| Message ID | 10-v2-51b9896e7862+8a8c-iommufd_alloc_jgg@nvidia.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Add iommufd physical device operations for replace and alloc hwpt | expand |
On 2023/3/8 8:35, Jason Gunthorpe wrote: > The code flow for first time attaching a PT and replacing a PT is very > similar except for the lowest do_attach step. > > Reorganize this so that the do_attach step is a function pointer. > > Replace requires destroying the old HWPT once it is replaced. This > destruction cannot be done under all the locks that are held in the > function pointer, so the signature allows returning a HWPT which will be > destroyed by the caller after everything is unlocked. > > Signed-off-by: Jason Gunthorpe<jgg@nvidia.com> Reviewed-by: Lu Baolu <baolu.lu@linux.intel.com> Best regards, baolu
> From: Jason Gunthorpe <jgg@nvidia.com> > Sent: Wednesday, March 8, 2023 8:36 AM > > @@ -379,52 +388,57 @@ static int > iommufd_device_auto_get_domain(struct iommufd_device *idev, > > if (!iommufd_lock_obj(&hwpt->obj)) > continue; > - rc = iommufd_device_do_attach(idev, hwpt); > - iommufd_put_object(&hwpt->obj); > - > - /* > - * -EINVAL means the domain is incompatible with the device. > - * Other error codes should propagate to userspace as failure. > - * Success means the domain is attached. > - */ > - if (rc == -EINVAL) > - continue; > + destroy_hwpt = (*do_attach)(idev, hwpt); > *pt_id = hwpt->obj.id; only when succeed? > + iommufd_put_object(&hwpt->obj); > + if (IS_ERR(destroy_hwpt)) { > + /* > + * -EINVAL means the domain is incompatible with > the > + * device. Other error codes should propagate to > + * userspace as failure. Success means the domain is > + * attached. > + */ > + if (PTR_ERR(destroy_hwpt) == -EINVAL) > + continue; > + goto out_unlock; > + } > goto out_unlock; two goto's can be merged, if you still want to keep pt_id assignment in original place. > } > > - hwpt = iommufd_hw_pagetable_alloc(idev->ictx, ioas, idev, true); > + hwpt = iommufd_hw_pagetable_alloc(idev->ictx, ioas, idev, > + immediate_attach); > if (IS_ERR(hwpt)) { > - rc = PTR_ERR(hwpt); > + destroy_hwpt = ERR_CAST(hwpt); > goto out_unlock; > } > + > + if (!immediate_attach) { > + destroy_hwpt = (*do_attach)(idev, hwpt); > + if (IS_ERR(destroy_hwpt)) > + goto out_abort; > + } else { > + destroy_hwpt = NULL; > + } > + Above is a bit confusing. On one hand we have immediate_attach for drivers which must complete attach before we can add the domain to iopt. From this angle it should always be set when calling iommufd_hw_pagetable_alloc() no matter it's attach or replace. On the other hand we assume *replace* doesn't work with driver which requires immediate_attach so it's done outside of iommufd_hw_pagetable_alloc(). I'm unsure any better way of handling this transition phase, but at least some comment would be useful in this part.
On Fri, Mar 10, 2023 at 11:26:42AM +0000, Tian, Kevin wrote: > > From: Jason Gunthorpe <jgg@nvidia.com> > > Sent: Wednesday, March 8, 2023 8:36 AM > > > > @@ -379,52 +388,57 @@ static int > > iommufd_device_auto_get_domain(struct iommufd_device *idev, > > > > if (!iommufd_lock_obj(&hwpt->obj)) > > continue; > > - rc = iommufd_device_do_attach(idev, hwpt); > > - iommufd_put_object(&hwpt->obj); > > - > > - /* > > - * -EINVAL means the domain is incompatible with the device. > > - * Other error codes should propagate to userspace as failure. > > - * Success means the domain is attached. > > - */ > > - if (rc == -EINVAL) > > - continue; > > + destroy_hwpt = (*do_attach)(idev, hwpt); > > *pt_id = hwpt->obj.id; > > only when succeed? It isn't necessary, but it can be, it is just more ugly @@ -461,9 +468,8 @@ iommufd_device_auto_get_domain(struct iommufd_device *idev, if (!iommufd_lock_obj(&hwpt->obj)) continue; destroy_hwpt = (*do_attach)(idev, hwpt); - *pt_id = hwpt->obj.id; - iommufd_put_object(&hwpt->obj); if (IS_ERR(destroy_hwpt)) { + iommufd_put_object(&hwpt->obj); /* * -EINVAL means the domain is incompatible with the * device. Other error codes should propagate to @@ -474,6 +480,8 @@ iommufd_device_auto_get_domain(struct iommufd_device *idev, continue; goto out_unlock; } + *pt_id = hwpt->obj.id; + iommufd_put_object(&hwpt->obj); goto out_unlock; } but sure lets do it > > + if (IS_ERR(destroy_hwpt)) { > > + /* > > + * -EINVAL means the domain is incompatible with > > the > > + * device. Other