From: Alex Williamson <alex.williamson@redhat.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Nelson Escobar <neescoba@cisco.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
Jason Wang <jasowang@redhat.com>,
virtualization@lists.linux-foundation.org,
Will Deacon <will@kernel.org>, Christoph Hellwig <hch@lst.de>,
linux-s390@vger.kernel.org, kvm@vger.kernel.org,
linux-rdma@vger.kernel.org, iommu@lists.linux-foundation.org,
Gerald Schaefer <gerald.schaefer@linux.ibm.com>,
David Woodhouse <dwmw2@infradead.org>,
"Tian, Kevin" <kevin.tian@intel.com>,
linux-arm-msm@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, netdev@vger.kernel.org,
Cornelia Huck <cohuck@redhat.com>,
Christian Benvenuti <benve@cisco.com>,
Robin Murphy <robin.murphy@arm.com>
Subject: Re: [PATCH 3/5] iommu: Introduce the domain op enforce_cache_coherency()
Date: Tue, 5 Apr 2022 13:50:36 -0600 [thread overview]
Message-ID: <20220405135036.4812c51e.alex.williamson@redhat.com> (raw)
In-Reply-To: <3-v1-ef02c60ddb76+12ca2-intel_no_snoop_jgg@nvidia.com>
On Tue, 5 Apr 2022 13:16:02 -0300
Jason Gunthorpe <jgg@nvidia.com> wrote:
> This new mechanism will replace using IOMMU_CAP_CACHE_COHERENCY and
> IOMMU_CACHE to control the no-snoop blocking behavior of the IOMMU.
>
> Currently only Intel and AMD IOMMUs are known to support this
> feature. They both implement it as an IOPTE bit, that when set, will cause
> PCIe TLPs to that IOVA with the no-snoop bit set to be treated as though
> the no-snoop bit was clear.
>
> The new API is triggered by calling enforce_cache_coherency() before
> mapping any IOVA to the domain which globally switches on no-snoop
> blocking. This allows other implementations that might block no-snoop
> globally and outside the IOPTE - AMD also documents such an HW capability.
>
> Leave AMD out of sync with Intel and have it block no-snoop even for
> in-kernel users. This can be trivially resolved in a follow up patch.
>
> Only VFIO will call this new API.
>
> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
> ---
> drivers/iommu/amd/iommu.c | 7 +++++++
> drivers/iommu/intel/iommu.c | 14 +++++++++++++-
> include/linux/intel-iommu.h | 1 +
> include/linux/iommu.h | 4 ++++
> 4 files changed, 25 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c
> index a1ada7bff44e61..e500b487eb3429 100644
> --- a/drivers/iommu/amd/iommu.c
> +++ b/drivers/iommu/amd/iommu.c
> @@ -2271,6 +2271,12 @@ static int amd_iommu_def_domain_type(struct device *dev)
> return 0;
> }
>
> +static bool amd_iommu_enforce_cache_coherency(struct iommu_domain *domain)
> +{
> + /* IOMMU_PTE_FC is always set */
> + return true;
> +}
> +
> const struct iommu_ops amd_iommu_ops = {
> .capable = amd_iommu_capable,
> .domain_alloc = amd_iommu_domain_alloc,
> @@ -2293,6 +2299,7 @@ const struct iommu_ops amd_iommu_ops = {
> .flush_iotlb_all = amd_iommu_flush_iotlb_all,
> .iotlb_sync = amd_iommu_iotlb_sync,
> .free = amd_iommu_domain_free,
> + .enforce_cache_coherency = amd_iommu_enforce_cache_coherency,
> }
> };
>
> diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
> index df5c62ecf942b8..f08611a6cc4799 100644
> --- a/drivers/iommu/intel/iommu.c
> +++ b/drivers/iommu/intel/iommu.c
> @@ -4422,7 +4422,8 @@ static int intel_iommu_map(struct iommu_domain *domain,
> prot |= DMA_PTE_READ;
> if (iommu_prot & IOMMU_WRITE)
> prot |= DMA_PTE_WRITE;
> - if ((iommu_prot & IOMMU_CACHE) && dmar_domain->iommu_snooping)
> + if (((iommu_prot & IOMMU_CACHE) && dmar_domain->iommu_snooping) ||
> + dmar_domain->enforce_no_snoop)
> prot |= DMA_PTE_SNP;
>
> max_addr = iova + size;
> @@ -4545,6 +4546,16 @@ static phys_addr_t intel_iommu_iova_to_phys(struct iommu_domain *domain,
> return phys;
> }
>
> +static bool intel_iommu_enforce_cache_coherency(struct iommu_domain *domain)
> +{
> + struct dmar_domain *dmar_domain = to_dmar_domain(domain);
> +
> + if (!dmar_domain->iommu_snooping)
> + return false;
> + dmar_domain->enforce_no_snoop = true;
> + return true;
> +}
Don't we have issues if we try to set DMA_PTE_SNP on DMARs that don't
support it, ie. reserved register bit set in pte faults? It seems
really inconsistent here that I could make a domain that supports
iommu_snooping, set enforce_no_snoop = true, then add another DMAR to
the domain that may not support iommu_snooping, I'd get false on the
subsequent enforcement test, but the dmar_domain is still trying to use
DMA_PTE_SNP.
