Subject: [PATCH v7 0/6] vfio/type1: Add support for valid iova list management

This is to revive this series which almost made to 4.18 but got dropped
as Alex found an issue[1] with IGD and USB devices RMRR region being
reported as reserved regions.

Thanks to Eric for his work here[2]. It provides a way to exclude
these regions while reporting the valid iova regions and this respin
make use of that.

Please note that I don't have a platform to verify the reported RMRR
issue and appreciate testing on those platforms.

Thanks,
Shameer

[1] https://lkml.org/lkml/2018/6/5/760
[2] https://lore.kernel.org/patchwork/cover/1083072/

v6-->v7
-Rebased to 5.2-rc6 + Eric's patches
-Added logic to exclude IOMMU_RESV_DIRECT_RELAXABLE reserved memory
region type(patch #2).
-Dropped patch #4 of v6 as it is already part of mainline.
-Addressed "container with only an mdev device will have an empty list"
case(patches 4/6 & 5/6 - Suggested by Alex)

Old
----
This series introduces an iova list associated with a vfio
iommu. The list is kept updated taking care of iommu apertures,
and reserved regions. Also this series adds checks for any conflict
with existing dma mappings whenever a new device group is attached to
the domain.

User-space can retrieve valid iova ranges using VFIO_IOMMU_GET_INFO
ioctl capability chains. Any dma map request outside the valid iova
range will be rejected.

v5 --> v6

-Rebased to 4.17-rc1
-Changed the ordering such that previous patch#7 "iommu/dma: Move
PCI window region reservation back...") is now patch #4. This
will avoid any bisection issues pointed out by Alex.
-Added Robins's Reviewed-by tag for patch#4

v4 --> v5
Rebased to next-20180315.

-Incorporated the corner case bug fix suggested by Alex to patch #5.
-Based on suggestions by Alex and Robin, added patch#7. This
moves the PCI window reservation back in to DMA specific path.
This is to fix the issue reported by Eric[1].

v3 --> v4
Addressed comments received for v3.
-dma_addr_t instead of phys_addr_t
-LIST_HEAD() usage.
-Free up iova_copy list in case of error.
-updated logic in filling the iova caps info(patch #5)

RFCv2 --> v3
Removed RFC tag.
Addressed comments from Alex and Eric:
- Added comments to make iova list management logic more clear.
- Use of iova list copy so that original is not altered in
case of failure.

RFCv1 --> RFCv2
Addressed comments from Alex:
-Introduced IOVA list management and added checks for conflicts with
existing dma map entries during attach/detach.

Shameer Kolothum (6):
vfio/type1: Introduce iova list and add iommu aperture validity check
vfio/type1: Check reserve region conflict and update iova list
vfio/type1: Update iova list on detach
vfio/type1: check dma map request is within a valid iova range
vfio/type1: Add IOVA range capability support
vfio/type1: remove duplicate retrieval of reserved regions

drivers/vfio/vfio_iommu_type1.c | 510 +++++++++++++++++++++++++++++++-
include/uapi/linux/vfio.h | 23 ++
2 files changed, 520 insertions(+), 13 deletions(-)

--
2.17.1



Subject: [PATCH v7 1/6] vfio/type1: Introduce iova list and add iommu aperture validity check

This introduces an iova list that is valid for dma mappings. Make
sure the new iommu aperture window doesn't conflict with the current
one or with any existing dma mappings during attach.

Signed-off-by: Shameer Kolothum <[email protected]>
---
drivers/vfio/vfio_iommu_type1.c | 181 +++++++++++++++++++++++++++++++-
1 file changed, 177 insertions(+), 4 deletions(-)

diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index add34adfadc7..970d1ec06aed 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -1,4 +1,3 @@
-// SPDX-License-Identifier: GPL-2.0-only
/*
* VFIO: IOMMU DMA mapping support for Type1 IOMMU
*
@@ -62,6 +61,7 @@ MODULE_PARM_DESC(dma_entry_limit,

struct vfio_iommu {
struct list_head domain_list;
+ struct list_head iova_list;
struct vfio_domain *external_domain; /* domain for external user */
struct mutex lock;
struct rb_root dma_list;
@@ -97,6 +97,12 @@ struct vfio_group {
bool mdev_group; /* An mdev group */
};

+struct vfio_iova {
+ struct list_head list;
+ dma_addr_t start;
+ dma_addr_t end;
+};
+
/*
* Guest RAM pinning working set or DMA target
*/
@@ -1401,6 +1407,146 @@ static int vfio_mdev_iommu_device(struct device *dev, void *data)
return 0;
}

+/*
+ * This is a helper function to insert an address range to iova list.
+ * The list starts with a single entry corresponding to the IOMMU
+ * domain geometry to which the device group is attached. The list
+ * aperture gets modified when a new domain is added to the container
+ * if the new aperture doesn't conflict with the current one or with
+ * any existing dma mappings. The list is also modified to exclude
+ * any reserved regions associated with the device group.
+ */
+static int vfio_iommu_iova_insert(struct list_head *head,
+ dma_addr_t start, dma_addr_t end)
+{
+ struct vfio_iova *region;
+
+ region = kmalloc(sizeof(*region), GFP_KERNEL);
+ if (!region)
+ return -ENOMEM;
+
+ INIT_LIST_HEAD(&region->list);
+ region->start = start;
+ region->end = end;
+
+ list_add_tail(&region->list, head);
+ return 0;
+}
+
+/*
+ * Check the new iommu aperture conflicts with existing aper or with any
+ * existing dma mappings.
+ */
+static bool vfio_iommu_aper_conflict(struct vfio_iommu *iommu,
+ dma_addr_t start, dma_addr_t end)
+{
+ struct vfio_iova *first, *last;
+ struct list_head *iova = &iommu->iova_list;
+
+ if (list_empty(iova))
+ return false;
+
+ /* Disjoint sets, return conflict */
+ first = list_first_entry(iova, struct vfio_iova, list);
+ last = list_last_entry(iova, struct vfio_iova, list);
+ if (start > last->end || end < first->start)
+ return true;
+
+ /* Check for any existing dma mappings outside the new start */
+ if (start > first->start) {
+ if (vfio_find_dma(iommu, first->start, start - first->start))
+ return true;
+ }
+
+ /* Check for any existing dma mappings outside the new end */
+ if (end < last->end) {
+ if (vfio_find_dma(iommu, end + 1, last->end - end))
+ return true;
+ }
+
+ return false;
+}
+
+/*
+ * Resize iommu iova aperture window. This is called only if the new
+ * aperture has no conflict with existing aperture and dma mappings.
+ */
+static int vfio_iommu_aper_resize(struct list_head *iova,
+ dma_addr_t start, dma_addr_t end)
+{
+ struct vfio_iova *node, *next;
+
+ if (list_empty(iova))
+ return vfio_iommu_iova_insert(iova, start, end);
+
+ /* Adjust iova list start */
+ list_for_each_entry_safe(node, next, iova, list) {
+ if (start < node->start)
+ break;
+ if (start >= node->start && start < node->end) {
+ node->start = start;
+ break;
+ }
+ /* Delete nodes before new start */
+ list_del(&node->list);
+ kfree(node);
+ }
+
+ /* Adjust iova list end */
+ list_for_each_entry_safe(node, next, iova, list) {
+ if (end > node->end)
+ continue;
+ if (end > node->start && end <= node->end) {
+ node->end = end;
+ continue;
+ }
+ /* Delete nodes after new end */
+ list_del(&node->list);
+ kfree(node);
+ }
+
+ return 0;
+}
+
+static void vfio_iommu_iova_free(struct list_head *iova)
+{
+ struct vfio_iova *n, *next;
+
+ list_for_each_entry_safe(n, next, iova, list) {
+ list_del(&n->list);
+ kfree(n);
+ }
+}
+
+static int vfio_iommu_iova_get_copy(struct vfio_iommu *iommu,
+ struct list_head *iova_copy)
+{
+ struct list_head *iova = &iommu->iova_list;
+ struct vfio_iova *n;
+ int ret;
+
+ list_for_each_entry(n, iova, list) {
+ ret = vfio_iommu_iova_insert(iova_copy, n->start, n->end);
+ if (ret)
+ goto out_free;
+ }
+
+ return 0;
+
+out_free:
+ vfio_iommu_iova_free(iova_copy);
+ return ret;
+}
+
+static void vfio_iommu_iova_insert_copy(struct vfio_iommu *iommu,
+ struct list_head *iova_copy)
+{
+ struct list_head *iova = &iommu->iova_list;
+
+ vfio_iommu_iova_free(iova);
+
+ list_splice_tail(iova_copy, iova);
+}
static int vfio_iommu_type1_attach_group(void *iommu_data,
struct iommu_group *iommu_group)
{
@@ -1411,6 +1557,8 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
int ret;
bool resv_msi, msi_remap;
phys_addr_t resv_msi_base;
+ struct iommu_domain_geometry geo;
+ LIST_HEAD(iova_copy);

mutex_lock(&iommu->lock);

@@ -1487,6 +1635,25 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
if (ret)
goto out_domain;

+ /* Get aperture info */
+ iommu_domain_get_attr(domain->domain, DOMAIN_ATTR_GEOMETRY, &geo);
+
+ if (vfio_iommu_aper_conflict(iommu, geo.aperture_start,
+ geo.aperture_end)) {
+ ret = -EINVAL;
+ goto out_detach;
+ }
+
+ /* Get a copy of the current iova list and work on it */
+ ret = vfio_iommu_iova_get_copy(iommu, &iova_copy);
+ if (ret)
+ goto out_detach;
+
+ ret = vfio_iommu_aper_resize(&iova_copy, geo.aperture_start,
+ geo.aperture_end);
+ if (ret)
+ goto out_detach;
+
resv_msi = vfio_iommu_has_sw_msi(iommu_group, &resv_msi_base);

INIT_LIST_HEAD(&domain->group_list);
@@ -1520,8 +1687,7 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
list_add(&group->next, &d->group_list);
iommu_domain_free(domain->domain);
kfree(domain);
- mutex_unlock(&iommu->lock);
- return 0;
+ goto done;
}

ret = vfio_iommu_attach_group(domain, group);
@@ -1544,7 +1710,9 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
}

list_add(&domain->next, &iommu->domain_list);
-
+done:
+ /* Delete the old one and insert new iova list */
+ vfio_iommu_iova_insert_copy(iommu, &iova_copy);
mutex_unlock(&iommu->lock);

return 0;
@@ -1553,6 +1721,7 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
vfio_iommu_detach_group(domain, group);
out_domain:
iommu_domain_free(domain->domain);
+ vfio_iommu_iova_free(&iova_copy);
out_free:
kfree(domain);
kfree(group);
@@ -1692,6 +1861,7 @@ static void *vfio_iommu_type1_open(unsigned long arg)
}

INIT_LIST_HEAD(&iommu->domain_list);
+ INIT_LIST_HEAD(&iommu->iova_list);
iommu->dma_list = RB_ROOT;
iommu->dma_avail = dma_entry_limit;
mutex_init(&iommu->lock);
@@ -1735,6 +1905,9 @@ static void vfio_iommu_type1_release(void *iommu_data)
list_del(&domain->next);
kfree(domain);
}
+
+ vfio_iommu_iova_free(&iommu->iova_list);
+
kfree(iommu);
}

--
2.17.1


Subject: [PATCH v7 2/6] vfio/type1: Check reserve region conflict and update iova list

This retrieves the reserved regions associated with dev group and
checks for conflicts with any existing dma mappings. Also update
the iova list excluding the reserved regions.

Reserved regions with type IOMMU_RESV_DIRECT_RELAXABLE are
excluded from above checks as they are considered as directly
mapped regions which are known to be relaxable.