error codes should propagate to > > + * userspace as failure. Success means the domain is > > + * attached. > > + */ > > + if (PTR_ERR(destroy_hwpt) == -EINVAL) > > + continue; > > + goto out_unlock; > > + } > > goto out_unlock; > > two goto's can be merged, if you still want to keep pt_id assignment > in original place. Ah, I don't like that so much stylistically. > > } > > > > - hwpt = iommufd_hw_pagetable_alloc(idev->ictx, ioas, idev, true); > > + hwpt = iommufd_hw_pagetable_alloc(idev->ictx, ioas, idev, > > + immediate_attach); > > if (IS_ERR(hwpt)) { > > - rc = PTR_ERR(hwpt); > > + destroy_hwpt = ERR_CAST(hwpt); > > goto out_unlock; > > } > > + > > + if (!immediate_attach) { > > + destroy_hwpt = (*do_attach)(idev, hwpt); > > + if (IS_ERR(destroy_hwpt)) > > + goto out_abort; > > + } else { > > + destroy_hwpt = NULL; > > + } > > + > > Above is a bit confusing. > > On one hand we have immediate_attach for drivers which must > complete attach before we can add the domain to iopt. From > this angle it should always be set when calling > iommufd_hw_pagetable_alloc() no matter it's attach or replace. I looked at it for a while if we could make replace follow the same immediate_attach flow, and it doesn't work right. The problem is we can fail at iopt_table_add_domain() which would be after replace is done and at that point we are pretty stuck. The design of replace is that iommu_group_replace_domain() is the last failable function in the process. > On the other hand we assume *replace* doesn't work with > driver which requires immediate_attach so it's done outside of > iommufd_hw_pagetable_alloc(). Replace with an IOAS doesn't work on those drivers. It works OK with a HWPT. > I'm unsure any better way of handling this transition phase, but > at least some comment would be useful in this part. /* * iommufd_hw_pagetable_attach() is called by * iommufd_hw_pagetable_alloc() in immediate attachment mode, same as * iommufd_device_do_attach(). So if we are in this mode then we prefer * to use the immediate_attach path as it supports drivers that can't * directly allocate a domain. */ bool immediate_attach = do_attach == iommufd_device_do_attach; Jason
diff --git a/drivers/iommu/iommufd/device.c b/drivers/iommu/iommufd/device.c index ddde14d6d1352c..0256e65476f045 100644 --- a/drivers/iommu/iommufd/device.c +++ b/drivers/iommu/iommufd/device.c @@ -345,27 +345,36 @@ iommufd_hw_pagetable_detach(struct iommufd_device *idev) return hwpt; } -static int iommufd_device_do_attach(struct iommufd_device *idev, - struct iommufd_hw_pagetable *hwpt) +static struct iommufd_hw_pagetable * +iommufd_device_do_attach(struct iommufd_device *idev, + struct iommufd_hw_pagetable *hwpt) { int rc; mutex_lock(&idev->igroup->lock); rc = iommufd_hw_pagetable_attach(hwpt, idev); mutex_unlock(&idev->igroup->lock); - return rc; + if (rc) + return ERR_PTR(rc); + return NULL; } +typedef struct iommufd_hw_pagetable *(*attach_fn)( + struct iommufd_device *idev, struct iommufd_hw_pagetable *hwpt); + /* * When automatically managing the domains we search for a compatible domain in * the iopt and if one is found use it, otherwise create a new domain. * Automatic domain selection will never pick a manually created domain. */ -static int iommufd_device_auto_get_domain(struct iommufd_device *idev, - struct iommufd_ioas *ioas, u32 *pt_id) +static struct iommufd_hw_pagetable * +iommufd_device_auto_get_domain(struct iommufd_device *idev, + struct iommufd_ioas *ioas, u32 *pt_id, + attach_fn do_attach) { + bool immediate_attach = do_attach == iommufd_device_do_attach; + struct iommufd_hw_pagetable *destroy_hwpt; struct iommufd_hw_pagetable *hwpt; - int rc; /* * There is no differentiation when domains are allocated, so any domain @@ -379,52 +388,57 @@ static int iommufd_device_auto_get_domain(struct iommufd_device *idev, if (!iommufd_lock_obj(&hwpt->obj)) continue; - rc = iommufd_device_do_attach(idev, hwpt); - iommufd_put_object(&hwpt->obj); - - /* - * -EINVAL means the domain is incompatible with the device. - * Other error codes should propagate to userspace as failure. - * Success means the domain is attached. - */ - if (rc == -EINVAL) - continue; + destroy_hwpt = (*do_attach)(idev, hwpt); *pt_id = hwpt->obj.id; + iommufd_put_object(&hwpt->obj); + if (IS_ERR(destroy_hwpt)) { + /* + * -EINVAL means the domain is incompatible with the + * device. Other