Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp852737ybb; Wed, 25 Mar 2020 10:51:21 -0700 (PDT) X-Google-Smtp-Source: ADFU+vu/dRODDX7DiUQnEN5FEMFfVsqn1J7yZSKHaVdI89xCYQVriGjfnR791+zaBH+fTOXnEMEo X-Received: by 2002:aca:c3c1:: with SMTP id t184mr3405767oif.113.1585158681410; Wed, 25 Mar 2020 10:51:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585158681; cv=none; d=google.com; s=arc-20160816; b=VwnJFYO9lCBcqndG0Zi4xTzlDIZzpNacfB/BUpbarQX9VN4pvd4moHMPpA3vmUhEP9 fzjUhw//n1873R+ifmephaQXmF6o5BjTJZBmOY2t8DWPQCH05OZgJ3NCYUUaIp1sFg5Y DNywE8KurQd7x9AspiAP1vT5bqiy28WbnoeeUSrrVa0QDPF1xEg3+OxvJSOJq80rl0HR UnAmXSj9u+CMmLF9Anpa26lEylfdc3sHr8RVaCyxe9kupnFPwXLJsZWdzmlHR9DLb0em tJO/HcXl9pFeEXGAeDz0V0E8/60rCkhQFMWezC4YICms0oym5nh3XgxWkRYPzU97yLUd 1HlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :ironport-sdr:ironport-sdr; bh=Hli7vSb7zGWdxIsBnVj6RRu2p3jZhd1Olsl9MsDL4Zo=; b=ibtva93qZg/MwAwkn7WSYMatZordizx0QaVT8Y1igQfh4DpA31Wu2YEwl/OXnfsqNF OtUnkvvuJtIDIKFWvU2kCYvfOxfpSPheLRSaCs37FyPVoxD5FX6onbYhpReiM8GMVhyu T4ZlQsgHtY4KoLRvyoPbxOu7nK4S4Z4j3Is1DY8kOQhCJtz4rgfzlcJmM+z6V91q5AMU psIUomaVTSVqBp3/D05hI0/SkbcG1UzTOgZKYkD0MWJbVxXJEgfamhNIBwGwmi+fWQTW aS+I1Fry2f5BcL/h0nUQH5dG/st2v8guaCp9ryy5KLlCfwtMYDvP00YAsX3jF9BCnm3r SC9Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d62si86085oib.137.2020.03.25.10.51.08; Wed, 25 Mar 2020 10:51:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727600AbgCYRts (ORCPT + 99 others); Wed, 25 Mar 2020 13:49:48 -0400 Received: from mga12.intel.com ([192.55.52.136]:57497 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727253AbgCYRts (ORCPT ); Wed, 25 Mar 2020 13:49:48 -0400 IronPort-SDR: SjVbIa2iVNQ/8riYOelHOE0kz+DkyNTR90HjFu+vbPuObK+HXkdSw3JkGmrPvFYW7oEwgXSmgt Hpa6GEAY/i4g== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Mar 2020 10:49:48 -0700 IronPort-SDR: nTGyV5KO2GQfWBaE7MPTXA5oh1MfNXhUZcWgU80XHoM7UXz+iNhogqiHO0iw7vWby/zNgBoMMA +l0m2WDGAf9g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,305,1580803200"; d="scan'208";a="393702187" Received: from jacob-builder.jf.intel.com ([10.7.199.155]) by orsmga004.jf.intel.com with ESMTP; 25 Mar 2020 10:49:47 -0700 From: Jacob Pan To: Joerg Roedel , Alex Williamson , "Lu Baolu" , iommu@lists.linux-foundation.org, LKML , David Woodhouse , Jean-Philippe Brucker Cc: "Yi Liu" , "Tian, Kevin" , Raj Ashok , "Christoph Hellwig" , Jonathan Cameron , Eric Auger , Jacob Pan Subject: [PATCH 00/10] IOASID extensions for guest SVA Date: Wed, 25 Mar 2020 10:55:21 -0700 Message-Id: <1585158931-1825-1-git-send-email-jacob.jun.pan@linux.intel.com> X-Mailer: git-send-email 2.7.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org IOASID was introduced in v5.5 as a generic kernel allocator service for both PCIe Process Address Space ID (PASID) and ARM SMMU's Sub Stream ID. In addition to basic ID allocation, ioasid_set was introduced as a token that is shared by a group of IOASIDs. This set token can be used for permission checking but lack of some features needed by guest Shared Virtual Address (SVA). In addition, IOASID support for life cycle management is needed among multiple users. This patchset introduces two extensions to the IOASID code, 1. IOASID set operations 2. Notifications for IOASID state synchronization Part #1: IOASIDs used by each VM fits naturally into an ioasid_set. The usage for per set management requires the following features: - Quota enforcement - This is to prevent one VM from abusing the allocator to take all the system IOASIDs. Though VFIO layer can also enforce the quota, but it cannot cover the usage with both guest and host SVA on the same system. - Stores guest IOASID-Host IOASID mapping within the set. To support live migration, IOASID namespace should be owned by the guest. This requires per IOASID