Signed-off-by: Shameer Kolothum <[email protected]>
---
drivers/vfio/vfio_iommu_type1.c | 96 +++++++++++++++++++++++++++++++++
1 file changed, 96 insertions(+)

diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 970d1ec06aed..b6bfdfa16c33 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -1508,6 +1508,88 @@ static int vfio_iommu_aper_resize(struct list_head *iova,
return 0;
}

+/*
+ * Check reserved region conflicts with existing dma mappings
+ */
+static bool vfio_iommu_resv_conflict(struct vfio_iommu *iommu,
+ struct list_head *resv_regions)
+{
+ struct iommu_resv_region *region;
+
+ /* Check for conflict with existing dma mappings */
+ list_for_each_entry(region, resv_regions, list) {
+ if (region->type == IOMMU_RESV_DIRECT_RELAXABLE)
+ continue;
+
+ if (vfio_find_dma(iommu, region->start, region->length))
+ return true;
+ }
+
+ return false;
+}
+
+/*
+ * Check iova region overlap with reserved regions and
+ * exclude them from the iommu iova range
+ */
+static int vfio_iommu_resv_exclude(struct list_head *iova,
+ struct list_head *resv_regions)
+{
+ struct iommu_resv_region *resv;
+ struct vfio_iova *n, *next;
+
+ list_for_each_entry(resv, resv_regions, list) {
+ phys_addr_t start, end;
+
+ if (resv->type == IOMMU_RESV_DIRECT_RELAXABLE)
+ continue;
+
+ start = resv->start;
+ end = resv->start + resv->length - 1;
+
+ list_for_each_entry_safe(n, next, iova, list) {
+ int ret = 0;
+
+ /* No overlap */
+ if (start > n->end || end < n->start)
+ continue;
+ /*
+ * Insert a new node if current node overlaps with the
+ * reserve region to exlude that from valid iova range.
+ * Note that, new node is inserted before the current
+ * node and finally the current node is deleted keeping
+ * the list updated and sorted.
+ */
+ if (start > n->start)
+ ret = vfio_iommu_iova_insert(&n->list, n->start,
+ start - 1);
+ if (!ret && end < n->end)
+ ret = vfio_iommu_iova_insert(&n->list, end + 1,
+ n->end);
+ if (ret)
+ return ret;
+
+ list_del(&n->list);
+ kfree(n);
+ }
+ }
+
+ if (list_empty(iova))
+ return -EINVAL;
+
+ return 0;
+}
+
+static void vfio_iommu_resv_free(struct list_head *resv_regions)
+{
+ struct iommu_resv_region *n, *next;
+
+ list_for_each_entry_safe(n, next, resv_regions, list) {
+ list_del(&n->list);
+ kfree(n);
+ }
+}
+
static void vfio_iommu_iova_free(struct list_head *iova)
{
struct vfio_iova *n, *next;
@@ -1559,6 +1641,7 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
phys_addr_t resv_msi_base;
struct iommu_domain_geometry geo;
LIST_HEAD(iova_copy);
+ LIST_HEAD(group_resv_regions);

mutex_lock(&iommu->lock);

@@ -1644,6 +1727,13 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
goto out_detach;
}

+ iommu_get_group_resv_regions(iommu_group, &group_resv_regions);
+
+ if (vfio_iommu_resv_conflict(iommu, &group_resv_regions)) {
+ ret = -EINVAL;
+ goto out_detach;
+ }
+
/* Get a copy of the current iova list and work on it */
ret = vfio_iommu_iova_get_copy(iommu, &iova_copy);
if (ret)
@@ -1654,6 +1744,10 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
if (ret)
goto out_detach;

+ ret = vfio_iommu_resv_exclude(&iova_copy, &group_resv_regions);
+ if (ret)
+ goto out_detach;
+
resv_msi = vfio_iommu_has_sw_msi(iommu_group, &resv_msi_base);

INIT_LIST_HEAD(&domain->group_list);
@@ -1714,6 +1808,7 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
/* Delete the old one and insert new iova list */
vfio_iommu_iova_insert_copy(iommu, &iova_copy);
mutex_unlock(&iommu->lock);
+ vfio_iommu_resv_free(&group_resv_regions);

return 0;

@@ -1722,6 +1817,7 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
out_domain:
iommu_domain_free(domain->domain);
vfio_iommu_iova_free(&iova_copy);
+ vfio_iommu_resv_free(&group_resv_regions);
out_free:
kfree(domain);
kfree(group);
--
2.17.1


Subject: [PATCH v7 5/6] vfio/type1: Add IOVA range capability support

This allows the user-space to retrieve the supported IOVA
range(s), excluding any reserved regions. The implementation
is based on capability chains, added to VFIO_IOMMU_GET_INFO ioctl.

Signed-off-by: Shameer Kolothum <[email protected]>
---
v6 --> v7

Addressed mdev case with empty iovas list(Suggested by Alex)
---
drivers/vfio/vfio_iommu_type1.c | 101 ++++++++++++++++++++++++++++++++
include/uapi/linux/vfio.h | 23 ++++++++
2 files changed, 124 insertions(+)

diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 89ad0da7152c..450081802dcd 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -2141,6 +2141,73 @@ static int vfio_domains_have_iommu_cache(struct vfio_iommu *iommu)
return ret;
}

+static int vfio_iommu_iova_add_cap(struct vfio_info_cap *caps,
+ struct vfio_iommu_type1_info_cap_iova_range *cap_iovas,
+ size_t size)
+{
+ struct vfio_info_cap_header *header;
+ struct vfio_iommu_type1_info_cap_iova_range *iova_cap;
+
+ header = vfio_info_cap_add(caps, size,
+ VFIO_IOMMU_TYPE1_INFO_CAP_IOVA_RANGE, 1);
+ if (IS_ERR(header))
+ return PTR_ERR(header);
+
+ iova_cap = container_of(header,
+ struct vfio_iommu_type1_info_cap_iova_range,
+ header);
+ iova_cap->nr_iovas = cap_iovas->nr_iovas;
+ memcpy(iova_cap->iova_ranges, cap_iovas->iova_ranges,
+ cap_iovas->nr_iovas * sizeof(*cap_iovas->iova_ranges));
+ return 0;
+}
+
+static int vfio_iommu_iova_build_caps(struct vfio_iommu *iommu,
+ struct vfio_info_cap *caps)
+{
+ struct vfio_iommu_type1_info_cap_iova_range *cap_iovas;
+ struct vfio_iova *iova;
+ size_t size;
+ int iovas = 0, i = 0, ret;
+
+ mutex_lock(&iommu->lock);
+
+ list_for_each_entry(iova, &iommu->iova_list, list)
+ iovas++;
+
+ if (!iovas) {
+ /*
+ * Return 0 as a container with only an mdev device
+ * will have an empty list
+ */
+ ret = 0;
+ goto out_unlock;
+ }
+
+ size = sizeof(*cap_iovas) + (iovas * sizeof(*cap_iovas->iova_ranges));
+
+ cap_iovas = kzalloc(size, GFP_KERNEL);
+ if (!cap_iovas) {
+ ret = -ENOMEM;
+ goto out_unlock;
+ }
+
+ cap_iovas->nr_iovas = iovas;
+
+ list_for_each_entry(iova, &iommu->iova_list, list) {
+ cap_iovas->iova_ranges[i].start = iova->start;
+ cap_iovas->iova_ranges[i].end = iova->end;
+ i++;
+ }
+
+ ret = vfio_iommu_iova_add_cap(caps, cap_iovas, size);
+
+ kfree(cap_iovas);
+out_unlock:
+ mutex_unlock(&iommu->lock);
+ return ret;
+}
+
static long vfio_iommu_type1_ioctl(void *iommu_data,
unsigned int cmd, unsigned long arg)
{
@@ -2162,19 +2229,53 @@ static long vfio_iommu_type1_ioctl(void *iommu_data,
}
} else if (cmd == VFIO_IOMMU_GET_INFO) {
struct vfio_iommu_type1_info info;
+ struct vfio_info_cap caps = { .buf = NULL, .size = 0 };
+ unsigned long capsz;
+ int ret;

minsz = offsetofend(struct vfio_iommu_type1_info, iova_pgsizes);

+ /* For backward compatibility, cannot require this */
+ capsz = offsetofend(struct vfio_iommu_type1_info, cap_offset);
+
if (copy_from_user(&info, (void __user *)arg, minsz))
return -EFAULT;

if (info.argsz < minsz)
return -EINVAL;

+ if (info.argsz >= capsz) {
+ minsz = capsz;
+ info.cap_offset = 0; /* output, no-recopy necessary */
+ }
+
info.flags = VFIO_IOMMU_INFO_PGSIZES;

info.iova_pgsizes = vfio_pgsize_bitmap(iommu);

+ ret = vfio_iommu_iova_build_caps(iommu, &caps);
+ if (ret)
+ return ret;
+
+ if (caps.size) {
+ info.flags |= VFIO_IOMMU_INFO_CAPS;
+
+ if (info.argsz < sizeof(info) + caps.size) {
+ info.argsz = sizeof(info) + caps.size;
+ } else {
+ vfio_info_cap_shift(&caps, sizeof(info));
+ if (copy_to_user((void __user *)arg +
+ sizeof(info), caps.buf,
+ caps.size)) {
+ kfree(caps.buf);
+ return -EFAULT;
+ }
+ info.cap_offset = sizeof(info);
+ }
+
+ kfree(caps.buf);
+ }
+
return copy_to_user((void __user *)arg, &info, minsz) ?
-EFAULT : 0;

diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h
index 8f10748dac79..1951d87115e8 100644
--- a/include/uapi/linux/vfio.h
+++ b/include/uapi/linux/vfio.h
@@ -714,7 +714,30 @@ struct vfio_iommu_type1_info {
__u32 argsz;
__u32 flags;
#define VFIO_IOMMU_INFO_PGSIZES (1 << 0) /* supported page sizes info */
+#define VFIO_IOMMU_INFO_CAPS (1 << 1) /* Info supports caps */
__u64 iova_pgsizes; /* Bitmap of supported page sizes */
+ __u32 cap_offset; /* Offset within info struct of first cap */
+};
+
+/*
+ * The IOVA capability allows to report the valid IOVA range(s)
+ * excluding any reserved regions associated with dev group. Any dma
+ * map attempt outside the valid iova range will return error.
+ *
+ * The structures below define version 1 of this capability.
+ */
+#define VFIO_IOMMU_TYPE1_INFO_CAP_IOVA_RANGE 1
+
+struct vfio_iova_range {
+ __u64 start;
+ __u64 end;
+};
+
+struct vfio_iommu_type1_info_cap_iova_range {
+ struct vfio_info_cap_header header;
+ __u32 nr_iovas;
+ __u32 reserved;
+ struct vfio_iova_range iova_ranges[];
};

#define VFIO_IOMMU_GET_INFO _IO(VFIO_TYPE, VFIO_BASE + 12)
--
2.17.1


Subject: [PATCH v7 3/6] vfio/type1: Update iova list on detach

Get a copy of iova list on _group_detach and try to update the list.
On success replace the current one with the copy. Leave the list as
it is if update fails.

Signed-off-by: Shameer Kolothum <[email protected]>
---
drivers/vfio/vfio_iommu_type1.c | 91 +++++++++++++++++++++++++++++++++
1 file changed, 91 insertions(+)

diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index b6bfdfa16c33..e872fb3a0f39 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -1873,12 +1873,88 @@ static void vfio_sanity_check_pfn_list(struct vfio_iommu *iommu)
WARN_ON(iommu->notifier.head);
}

+/*
+ * Called when a domain is removed in detach. It is possible that
+ * the removed domain decided the iova aperture window. Modify the
+ * iova aperture with the smallest window among existing domains.
+ */
+static void vfio_iommu_aper_expand(struct vfio_iommu *iommu,
+ struct list_head *iova_copy)
+{
+ struct vfio_domain *domain;
+ struct iommu_domain_geometry geo;
+ struct vfio_iova *node;
+ dma_addr_t start = 0;
+ dma_addr_t end = (dma_addr_t)~0;
+
+ list_for_each_entry(domain, &iommu->domain_list, next) {
+ iommu_domain_get_attr(domain->domain, DOMAIN_ATTR_GEOMETRY,
+ &geo);
+ if (geo.aperture_start > start)
+ start = geo.aperture_start;
+ if (geo.aperture_end < end)
+ end = geo.aperture_end;
+ }
+
+ /* Modify aperture limits. The new aper is either same or bigger */
+ node = list_first_entry(iova_copy, struct vfio_iova, list);
+ node->start = start;
+ node = list_last_entry(iova_copy, struct vfio_iova, list);
+ node->end = end;
+}
+
+/*
+ * Called when a group is detached. The reserved regions for that
+ * group can be part of valid iova now. But since reserved regions
+ * may be duplicated among groups, populate the iova valid regions
+ * list again.
+ */
+static int vfio_iommu_resv_refresh(struct vfio_iommu *iommu,
+ struct list_head *iova_copy)
+{
+ struct vfio_domain *d;
+ struct vfio_group *g;
+ struct vfio_iova *node;
+ dma_addr_t start, end;
+ LIST_HEAD(resv_regions);
+ int ret;
+
+ list_for_each_entry(d, &iommu->domain_list, next) {
+ list_for_each_entry(g, &d->group_list, next)
+ iommu_get_group_resv_regions(g->iommu_group,
+ &resv_regions);
+ }
+
+ if (list_empty(&resv_regions))
+ return 0;
+
+ node = list_first_entry(iova_copy, struct vfio_iova, list);
+ start = node->start;
+ node = list_last_entry(iova_copy, struct vfio_iova, list);
+ end = node->end;
+
+ /* purge the iova list and create new one */
+ vfio_iommu_iova_free(iova_copy);
+
+ ret = vfio_iommu_aper_resize(iova_copy, start, end);
+ if (ret)
+ goto done;
+
+ /* Exclude current reserved regions from iova ranges */
+ ret = vfio_iommu_resv_exclude(iova_copy, &resv_regions);
+done:
+ vfio_iommu_resv_free(&resv_regions);
+ return ret;
+}
+
static void vfio_iommu_type1_detach_group(void *iommu_data,
struct iommu_group *iommu_group)
{
struct vfio_iommu *iommu = iommu_data;
struct vfio_domain *domain;
struct vfio_group *group;
+ bool iova_copy_fail;
+ LIST_HEAD(iova_copy);

mutex_lock(&iommu->lock);

@@ -1901,6 +1977,12 @@ static void vfio_iommu_type1_detach_group(void *iommu_data,
}
}

+ /*
+ * Get a copy of iova list. If success, use copy to update the
+ * list and to replace the current one.
+ */
+ iova_copy_fail = !!vfio_iommu_iova_get_copy(iommu, &iova_copy);
+
list_for_each_entry(domain, &iommu->domain_list, next) {
group = find_iommu_group(domain, iommu_group);
if (!group)
@@ -1926,10 +2008,19 @@ static void vfio_iommu_type1_detach_group(void *iommu_data,
iommu_domain_free(domain->domain);
list_del(&domain->next);
kfree(domain);
+ if (!iova_copy_fail && !list_empty(&iommu->domain_list))
+ vfio_iommu_aper_expand(iommu, &iova_copy);
}
break;
}

+ if (!iova_copy_fail && !list_empty(&iommu->domain_list)) {
+ if (!vfio_iommu_resv_refresh(iommu, &iova_copy))
+ vfio_iommu_iova_insert_copy(iommu, &iova_copy);
+ else
+ vfio_iommu_iova_free(&iova_copy);
+ }
+
detach_group_done:
mutex_unlock(&iommu->lock);
}
--
2.17.1


Subject: [PATCH v7 6/6] vfio/type1: remove duplicate retrieval of reserved regions

As we now already have the reserved regions list, just pass that into
vfio_iommu_has_sw_msi() fn.