There's also a disconnect, maybe just in the naming or documentation,
but if I call enforce_cache_coherency for a domain, that seems like the
domain should retain those semantics regardless of how it's modified,
ie. "enforced". For example, if I tried to perform the above operation,
I should get a failure attaching the device that brings in the less
capable DMAR because the domain has been set to enforce this feature.
If the API is that I need to re-enforce_cache_coherency on every
modification of the domain, shouldn't dmar_domain->enforce_no_snoop
also return to a default value on domain changes?
Maybe this should be something like set_no_snoop_squashing with the
above semantics, it needs to be re-applied whenever the domain:device
composition changes? Thanks,
Alex
> +
> static bool intel_iommu_capable(enum iommu_cap cap)
> {
> if (cap == IOMMU_CAP_CACHE_COHERENCY)
> @@ -4898,6 +4909,7 @@ const struct iommu_ops intel_iommu_ops = {
> .iotlb_sync = intel_iommu_tlb_sync,
> .iova_to_phys = intel_iommu_iova_to_phys,
> .free = intel_iommu_domain_free,
> + .enforce_cache_coherency = intel_iommu_enforce_cache_coherency,
> }
> };
>
> diff --git a/include/linux/intel-iommu.h b/include/linux/intel-iommu.h
> index 2f9891cb3d0014..1f930c0c225d94 100644
> --- a/include/linux/intel-iommu.h
> +++ b/include/linux/intel-iommu.h
> @@ -540,6 +540,7 @@ struct dmar_domain {
> u8 has_iotlb_device: 1;
> u8 iommu_coherency: 1; /* indicate coherency of iommu access */
> u8 iommu_snooping: 1; /* indicate snooping control feature */
> + u8 enforce_no_snoop : 1; /* Create IOPTEs with snoop control */
>
> struct list_head devices; /* all devices' list */
> struct iova_domain iovad; /* iova's that belong to this domain */
> diff --git a/include/linux/iommu.h b/include/linux/iommu.h
> index 9208eca4b0d1ac..fe4f24c469c373 100644
> --- a/include/linux/iommu.h
> +++ b/include/linux/iommu.h
> @@ -272,6 +272,9 @@ struct iommu_ops {
> * @iotlb_sync: Flush all queued ranges from the hardware TLBs and empty flush
> * queue
> * @iova_to_phys: translate iova to physical address
> + * @enforce_cache_coherency: Prevent any kind of DMA from bypassing IOMMU_CACHE,
> + * including no-snoop TLPs on PCIe or other platform
> + * specific mechanisms.
> * @enable_nesting: Enable nesting
> * @set_pgtable_quirks: Set io page table quirks (IO_PGTABLE_QUIRK_*)
> * @free: Release the domain after use.