set look up between guest and host IOASIDs. This patchset does not introduce non-identity guest-host IOASID lookup, we merely introduce the infrastructure in per set data. - Set level operations, e.g. when a guest terminates, it is likely to free the entire set. Having a single place to manage the set where the IOASIDs are stored makes iteration much easier. New APIs are: - void ioasid_install_capacity(ioasid_t total); Set the system capacity prior to any allocations. On x86, VT-d driver calls this function to set max number of PASIDs, typically 1 million (20 bits). - int ioasid_alloc_system_set(int quota); Host system has a default ioasid_set, during boot it is expected that this default set is allocated with a reasonable quota, e.g. PID_MAX. This default/system set is used for baremetal SVA. - int ioasid_alloc_set(struct ioasid_set *token, ioasid_t quota, int *sid); Allocate a new set with a token, returned sid (set ID) will be used to allocate IOASIDs within the set. Allocation of IOASIDs cannot exceed the quota. - void ioasid_free_set(int sid, bool destroy_set); Free the entire set and notify all users with an option to destroy the set. Set ID can be used for allocation again if not destroyed. - int ioasid_find_sid(ioasid_t ioasid); Look up the set ID from an ioasid. There is no reference held, assuming set has a single owner. - int ioasid_adjust_set(int sid, int quota); Change the quota of the set, new quota cannot be less than the number of IOASIDs already allocated within the set. This is useful when IOASID resource needs to be balanced among VMs. Part #2 Notification service. Since IOASIDs are used by many consumers that follow publisher-subscriber pattern, notification is a natural choice to keep states synchronized. For example, on x86 system, guest PASID allocation and bind call results in VFIO IOCTL that can add and change guest-host PASID states. At the same time, IOMMU driver and KVM need to maintain its own PASID contexts. In this case, VFIO is the publisher within the kernel, IOMMU driver and KVM are the subscribers. This patchset introduces a global blocking notifier chain and APIs to operate on. Not all events nor all IOASIDs are of interests to all subscribers. e.g. KVM is only interested in the IOASIDs within its set. IOMMU driver is not ioasid_set aware. A further optimization could be having both global and per set notifier. But consider the infrequent nature of bind/unbind and relatively long process life cycle, this optimization may not be needed at this time. To register/unregister notification blocks, use these two APIs: - int ioasid_add_notifier(struct notifier_block *nb); - void ioasid_remove_notifier(struct notifier_block *nb) To send notification on an IOASID with one of the commands (FREE, BIND/UNBIND, etc.), use: - int ioasid_notify(ioasid_t id, enum ioasid_notify_val cmd); This work is a result of collaboration with many people: Liu, Yi L Wu Hao Ashok Raj Kevin Tian Thanks, Jacob Jacob Pan (10): iommu/ioasid: Introduce system-wide capacity iommu/vt-d: Set IOASID capacity when SVM is enabled iommu/ioasid: Introduce per set allocation APIs iommu/ioasid: Rename ioasid_set_data to avoid confusion with ioasid_set iommu/ioasid: Create an IOASID set for host SVA use iommu/ioasid: Convert to set aware allocations iommu/ioasid: Use mutex instead of spinlock iommu/ioasid: Introduce notifier APIs iommu/ioasid: Support ioasid_set quota adjustment iommu/vt-d: Register PASID notifier for status change drivers/iommu/intel-iommu.c | 20 ++- drivers/iommu/intel-svm.c | 89 ++++++++-- drivers/iommu/ioasid.c | 387 +++++++++++++++++++++++++++++++++++++++----- include/linux/intel-iommu.h | 1 + include/linux/ioasid.h | 86 +++++++++- 5 files changed, 522 insertions(+), 61 deletions(-) -- 2.7.4