Signed-off-by: Shameer Kolothum <[email protected]>
---
drivers/vfio/vfio_iommu_type1.c | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 450081802dcd..43b1e68ebce9 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -1308,15 +1308,13 @@ static struct vfio_group *find_iommu_group(struct vfio_domain *domain,
return NULL;
}

-static bool vfio_iommu_has_sw_msi(struct iommu_group *group, phys_addr_t *base)
+static bool vfio_iommu_has_sw_msi(struct list_head *group_resv_regions,
+ phys_addr_t *base)
{
- struct list_head group_resv_regions;
- struct iommu_resv_region *region, *next;
+ struct iommu_resv_region *region;
bool ret = false;

- INIT_LIST_HEAD(&group_resv_regions);
- iommu_get_group_resv_regions(group, &group_resv_regions);
- list_for_each_entry(region, &group_resv_regions, list) {
+ list_for_each_entry(region, group_resv_regions, list) {
/*
* The presence of any 'real' MSI regions should take
* precedence over the software-managed one if the
@@ -1332,8 +1330,7 @@ static bool vfio_iommu_has_sw_msi(struct iommu_group *group, phys_addr_t *base)
ret = true;
}
}
- list_for_each_entry_safe(region, next, &group_resv_regions, list)
- kfree(region);
+
return ret;
}

@@ -1774,7 +1771,7 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
if (ret)
goto out_detach;

- resv_msi = vfio_iommu_has_sw_msi(iommu_group, &resv_msi_base);
+ resv_msi = vfio_iommu_has_sw_msi(&group_resv_regions, &resv_msi_base);

INIT_LIST_HEAD(&domain->group_list);
list_add(&group->next, &domain->group_list);
--
2.17.1


Subject: [PATCH v7 4/6] vfio/type1: check dma map request is within a valid iova range

This checks and rejects any dma map request outside valid iova
range.

Signed-off-by: Shameer Kolothum <[email protected]>
---
v6 --> v7

Addressed the case where a container with only an mdev device will
have an empty list(Suggested by Alex).
---
drivers/vfio/vfio_iommu_type1.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)

diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index e872fb3a0f39..89ad0da7152c 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -1050,6 +1050,27 @@ static int vfio_pin_map_dma(struct vfio_iommu *iommu, struct vfio_dma *dma,
return ret;
}

+/*
+ * Check dma map request is within a valid iova range
+ */
+static bool vfio_iommu_iova_dma_valid(struct vfio_iommu *iommu,
+ dma_addr_t start, dma_addr_t end)
+{
+ struct list_head *iova = &iommu->iova_list;
+ struct vfio_iova *node;
+
+ list_for_each_entry(node, iova, list) {
+ if (start >= node->start && end <= node->end)
+ return true;
+ }
+
+ /*
+ * Check for list_empty() as well since a container with
+ * only an mdev device will have an empty list.
+ */
+ return list_empty(&iommu->iova_list);
+}
+
static int vfio_dma_do_map(struct vfio_iommu *iommu,
struct vfio_iommu_type1_dma_map *map)
{
@@ -1093,6 +1114,11 @@ static int vfio_dma_do_map(struct vfio_iommu *iommu,
goto out_unlock;
}

+ if (!vfio_iommu_iova_dma_valid(iommu, iova, iova + size - 1)) {
+ ret = -EINVAL;
+ goto out_unlock;
+ }
+
dma = kzalloc(sizeof(*dma), GFP_KERNEL);
if (!dma) {
ret = -ENOMEM;
--
2.17.1


2019-07-03 20:37:06

by Alex Williamson

[permalink] [raw]
Subject: Re: [PATCH v7 1/6] vfio/type1: Introduce iova list and add iommu aperture validity check


Welcome back Shameer ;)

On Wed, 26 Jun 2019 16:12:43 +0100
Shameer Kolothum <[email protected]> wrote:

> This introduces an iova list that is valid for dma mappings. Make
> sure the new iommu aperture window doesn't conflict with the current
> one or with any existing dma mappings during attach.
>
> Signed-off-by: Shameer Kolothum <[email protected]>
> ---
> drivers/vfio/vfio_iommu_type1.c | 181 +++++++++++++++++++++++++++++++-
> 1 file changed, 177 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
> index add34adfadc7..970d1ec06aed 100644
> --- a/drivers/vfio/vfio_iommu_type1.c
> +++ b/drivers/vfio/vfio_iommu_type1.c
> @@ -1,4 +1,3 @@
> -// SPDX-License-Identifier: GPL-2.0-only
> /*
> * VFIO: IOMMU DMA mapping support for Type1 IOMMU
> *

Accidental merge deletion? Thanks,

Alex

2019-07-03 20:37:11

by Alex Williamson

[permalink] [raw]
Subject: Re: [PATCH v7 2/6] vfio/type1: Check reserve region conflict and update iova list

On Wed, 26 Jun 2019 16:12:44 +0100
Shameer Kolothum <[email protected]> wrote:

> This retrieves the reserved regions associated with dev group and
> checks for conflicts with any existing dma mappings. Also update
> the iova list excluding the reserved regions.
>
> Reserved regions with type IOMMU_RESV_DIRECT_RELAXABLE are
> excluded from above checks as they are considered as directly
> mapped regions which are known to be relaxable.
>
> Signed-off-by: Shameer Kolothum <[email protected]>
> ---
> drivers/vfio/vfio_iommu_type1.c | 96 +++++++++++++++++++++++++++++++++
> 1 file changed, 96 insertions(+)
>
> diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
> index 970d1ec06aed..b6bfdfa16c33 100644
> --- a/drivers/vfio/vfio_iommu_type1.c
> +++ b/drivers/vfio/vfio_iommu_type1.c
> @@ -1559,6 +1641,7 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
> phys_addr_t resv_msi_base;
> struct iommu_domain_geometry geo;
> LIST_HEAD(iova_copy);
> + LIST_HEAD(group_resv_regions);
>
> mutex_lock(&iommu->lock);
>
> @@ -1644,6 +1727,13 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
> goto out_detach;
> }
>
> + iommu_get_group_resv_regions(iommu_group, &group_resv_regions);

This can fail and should have an error case. I assume we'd fail the
group attach on failure. Thanks,

Alex

2019-07-03 20:37:32

by Alex Williamson

[permalink] [raw]
Subject: Re: [PATCH v7 3/6] vfio/type1: Update iova list on detach

On Wed, 26 Jun 2019 16:12:45 +0100
Shameer Kolothum <[email protected]> wrote:

> Get a copy of iova list on _group_detach and try to update the list.
> On success replace the current one with the copy. Leave the list as
> it is if update fails.
>
> Signed-off-by: Shameer Kolothum <[email protected]>
> ---
> drivers/vfio/vfio_iommu_type1.c | 91 +++++++++++++++++++++++++++++++++
> 1 file changed, 91 insertions(+)
>
> diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
> index b6bfdfa16c33..e872fb3a0f39 100644
> --- a/drivers/vfio/vfio_iommu_type1.c
> +++ b/drivers/vfio/vfio_iommu_type1.c
> @@ -1873,12 +1873,88 @@ static void vfio_sanity_check_pfn_list(struct vfio_iommu *iommu)
> WARN_ON(iommu->notifier.head);
> }
>
> +/*
> + * Called when a domain is removed in detach. It is possible that
> + * the removed domain decided the iova aperture window. Modify the
> + * iova aperture with the smallest window among existing domains.
> + */
> +static void vfio_iommu_aper_expand(struct vfio_iommu *iommu,
> + struct list_head *iova_copy)
> +{
> + struct vfio_domain *domain;
> + struct iommu_domain_geometry geo;
> + struct vfio_iova *node;
> + dma_addr_t start = 0;
> + dma_addr_t end = (dma_addr_t)~0;
> +
> + list_for_each_entry(domain, &iommu->domain_list, next) {
> + iommu_domain_get_attr(domain->domain, DOMAIN_ATTR_GEOMETRY,
> + &geo);
> + if (geo.aperture_start > start)
> + start = geo.aperture_start;
> + if (geo.aperture_end < end)
> + end = geo.aperture_end;
> + }
> +
> + /* Modify aperture limits. The new aper is either same or bigger */
> + node = list_first_entry(iova_copy, struct vfio_iova, list);
> + node->start = start;
> + node = list_last_entry(iova_copy, struct vfio_iova, list);
> + node->end = end;
> +}
> +
> +/*
> + * Called when a group is detached. The reserved regions for that
> + * group can be part of valid iova now. But since reserved regions
> + * may be duplicated among groups, populate the iova valid regions
> + * list again.
> + */
> +static int vfio_iommu_resv_refresh(struct vfio_iommu *iommu,
> + struct list_head *iova_copy)
> +{
> + struct vfio_domain *d;
> + struct vfio_group *g;
> + struct vfio_iova *node;
> + dma_addr_t start, end;
> + LIST_HEAD(resv_regions);
> + int ret;
> +
> + list_for_each_entry(d, &iommu->domain_list, next) {
> + list_for_each_entry(g, &d->group_list, next)
> + iommu_get_group_resv_regions(g->iommu_group,
> + &resv_regions);

Need to account for failure case here too.

> + }
> +
> + if (list_empty(&resv_regions))
> + return 0;
> +
> + node = list_first_entry(iova_copy, struct vfio_iova, list);
> + start = node->start;
> + node = list_last_entry(iova_copy, struct vfio_iova, list);
> + end = node->end;
> +
> + /* purge the iova list and create new one */
> + vfio_iommu_iova_free(iova_copy);
> +
> + ret = vfio_iommu_aper_resize(iova_copy, start, end);
> + if (ret)
> + goto done;
> +
> + /* Exclude current reserved regions from iova ranges */
> + ret = vfio_iommu_resv_exclude(iova_copy, &resv_regions);
> +done:
> + vfio_iommu_resv_free(&resv_regions);
> + return ret;
> +}
> +
> static void vfio_iommu_type1_detach_group(void *iommu_data,
> struct iommu_group *iommu_group)
> {
> struct vfio_iommu *iommu = iommu_data;
> struct vfio_domain *domain;
> struct vfio_group *group;
> + bool iova_copy_fail;
> + LIST_HEAD(iova_copy);
>
> mutex_lock(&iommu->lock);
>
> @@ -1901,6 +1977,12 @@ static void vfio_iommu_type1_detach_group(void *iommu_data,
> }
> }
>
> + /*
> + * Get a copy of iova list. If success, use copy to update the
> + * list and to replace the current one.
> + */
> + iova_copy_fail = !!vfio_iommu_iova_get_copy(iommu, &iova_copy);
> +
> list_for_each_entry(domain, &iommu->domain_list, next) {
> group = find_iommu_group(domain, iommu_group);
> if (!group)
> @@ -1926,10 +2008,19 @@ static void vfio_iommu_type1_detach_group(void *iommu_data,
> iommu_domain_free(domain->domain);
> list_del(&domain->next);
> kfree(domain);
> + if (!iova_copy_fail && !list_empty(&iommu->domain_list))
> + vfio_iommu_aper_expand(iommu, &iova_copy);
> }
> break;
> }
>
> + if (!iova_copy_fail && !list_empty(&iommu->domain_list)) {
> + if (!vfio_iommu_resv_refresh(iommu, &iova_copy))
> + vfio_iommu_iova_insert_copy(iommu, &iova_copy);
> + else
> + vfio_iommu_iova_free(&iova_copy);
> + }

The iova_copy_fail and list_empty tests are rather ugly, could we avoid
them by pushing the tests to the expand and refresh functions? ie. it
looks like vfio_iommu_aper_expand() could test list_empty(iova_copy),
the list_for_each on domain_list doesn't need special handling. Same
for vfio_iommu_resv_refresh(). This would also fix the bug above that
I think we don't free iova_copy if domain_list becomes empty during
this operation. Thanks,

Alex

Subject: RE: [PATCH v7 1/6] vfio/type1: Introduce iova list and add iommu aperture validity check



> -----Original Message-----
> From: Alex Williamson [mailto:[email protected]]
> Sent: 03 July 2019 21:34
> To: Shameerali Kolothum Thodi <[email protected]>
> Cc: [email protected]; [email protected];
> [email protected]; [email protected];
> [email protected]; Linuxarm <[email protected]>; John
> Garry <[email protected]>; xuwei (O) <[email protected]>;
> [email protected]
> Subject: Re: [PATCH v7 1/6] vfio/type1: Introduce iova list and add iommu
> aperture validity check
>
>
> Welcome back Shameer ;)

Thanks Alex :)

>
> On Wed, 26 Jun 2019 16:12:43 +0100
> Shameer Kolothum <[email protected]> wrote:
>
> > This introduces an iova list that is valid for dma mappings. Make sure
> > the new iommu aperture window doesn't conflict with the current one or
> > with any existing dma mappings during attach.
> >
> > Signed-off-by: Shameer Kolothum <[email protected]>
> > ---
> > drivers/vfio/vfio_iommu_type1.c | 181
> > +++++++++++++++++++++++++++++++-
> > 1 file changed, 177 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/vfio/vfio_iommu_type1.c
> > b/drivers/vfio/vfio_iommu_type1.c index add34adfadc7..970d1ec06aed
> > 100644
> > --- a/drivers/vfio/vfio_iommu_type1.c
> > +++ b/drivers/vfio/vfio_iommu_type1.c
> > @@ -1,4 +1,3 @@
> > -// SPDX-License-Identifier: GPL-2.0-only
> > /*
> > * VFIO: IOMMU DMA mapping support for Type1 IOMMU
> > *
>
> Accidental merge deletion? Thanks,
>

Yes it is. I will fix it.

