From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.codeaurora.org by pdx-caf-mail.web.codeaurora.org (Dovecot) with LMTP id oIU4HNBPGFumRgAAmS7hNA ; Wed, 06 Jun 2018 21:19:12 +0000 Received: by smtp.codeaurora.org (Postfix, from userid 1000) id 5E67B608BF; Wed, 6 Jun 2018 21:19:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on pdx-caf-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI autolearn=unavailable autolearn_force=no version=3.4.0 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by smtp.codeaurora.org (Postfix) with ESMTP id B073F607E4; Wed, 6 Jun 2018 21:19:11 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org B073F607E4 Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=fail (p=none dis=none) header.from=linux.intel.com Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752554AbeFFVTJ (ORCPT + 25 others); Wed, 6 Jun 2018 17:19:09 -0400 Received: from mga04.intel.com ([192.55.52.120]:35759 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752282AbeFFVTG (ORCPT ); Wed, 6 Jun 2018 17:19:06 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Jun 2018 14:19:05 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,484,1520924400"; d="scan'208";a="46993196" Received: from jacob-builder.jf.intel.com (HELO jacob-builder) ([10.7.199.155]) by orsmga007.jf.intel.com with ESMTP; 06 Jun 2018 14:19:04 -0700 Date: Wed, 6 Jun 2018 14:22:04 -0700 From: Jacob Pan To: Jean-Philippe Brucker Cc: "Tian, Kevin" , Alex Williamson , "iommu@lists.linux-foundation.org" , LKML , Joerg Roedel , David Woodhouse , Greg Kroah-Hartman , "Wysocki, Rafael J" , "Liu, Yi L" , "Raj, Ashok" , Christoph Hellwig , Lu Baolu , Yi L , Auger Eric , jacob.jun.pan@linux.intel.com Subject: Re: [PATCH v4 04/22] iommu/vt-d: add bind_pasid_table function Message-ID: <20180606142204.529adec5@jacob-builder> In-Reply-To: <2831caf1-d40b-58c3-313c-afb7262e1861@arm.com> References: <1523915351-54415-1-git-send-email-jacob.jun.pan@linux.intel.com> <1523915351-54415-5-git-send-email-jacob.jun.pan@linux.intel.com> <20180417131047.0a9c310f@w520.home> <20180420164251.5245f822@jacob-builder> <20180529140915.1f174689@w520.home> <20180529211746.74f1dd23@w520.home> <20180530125240.34e0e80c@jacob-builder> <1c1094e8-ecbb-7731-910c-59e4de1e5c70@arm.com> <20180605103253.634ef8fd@jacob-builder> <2831caf1-d40b-58c3-313c-afb7262e1861@arm.com> Organization: OTC X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.30; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 6 Jun 2018 12:20:51 +0100 Jean-Philippe Brucker wrote: > On 05/06/18 18:32, Jacob Pan wrote: > >> "bytes" could be passed by VFIO as argument to bind_pasid_table, > >> since it can deduce it from argsz > >> > > Are you suggesting we wrap this struct in a vfio struct with argsz? > > or we directly use this struct? > > > > I need to clarify how vfio will use this. > > Right, I think we've diverged a bit since the last discussion :) > > > - User program: > > struct pasid_table_config ptc = { .bytes = sizeof(ptc) }; > > ptc.version = 1; > > ioctl(device, VFIO_DEVICE_BIND_PASID_TABLE, &ptc); > > Any reason to do the ioctl on device instead of container? As we're > binding address spaces we probably want a consistent view for the > whole container, like the MAP/UNMAP ioctls do. > I was thinking the pasid table storage is per device, it would be more secure if the pasid table is contained within the device. We should have one device per container in most cases. in case of two or more devices in the same container shares the same pasid table, isolation may not be good in that the second device can dma with pasids it does not own but in the shared pasid table. > As I remember it the userspace interface would use a VFIO header and > the BIND ioctl. I can't find the email in my archive though, so