> @@ -300,6 +303,7 @@ struct iommu_domain_ops {
> phys_addr_t (*iova_to_phys)(struct iommu_domain *domain,
> dma_addr_t iova);
>
> + bool (*enforce_cache_coherency)(struct iommu_domain *domain);
> int (*enable_nesting)(struct iommu_domain *domain);
> int (*set_pgtable_quirks)(struct iommu_domain *domain,
> unsigned long quirks);
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
WARNING: multiple messages have this Message-ID (diff)
From: Alex Williamson <alex.williamson@redhat.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Nelson Escobar <neescoba@cisco.com>,
Matthew Rosato <mjrosato@linux.ibm.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
virtualization@lists.linux-foundation.org,
Will Deacon <will@kernel.org>, Christoph Hellwig <hch@lst.de>,
linux-s390@vger.kernel.org, kvm@vger.kernel.org,
linux-rdma@vger.kernel.org, Joerg Roedel <joro@8bytes.org>,
iommu@lists.linux-foundation.org,
Gerald Schaefer <gerald.schaefer@linux.ibm.com>,
David Woodhouse <dwmw2@infradead.org>,
linux-arm-msm@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, netdev@vger.kernel.org,
Cornelia Huck <cohuck@redhat.com>,
Rob Clark <robdclark@gmail.com>,
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
Christian Benvenuti <benve@cisco.com>,
Robin Murphy <robin.murphy@arm.com>,
Lu Baolu <baolu.lu@linux.intel.com>
Subject: Re: [PATCH 3/5] iommu: Introduce the domain op enforce_cache_coherency()
Date: Tue, 5 Apr 2022 13:50:36 -0600 [thread overview]
Message-ID: <20220405135036.4812c51e.alex.williamson@redhat.com> (raw)
In-Reply-To: <3-v1-ef02c60ddb76+12ca2-intel_no_snoop_jgg@nvidia.com>
On Tue, 5 Apr 2022 13:16:02 -0300
Jason Gunthorpe <jgg@nvidia.com> wrote:
> This new mechanism will replace using IOMMU_CAP_CACHE_COHERENCY and
> IOMMU_CACHE to control the no-snoop blocking behavior of the IOMMU.
>
> Currently only Intel and AMD IOMMUs are known to support this
> feature. They both implement it as an IOPTE bit, that when set, will cause
> PCIe TLPs to that IOVA with the no-snoop bit set to be treated as though
> the no-snoop bit was clear.
>
> The new API is triggered by calling enforce_cache_coherency() before
> mapping any IOVA to the domain which globally switches on no-snoop
> blocking. This allows other implementations that might block no-snoop
> globally and outside the IOPTE - AMD also documents such an HW capability.
>
> Leave AMD out of sync with Intel and have it block no-snoop even for
> in-kernel users. This can be trivially resolved in a follow up patch.
>
> Only VFIO will call this new API.
>
> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
> ---
> drivers/iommu/amd/iommu.c | 7 +++++++
> drivers/iommu/intel/iommu.c | 14 +++++++++++++-
> include/linux/intel-iommu.h | 1 +
> include/linux/iommu.h | 4 ++++
> 4 files changed, 25 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c
> index a1ada7bff44e61..e500b487eb3429 100644
> --- a/drivers/iommu/amd/iommu.c
> +++ b/drivers/iommu/amd/iommu.c
> @@ -2271,6 +2271,12 @@ static int amd_iommu_def_domain_type(struct device *dev)
> return 0;
> }
>
> +static bool amd_iommu_enforce_cache_coherency(struct iommu_domain *domain)
> +{
> + /* IOMMU_PTE_FC is always set */
> + return true;
> +}
> +
> const struct iommu_ops amd_iommu_ops = {
> .capable = amd_iommu_capable,
> .domain_alloc = amd_iommu_domain_alloc,
> @@ -2293,6 +2299,7 @@ const struct iommu_ops amd_iommu_ops = {
> .flush_iotlb_all = amd_iommu_flush_iotlb_all,
> .iotlb_sync = amd_iommu_iotlb_sync,
> .free = amd_iommu_domain_free,
> + .enforce_cache_coherency = amd_iommu_enforce_cache_coherency,
> }
> };
>
> diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
> index df5c62ecf942b8..f08611a6cc4799 100644
> --- a/drivers/iommu/intel/iommu.c
> +++ b/drivers/iommu/intel/iommu.c
> @@ -4422,7 +4422,8 @@ static int intel_iommu_map(struct iommu_domain *domain,
> prot |= DMA_PTE_READ;
> if (iommu_prot & IOMMU_WRITE)
> prot |= DMA_PTE_WRITE;
> - if ((iommu_prot & IOMMU_CACHE) && dmar_domain->iommu_snooping)
> + if (((iommu_prot & IOMMU_CACHE) && dmar_domain->iommu_snooping) ||
> + dmar_domain->enforce_no_snoop)
> prot |= DMA_PTE_SNP;
>
> max_addr = iova + size;
> @@ -4545,6 +4546,16 @@ static phys_addr_t intel_iommu_iova_to_phys(struct iommu_domain *domain,
> return phys;
> }
>
> +static bool intel_iommu_enforce_cache_coherency(struct iommu_domain *domain)
> +{
> + struct dmar_domain *dmar_domain = to_dmar_domain(domain);
> +
> + if (!dmar_domain->iommu_snooping)
> + return false;
> + dmar_domain->enforce_no_snoop = true;
> + return true;
> +}
Don't we have issues if we try to set DMA_PTE_SNP on DMARs that don't
support it, ie. reserved register bit set in pte faults? It seems
really inconsistent here that I could make a domain that supports
iommu_snooping, set enforce_no_snoop = true, then add another DMAR to
the domain that may not support iommu_snooping, I'd get false on the
subsequent enforcement test, but the dmar_domain is still trying to use
DMA_PTE_SNP.