Thanks,
Shameer


> Alex

Subject: RE: [PATCH v7 2/6] vfio/type1: Check reserve region conflict and update iova list



> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On
> Behalf Of Alex Williamson
> Sent: 03 July 2019 21:34
> To: Shameerali Kolothum Thodi <[email protected]>
> Cc: [email protected]; [email protected];
> [email protected]; [email protected];
> [email protected]; Linuxarm <[email protected]>; John
> Garry <[email protected]>; xuwei (O) <[email protected]>;
> [email protected]
> Subject: Re: [PATCH v7 2/6] vfio/type1: Check reserve region conflict and
> update iova list
>
> On Wed, 26 Jun 2019 16:12:44 +0100
> Shameer Kolothum <[email protected]> wrote:
>
> > This retrieves the reserved regions associated with dev group and
> > checks for conflicts with any existing dma mappings. Also update
> > the iova list excluding the reserved regions.
> >
> > Reserved regions with type IOMMU_RESV_DIRECT_RELAXABLE are
> > excluded from above checks as they are considered as directly
> > mapped regions which are known to be relaxable.
> >
> > Signed-off-by: Shameer Kolothum <[email protected]>
> > ---
> > drivers/vfio/vfio_iommu_type1.c | 96
> +++++++++++++++++++++++++++++++++
> > 1 file changed, 96 insertions(+)
> >
> > diff --git a/drivers/vfio/vfio_iommu_type1.c
> b/drivers/vfio/vfio_iommu_type1.c
> > index 970d1ec06aed..b6bfdfa16c33 100644
> > --- a/drivers/vfio/vfio_iommu_type1.c
> > +++ b/drivers/vfio/vfio_iommu_type1.c
> > @@ -1559,6 +1641,7 @@ static int vfio_iommu_type1_attach_group(void
> *iommu_data,
> > phys_addr_t resv_msi_base;
> > struct iommu_domain_geometry geo;
> > LIST_HEAD(iova_copy);
> > + LIST_HEAD(group_resv_regions);
> >
> > mutex_lock(&iommu->lock);
> >
> > @@ -1644,6 +1727,13 @@ static int vfio_iommu_type1_attach_group(void
> *iommu_data,
> > goto out_detach;
> > }
> >
> > + iommu_get_group_resv_regions(iommu_group, &group_resv_regions);
>
> This can fail and should have an error case. I assume we'd fail the
> group attach on failure. Thanks,

Right. I will add the check. Do you think we should do the same in vfio_iommu_has_sw_msi()
as well? (In fact, it looks like iommu_get_group_resv_regions() ret is not checked anywhere in
kernel).

Thanks,
Shameer


Subject: RE: [PATCH v7 3/6] vfio/type1: Update iova list on detach



> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On
> Behalf Of Alex Williamson
> Sent: 03 July 2019 21:35
> To: Shameerali Kolothum Thodi <[email protected]>
> Cc: [email protected]; [email protected];
> [email protected]; [email protected];
> [email protected]; Linuxarm <[email protected]>; John
> Garry <[email protected]>; xuwei (O) <[email protected]>;
> [email protected]
> Subject: Re: [PATCH v7 3/6] vfio/type1: Update iova list on detach
>
> On Wed, 26 Jun 2019 16:12:45 +0100
> Shameer Kolothum <[email protected]> wrote:
>
> > Get a copy of iova list on _group_detach and try to update the list.
> > On success replace the current one with the copy. Leave the list as
> > it is if update fails.
> >
> > Signed-off-by: Shameer Kolothum <[email protected]>
> > ---
> > drivers/vfio/vfio_iommu_type1.c | 91
> +++++++++++++++++++++++++++++++++
> > 1 file changed, 91 insertions(+)
> >
> > diff --git a/drivers/vfio/vfio_iommu_type1.c
> b/drivers/vfio/vfio_iommu_type1.c
> > index b6bfdfa16c33..e872fb3a0f39 100644
> > --- a/drivers/vfio/vfio_iommu_type1.c
> > +++ b/drivers/vfio/vfio_iommu_type1.c
> > @@ -1873,12 +1873,88 @@ static void vfio_sanity_check_pfn_list(struct
> vfio_iommu *iommu)
> > WARN_ON(iommu->notifier.head);
> > }
> >
> > +/*
> > + * Called when a domain is removed in detach. It is possible that
> > + * the removed domain decided the iova aperture window. Modify the
> > + * iova aperture with the smallest window among existing domains.
> > + */
> > +static void vfio_iommu_aper_expand(struct vfio_iommu *iommu,
> > + struct list_head *iova_copy)
> > +{
> > + struct vfio_domain *domain;
> > + struct iommu_domain_geometry geo;
> > + struct vfio_iova *node;
> > + dma_addr_t start = 0;
> > + dma_addr_t end = (dma_addr_t)~0;
> > +
> > + list_for_each_entry(domain, &iommu->domain_list, next) {
> > + iommu_domain_get_attr(domain->domain,
> DOMAIN_ATTR_GEOMETRY,
> > + &geo);
> > + if (geo.aperture_start > start)
> > + start = geo.aperture_start;
> > + if (geo.aperture_end < end)
> > + end = geo.aperture_end;
> > + }
> > +
> > + /* Modify aperture limits. The new aper is either same or bigger */
> > + node = list_first_entry(iova_copy, struct vfio_iova, list);
> > + node->start = start;
> > + node = list_last_entry(iova_copy, struct vfio_iova, list);
> > + node->end = end;
> > +}
> > +
> > +/*
> > + * Called when a group is detached. The reserved regions for that
> > + * group can be part of valid iova now. But since reserved regions
> > + * may be duplicated among groups, populate the iova valid regions
> > + * list again.
> > + */
> > +static int vfio_iommu_resv_refresh(struct vfio_iommu *iommu,
> > + struct list_head *iova_copy)
> > +{
> > + struct vfio_domain *d;
> > + struct vfio_group *g;
> > + struct vfio_iova *node;
> > + dma_addr_t start, end;
> > + LIST_HEAD(resv_regions);
> > + int ret;
> > +
> > + list_for_each_entry(d, &iommu->domain_list, next) {
> > + list_for_each_entry(g, &d->group_list, next)
> > + iommu_get_group_resv_regions(g->iommu_group,
> > + &resv_regions);
>
> Need to account for failure case here too.

Ok.

> > + }
> > +
> > + if (list_empty(&resv_regions))
> > + return 0;
> > +
> > + node = list_first_entry(iova_copy, struct vfio_iova, list);
> > + start = node->start;
> > + node = list_last_entry(iova_copy, struct vfio_iova, list);
> > + end = node->end;
> > +
> > + /* purge the iova list and create new one */
> > + vfio_iommu_iova_free(iova_copy);
> > +
> > + ret = vfio_iommu_aper_resize(iova_copy, start, end);
> > + if (ret)
> > + goto done;
> > +
> > + /* Exclude current reserved regions from iova ranges */
> > + ret = vfio_iommu_resv_exclude(iova_copy, &resv_regions);
> > +done:
> > + vfio_iommu_resv_free(&resv_regions);
> > + return ret;
> > +}
> > +
> > static void vfio_iommu_type1_detach_group(void *iommu_data,
> > struct iommu_group *iommu_group)
> > {
> > struct vfio_iommu *iommu = iommu_data;
> > struct vfio_domain *domain;
> > struct vfio_group *group;
> > + bool iova_copy_fail;
> > + LIST_HEAD(iova_copy);
> >
> > mutex_lock(&iommu->lock);
> >
> > @@ -1901,6 +1977,12 @@ static void vfio_iommu_type1_detach_group(void
> *iommu_data,
> > }
> > }
> >
> > + /*
> > + * Get a copy of iova list. If success, use copy to update the
> > + * list and to replace the current one.
> > + */
> > + iova_copy_fail = !!vfio_iommu_iova_get_copy(iommu, &iova_copy);
> > +
> > list_for_each_entry(domain, &iommu->domain_list, next) {
> > group = find_iommu_group(domain, iommu_group);
> > if (!group)
> > @@ -1926,10 +2008,19 @@ static void
> vfio_iommu_type1_detach_group(void *iommu_data,
> > iommu_domain_free(domain->domain);
> > list_del(&domain->next);
> > kfree(domain);
> > + if (!iova_copy_fail && !list_empty(&iommu->domain_list))
> > + vfio_iommu_aper_expand(iommu, &iova_copy);
> > }
> > break;
> > }
> >
> > + if (!iova_copy_fail && !list_empty(&iommu->domain_list)) {
> > + if (!vfio_iommu_resv_refresh(iommu, &iova_copy))
> > + vfio_iommu_iova_insert_copy(iommu, &iova_copy);
> > + else
> > + vfio_iommu_iova_free(&iova_copy);
> > + }
>
> The iova_copy_fail and list_empty tests are rather ugly, could we avoid
> them by pushing the tests to the expand and refresh functions? ie. it
> looks like vfio_iommu_aper_expand() could test list_empty(iova_copy),
> the list_for_each on domain_list doesn't need special handling. Same
> for vfio_iommu_resv_refresh(). This would also fix the bug above that
> I think we don't free iova_copy if domain_list becomes empty during
> this operation. Thanks,

Agree. I will change that in next revision.

Thanks,
Shameer

Subject: RE: [PATCH v7 2/6] vfio/type1: Check reserve region conflict and update iova list



> -----Original Message-----
> From: Shameerali Kolothum Thodi
> Sent: 04 July 2019 13:51
> To: 'Alex Williamson' <[email protected]>
> Cc: [email protected]; [email protected];
> [email protected]; [email protected]; Linuxarm
> <[email protected]>; John Garry <[email protected]>; xuwei (O)
> <[email protected]>; [email protected]
> Subject: RE: [PATCH v7 2/6] vfio/type1: Check reserve region conflict and
> update iova list
>
>
>
> > -----Original Message-----
> > From: [email protected] [mailto:[email protected]] On
> > Behalf Of Alex Williamson
> > Sent: 03 July 2019 21:34
> > To: Shameerali Kolothum Thodi <[email protected]>
> > Cc: [email protected]; [email protected];
> > [email protected]; [email protected];
> > [email protected]; Linuxarm <[email protected]>; John
> > Garry <[email protected]>; xuwei (O) <[email protected]>;
> > [email protected]
> > Subject: Re: [PATCH v7 2/6] vfio/type1: Check reserve region conflict and
> > update iova list
> >
> > On Wed, 26 Jun 2019 16:12:44 +0100
> > Shameer Kolothum <[email protected]> wrote:
> >
> > > This retrieves the reserved regions associated with dev group and
> > > checks for conflicts with any existing dma mappings. Also update
> > > the iova list excluding the reserved regions.
> > >
> > > Reserved regions with type IOMMU_RESV_DIRECT_RELAXABLE are
> > > excluded from above checks as they are considered as directly
> > > mapped regions which are known to be relaxable.
> > >
> > > Signed-off-by: Shameer Kolothum
> <[email protected]>
> > > ---
> > > drivers/vfio/vfio_iommu_type1.c | 96
> > +++++++++++++++++++++++++++++++++
> > > 1 file changed, 96 insertions(+)
> > >
> > > diff --git a/drivers/vfio/vfio_iommu_type1.c
> > b/drivers/vfio/vfio_iommu_type1.c
> > > index 970d1ec06aed..b6bfdfa16c33 100644
> > > --- a/drivers/vfio/vfio_iommu_type1.c
> > > +++ b/drivers/vfio/vfio_iommu_type1.c
> > > @@ -1559,6 +1641,7 @@ static int vfio_iommu_type1_attach_group(void
> > *iommu_data,
> > > phys_addr_t resv_msi_base;
> > > struct iommu_domain_geometry geo;
> > > LIST_HEAD(iova_copy);
> > > + LIST_HEAD(group_resv_regions);
> > >
> > > mutex_lock(&iommu->lock);
> > >
> > > @@ -1644,6 +1727,13 @@ static int vfio_iommu_type1_attach_group(void
> > *iommu_data,
> > > goto out_detach;
> > > }
> > >
> > > + iommu_get_group_resv_regions(iommu_group,
> &group_resv_regions);
> >
> > This can fail and should have an error case. I assume we'd fail the
> > group attach on failure. Thanks,
>
> Right. I will add the check. Do you think we should do the same in
> vfio_iommu_has_sw_msi()
> as well? (In fact, it looks like iommu_get_group_resv_regions() ret is not
> checked anywhere in
> kernel).

Ah..forgot the fact that patch 6/6 should take care of vfio_iommu_has_sw_msi()
case as we are removing the duplicate iommu_get_group_resv_regions() there.

