-
由 Jean-Philippe Brucker 提交于
maillist inclusion category: feature bugzilla: 51855 CVE: NA Reference: https://jpbrucker.net/git/linux/commit/?h=sva/2021-03-01&id=4411467daeff90c7c371cef6369e4bf8561fb00e --------------------------------------------- In commit a3a19592 ("iommu: Add APIs for multiple domains per device"), the IOMMU API gained the concept of auxiliary domains (AUXD), which allows to control the PASID-tagged address spaces of a device. With AUXD the PASID address space are not shared with the CPU, but are instead modified with iommu_map() and iommu_unmap() calls on auxiliary domains. Add auxiliary domain support to the SMMUv3 driver. Device drivers allocate an unmanaged IOMMU domain with iommu_domain_alloc(), and attach it to the device with iommu_aux_attach_domain(). The AUXD API is fairly permissive, and allows to attach an IOMMU domain in both normal and auxiliary mode at the same time - one device can be attached to the domain normally, and another device can be attached through one of its PASIDs. To avoid excessive complexity in the SMMU implementation we pose some restrictions on supported AUXD usage: * A domain is either in auxiliary mode or normal mode. And that state is sticky. Once detached the domain has to be re-attached in the same mode. * An auxiliary domain can have a single parent domain. Two devices can be attached to the same auxiliary domain only if they are attached to the same parent domain. In practice these shouldn't be problematic, since we have the same kind of restriction on normal domains and users have been able to cope so far: at the moment a domain cannot be attached to two devices behind different SMMUs. When VFIO puts two such devices in the same container, it simply falls back to allocating two separate IOMMU domains. Be careful with mixing ATS and PASID. PCIe does not provide a way to only invalidate non-PASID ATC entries, without also invalidating all PASID-tagged ATC entries in the same address range! Try to avoid using PASID and non-PASID contexts at the same time. FIXME: if a device is removed from the domain while we drop an auxiliary domain, there may be a problem. We remove the ctx desc, invalidate CD cache for all devices, then invaliate the ATC for all devices. But we drop the devices lock between the two invalidations so if a device is removed we might miss the ATC inval? Signed-off-by: NJean-Philippe Brucker <jean-philippe@linaro.org> Signed-off-by: NLijun Fang <fanglijun3@huawei.com> Reviewed-by: NWeilong Chen <chenweilong@huawei.com> Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
7ca84842