There's also a disconnect, maybe just in the naming or documentation,
but if I call enforce_cache_coherency for a domain, that seems like the
domain should retain those semantics regardless of how it's modified,
ie. "enforced". For example, if I tried to perform the above operation,
I should get a failure attaching the device that brings in the less
capable DMAR because the domain has been set to enforce this feature.
If the API is that I need to re-enforce_cache_coherency on every
modification of the domain, shouldn't dmar_domain->enforce_no_snoop
also return to a default value on domain changes?
Maybe this should be something like set_no_snoop_squashing with the
above semantics, it needs to be re-applied whenever the domain:device
composition changes? Thanks,
Alex
> +
> static bool intel_iommu_capable(enum iommu_cap cap)
> {
> if (cap == IOMMU_CAP_CACHE_COHERENCY)
> @@ -4898,6 +4909,7 @@ const struct iommu_ops intel_iommu_ops = {
> .iotlb_sync = intel_iommu_tlb_sync,
> .iova_to_phys = intel_iommu_iova_to_phys,
> .free = intel_iommu_domain_free,
> + .enforce_cache_coherency = intel_iommu_enforce_cache_coherency,
> }
> };
>
> diff --git a/include/linux/intel-iommu.h b/include/linux/intel-iommu.h
> index 2f9891cb3d0014..1f930c0c225d94 100644
> --- a/include/linux/intel-iommu.h
> +++ b/include/linux/intel-iommu.h
> @@ -540,6 +540,7 @@ struct dmar_domain {
> u8 has_iotlb_device: 1;
> u8 iommu_coherency: 1; /* indicate coherency of iommu access */
> u8 iommu_snooping: 1; /* indicate snooping control feature */
> + u8 enforce_no_snoop : 1; /* Create IOPTEs with snoop control */
>
> struct list_head devices; /* all devices' list */
> struct iova_domain iovad; /* iova's that belong to this domain */
> diff --git a/include/linux/iommu.h b/include/linux/iommu.h
> index 9208eca4b0d1ac..fe4f24c469c373 100644
> --- a/include/linux/iommu.h
> +++ b/include/linux/iommu.h
> @@ -272,6 +272,9 @@ struct iommu_ops {
> * @iotlb_sync: Flush all queued ranges from the hardware TLBs and empty flush
> * queue
> * @iova_to_phys: translate iova to physical address
> + * @enforce_cache_coherency: Prevent any kind of DMA from bypassing IOMMU_CACHE,
> + * including no-snoop TLPs on PCIe or other platform
> + * specific mechanisms.
> * @enable_nesting: Enable nesting
> * @set_pgtable_quirks: Set io page table quirks (IO_PGTABLE_QUIRK_*)
> * @free: Release the domain after use.
> @@ -300,6 +303,7 @@ struct iommu_domain_ops {
> phys_addr_t (*iova_to_phys)(struct iommu_domain *domain,
> dma_addr_t iova);
>
> + bool (*enforce_cache_coherency)(struct iommu_domain *domain);
> int (*enable_nesting)(struct iommu_domain *domain);
> int (*set_pgtable_quirks)(struct iommu_domain *domain,
> unsigned long quirks);
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
WARNING: multiple messages have this Message-ID (diff)
From: Alex Williamson <alex.williamson@redhat.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Lu Baolu <baolu.lu@linux.intel.com>,
Christian Benvenuti <benve@cisco.com>,
Cornelia Huck <cohuck@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Gerald Schaefer <gerald.schaefer@linux.ibm.com>,
iommu@lists.linux-foundation.org,
Jason Wang <jasowang@redhat.com>, Joerg Roedel <joro@8bytes.org>,
kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
linux-arm-msm@vger.kernel.org, linux-rdma@vger.kernel.org,
linux-s390@vger.kernel.org,
Matthew Rosato <mjrosato@linux.ibm.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
Nelson Escobar <neescoba@cisco.com>,
netdev@vger.kernel.org, Rob Clark <robdclark@gmail.com>,
Robin Murphy <robin.murphy@arm.com>,
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
virtualization@lists.linux-foundation.org,
Will Deacon <will@kernel.org>, Christoph Hellwig <hch@lst.de>,
"Tian, Kevin" <kevin.tian@intel.com>
Subject: Re: [PATCH 3/5] iommu: Introduce the domain op enforce_cache_coherency()
Date: Tue, 5 Apr 2022 13:50:36 -0600 [thread overview]
Message-ID: <20220405135036.4812c51e.alex.williamson@redhat.com> (raw)
In-Reply-To: <3-v1-ef02c60ddb76+12ca2-intel_no_snoop_jgg@nvidia.com>
On Tue, 5 Apr 2022 13:16:02 -0300
Jason Gunthorpe <jgg@nvidia.com> wrote:
> This new mechanism will replace using IOMMU_CAP_CACHE_COHERENCY and
> IOMMU_CACHE to control the no-snoop blocking behavior of the IOMMU.