Thanks,
Shameer


2019-07-05 12:16:12

by Eric Auger

[permalink] [raw]
Subject: Re: [PATCH v7 2/6] vfio/type1: Check reserve region conflict and update iova list

Hi Shameer,

On 7/4/19 2:51 PM, Shameerali Kolothum Thodi wrote:
>
>
>> -----Original Message-----
>> From: [email protected] [mailto:[email protected]] On
>> Behalf Of Alex Williamson
>> Sent: 03 July 2019 21:34
>> To: Shameerali Kolothum Thodi <[email protected]>
>> Cc: [email protected]; [email protected];
>> [email protected]; [email protected];
>> [email protected]; Linuxarm <[email protected]>; John
>> Garry <[email protected]>; xuwei (O) <[email protected]>;
>> [email protected]
>> Subject: Re: [PATCH v7 2/6] vfio/type1: Check reserve region conflict and
>> update iova list
>>
>> On Wed, 26 Jun 2019 16:12:44 +0100
>> Shameer Kolothum <[email protected]> wrote:
>>
>>> This retrieves the reserved regions associated with dev group and
>>> checks for conflicts with any existing dma mappings. Also update
>>> the iova list excluding the reserved regions.
>>>
>>> Reserved regions with type IOMMU_RESV_DIRECT_RELAXABLE are
>>> excluded from above checks as they are considered as directly
>>> mapped regions which are known to be relaxable.
>>>
>>> Signed-off-by: Shameer Kolothum <[email protected]>
>>> ---
>>> drivers/vfio/vfio_iommu_type1.c | 96
>> +++++++++++++++++++++++++++++++++
>>> 1 file changed, 96 insertions(+)
>>>
>>> diff --git a/drivers/vfio/vfio_iommu_type1.c
>> b/drivers/vfio/vfio_iommu_type1.c
>>> index 970d1ec06aed..b6bfdfa16c33 100644
>>> --- a/drivers/vfio/vfio_iommu_type1.c
>>> +++ b/drivers/vfio/vfio_iommu_type1.c
>>> @@ -1559,6 +1641,7 @@ static int vfio_iommu_type1_attach_group(void
>> *iommu_data,
>>> phys_addr_t resv_msi_base;
>>> struct iommu_domain_geometry geo;
>>> LIST_HEAD(iova_copy);
>>> + LIST_HEAD(group_resv_regions);
>>>
>>> mutex_lock(&iommu->lock);
>>>
>>> @@ -1644,6 +1727,13 @@ static int vfio_iommu_type1_attach_group(void
>> *iommu_data,
>>> goto out_detach;
>>> }
>>>
>>> + iommu_get_group_resv_regions(iommu_group, &group_resv_regions);
>>
>> This can fail and should have an error case. I assume we'd fail the
>> group attach on failure. Thanks,
>
> Right. I will add the check. Do you think we should do the same in vfio_iommu_has_sw_msi()
> as well? (In fact, it looks like iommu_get_group_resv_regions() ret is not checked anywhere in
> kernel).

I think the can be the topic of another series. I just noticed that in
iommu_insert_resv_region(), which is recursive in case ot merge, I
failed to propagate returned value or recursive calls. This also needs
to be fixed. I volunteer to work on those changes if you prefer. Just
let me know.

Thanks

Eric
>
> Thanks,
> Shameer
>
>

2019-07-07 15:05:07

by Eric Auger

[permalink] [raw]
Subject: Re: [PATCH v7 1/6] vfio/type1: Introduce iova list and add iommu aperture validity check

Hi Shameer,

On 6/26/19 5:12 PM, Shameer Kolothum wrote:
> This introduces an iova list that is valid for dma mappings. Make
> sure the new iommu aperture window doesn't conflict with the current
> one or with any existing dma mappings during attach.
>
> Signed-off-by: Shameer Kolothum <[email protected]>
> ---
> drivers/vfio/vfio_iommu_type1.c | 181 +++++++++++++++++++++++++++++++-
> 1 file changed, 177 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
> index add34adfadc7..970d1ec06aed 100644
> --- a/drivers/vfio/vfio_iommu_type1.c
> +++ b/drivers/vfio/vfio_iommu_type1.c
> @@ -1,4 +1,3 @@
> -// SPDX-License-Identifier: GPL-2.0-only
> /*
> * VFIO: IOMMU DMA mapping support for Type1 IOMMU
> *
> @@ -62,6 +61,7 @@ MODULE_PARM_DESC(dma_entry_limit,
>
> struct vfio_iommu {
> struct list_head domain_list;
> + struct list_head iova_list;
> struct vfio_domain *external_domain; /* domain for external user */
> struct mutex lock;
> struct rb_root dma_list;
> @@ -97,6 +97,12 @@ struct vfio_group {
> bool mdev_group; /* An mdev group */
> };
>
> +struct vfio_iova {
> + struct list_head list;
> + dma_addr_t start;
> + dma_addr_t end;
> +};
> +
> /*
> * Guest RAM pinning working set or DMA target
> */
> @@ -1401,6 +1407,146 @@ static int vfio_mdev_iommu_device(struct device *dev, void *data)
> return 0;
> }
>
> +/*
> + * This is a helper function to insert an address range to iova list.
> + * The list starts with a single entry corresponding to the IOMMU
The list is initially created with a single entry ../..
> + * domain geometry to which the device group is attached. The list
> + * aperture gets modified when a new domain is added to the container
> + * if the new aperture doesn't conflict with the current one or with
> + * any existing dma mappings. The list is also modified to exclude
> + * any reserved regions associated with the device group.
> + */
> +static int vfio_iommu_iova_insert(struct list_head *head,
> + dma_addr_t start, dma_addr_t end)
> +{
> + struct vfio_iova *region;
> +
> + region = kmalloc(sizeof(*region), GFP_KERNEL);
> + if (!region)
> + return -ENOMEM;
> +
> + INIT_LIST_HEAD(&region->list);
> + region->start = start;
> + region->end = end;
> +
> + list_add_tail(&region->list, head);
> + return 0;
> +}
> +
> +/*
> + * Check the new iommu aperture conflicts with existing aper or with any
> + * existing dma mappings.
> + */
> +static bool vfio_iommu_aper_conflict(struct vfio_iommu *iommu,
> + dma_addr_t start, dma_addr_t end)
> +{
> + struct vfio_iova *first, *last;
> + struct list_head *iova = &iommu->iova_list;
> +
> + if (list_empty(iova))
> + return false;
> +
> + /* Disjoint sets, return conflict */
> + first = list_first_entry(iova, struct vfio_iova, list);
> + last = list_last_entry(iova, struct vfio_iova, list);
> + if (start > last->end || end < first->start)
> + return true;
> +
> + /* Check for any existing dma mappings outside the new start */
s/outside/below
> + if (start > first->start) {
> + if (vfio_find_dma(iommu, first->start, start - first->start))
> + return true;
> + }
> +
> + /* Check for any existing dma mappings outside the new end */
s/outside/beyond
> + if (end < last->end) {
> + if (vfio_find_dma(iommu, end + 1, last->end - end))
> + return true;
> + }
> +
> + return false;
> +}
> +
> +/*
> + * Resize iommu iova aperture window. This is called only if the new
> + * aperture has no conflict with existing aperture and dma mappings.
> + */
> +static int vfio_iommu_aper_resize(struct list_head *iova,
> + dma_addr_t start, dma_addr_t end)
> +{
> + struct vfio_iova *node, *next;
> +
> + if (list_empty(iova))
> + return vfio_iommu_iova_insert(iova, start, end);
> +
> + /* Adjust iova list start */
> + list_for_each_entry_safe(node, next, iova, list) {
> + if (start < node->start)
> + break;
> + if (start >= node->start && start < node->end) {
> + node->start = start;
> + break;
> + }
> + /* Delete nodes before new start */
> + list_del(&node->list);
> + kfree(node);
> + }
> +
> + /* Adjust iova list end */
> + list_for_each_entry_safe(node, next, iova, list) {
> + if (end > node->end)
> + continue;
> + if (end > node->start && end <= node->end) {
> + node->end = end;
> + continue;
> + }
> + /* Delete nodes after new end */
> + list_del(&node->list);
> + kfree(node);
> + }
> +
> + return 0;
> +}
> +
> +static void vfio_iommu_iova_free(struct list_head *iova)
> +{
> + struct vfio_iova *n, *next;
> +
> + list_for_each_entry_safe(n, next, iova, list) {
> + list_del(&n->list);
> + kfree(n);
> + }
> +}
> +
> +static int vfio_iommu_iova_get_copy(struct vfio_iommu *iommu,
> + struct list_head *iova_copy)
> +{
> + struct list_head *iova = &iommu->iova_list;
> + struct vfio_iova *n;
> + int ret;
> +
> + list_for_each_entry(n, iova, list) {
> + ret = vfio_iommu_iova_insert(iova_copy, n->start, n->end);
> + if (ret)
> + goto out_free;
> + }
> +
> + return 0;
> +
> +out_free:
> + vfio_iommu_iova_free(iova_copy);
> + return ret;
> +}
> +
> +static void vfio_iommu_iova_insert_copy(struct vfio_iommu *iommu,
> + struct list_head *iova_copy)
> +{
> + struct list_head *iova = &iommu->iova_list;
> +
> + vfio_iommu_iova_free(iova);
> +
> + list_splice_tail(iova_copy, iova);
> +}
> static int vfio_iommu_type1_attach_group(void *iommu_data,
> struct iommu_group *iommu_group)
> {
> @@ -1411,6 +1557,8 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
> int ret;
> bool resv_msi, msi_remap;
> phys_addr_t resv_msi_base;
> + struct iommu_domain_geometry geo;
> + LIST_HEAD(iova_copy);
>
> mutex_lock(&iommu->lock);
>
> @@ -1487,6 +1635,25 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
> if (ret)
> goto out_domain;
>
> + /* Get aperture info */
> + iommu_domain_get_attr(domain->domain, DOMAIN_ATTR_GEOMETRY, &geo);
> +
> + if (vfio_iommu_aper_conflict(iommu, geo.aperture_start,
> + geo.aperture_end)) {
> + ret = -EINVAL;
> + goto out_detach;
> + }
> +
> + /* Get a copy of the current iova list and work on it */
At this stage of the reading it is not obvious why you need a copy of
the list. rationale can be found when reading further or in the series
history ("Use of iova list copy so that original is not altered in case
of failure").

Adding a comment in the code would be useful I think.

Thanks

Eric

> + ret = vfio_iommu_iova_get_copy(iommu, &iova_copy);
> + if (ret)
> + goto out_detach;
> +
> + ret = vfio_iommu_aper_resize(&iova_copy, geo.aperture_start,
> + geo.aperture_end);
> + if (ret)
> + goto out_detach;
> +
> resv_msi = vfio_iommu_has_sw_msi(iommu_group, &resv_msi_base);
>
> INIT_LIST_HEAD(&domain->group_list);
> @@ -1520,8 +1687,7 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
> list_add(&group->next, &d->group_list);
> iommu_domain_free(domain->domain);
> kfree(domain);
> - mutex_unlock(&iommu->lock);
> - return 0;
> + goto done;
> }
>
> ret = vfio_iommu_attach_group(domain, group);
> @@ -1544,7 +1710,9 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
> }
>
> list_add(&domain->next, &iommu->domain_list);
> -
> +done:
> + /* Delete the old one and insert new iova list */
> + vfio_iommu_iova_insert_copy(iommu, &iova_copy);
> mutex_unlock(&iommu->lock);
>
> return 0;
> @@ -1553,6 +1721,7 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
> vfio_iommu_detach_group(domain, group);
> out_domain:
> iommu_domain_free(domain->domain);
> + vfio_iommu_iova_free(&iova_copy);
> out_free:
> kfree(domain);
> kfree(group);
> @@ -1692,6 +1861,7 @@ static void *vfio_iommu_type1_open(unsigned long arg)
> }
>
> INIT_LIST_HEAD(&iommu->domain_list);
> + INIT_LIST_HEAD(&iommu->iova_list);
> iommu->dma_list = RB_ROOT;
> iommu->dma_avail = dma_entry_limit;
> mutex_init(&iommu->lock);
> @@ -1735,6 +1905,9 @@ static void vfio_iommu_type1_release(void *iommu_data)
> list_del(&domain->next);
> kfree(domain);
> }
> +
> + vfio_iommu_iova_free(&iommu->iova_list);
> +
> kfree(iommu);
> }
>
>

2019-07-07 15:05:55

by Eric Auger

[permalink] [raw]
Subject: Re: [PATCH v7 4/6] vfio/type1: check dma map request is within a valid iova range

Hi Shameer,

On 6/26/19 5:12 PM, Shameer Kolothum wrote:
> This checks and rejects any dma map request outside valid iova
> range.
>
> Signed-off-by: Shameer Kolothum <[email protected]>
> ---
> v6 --> v7
>
> Addressed the case where a container with only an mdev device will
> have an empty list(Suggested by Alex).
> ---
> drivers/vfio/vfio_iommu_type1.c | 26 ++++++++++++++++++++++++++
> 1 file changed, 26 insertions(+)
>
> diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
> index e872fb3a0f39..89ad0da7152c 100644
> --- a/drivers/vfio/vfio_iommu_type1.c
> +++ b/drivers/vfio/vfio_iommu_type1.c
> @@ -1050,6 +1050,27 @@ static int vfio_pin_map_dma(struct vfio_iommu *iommu, struct vfio_dma *dma,
> return ret;
> }
>
> +/*
> + * Check dma map request is within a valid iova range
> + */
> +static bool vfio_iommu_iova_dma_valid(struct vfio_iommu *iommu,
> + dma_addr_t start, dma_addr_t end)
> +{
> + struct list_head *iova = &iommu->iova_list;
> + struct vfio_iova *node;
> +
> + list_for_each_entry(node, iova, list) {
> + if (start >= node->start && end <= node->end)
> + return true;
> + }
> +
> + /*
> + * Check for list_empty() as well since a container with
> + * only an mdev device will have an empty list.
> + */
> + return list_empty(&iommu->iova_list);
iova

