Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp2154857rdb; Thu, 7 Dec 2023 22:39:58 -0800 (PST) X-Google-Smtp-Source: AGHT+IFrzHdejRHmWKOyve+LlPnrVXFtmoTGxhLEjxJPnkZ82kZcO2CKA9Q7JeRkp7DL81T18V8c X-Received: by 2002:a05:6358:2612:b0:170:17eb:b42 with SMTP id l18-20020a056358261200b0017017eb0b42mr4892669rwc.44.1702017597801; Thu, 07 Dec 2023 22:39:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702017597; cv=none; d=google.com; s=arc-20160816; b=qzvonFqsEwVdou/BxlW9bEsAuON9s574Hhum7w0n7wTuxCRrgnZk8ExvMX5JE5rBfZ FHx+u+mks8HYJfFPBYTy+GejQ4JAeJUcxwoBW3Fi5Yx92zQ75/ySCdsDL1jb4mWSIpNR cioi0PkmNu95zS+V46rRST310zji7Dwy5gKtK2hQmvpf7ceANsvTAddpB8tfe8JKpPRW K4g4/qktTE+XozcA3yi7Aqn0GUziMpUymS3BUicay2W4epY21m6c+R0qKtot96dAKBEt 1SGpYm1anv3HR8vElM/PNUPXYTp/8dGedI7DukLUzGxgov1rpTCs4V64ILKP977HHOtz 3vQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:to:content-language:subject:cc:user-agent:mime-version :date:message-id:dkim-signature; bh=eXke2IOC1ZsRyh7l1T30hmNzcgmQKO1725u8V/3Bxeo=; fh=CHF6icUB8BkFux9PDqkpqFGX84EaHzyqwt6q0oBm+fk=; b=BseEPWqJQ9fCo2yeDdxQOfP1YB9tmUwxmfNxtACFXJUq0TXhbnFNuSsT/zCcQ9V7z3 i0+Of7AueW0MOKoy+vUx+BZDCHIQGpk78V4zoVbXTGoX02kGfHm+km3F8tA1PzbCaM6+ 2ljXL35NAzDA8lbi792/N7OzCnFgmVAhoX1DpOmqRWcidS2GXr/NRV3GvMmuA6OfAJOt wZkEf1g+zC9r1GgiZmh69vK0zM26g0gj1Qu9Y5lcOiAuuA17BuSvZoKfgU3cClUq+mfZ 97lG9i78Rr0JPYRmJ951kGB2As1+H3Gl095Lp9jaXMQ0v2D/FIaVif3/kjY06ZaA6NdC fb7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=JbkZQYOI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id s1-20020a056a0008c100b006c6930e7540si1044868pfu.121.2023.12.07.22.39.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Dec 2023 22:39:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=JbkZQYOI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id F00988080D4D; Thu, 7 Dec 2023 22:39:54 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232875AbjLHGjj (ORCPT + 99 others); Fri, 8 Dec 2023 01:39:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41008 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229531AbjLHGjh (ORCPT ); Fri, 8 Dec 2023 01:39:37 -0500 Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DEDF41708; Thu, 7 Dec 2023 22:39:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1702017583; x=1733553583; h=message-id:date:mime-version:cc:subject:to:references: from:in-reply-to:content-transfer-encoding; bh=g2XYI3wGsgRd94waAtpwRHsl4O1wz+sDDWlsY1kGQdE=; b=JbkZQYOI78pIImkikYm7vZR8lnCeYrYfQEtM5eVkD0xCydNtxvee1E2g 1BhD5VnZqDwwYMiQeDtipVsVCCN94UJ+lE6G1qUy0Ko2o2QL3r5fpx6Q9 dRNRWlBY6+AsV0O1ckZ5L0K64RgXUataichwUM+rDI9UTvdhMCjt0UFwa Ut1CQmGoBBQemRaqJuh99obk0yJrCw9XKF2U18s6SIaClKQH2YDwNv+kE FHoK/mbj3iBKDVprKsgS6iVLh8+gFf3AlEj3clsSHcgHfQSGaiCoa1Z3p MaARvRyePikUrJmMFblETP+wA5xb7kDNOZfAfvR5k4SRLB7u0ZHtSDENY Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10917"; a="398234208" X-IronPort-AV: E=Sophos;i="6.04,260,1695711600"; d="scan'208";a="398234208" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Dec 2023 22:39:43 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10917"; a="945319532" X-IronPort-AV: E=Sophos;i="6.04,260,1695711600"; d="scan'208";a="945319532" Received: from allen-box.sh.intel.com (HELO [10.239.159.127]) ([10.239.159.127]) by orsmga005.jf.intel.com with ESMTP; 07 Dec 2023 22:39:39 -0800 Message-ID: Date: Fri, 8 Dec 2023 14:35:02 +0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Cc: baolu.lu@linux.intel.com, Kevin Tian , Joerg Roedel , Will Deacon , Robin Murphy , Jean-Philippe Brucker , Nicolin Chen , Yi Liu , Jacob Pan , iommu@lists.linux.dev, linux-kselftest@vger.kernel.org, virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 2/6] iommufd: Add iommu page fault uapi data Content-Language: en-US To: Jason Gunthorpe References: <20231026024930.382898-1-baolu.lu@linux.intel.com> <20231026024930.382898-3-baolu.lu@linux.intel.com> <20231201151405.GA1489931@ziepe.ca> From: Baolu Lu In-Reply-To: <20231201151405.GA1489931@ziepe.ca> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Thu, 07 Dec 2023 22:39:55 -0800 (PST) On 12/1/23 11:14 PM, Jason Gunthorpe wrote: > On Thu, Oct 26, 2023 at 10:49:26AM +0800, Lu Baolu wrote: > >> + * @IOMMU_HWPT_ALLOC_IOPF_CAPABLE: User is capable of handling IO page faults. > > This does not seem like the best name? > > Probably like this given my remark in the cover letter: > > --- a/include/uapi/linux/iommufd.h > +++ b/include/uapi/linux/iommufd.h > @@ -359,6 +359,7 @@ struct iommu_vfio_ioas { > enum iommufd_hwpt_alloc_flags { > IOMMU_HWPT_ALLOC_NEST_PARENT = 1 << 0, > IOMMU_HWPT_ALLOC_DIRTY_TRACKING = 1 << 1, > + IOMMU_HWPT_IOPFD_FD_VALID = 1 << 2, > }; > > /** > @@ -440,6 +441,7 @@ struct iommu_hwpt_alloc { > __u32 data_type; > __u32 data_len; > __aligned_u64 data_uptr; > + __s32 iopf_fd; > }; > #define IOMMU_HWPT_ALLOC _IO(IOMMUFD_TYPE, IOMMUFD_CMD_HWPT_ALLOC) Yes. Agreed. >> @@ -679,6 +688,62 @@ struct iommu_dev_data_arm_smmuv3 { >> __u32 sid; >> }; >> >> +/** >> + * struct iommu_hwpt_pgfault - iommu page fault data >> + * @size: sizeof(struct iommu_hwpt_pgfault) >> + * @flags: Combination of IOMMU_PGFAULT_FLAGS_ flags. >> + * - PASID_VALID: @pasid field is valid >> + * - LAST_PAGE: the last page fault in a group >> + * - PRIV_DATA: @private_data field is valid >> + * - RESP_NEEDS_PASID: the page response must have the same >> + * PASID value as the page request. >> + * @dev_id: id of the originated device >> + * @pasid: Process Address Space ID >> + * @grpid: Page Request Group Index >> + * @perm: requested page permissions (IOMMU_PGFAULT_PERM_* values) >> + * @addr: page address >> + * @private_data: device-specific private information >> + */ >> +struct iommu_hwpt_pgfault { >> + __u32 size; >> + __u32 flags; >> +#define IOMMU_PGFAULT_FLAGS_PASID_VALID (1 << 0) >> +#define IOMMU_PGFAULT_FLAGS_LAST_PAGE (1 << 1) >> +#define IOMMU_PGFAULT_FLAGS_PRIV_DATA (1 << 2) >> +#define IOMMU_PGFAULT_FLAGS_RESP_NEEDS_PASID (1 << 3) >> + __u32 dev_id; >> + __u32 pasid; >> + __u32 grpid; >> + __u32 perm; >> +#define IOMMU_PGFAULT_PERM_READ (1 << 0) >> +#define IOMMU_PGFAULT_PERM_WRITE (1 << 1) >> +#define IOMMU_PGFAULT_PERM_EXEC (1 << 2) >> +#define IOMMU_PGFAULT_PERM_PRIV (1 << 3) >> + __u64 addr; >> + __u64 private_data[2]; >> +}; > > This mixed #define is not the style, these should be in enums, > possibly with kdocs > > Use __aligned_u64 also Sure. > >> + >> +/** >> + * struct iommu_hwpt_response - IOMMU page fault response >> + * @size: sizeof(struct iommu_hwpt_response) >> + * @flags: Must be set to 0 >> + * @hwpt_id: hwpt ID of target hardware page table for the response >> + * @dev_id: device ID of target device for the response >> + * @pasid: Process Address Space ID >> + * @grpid: Page Request Group Index >> + * @code: response code. The supported codes include: >> + * 0: Successful; 1: Response Failure; 2: Invalid Request. >> + */ >> +struct iommu_hwpt_page_response { >> + __u32 size; >> + __u32 flags; >> + __u32 hwpt_id; >> + __u32 dev_id; >> + __u32 pasid; >> + __u32 grpid; >> + __u32 code; >> +}; > > Is it OK to have the user pass in all this detailed information? Is it > a security problem if the user lies? Ie shouldn't we only ack page > faults we actually have outstanding? > > IOW should iommu_hwpt_pgfault just have a 'response_cookie' generated > by the kernel that should be placed here? The kernel would keep track > of all this internal stuff? The iommu core has already kept the outstanding faults that have been awaiting a response. So even if the user lies about a fault, the kernel does not send the wrong respond message to the device. {device_id, grpid, code} is just enough from the user. This means the user wants to respond to the @grpid fault from @device with the @code result. Best regards, baolu