>
> Currently only Intel and AMD IOMMUs are known to support this
> feature. They both implement it as an IOPTE bit, that when set, will cause
> PCIe TLPs to that IOVA with the no-snoop bit set to be treated as though
> the no-snoop bit was clear.
>
> The new API is triggered by calling enforce_cache_coherency() before
> mapping any IOVA to the domain which globally switches on no-snoop
> blocking. This allows other implementations that might block no-snoop
> globally and outside the IOPTE - AMD also documents such an HW capability.
>
> Leave AMD out of sync with Intel and have it block no-snoop even for
> in-kernel users. This can be trivially resolved in a follow up patch.
>
> Only VFIO will call this new API.
>
> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
> ---
> drivers/iommu/amd/iommu.c | 7 +++++++
> drivers/iommu/intel/iommu.c | 14 +++++++++++++-
> include/linux/intel-iommu.h | 1 +
> include/linux/iommu.h | 4 ++++
> 4 files changed, 25 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c
> index a1ada7bff44e61..e500b487eb3429 100644
> --- a/drivers/iommu/amd/iommu.c
> +++ b/drivers/iommu/amd/iommu.c
> @@ -2271,6 +2271,12 @@ static int amd_iommu_def_domain_type(struct device *dev)
> return 0;
> }
>
> +static bool amd_iommu_enforce_cache_coherency(struct iommu_domain *domain)
> +{
> + /* IOMMU_PTE_FC is always set */
> + return true;
> +}
> +
> const struct iommu_ops amd_iommu_ops = {
> .capable = amd_iommu_capable,
> .domain_alloc = amd_iommu_domain_alloc,
> @@ -2293,6 +2299,7 @@ const struct iommu_ops amd_iommu_ops = {
> .flush_iotlb_all = amd_iommu_flush_iotlb_all,
> .iotlb_sync = amd_iommu_iotlb_sync,
> .free = amd_iommu_domain_free,
> + .enforce_cache_coherency = amd_iommu_enforce_cache_coherency,
> }
> };
>
> diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
> index df5c62ecf942b8..f08611a6cc4799 100644
> --- a/drivers/iommu/intel/iommu.c
> +++ b/drivers/iommu/intel/iommu.c
> @@ -4422,7 +4422,8 @@ static int intel_iommu_map(struct iommu_domain *domain,
> prot |= DMA_PTE_READ;
> if (iommu_prot & IOMMU_WRITE)
> prot |= DMA_PTE_WRITE;
> - if ((iommu_prot & IOMMU_CACHE) && dmar_domain->iommu_snooping)
> + if (((iommu_prot & IOMMU_CACHE) && dmar_domain->iommu_snooping) ||
> + dmar_domain->enforce_no_snoop)
> prot |= DMA_PTE_SNP;
>
> max_addr = iova + size;
> @@ -4545,6 +4546,16 @@ static phys_addr_t intel_iommu_iova_to_phys(struct iommu_domain *domain,
> return phys;
> }
>
> +static bool intel_iommu_enforce_cache_coherency(struct iommu_domain *domain)
> +{
> + struct dmar_domain *dmar_domain = to_dmar_domain(domain);
> +
> + if (!dmar_domain->iommu_snooping)
> + return false;
> + dmar_domain->enforce_no_snoop = true;
> + return true;
> +}
Don't we have issues if we try to set DMA_PTE_SNP on DMARs that don't
support it, ie. reserved register bit set in pte faults? It seems
really inconsistent here that I could make a domain that supports
iommu_snooping, set enforce_no_snoop = true, then add another DMAR to
the domain that may not support iommu_snooping, I'd get false on the
subsequent enforcement test, but the dmar_domain is still trying to use
DMA_PTE_SNP.