error codes should propagate to + * userspace as failure. Success means the domain is + * attached. + */ + if (PTR_ERR(destroy_hwpt) == -EINVAL) + continue; + goto out_unlock; + } goto out_unlock; } - hwpt = iommufd_hw_pagetable_alloc(idev->ictx, ioas, idev, true); + hwpt = iommufd_hw_pagetable_alloc(idev->ictx, ioas, idev, + immediate_attach); if (IS_ERR(hwpt)) { - rc = PTR_ERR(hwpt); + destroy_hwpt = ERR_CAST(hwpt); goto out_unlock; } + + if (!immediate_attach) { + destroy_hwpt = (*do_attach)(idev, hwpt); + if (IS_ERR(destroy_hwpt)) + goto out_abort; + } else { + destroy_hwpt = NULL; + } + hwpt->auto_domain = true; *pt_id = hwpt->obj.id; mutex_unlock(&ioas->mutex); iommufd_object_finalize(idev->ictx, &hwpt->obj); - return 0; + return destroy_hwpt; + +out_abort: + iommufd_object_abort_and_destroy(idev->ictx, &hwpt->obj); out_unlock: mutex_unlock(&ioas->mutex); - return rc; + return destroy_hwpt; } -/** - * iommufd_device_attach - Connect a device from an iommu_domain - * @idev: device to attach - * @pt_id: Input a IOMMUFD_OBJ_IOAS, or IOMMUFD_OBJ_HW_PAGETABLE - * Output the IOMMUFD_OBJ_HW_PAGETABLE ID - * - * This connects the device to an iommu_domain, either automatically or manually - * selected. Once this completes the device could do DMA. - * - * The caller should return the resulting pt_id back to userspace. - * This function is undone by calling iommufd_device_detach(). - */ -int iommufd_device_attach(struct iommufd_device *idev, u32 *pt_id) +static int iommufd_device_change_pt(struct iommufd_device *idev, u32 *pt_id, + attach_fn do_attach) { + struct iommufd_hw_pagetable *destroy_hwpt; struct iommufd_object *pt_obj; - int rc; pt_obj = iommufd_get_object(idev->ictx, *pt_id, IOMMUFD_OBJ_ANY); if (IS_ERR(pt_obj)) @@ -435,8 +449,8 @@ int iommufd_device_attach(struct iommufd_device *idev, u32 *pt_id) struct iommufd_hw_pagetable *hwpt = container_of(pt_obj, struct iommufd_hw_pagetable, obj); - rc = iommufd_device_do_attach(idev, hwpt); - if (rc) + destroy_hwpt = (*do_attach)(idev, hwpt); + if (IS_ERR(destroy_hwpt)) goto out_put_pt_obj; break; } @@ -444,22 +458,54 @@ int iommufd_device_attach(struct iommufd_device *idev, u32 *pt_id) struct iommufd_ioas *ioas = container_of(pt_obj, struct iommufd_ioas, obj); - rc = iommufd_device_auto_get_domain(idev, ioas, pt_id); - if (rc) + destroy_hwpt = iommufd_device_auto_get_domain(idev, ioas, pt_id, + do_attach); + if (IS_ERR(destroy_hwpt)) goto out_put_pt_obj; break; } default: - rc = -EINVAL; + destroy_hwpt = ERR_PTR(-EINVAL); goto out_put_pt_obj; } + iommufd_put_object(pt_obj); - refcount_inc(&idev->obj.users); - rc = 0; + /* This destruction has to be after we unlock everything */ + if (destroy_hwpt) + iommufd_hw_pagetable_put(idev->ictx, destroy_hwpt); + return 0; out_put_pt_obj: iommufd_put_object(pt_obj); - return rc; + return PTR_ERR(destroy_hwpt); +} + +/** + * iommufd_device_attach - Connect a device to an iommu_domain + * @idev: device to attach + * @pt_id: Input a IOMMUFD_OBJ_IOAS, or IOMMUFD_OBJ_HW_PAGETABLE + * Output the IOMMUFD_OBJ_HW_PAGETABLE ID + * + * This connects the device to an iommu_domain, either automatically or manually + * selected. Once this completes the device could do DMA. + * + * The caller should return the resulting pt_id back to userspace. + * This function is undone by calling iommufd_device_detach(). + */ +int iommufd_device_attach(struct iommufd_device *idev, u32 *pt_id) +{ + int rc; + + rc = iommufd_device_change_pt(idev, pt_id, &iommufd_device_do_attach); + if (rc) + return rc; + + /* + * Pairs with iommufd_device_detach() - catches caller bugs attempting + * to destroy a device with an attachment. + */ + refcount_inc(&idev->obj.users); + return 0; } EXPORT_SYMBOL_NS_GPL(iommufd_device_attach, IOMMUFD);
The code flow for first time attaching a PT and replacing a PT is very similar except for the lowest do_attach step. Reorganize this so that the do_attach step is a function pointer. Replace requires destroying the old HWPT once it is replaced. This destruction cannot be done under all the locks that are held in the function pointer, so the signature allows returning a HWPT which will be destroyed by the caller after everything is unlocked. Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> --- drivers/iommu/iommufd/device.c | 130 ++++++++++++++++++++++----------- 1 file changed, 88 insertions(+), 42 deletions(-)