Besides
Reviewed-by: Eric Auger <[email protected]>

Thanks

Eric


> +}
> +
> static int vfio_dma_do_map(struct vfio_iommu *iommu,
> struct vfio_iommu_type1_dma_map *map)
> {
> @@ -1093,6 +1114,11 @@ static int vfio_dma_do_map(struct vfio_iommu *iommu,
> goto out_unlock;
> }
>
> + if (!vfio_iommu_iova_dma_valid(iommu, iova, iova + size - 1)) {
> + ret = -EINVAL;
> + goto out_unlock;
> + }
> +
> dma = kzalloc(sizeof(*dma), GFP_KERNEL);
> if (!dma) {
> ret = -ENOMEM;
>

2019-07-07 15:07:04

by Eric Auger

[permalink] [raw]
Subject: Re: [PATCH v7 6/6] vfio/type1: remove duplicate retrieval of reserved regions

Hi Shameer,
On 6/26/19 5:12 PM, Shameer Kolothum wrote:
> As we now already have the reserved regions list, just pass that into
> vfio_iommu_has_sw_msi() fn.
>
> Signed-off-by: Shameer Kolothum <[email protected]>
Reviewed-by: Eric Auger <[email protected]>

Thanks

Eric
> ---
> drivers/vfio/vfio_iommu_type1.c | 15 ++++++---------
> 1 file changed, 6 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
> index 450081802dcd..43b1e68ebce9 100644
> --- a/drivers/vfio/vfio_iommu_type1.c
> +++ b/drivers/vfio/vfio_iommu_type1.c
> @@ -1308,15 +1308,13 @@ static struct vfio_group *find_iommu_group(struct vfio_domain *domain,
> return NULL;
> }
>
> -static bool vfio_iommu_has_sw_msi(struct iommu_group *group, phys_addr_t *base)
> +static bool vfio_iommu_has_sw_msi(struct list_head *group_resv_regions,
> + phys_addr_t *base)
> {
> - struct list_head group_resv_regions;
> - struct iommu_resv_region *region, *next;
> + struct iommu_resv_region *region;
> bool ret = false;
>
> - INIT_LIST_HEAD(&group_resv_regions);
> - iommu_get_group_resv_regions(group, &group_resv_regions);
> - list_for_each_entry(region, &group_resv_regions, list) {
> + list_for_each_entry(region, group_resv_regions, list) {
> /*
> * The presence of any 'real' MSI regions should take
> * precedence over the software-managed one if the
> @@ -1332,8 +1330,7 @@ static bool vfio_iommu_has_sw_msi(struct iommu_group *group, phys_addr_t *base)
> ret = true;
> }
> }
> - list_for_each_entry_safe(region, next, &group_resv_regions, list)
> - kfree(region);
> +
> return ret;
> }
>
> @@ -1774,7 +1771,7 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
> if (ret)
> goto out_detach;
>
> - resv_msi = vfio_iommu_has_sw_msi(iommu_group, &resv_msi_base);
> + resv_msi = vfio_iommu_has_sw_msi(&group_resv_regions, &resv_msi_base);
>
> INIT_LIST_HEAD(&domain->group_list);
> list_add(&group->next, &domain->group_list);
>

2019-07-07 15:07:53

by Eric Auger

[permalink] [raw]
Subject: Re: [PATCH v7 5/6] vfio/type1: Add IOVA range capability support

Hi Shameer,

On 6/26/19 5:12 PM, Shameer Kolothum wrote:
> This allows the user-space to retrieve the supported IOVA
> range(s), excluding any reserved regions. The implementation
non relaxable reserved regions
> is based on capability chains, added to VFIO_IOMMU_GET_INFO ioctl.
>
> Signed-off-by: Shameer Kolothum <[email protected]>
> ---
> v6 --> v7
>
> Addressed mdev case with empty iovas list(Suggested by Alex)
> ---
> drivers/vfio/vfio_iommu_type1.c | 101 ++++++++++++++++++++++++++++++++
> include/uapi/linux/vfio.h | 23 ++++++++
> 2 files changed, 124 insertions(+)
>
> diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
> index 89ad0da7152c..450081802dcd 100644
> --- a/drivers/vfio/vfio_iommu_type1.c
> +++ b/drivers/vfio/vfio_iommu_type1.c
> @@ -2141,6 +2141,73 @@ static int vfio_domains_have_iommu_cache(struct vfio_iommu *iommu)
> return ret;
> }
>
> +static int vfio_iommu_iova_add_cap(struct vfio_info_cap *caps,
> + struct vfio_iommu_type1_info_cap_iova_range *cap_iovas,
> + size_t size)
> +{
> + struct vfio_info_cap_header *header;
> + struct vfio_iommu_type1_info_cap_iova_range *iova_cap;
> +
> + header = vfio_info_cap_add(caps, size,
> + VFIO_IOMMU_TYPE1_INFO_CAP_IOVA_RANGE, 1);
> + if (IS_ERR(header))
> + return PTR_ERR(header);
> +
> + iova_cap = container_of(header,
> + struct vfio_iommu_type1_info_cap_iova_range,
> + header);
> + iova_cap->nr_iovas = cap_iovas->nr_iovas;
> + memcpy(iova_cap->iova_ranges, cap_iovas->iova_ranges,
> + cap_iovas->nr_iovas * sizeof(*cap_iovas->iova_ranges));
> + return 0;
> +}
> +
> +static int vfio_iommu_iova_build_caps(struct vfio_iommu *iommu,
> + struct vfio_info_cap *caps)
> +{
> + struct vfio_iommu_type1_info_cap_iova_range *cap_iovas;
> + struct vfio_iova *iova;
> + size_t size;
> + int iovas = 0, i = 0, ret;
> +
> + mutex_lock(&iommu->lock);
> +
> + list_for_each_entry(iova, &iommu->iova_list, list)
> + iovas++;
> +
> + if (!iovas) {
> + /*
> + * Return 0 as a container with only an mdev device
> + * will have an empty list
> + */
> + ret = 0;
> + goto out_unlock;
> + }
> +
> + size = sizeof(*cap_iovas) + (iovas * sizeof(*cap_iovas->iova_ranges));
> +
> + cap_iovas = kzalloc(size, GFP_KERNEL);
> + if (!cap_iovas) {
> + ret = -ENOMEM;
> + goto out_unlock;
> + }
> +
> + cap_iovas->nr_iovas = iovas;
> +
> + list_for_each_entry(iova, &iommu->iova_list, list) {
> + cap_iovas->iova_ranges[i].start = iova->start;
> + cap_iovas->iova_ranges[i].end = iova->end;
> + i++;
> + }
> +
> + ret = vfio_iommu_iova_add_cap(caps, cap_iovas, size);
> +
> + kfree(cap_iovas);
> +out_unlock:
> + mutex_unlock(&iommu->lock);
> + return ret;
> +}
> +
> static long vfio_iommu_type1_ioctl(void *iommu_data,
> unsigned int cmd, unsigned long arg)
> {
> @@ -2162,19 +2229,53 @@ static long vfio_iommu_type1_ioctl(void *iommu_data,
> }
> } else if (cmd == VFIO_IOMMU_GET_INFO) {
> struct vfio_iommu_type1_info info;
> + struct vfio_info_cap caps = { .buf = NULL, .size = 0 };
> + unsigned long capsz;
> + int ret;
>
> minsz = offsetofend(struct vfio_iommu_type1_info, iova_pgsizes);
>
> + /* For backward compatibility, cannot require this */
> + capsz = offsetofend(struct vfio_iommu_type1_info, cap_offset);
> +
> if (copy_from_user(&info, (void __user *)arg, minsz))
> return -EFAULT;
>
> if (info.argsz < minsz)
> return -EINVAL;
>
> + if (info.argsz >= capsz) {
> + minsz = capsz;
> + info.cap_offset = 0; /* output, no-recopy necessary */
> + }
> +
> info.flags = VFIO_IOMMU_INFO_PGSIZES;
>
> info.iova_pgsizes = vfio_pgsize_bitmap(iommu);
>
> + ret = vfio_iommu_iova_build_caps(iommu, &caps);
> + if (ret)
> + return ret;
> +
> + if (caps.size) {
> + info.flags |= VFIO_IOMMU_INFO_CAPS;
> +
> + if (info.argsz < sizeof(info) + caps.size) {
> + info.argsz = sizeof(info) + caps.size;
> + } else {
> + vfio_info_cap_shift(&caps, sizeof(info));
> + if (copy_to_user((void __user *)arg +
> + sizeof(info), caps.buf,
> + caps.size)) {
> + kfree(caps.buf);
> + return -EFAULT;
> + }
> + info.cap_offset = sizeof(info);
> + }
> +
> + kfree(caps.buf);
> + }
> +
> return copy_to_user((void __user *)arg, &info, minsz) ?
> -EFAULT : 0;
>
> diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h
> index 8f10748dac79..1951d87115e8 100644
> --- a/include/uapi/linux/vfio.h
> +++ b/include/uapi/linux/vfio.h
> @@ -714,7 +714,30 @@ struct vfio_iommu_type1_info {
> __u32 argsz;
> __u32 flags;
> #define VFIO_IOMMU_INFO_PGSIZES (1 << 0) /* supported page sizes info */
> +#define VFIO_IOMMU_INFO_CAPS (1 << 1) /* Info supports caps */
> __u64 iova_pgsizes; /* Bitmap of supported page sizes */
> + __u32 cap_offset; /* Offset within info struct of first cap */
comment indent?
> +};
> +
> +/*
> + * The IOVA capability allows to report the valid IOVA range(s)
> + * excluding any reserved regions associated with dev group. Any dma
any non relaxable reserved regions exposed by devices attached to the
container?
s/dma/DMA?
> + * map attempt outside the valid iova range will return error.
> + *
> + * The structures below define version 1 of this capability.
> + */
> +#define VFIO_IOMMU_TYPE1_INFO_CAP_IOVA_RANGE 1
> +
> +struct vfio_iova_range {
> + __u64 start;
> + __u64 end;
> +};
> +
> +struct vfio_iommu_type1_info_cap_iova_range {
> + struct vfio_info_cap_header header;
> + __u32 nr_iovas;
> + __u32 reserved;
> + struct vfio_iova_range iova_ranges[];
> };
>
> #define VFIO_IOMMU_GET_INFO _IO(VFIO_TYPE, VFIO_BASE + 12)
>
Reviewed-by: Eric Auger <[email protected]>

Thanks

Eric

2019-07-07 15:11:02

by Eric Auger

[permalink] [raw]
Subject: Re: [PATCH v7 2/6] vfio/type1: Check reserve region conflict and update iova list

Hi Shameer,

On 6/26/19 5:12 PM, Shameer Kolothum wrote:
> This retrieves the reserved regions associated with dev group and
> checks for conflicts with any existing dma mappings. Also update
> the iova list excluding the reserved regions.

s/reserve/reserved in the commit title
>
> Reserved regions with type IOMMU_RESV_DIRECT_RELAXABLE are
> excluded from above checks as they are considered as directly
> mapped regions which are known to be relaxable.
>
> Signed-off-by: Shameer Kolothum <[email protected]>
> ---
> drivers/vfio/vfio_iommu_type1.c | 96 +++++++++++++++++++++++++++++++++
> 1 file changed, 96 insertions(+)
>
> diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
> index 970d1ec06aed..b6bfdfa16c33 100644
> --- a/drivers/vfio/vfio_iommu_type1.c
> +++ b/drivers/vfio/vfio_iommu_type1.c
> @@ -1508,6 +1508,88 @@ static int vfio_iommu_aper_resize(struct list_head *iova,
> return 0;
> }
>
> +/*
> + * Check reserved region conflicts with existing dma mappings
> + */
> +static bool vfio_iommu_resv_conflict(struct vfio_iommu *iommu,
> + struct list_head *resv_regions)
> +{
> + struct iommu_resv_region *region;
> +
> + /* Check for conflict with existing dma mappings */
> + list_for_each_entry(region, resv_regions, list) {
> + if (region->type == IOMMU_RESV_DIRECT_RELAXABLE)
> + continue;
> +
> + if (vfio_find_dma(iommu, region->start, region->length))
> + return true;
> + }
> +
> + return false;
> +}
> +
> +/*
> + * Check iova region overlap with reserved regions and
> + * exclude them from the iommu iova range
> + */
> +static int vfio_iommu_resv_exclude(struct list_head *iova,
> + struct list_head *resv_regions)
> +{
> + struct iommu_resv_region *resv;
> + struct vfio_iova *n, *next;
> +
> + list_for_each_entry(resv, resv_regions, list) {
> + phys_addr_t start, end;
> +
> + if (resv->type == IOMMU_RESV_DIRECT_RELAXABLE)
> + continue;
> +
> + start = resv->start;
> + end = resv->start + resv->length - 1;
> +
> + list_for_each_entry_safe(n, next, iova, list) {
> + int ret = 0;
> +
> + /* No overlap */
> + if (start > n->end || end < n->start)
> + continue;
> + /*
> + * Insert a new node if current node overlaps with the
> + * reserve region to exlude that from valid iova range.
> + * Note that, new node is inserted before the current
> + * node and finally the current node is deleted keeping
> + * the list updated and sorted.
> + */
> + if (start > n->start)
> + ret = vfio_iommu_iova_insert(&n->list, n->start,
> + start - 1);
> + if (!ret && end < n->end)
> + ret = vfio_iommu_iova_insert(&n->list, end + 1,
> + n->end);
> + if (ret)
> + return ret;
> +
> + list_del(&n->list);
> + kfree(n);
> + }
> + }
> +
> + if (list_empty(iova))
> + return -EINVAL;
> +
> + return 0;
> +}
> +
> +static void vfio_iommu_resv_free(struct list_head *resv_regions)
> +{
> + struct iommu_resv_region *n, *next;
> +
> + list_for_each_entry_safe(n, next, resv_regions, list) {
> + list_del(&n->list);
> + kfree(n);
> + }
> +}
> +
> static void vfio_iommu_iova_free(struct list_head *iova)
> {
> struct vfio_iova *n, *next;
> @@ -1559,6 +1641,7 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
> phys_addr_t resv_msi_base;
> struct iommu_domain_geometry geo;
> LIST_HEAD(iova_copy);
> + LIST_HEAD(group_resv_regions);
>
> mutex_lock(&iommu->lock);
>
> @@ -1644,6 +1727,13 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
> goto out_detach;
> }
>
> + iommu_get_group_resv_regions(iommu_group, &group_resv_regions);
> +
> + if (vfio_iommu_resv_conflict(iommu, &group_resv_regions)) {
> + ret = -EINVAL;
> + goto out_detach;
> + }
> +
> /* Get a copy of the current iova list and work on it */
> ret = vfio_iommu_iova_get_copy(iommu, &iova_copy);
> if (ret)
> @@ -1654,6 +1744,10 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
> if (ret)
> goto out_detach;
>
> + ret = vfio_iommu_resv_exclude(&iova_copy, &group_resv_regions);
> + if (ret)
> + goto out_detach;
> +
> resv_msi = vfio_iommu_has_sw_msi(iommu_group, &resv_msi_base);
>
> INIT_LIST_HEAD(&domain->group_list);
> @@ -1714,6 +1808,7 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
> /* Delete the old one and insert new iova list */
> vfio_iommu_iova_insert_copy(iommu, &iova_copy);
> mutex_unlock(&iommu->lock);
> + vfio_iommu_resv_free(&group_resv_regions);
>
> return 0;
>
> @@ -1722,6 +1817,7 @@ static int vfio_iommu_type1_attach_group(void *iommu_data,
> out_domain:
> iommu_domain_free(domain->domain);
> vfio_iommu_iova_free(&iova_copy);
> + vfio_iommu_resv_free(&group_resv_regions);
> out_free:
> kfree(domain);
> kfree(group);
>
Thanks