I > might be imagining it. This is what I remember, on the user side: > > struct { > struct vfio_iommu_type1_bind hdr; > struct pasid_table_config cfg; > } bind = { > .hdr.argsz = sizeof(bind), > .hdr.flags = VFIO_IOMMU_BIND_PASID_TABLE, > /* cfg data here */ > }; > > ioctl(container, VFIO_DEVICE_BIND, &bind); > or maybe just use your VFIO_IOMMU_BIND command and vfio_iommu_type1_bind with a new flag and PTC as the data. there can be future extensions, bind pasid table can be too narrow. And i agree below using argsz and flags are more flexible. i.e. /* takes pasid_table_config as data for flag VFIO_IOMMU_BIND_PASIDTBL */ struct vfio_iommu_type1_bind { __u32 argsz; __u32 flags; #define VFIO_IOMMU_BIND_PROCESS (1 << 0) #define VFIO_IOMMU_BIND_PASIDTBL (1 << 1) __u8 data[]; }; pseudo code in kernel: switch (bind.flags) { case VFIO_IOMMU_BIND_PROCESS: return vfio_iommu_type1_bind_process(iommu, (void *)arg, &bind); case VFIO_IOMMU_BIND_PASIDTBL: return vfio_iommu_type1_bind_pasid_tbl(iommu, &bind); } vfio_iommu_type1_bind_pasid_tbl(iommu, bind) { /* loop through domain list, group, device */ struct pasid_table_cfg *ptc = bind->data; iommu_bind_pasid_table(domain, device, ptc); } > > But I don't feel strongly about the interface. However I'd suggest to > keep incremental versioning like the rest of VFIO, with argsz and > flags, instead of version numbers, because it's more flexible. > > Initially the PTC struct would look like: > struct pasid_table_config { > u32 argsz; /* sizeof(pasid_table_config) */ > u32 flags; /* Should be zero */ > u64 base_ptr; > u8 model; > u8 pasid_bits; > }; > > (Even though it doesn't use a version field let's call this version 1 > for the sake of the example) > > ------ > If someone wants to add a new field to the structure, then they also > add a flag (let's call this version 2): > > struct pasid_table_config { > u32 argsz; > #define PASID_TABLE_CONFIG_EXTN (1 << 0) > u32 flags; > u64 base_ptr; > u8 model; > u8 pasid_bits; > u64 some_extension; > }; > > * Assume user has a version 2 header and kernel has a version 1 > header. > * If user doesn't want the extension, it doesn't set the EXTN flag. > The ioctl succeeds because the kernel checks that argsz >= > offsetofend(pasid_bits) and that (flags == 0). > * If user wants to use the extension, it sets the EXTN flag. The > ioctl fails because the kernel doesn't recognize the flag. > * Assume user has version 1 and kernel has version 2. > * User doesn't use the extension. The kernel still checks that > argsz >= offsetofend(pasid_bits), but also that (flags & > ~PASID_TABLE_CONFIG_EXTN), which succeeds. > * User wants the extension, sets PASID_TABLE_CONFIG_EXTN. When > seeing the flag, the kernel additionally checks that argsz >= > offsetofend(some_extension), which succeeds. > > ------ > Adding model-specific fields is a bit more complicated, because I > think they should always stay at the end of the struct. One solution > is to add padding for common extensions: > > struct pasid_table_config { > u32 argsz; > u32 flags; > u64 base_ptr; > u8 model; > u8 pasid_bits; > u8 padding[64]; > > union { > struct { > u8 s1dss; > u8 s1fmt; > } model_arm; > struct { > u64 foo; > } model_bar; > }; > }; > > (we might call this version 3, but can be added before or after > version 2, it doesn't matter) > > A subsequent extension can still add the "some_extension" field and a > flag. If the kernel sees model "ARM", then it checks argsz >= > offsetofend(model_arm). If it sees model "BAR" then it checks argsz >= > offsetofend(model_bar). A model could also have flags to make the > model-specific structure extensible. > > The problem is when we run out of space in the padding area, but we > might not need much extensibility in the common part. > > Thanks, > Jean [Jacob Pan]