There's also a disconnect, maybe just in the naming or documentation,
but if I call enforce_cache_coherency for a domain, that seems like the
domain should retain those semantics regardless of how it's modified,
ie. "enforced". For example, if I tried to perform the above operation,
I should get a failure attaching the device that brings in the less
capable DMAR because the domain has been set to enforce this feature.
If the API is that I need to re-enforce_cache_coherency on every
modification of the domain, shouldn't dmar_domain->enforce_no_snoop
also return to a default value on domain changes?
Maybe this should be something like set_no_snoop_squashing with the
above semantics, it needs to be re-applied whenever the domain:device
composition changes? Thanks,
Alex
> +
> static bool intel_iommu_capable(enum iommu_cap cap)
> {
> if (cap == IOMMU_CAP_CACHE_COHERENCY)
> @@ -4898,6 +4909,7 @@ const struct iommu_ops intel_iommu_ops = {
> .iotlb_sync = intel_iommu_tlb_sync,
> .iova_to_phys = intel_iommu_iova_to_phys,
> .free = intel_iommu_domain_free,
> + .enforce_cache_coherency = intel_iommu_enforce_cache_coherency,
> }
> };
>
> diff --git a/include/linux/intel-iommu.h b/include/linux/intel-iommu.h
> index 2f9891cb3d0014..1f930c0c225d94 100644
> --- a/include/linux/intel-iommu.h
> +++ b/include/linux/intel-iommu.h
> @@ -540,6 +540,7 @@ struct dmar_domain {
> u8 has_iotlb_device: 1;
> u8 iommu_coherency: 1; /* indicate coherency of iommu access */
> u8 iommu_snooping: 1; /* indicate snooping control feature */
> + u8 enforce_no_snoop : 1; /* Create IOPTEs with snoop control */
>
> struct list_head devices; /* all devices' list */
> struct iova_domain iovad; /* iova's that belong to this domain */
> diff --git a/include/linux/iommu.h b/include/linux/iommu.h
> index 9208eca4b0d1ac..fe4f24c469c373 100644
> --- a/include/linux/iommu.h
> +++ b/include/linux/iommu.h
> @@ -272,6 +272,9 @@ struct iommu_ops {
> * @iotlb_sync: Flush all queued ranges from the hardware TLBs and empty flush
> * queue
> * @iova_to_phys: translate iova to physical address
> + * @enforce_cache_coherency: Prevent any kind of DMA from bypassing IOMMU_CACHE,
> + * including no-snoop TLPs on PCIe or other platform
> + * specific mechanisms.
> * @enable_nesting: Enable nesting
> * @set_pgtable_quirks: Set io page table quirks (IO_PGTABLE_QUIRK_*)
> * @free: Release the domain after use.
> @@ -300,6 +303,7 @@ struct iommu_domain_ops {
> phys_addr_t (*iova_to_phys)(struct iommu_domain *domain,
> dma_addr_t iova);
>
> + bool (*enforce_cache_coherency)(struct iommu_domain *domain);
> int (*enable_nesting)(struct iommu_domain *domain);
> int (*set_pgtable_quirks)(struct iommu_domain *domain,
> unsigned long quirks);
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Alex Williamson <alex.williamson@redhat.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Lu Baolu <baolu.lu@linux.intel.com>,
Christian Benvenuti <benve@cisco.com>,
Cornelia Huck <cohuck@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Gerald Schaefer <gerald.schaefer@linux.ibm.com>,
iommu@lists.linux-foundation.org,
Jason Wang <jasowang@redhat.com>, Joerg Roedel <joro@8bytes.org>,
kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
linux-arm-msm@vger.kernel.org, linux-rdma@vger.kernel.org,
linux-s390@vger.kernel.org,
Matthew Rosato <mjrosato@linux.ibm.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
Nelson Escobar <neescoba@cisco.com>,
netdev@vger.kernel.org, Rob Clark <robdclark@gmail.com>,
Robin Murphy <robin.murphy@arm.com>,
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
virtualization@lists.linux-foundation.org,
Will Deacon <will@kernel.org>, Christoph Hellwig <hch@lst.de>,
"Tian, Kevin" <kevin.tian@intel.com>
Subject: Re: [PATCH 3/5] iommu: Introduce the domain op enforce_cache_coherency()
Date: Tue, 5 Apr 2022 13:50:36 -0600 [thread overview]
Message-ID: <20220405135036.4812c51e.alex.williamson@redhat.com> (raw)
In-Reply-To: <3-v1-ef02c60ddb76+12ca2-intel_no_snoop_jgg@nvidia.com>
On Tue, 5 Apr 2022 13:16:02 -0300
Jason Gunthorpe <jgg@nvidia.com> wrote:
> This new mechanism will replace using IOMMU_CAP_CACHE_COHERENCY and
> IOMMU_CACHE to control the no-snoop blocking behavior of the IOMMU.