Eric

2019-07-07 15:11:22

by Eric Auger

[permalink] [raw]
Subject: Re: [PATCH v7 3/6] vfio/type1: Update iova list on detach

Hi Shameer,

On 6/26/19 5:12 PM, Shameer Kolothum wrote:
> Get a copy of iova list on _group_detach and try to update the list.
> On success replace the current one with the copy. Leave the list as
> it is if update fails.
>
> Signed-off-by: Shameer Kolothum <[email protected]>
> ---
> drivers/vfio/vfio_iommu_type1.c | 91 +++++++++++++++++++++++++++++++++
> 1 file changed, 91 insertions(+)
>
> diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
> index b6bfdfa16c33..e872fb3a0f39 100644
> --- a/drivers/vfio/vfio_iommu_type1.c
> +++ b/drivers/vfio/vfio_iommu_type1.c
> @@ -1873,12 +1873,88 @@ static void vfio_sanity_check_pfn_list(struct vfio_iommu *iommu)
> WARN_ON(iommu->notifier.head);
> }
>
> +/*
> + * Called when a domain is removed in detach. It is possible that
> + * the removed domain decided the iova aperture window. Modify the
> + * iova aperture with the smallest window among existing domains.
> + */
> +static void vfio_iommu_aper_expand(struct vfio_iommu *iommu,
> + struct list_head *iova_copy)
Maybe you could just remove iova_copy for the args and return start,
size. See comment below.
> +{
> + struct vfio_domain *domain;
> + struct iommu_domain_geometry geo;
> + struct vfio_iova *node;
> + dma_addr_t start = 0;
> + dma_addr_t end = (dma_addr_t)~0;
> +
> + list_for_each_entry(domain, &iommu->domain_list, next) {
> + iommu_domain_get_attr(domain->domain, DOMAIN_ATTR_GEOMETRY,
> + &geo);
> + if (geo.aperture_start > start)
> + start = geo.aperture_start;
> + if (geo.aperture_end < end)
> + end = geo.aperture_end;
> + }
> +
> + /* Modify aperture limits. The new aper is either same or bigger */
> + node = list_first_entry(iova_copy, struct vfio_iova, list);
> + node->start = start;
> + node = list_last_entry(iova_copy, struct vfio_iova, list);
> + node->end = end;
> +}
> +
> +/*
> + * Called when a group is detached. The reserved regions for that
> + * group can be part of valid iova now. But since reserved regions
> + * may be duplicated among groups, populate the iova valid regions
> + * list again.
> + */
> +static int vfio_iommu_resv_refresh(struct vfio_iommu *iommu,
> + struct list_head *iova_copy)
> +{
> + struct vfio_domain *d;
> + struct vfio_group *g;
> + struct vfio_iova *node;
> + dma_addr_t start, end;
> + LIST_HEAD(resv_regions);
> + int ret;
> +
> + list_for_each_entry(d, &iommu->domain_list, next) {
> + list_for_each_entry(g, &d->group_list, next)
> + iommu_get_group_resv_regions(g->iommu_group,
> + &resv_regions);
> + }
> +
> + if (list_empty(&resv_regions))
> + return 0;
vfio_iommu_aper_expand() just extended the start/end of first & last
node respectively. In case the iova_copy() featured excluded resv
regions before and now you don't have any anymore, the previous holes
will stay if I don't miss anything?

You may unconditionally recompute start/end, free the copy,
aper_resize() with new start/end and exclude resv regions again?

Thanks

Eric

> +
> + node = list_first_entry(iova_copy, struct vfio_iova, list);
> + start = node->start;
> + node = list_last_entry(iova_copy, struct vfio_iova, list);
> + end = node->end;
> +
> + /* purge the iova list and create new one */
> + vfio_iommu_iova_free(iova_copy);
> +
> + ret = vfio_iommu_aper_resize(iova_copy, start, end);
> + if (ret)
> + goto done;
> +
> + /* Exclude current reserved regions from iova ranges */
> + ret = vfio_iommu_resv_exclude(iova_copy, &resv_regions);
> +done:
> + vfio_iommu_resv_free(&resv_regions);
> + return ret;
> +}
> +
> static void vfio_iommu_type1_detach_group(void *iommu_data,
> struct iommu_group *iommu_group)
> {
> struct vfio_iommu *iommu = iommu_data;
> struct vfio_domain *domain;
> struct vfio_group *group;
> + bool iova_copy_fail;
> + LIST_HEAD(iova_copy);
>
> mutex_lock(&iommu->lock);
>
> @@ -1901,6 +1977,12 @@ static void vfio_iommu_type1_detach_group(void *iommu_data,
> }
> }
>
> + /*
> + * Get a copy of iova list. If success, use copy to update the
> + * list and to replace the current one.
> + */
> + iova_copy_fail = !!vfio_iommu_iova_get_copy(iommu, &iova_copy);
> +
> list_for_each_entry(domain, &iommu->domain_list, next) {
> group = find_iommu_group(domain, iommu_group);
> if (!group)
> @@ -1926,10 +2008,19 @@ static void vfio_iommu_type1_detach_group(void *iommu_data,
> iommu_domain_free(domain->domain);
> list_del(&domain->next);
> kfree(domain);
> + if (!iova_copy_fail && !list_empty(&iommu->domain_list))
> + vfio_iommu_aper_expand(iommu, &iova_copy);
> }
> break;
> }
>
> + if (!iova_copy_fail && !list_empty(&iommu->domain_list)) {
> + if (!vfio_iommu_resv_refresh(iommu, &iova_copy))
> + vfio_iommu_iova_insert_copy(iommu, &iova_copy);
> + else
> + vfio_iommu_iova_free(&iova_copy);
> + }
> +
> detach_group_done:
> mutex_unlock(&iommu->lock);
> }
>

Subject: RE: [PATCH v7 2/6] vfio/type1: Check reserve region conflict and update iova list

Hi Eric

> -----Original Message-----
> From: Auger Eric [mailto:[email protected]]
> Sent: 05 July 2019 13:10
> To: Shameerali Kolothum Thodi <[email protected]>;
> Alex Williamson <[email protected]>
> Cc: [email protected]; [email protected];
> [email protected]; Linuxarm <[email protected]>; John
> Garry <[email protected]>; xuwei (O) <[email protected]>;
> [email protected]
> Subject: Re: [PATCH v7 2/6] vfio/type1: Check reserve region conflict and
> update iova list
>
> Hi Shameer,
>
> On 7/4/19 2:51 PM, Shameerali Kolothum Thodi wrote:
> >
> >
> >> -----Original Message-----
> >> From: [email protected] [mailto:[email protected]] On
> >> Behalf Of Alex Williamson
> >> Sent: 03 July 2019 21:34
> >> To: Shameerali Kolothum Thodi <[email protected]>
> >> Cc: [email protected]; [email protected];
> >> [email protected]; [email protected];
> >> [email protected]; Linuxarm <[email protected]>;
> John
> >> Garry <[email protected]>; xuwei (O) <[email protected]>;
> >> [email protected]
> >> Subject: Re: [PATCH v7 2/6] vfio/type1: Check reserve region conflict and
> >> update iova list
> >>
> >> On Wed, 26 Jun 2019 16:12:44 +0100
> >> Shameer Kolothum <[email protected]> wrote:
> >>
> >>> This retrieves the reserved regions associated with dev group and
> >>> checks for conflicts with any existing dma mappings. Also update
> >>> the iova list excluding the reserved regions.
> >>>
> >>> Reserved regions with type IOMMU_RESV_DIRECT_RELAXABLE are
> >>> excluded from above checks as they are considered as directly
> >>> mapped regions which are known to be relaxable.
> >>>
> >>> Signed-off-by: Shameer Kolothum
> <[email protected]>
> >>> ---
> >>> drivers/vfio/vfio_iommu_type1.c | 96
> >> +++++++++++++++++++++++++++++++++
> >>> 1 file changed, 96 insertions(+)
> >>>
> >>> diff --git a/drivers/vfio/vfio_iommu_type1.c
> >> b/drivers/vfio/vfio_iommu_type1.c
> >>> index 970d1ec06aed..b6bfdfa16c33 100644
> >>> --- a/drivers/vfio/vfio_iommu_type1.c
> >>> +++ b/drivers/vfio/vfio_iommu_type1.c
> >>> @@ -1559,6 +1641,7 @@ static int vfio_iommu_type1_attach_group(void
> >> *iommu_data,
> >>> phys_addr_t resv_msi_base;
> >>> struct iommu_domain_geometry geo;
> >>> LIST_HEAD(iova_copy);
> >>> + LIST_HEAD(group_resv_regions);
> >>>
> >>> mutex_lock(&iommu->lock);
> >>>
> >>> @@ -1644,6 +1727,13 @@ static int
> vfio_iommu_type1_attach_group(void
> >> *iommu_data,
> >>> goto out_detach;
> >>> }
> >>>
> >>> + iommu_get_group_resv_regions(iommu_group,
> &group_resv_regions);
> >>
> >> This can fail and should have an error case. I assume we'd fail the
> >> group attach on failure. Thanks,
> >
> > Right. I will add the check. Do you think we should do the same in
> vfio_iommu_has_sw_msi()
> > as well? (In fact, it looks like iommu_get_group_resv_regions() ret is not
> checked anywhere in
> > kernel).
>
> I think the can be the topic of another series. I just noticed that in
> iommu_insert_resv_region(), which is recursive in case ot merge, I
> failed to propagate returned value or recursive calls. This also needs
> to be fixed. I volunteer to work on those changes if you prefer. Just
> let me know.

Ok. Please go ahead.

