mbox series

[0/4] iommu: Reject drivers with broken_unmanaged_domain

Message ID cover.1674849118.git.nicolinc@nvidia.com
Headers show
Series iommu: Reject drivers with broken_unmanaged_domain | expand

Message

Nicolin Chen Jan. 27, 2023, 8:04 p.m. UTC 
Hi all,

Both IOMMU_DOMAIN_UNMANAGED and IOMMU_DOMAIN_DMA require the support
of __IOMMU_DOMAIN_PAGING capability, i.e. iommu_map/unmap. However,
some older iommu drivers do not fully support that, and these drivers
also do not advertise support for dma-iommu.c via IOMMU_DOMAIN_DMA,
or use arm_iommu_create_mapping(), so largely their implementations
of IOMMU_DOMAIN_UNMANAGED are untested. This means that a user like
vfio/iommufd does not likely work with them.

Thus, mark all these drivers as having "broken" UNAMANGED domains and
add a new device_iommu_unmanaged_supported() API for vfio/iommufd and
dma-iommu to refuse to work with these drivers.

These are preparatory changes for a new IOMMU API that will be used by
iommufd. Having this flag allows us to prevent any use of the new API
in iommufd, to keep things clean.

You can also find this series on Github:
https://github.com/nicolinc/iommufd/commits/broken_unmanaged_domain

Thank you
Nicolin Chen

Nicolin Chen (4):
  iommu: Add a broken_unmanaged_domain flag in iommu_ops
  iommu/dma: Do not init domain if broken_unmanaged_domain
  iommufd: Do not allocate device object if broken_unmanaged_domain
  vfio: Do not allocate domain if broken_unmanaged_domain

 drivers/iommu/dma-iommu.c       |  3 +++
 drivers/iommu/fsl_pamu_domain.c |  1 +
 drivers/iommu/iommu.c           | 24 ++++++++++++++++++++++++
 drivers/iommu/iommufd/device.c  |  3 +++
 drivers/iommu/msm_iommu.c       |  1 +
 drivers/iommu/mtk_iommu_v1.c    |  1 +
 drivers/iommu/omap-iommu.c      |  1 +
 drivers/iommu/tegra-gart.c      |  1 +
 drivers/iommu/tegra-smmu.c      |  1 +
 drivers/vfio/vfio_iommu_type1.c |  5 ++++-
 include/linux/iommu.h           | 11 +++++++++++
 11 files changed, 51 insertions(+), 1 deletion(-)

Comments

Robin Murphy Jan. 27, 2023, 9:59 p.m. UTC | #1 
On 2023-01-27 20:04, Nicolin Chen wrote:
> Add a sanity of the broken_unmanaged_domain flag to reject the use of
> dma-iommu in the early stage, if the flag is set by the iommu driver.

Realistically, iommu-dma will never be enabled on PPC32, let alone used. 
It will not be enabled on ARM until I've fixed any drivers which need 
fixing to work with it. We don't need to add dead code here.

Thanks,
Robin.

> Suggested-by: Jason Gunthorpe <jgg@nvidia.com>
> Signed-off-by: Nicolin Chen <nicolinc@nvidia.com>
> ---
>   drivers/iommu/dma-iommu.c | 3 +++
>   1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c
> index f798c44e0903..f1e8d952b17d 100644
> --- a/drivers/iommu/dma-iommu.c
> +++ b/drivers/iommu/dma-iommu.c
> @@ -545,6 +545,9 @@ static int iommu_dma_init_domain(struct iommu_domain *domain, dma_addr_t base,
>   	if (!cookie || cookie->type != IOMMU_DMA_IOVA_COOKIE)
>   		return -EINVAL;
>   
> +	if (WARN_ON(!device_iommu_unmanaged_supported(dev)))
> +		return -EINVAL;
> +
>   	iovad = &cookie->iovad;
>   
>   	/* Use the smallest supported page size for IOVA granularity */
Nicolin Chen Jan. 27, 2023, 10:51 p.m. UTC | #2 
On Fri, Jan 27, 2023 at 09:59:50PM +0000, Robin Murphy wrote:
> External email: Use caution opening links or attachments
> 
> 
> On 2023-01-27 20:04, Nicolin Chen wrote:
> > Add a sanity of the broken_unmanaged_domain flag to reject the use of
> > dma-iommu in the early stage, if the flag is set by the iommu driver.
> 
> Realistically, iommu-dma will never be enabled on PPC32, let alone used.
> It will not be enabled on ARM until I've fixed any drivers which need
> fixing to work with it. We don't need to add dead code here.

OK. Sounds like I can drop this patch.

Thanks
Nicolin
Tian, Kevin Jan. 29, 2023, 7:46 a.m. UTC | #3 
> From: Nicolin Chen <nicolinc@nvidia.com>
> Sent: Saturday, January 28, 2023 4:04 AM
> 
> Hi all,
> 
> Both IOMMU_DOMAIN_UNMANAGED and IOMMU_DOMAIN_DMA require
> the support
> of __IOMMU_DOMAIN_PAGING capability, i.e. iommu_map/unmap.
> However,
> some older iommu drivers do not fully support that, and these drivers
> also do not advertise support for dma-iommu.c via IOMMU_DOMAIN_DMA,
> or use arm_iommu_create_mapping(), so largely their implementations
> of IOMMU_DOMAIN_UNMANAGED are untested. This means that a user like
> vfio/iommufd does not likely work with them.
> 
> Thus, mark all these drivers as having "broken" UNAMANGED domains and
> add a new device_iommu_unmanaged_supported() API for vfio/iommufd
> and
> dma-iommu to refuse to work with these drivers.
> 

Why not making an explicit way to mark which drivers are tested to
support vfio/iommufd? Not sure whether pure code review is reliable
to filter out 'broken' vs. 'non-broken'...