>
> Currently only Intel and AMD IOMMUs are known to support this
> feature. They both implement it as an IOPTE bit, that when set, will cause
> PCIe TLPs to that IOVA with the no-snoop bit set to be treated as though
> the no-snoop bit was clear.
>
> The new API is triggered by calling enforce_cache_coherency() before
> mapping any IOVA to the domain which globally switches on no-snoop
> blocking. This allows other implementations that might block no-snoop
> globally and outside the IOPTE - AMD also documents such an HW capability.
>
> Leave AMD out of sync with Intel and have it block no-snoop even for
> in-kernel users. This can be trivially resolved in a follow up patch.
>
> Only VFIO will call this new API.
>
> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
> ---
> drivers/iommu/amd/iommu.c | 7 +++++++
> drivers/iommu/intel/iommu.c | 14 +++++++++++++-
> include/linux/intel-iommu.h | 1 +
> include/linux/iommu.h | 4 ++++
> 4 files changed, 25 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c
> index a1ada7bff44e61..e500b487eb3429 100644
> --- a/drivers/iommu/amd/iommu.c
> +++ b/drivers/iommu/amd/iommu.c
> @@ -2271,6 +2271,12 @@ static int amd_iommu_def_domain_type(struct device *dev)
> return 0;
> }
>
> +static bool amd_iommu_enforce_cache_coherency(struct iommu_domain *domain)
> +{
> + /* IOMMU_PTE_FC is always set */
> + return true;
> +}
> +
> const struct iommu_ops amd_iommu_ops = {
> .capable = amd_iommu_capable,
> .domain_alloc = amd_iommu_domain_alloc,
> @@ -2293,6 +2299,7 @@ const struct iommu_ops amd_iommu_ops = {
> .flush_iotlb_all = amd_iommu_flush_iotlb_all,
> .iotlb_sync = amd_iommu_iotlb_sync,
> .free = amd_iommu_domain_free,
> + .enforce_cache_coherency = amd_iommu_enforce_cache_coherency,
> }
> };
>
> diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
> index df5c62ecf942b8..f08611a6cc4799 100644
> --- a/drivers/iommu/intel/iommu.c
> +++ b/drivers/iommu/intel/iommu.c
> @@ -4422,7 +4422,8 @@ static int intel_iommu_map(struct iommu_domain *domain,
> prot |= DMA_PTE_READ;
> if (iommu_prot & IOMMU_WRITE)
> prot |= DMA_PTE_WRITE;
> - if ((iommu_prot & IOMMU_CACHE) && dmar_domain->iommu_snooping)
> + if (((iommu_prot & IOMMU_CACHE) && dmar_domain->iommu_snooping) ||
> + dmar_domain->enforce_no_snoop)
> prot |= DMA_PTE_SNP;
>
> max_addr = iova + size;
> @@ -4545,6 +4546,16 @@ static phys_addr_t intel_iommu_iova_to_phys(struct iommu_domain *domain,
> return phys;
> }
>
> +static bool intel_iommu_enforce_cache_coherency(struct iommu_domain *domain)
> +{
> + struct dmar_domain *dmar_domain = to_dmar_domain(domain);
> +
> + if (!dmar_domain->iommu_snooping)
> + return false;
> + dmar_domain->enforce_no_snoop = true;
> + return true;
> +}
Don't we have issues if we try to set DMA_PTE_SNP on DMARs that don't
support it, ie. reserved register bit set in pte faults? It seems
really inconsistent here that I could make a domain that supports
iommu_snooping, set enforce_no_snoop = true, then add another DMAR to
the domain that may not support iommu_snooping, I'd get false on the
subsequent enforcement test, but the dmar_domain is still trying to use
DMA_PTE_SNP.
There's also a disconnect, maybe just in the naming or documentation,
but if I call enforce_cache_coherency for a domain, that seems like the
domain should retain those semantics regardless of how it's modified,
ie. "enforced". For example, if I tried to perform the above operation,
I should get a failure attaching the device that brings in the less
capable DMAR because the domain has been set to enforce this feature.
