@  struct iommu_ops {
 
 	/* Domain allocation and freeing by the iommu driver */
 	struct iommu_domain *(*domain_alloc)(unsigned iommu_domain_type);
+	struct iommu_domain *(*domain_alloc_user)(struct device *dev,
+						  struct iommu_domain *parent,
+						  const void *user_data);
 
 	struct iommu_device *(*probe_device)(struct device *dev);
 	void (*release_device)(struct device *dev);