Thanks,
Shameer

Subject: RE: [PATCH v7 1/6] vfio/type1: Introduce iova list and add iommu aperture validity check

Hi Eric,

> -----Original Message-----
> From: Auger Eric [mailto:[email protected]]
> Sent: 07 July 2019 16:03
> To: Shameerali Kolothum Thodi <[email protected]>;
> [email protected]; [email protected]
> Cc: [email protected]; [email protected];
> [email protected]; Linuxarm <[email protected]>; John
> Garry <[email protected]>; xuwei (O) <[email protected]>;
> [email protected]
> Subject: Re: [PATCH v7 1/6] vfio/type1: Introduce iova list and add iommu
> aperture validity check
>
> Hi Shameer,
>
> On 6/26/19 5:12 PM, Shameer Kolothum wrote:
> > This introduces an iova list that is valid for dma mappings. Make
> > sure the new iommu aperture window doesn't conflict with the current
> > one or with any existing dma mappings during attach.
> >
> > Signed-off-by: Shameer Kolothum <[email protected]>
> > ---
> > drivers/vfio/vfio_iommu_type1.c | 181
> +++++++++++++++++++++++++++++++-
> > 1 file changed, 177 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/vfio/vfio_iommu_type1.c
> b/drivers/vfio/vfio_iommu_type1.c
> > index add34adfadc7..970d1ec06aed 100644
> > --- a/drivers/vfio/vfio_iommu_type1.c
> > +++ b/drivers/vfio/vfio_iommu_type1.c
> > @@ -1,4 +1,3 @@
> > -// SPDX-License-Identifier: GPL-2.0-only
> > /*
> > * VFIO: IOMMU DMA mapping support for Type1 IOMMU
> > *
> > @@ -62,6 +61,7 @@ MODULE_PARM_DESC(dma_entry_limit,
> >
> > struct vfio_iommu {
> > struct list_head domain_list;
> > + struct list_head iova_list;
> > struct vfio_domain *external_domain; /* domain for external user */
> > struct mutex lock;
> > struct rb_root dma_list;
> > @@ -97,6 +97,12 @@ struct vfio_group {
> > bool mdev_group; /* An mdev group */
> > };
> >
> > +struct vfio_iova {
> > + struct list_head list;
> > + dma_addr_t start;
> > + dma_addr_t end;
> > +};
> > +
> > /*
> > * Guest RAM pinning working set or DMA target
> > */
> > @@ -1401,6 +1407,146 @@ static int vfio_mdev_iommu_device(struct
> device *dev, void *data)
> > return 0;
> > }
> >
> > +/*
> > + * This is a helper function to insert an address range to iova list.
> > + * The list starts with a single entry corresponding to the IOMMU
> The list is initially created with a single entry ../..
> > + * domain geometry to which the device group is attached. The list
> > + * aperture gets modified when a new domain is added to the container
> > + * if the new aperture doesn't conflict with the current one or with
> > + * any existing dma mappings. The list is also modified to exclude
> > + * any reserved regions associated with the device group.
> > + */
> > +static int vfio_iommu_iova_insert(struct list_head *head,
> > + dma_addr_t start, dma_addr_t end)
> > +{
> > + struct vfio_iova *region;
> > +
> > + region = kmalloc(sizeof(*region), GFP_KERNEL);
> > + if (!region)
> > + return -ENOMEM;
> > +
> > + INIT_LIST_HEAD(&region->list);
> > + region->start = start;
> > + region->end = end;
> > +
> > + list_add_tail(&region->list, head);
> > + return 0;
> > +}
> > +
> > +/*
> > + * Check the new iommu aperture conflicts with existing aper or with any
> > + * existing dma mappings.
> > + */
> > +static bool vfio_iommu_aper_conflict(struct vfio_iommu *iommu,
> > + dma_addr_t start, dma_addr_t end)
> > +{
> > + struct vfio_iova *first, *last;
> > + struct list_head *iova = &iommu->iova_list;
> > +
> > + if (list_empty(iova))
> > + return false;
> > +
> > + /* Disjoint sets, return conflict */
> > + first = list_first_entry(iova, struct vfio_iova, list);
> > + last = list_last_entry(iova, struct vfio_iova, list);
> > + if (start > last->end || end < first->start)
> > + return true;
> > +
> > + /* Check for any existing dma mappings outside the new start */
> s/outside/below
> > + if (start > first->start) {
> > + if (vfio_find_dma(iommu, first->start, start - first->start))
> > + return true;
> > + }
> > +
> > + /* Check for any existing dma mappings outside the new end */
> s/outside/beyond
> > + if (end < last->end) {
> > + if (vfio_find_dma(iommu, end + 1, last->end - end))
> > + return true;
> > + }
> > +
> > + return false;
> > +}
> > +
> > +/*
> > + * Resize iommu iova aperture window. This is called only if the new
> > + * aperture has no conflict with existing aperture and dma mappings.
> > + */
> > +static int vfio_iommu_aper_resize(struct list_head *iova,
> > + dma_addr_t start, dma_addr_t end)
> > +{
> > + struct vfio_iova *node, *next;
> > +
> > + if (list_empty(iova))
> > + return vfio_iommu_iova_insert(iova, start, end);
> > +
> > + /* Adjust iova list start */
> > + list_for_each_entry_safe(node, next, iova, list) {
> > + if (start < node->start)
> > + break;
> > + if (start >= node->start && start < node->end) {
> > + node->start = start;
> > + break;
> > + }
> > + /* Delete nodes before new start */
> > + list_del(&node->list);
> > + kfree(node);
> > + }
> > +
> > + /* Adjust iova list end */
> > + list_for_each_entry_safe(node, next, iova, list) {
> > + if (end > node->end)
> > + continue;
> > + if (end > node->start && end <= node->end) {
> > + node->end = end;
> > + continue;
> > + }
> > + /* Delete nodes after new end */
> > + list_del(&node->list);
> > + kfree(node);
> > + }
> > +
> > + return 0;
> > +}
> > +
> > +static void vfio_iommu_iova_free(struct list_head *iova)
> > +{
> > + struct vfio_iova *n, *next;
> > +
> > + list_for_each_entry_safe(n, next, iova, list) {
> > + list_del(&n->list);
> > + kfree(n);
> > + }
> > +}
> > +
> > +static int vfio_iommu_iova_get_copy(struct vfio_iommu *iommu,
> > + struct list_head *iova_copy)
> > +{
> > + struct list_head *iova = &iommu->iova_list;
> > + struct vfio_iova *n;
> > + int ret;
> > +
> > + list_for_each_entry(n, iova, list) {
> > + ret = vfio_iommu_iova_insert(iova_copy, n->start, n->end);
> > + if (ret)
> > + goto out_free;
> > + }
> > +
> > + return 0;
> > +
> > +out_free:
> > + vfio_iommu_iova_free(iova_copy);
> > + return ret;
> > +}
> > +
> > +static void vfio_iommu_iova_insert_copy(struct vfio_iommu *iommu,
> > + struct list_head *iova_copy)
> > +{
> > + struct list_head *iova = &iommu->iova_list;
> > +
> > + vfio_iommu_iova_free(iova);
> > +
> > + list_splice_tail(iova_copy, iova);
> > +}
> > static int vfio_iommu_type1_attach_group(void *iommu_data,
> > struct iommu_group *iommu_group)
> > {
> > @@ -1411,6 +1557,8 @@ static int vfio_iommu_type1_attach_group(void
> *iommu_data,
> > int ret;
> > bool resv_msi, msi_remap;
> > phys_addr_t resv_msi_base;
> > + struct iommu_domain_geometry geo;
> > + LIST_HEAD(iova_copy);
> >
> > mutex_lock(&iommu->lock);
> >
> > @@ -1487,6 +1635,25 @@ static int vfio_iommu_type1_attach_group(void
> *iommu_data,
> > if (ret)
> > goto out_domain;
> >
> > + /* Get aperture info */
> > + iommu_domain_get_attr(domain->domain, DOMAIN_ATTR_GEOMETRY,
> &geo);
> > +
> > + if (vfio_iommu_aper_conflict(iommu, geo.aperture_start,
> > + geo.aperture_end)) {
> > + ret = -EINVAL;
> > + goto out_detach;
> > + }
> > +
> > + /* Get a copy of the current iova list and work on it */
> At this stage of the reading it is not obvious why you need a copy of
> the list. rationale can be found when reading further or in the series
> history ("Use of iova list copy so that original is not altered in case
> of failure").
>
> Adding a comment in the code would be useful I think.

Ok. That makes sense. I will address this and all other minor comments
you had on other patches in next revision.

Thanks,
Shameer

> Thanks
>
> Eric
>
> > + ret = vfio_iommu_iova_get_copy(iommu, &iova_copy);
> > + if (ret)
> > + goto out_detach;
> > +
> > + ret = vfio_iommu_aper_resize(&iova_copy, geo.aperture_start,
> > + geo.aperture_end);
> > + if (ret)
> > + goto out_detach;
> > +
> > resv_msi = vfio_iommu_has_sw_msi(iommu_group, &resv_msi_base);
> >
> > INIT_LIST_HEAD(&domain->group_list);
> > @@ -1520,8 +1687,7 @@ static int vfio_iommu_type1_attach_group(void
> *iommu_data,
> > list_add(&group->next, &d->group_list);
> > iommu_domain_free(domain->domain);
> > kfree(domain);
> > - mutex_unlock(&iommu->lock);
> > - return 0;
> > + goto done;
> > }
> >
> > ret = vfio_iommu_attach_group(domain, group);
> > @@ -1544,7 +1710,9 @@ static int vfio_iommu_type1_attach_group(void
> *iommu_data,
> > }
> >
> > list_add(&domain->next, &iommu->domain_list);
> > -
> > +done:
> > + /* Delete the old one and insert new iova list */
> > + vfio_iommu_iova_insert_copy(iommu, &iova_copy);
> > mutex_unlock(&iommu->lock);
> >
> > return 0;
> > @@ -1553,6 +1721,7 @@ static int vfio_iommu_type1_attach_group(void
> *iommu_data,
> > vfio_iommu_detach_group(domain, group);
> > out_domain:
> > iommu_domain_free(domain->domain);
> > + vfio_iommu_iova_free(&iova_copy);
> > out_free:
> > kfree(domain);
> > kfree(group);
> > @@ -1692,6 +1861,7 @@ static void *vfio_iommu_type1_open(unsigned
> long arg)
> > }
> >
> > INIT_LIST_HEAD(&iommu->domain_list);
> > + INIT_LIST_HEAD(&iommu->iova_list);
> > iommu->dma_list = RB_ROOT;
> > iommu->dma_avail = dma_entry_limit;
> > mutex_init(&iommu->lock);
> > @@ -1735,6 +1905,9 @@ static void vfio_iommu_type1_release(void
> *iommu_data)
> > list_del(&domain->next);
> > kfree(domain);
> > }
> > +
> > + vfio_iommu_iova_free(&iommu->iova_list);
> > +
> > kfree(iommu);
> > }
> >
> >

Subject: RE: [PATCH v7 3/6] vfio/type1: Update iova list on detach

Hi Eric,

> -----Original Message-----
> From: Auger Eric [mailto:[email protected]]
> Sent: 07 July 2019 16:03
> To: Shameerali Kolothum Thodi <[email protected]>;
> [email protected]; [email protected]
> Cc: [email protected]; [email protected];
> [email protected]; Linuxarm <[email protected]>; John
> Garry <[email protected]>; xuwei (O) <[email protected]>;
> [email protected]
> Subject: Re: [PATCH v7 3/6] vfio/type1: Update iova list on detach
>
> Hi Shameer,
>
> On 6/26/19 5:12 PM, Shameer Kolothum wrote:
> > Get a copy of iova list on _group_detach and try to update the list.
> > On success replace the current one with the copy. Leave the list as
> > it is if update fails.
> >
> > Signed-off-by: Shameer Kolothum <[email protected]>
> > ---
> > drivers/vfio/vfio_iommu_type1.c | 91
> +++++++++++++++++++++++++++++++++
> > 1 file changed, 91 insertions(+)
> >
> > diff --git a/drivers/vfio/vfio_iommu_type1.c
> b/drivers/vfio/vfio_iommu_type1.c
> > index b6bfdfa16c33..e872fb3a0f39 100644
> > --- a/drivers/vfio/vfio_iommu_type1.c
> > +++ b/drivers/vfio/vfio_iommu_type1.c
> > @@ -1873,12 +1873,88 @@ static void vfio_sanity_check_pfn_list(struct
> vfio_iommu *iommu)
> > WARN_ON(iommu->notifier.head);
> > }
> >
> > +/*
> > + * Called when a domain is removed in detach. It is possible that
> > + * the removed domain decided the iova aperture window. Modify the
> > + * iova aperture with the smallest window among existing domains.
> > + */
> > +static void vfio_iommu_aper_expand(struct vfio_iommu *iommu,
> > + struct list_head *iova_copy)
> Maybe you could just remove iova_copy for the args and return start,
> size. See comment below.
> > +{
> > + struct vfio_domain *domain;
> > + struct iommu_domain_geometry geo;
> > + struct vfio_iova *node;
> > + dma_addr_t start = 0;
> > + dma_addr_t end = (dma_addr_t)~0;
> > +
> > + list_for_each_entry(domain, &iommu->domain_list, next) {
> > + iommu_domain_get_attr(domain->domain,
> DOMAIN_ATTR_GEOMETRY,
> > + &geo);
> > + if (geo.aperture_start > start)
> > + start = geo.aperture_start;
> > + if (geo.aperture_end < end)
> > + end = geo.aperture_end;
> > + }
> > +
> > + /* Modify aperture limits. The new aper is either same or bigger */
> > + node = list_first_entry(iova_copy, struct vfio_iova, list);
> > + node->start = start;
> > + node = list_last_entry(iova_copy, struct vfio_iova, list);
> > + node->end = end;
> > +}
> > +
> > +/*
> > + * Called when a group is detached. The reserved regions for that
> > + * group can be part of valid iova now. But since reserved regions
> > + * may be duplicated among groups, populate the iova valid regions
> > + * list again.
> > + */
> > +static int vfio_iommu_resv_refresh(struct vfio_iommu *iommu,
> > + struct list_head *iova_copy)
> > +{
> > + struct vfio_domain *d;
> > + struct vfio_group *g;
> > + struct vfio_iova *node;
> > + dma_addr_t start, end;
> > + LIST_HEAD(resv_regions);
> > + int ret;
> > +
> > + list_for_each_entry(d, &iommu->domain_list, next) {
> > + list_for_each_entry(g, &d->group_list, next)
> > + iommu_get_group_resv_regions(g->iommu_group,
> > + &resv_regions);
> > + }
> > +
> > + if (list_empty(&resv_regions))
> > + return 0;
> vfio_iommu_aper_expand() just extended the start/end of first & last
> node respectively. In case the iova_copy() featured excluded resv
> regions before and now you don't have any anymore, the previous holes
> will stay if I don't miss anything?

Good catch!. Yes, I think there is a problem here.

>
> You may unconditionally recompute start/end, free the copy,
> aper_resize() with new start/end and exclude resv regions again?

Ok. I will fix this in next revision.

Cheers,
Shameer