If the API is that I need to re-enforce_cache_coherency on every
modification of the domain, shouldn't dmar_domain->enforce_no_snoop
also return to a default value on domain changes?
Maybe this should be something like set_no_snoop_squashing with the
above semantics, it needs to be re-applied whenever the domain:device
composition changes? Thanks,
Alex
> +
> static bool intel_iommu_capable(enum iommu_cap cap)
> {
> if (cap == IOMMU_CAP_CACHE_COHERENCY)
> @@ -4898,6 +4909,7 @@ const struct iommu_ops intel_iommu_ops = {
> .iotlb_sync = intel_iommu_tlb_sync,
> .iova_to_phys = intel_iommu_iova_to_phys,
> .free = intel_iommu_domain_free,
> + .enforce_cache_coherency = intel_iommu_enforce_cache_coherency,
> }
> };
>
> diff --git a/include/linux/intel-iommu.h b/include/linux/intel-iommu.h
> index 2f9891cb3d0014..1f930c0c225d94 100644
> --- a/include/linux/intel-iommu.h
> +++ b/include/linux/intel-iommu.h
> @@ -540,6 +540,7 @@ struct dmar_domain {
> u8 has_iotlb_device: 1;
> u8 iommu_coherency: 1; /* indicate coherency of iommu access */
> u8 iommu_snooping: 1; /* indicate snooping control feature */
> + u8 enforce_no_snoop : 1; /* Create IOPTEs with snoop control */
>
> struct list_head devices; /* all devices' list */
> struct iova_domain iovad; /* iova's that belong to this domain */
> diff --git a/include/linux/iommu.h b/include/linux/iommu.h
> index 9208eca4b0d1ac..fe4f24c469c373 100644
> --- a/include/linux/iommu.h
> +++ b/include/linux/iommu.h
> @@ -272,6 +272,9 @@ struct iommu_ops {
> * @iotlb_sync: Flush all queued ranges from the hardware TLBs and empty flush
> * queue
> * @iova_to_phys: translate iova to physical address
> + * @enforce_cache_coherency: Prevent any kind of DMA from bypassing IOMMU_CACHE,
> + * including no-snoop TLPs on PCIe or other platform
> + * specific mechanisms.
> * @enable_nesting: Enable nesting
> * @set_pgtable_quirks: Set io page table quirks (IO_PGTABLE_QUIRK_*)
> * @free: Release the domain after use.
> @@ -300,6 +303,7 @@ struct iommu_domain_ops {
> phys_addr_t (*iova_to_phys)(struct iommu_domain *domain,
> dma_addr_t iova);
>
> + bool (*enforce_cache_coherency)(struct iommu_domain *domain);
> int (*enable_nesting)(struct iommu_domain *domain);
> int (*set_pgtable_quirks)(struct iommu_domain *domain,
> unsigned long quirks);
next prev parent reply other threads:[~2022-04-05 19:50 UTC|newest]
Thread overview: 135+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-05 16:15 [PATCH 0/5] Make the iommu driver no-snoop block feature consistent Jason Gunthorpe via iommu
2022-04-05 16:15 ` Jason Gunthorpe
2022-04-05 16:15 ` Jason Gunthorpe
2022-04-05 16:16 ` [PATCH 1/5] iommu: Replace uses of IOMMU_CAP_CACHE_COHERENCY with dev_is_dma_coherent() Jason Gunthorpe via iommu
2022-04-05 16:16 ` Jason Gunthorpe
2022-04-05 16:16 ` Jason Gunthorpe
2022-04-06 5:30 ` Christoph Hellwig
2022-04-06 5:30 ` Christoph Hellwig
2022-04-06 5:30 ` Christoph Hellwig
2022-04-06 5:30 ` Christoph Hellwig
2022-04-06 12:07 ` Jason Gunthorpe via iommu
2022-04-06 12:07 ` Jason Gunthorpe
2022-04-06 12:07 ` Jason Gunthorpe
2022-04-06 13:51 ` Christoph Hellwig
2022-04-06 13:51 ` Christoph Hellwig
2022-04-06 13:51 ` Christoph Hellwig
2022-04-06 13:51 ` Christoph Hellwig
2022-04-06 14:14 ` Jason Gunthorpe via iommu
2022-04-06 14:14 ` Jason Gunthorpe
2022-04-06 14:14 ` Jason Gunthorpe
2022-04-06 15:47 ` Christoph Hellwig
2022-04-06 15:47 ` Christoph Hellwig
2022-04-06 15:47 ` Christoph Hellwig
2022-04-06 15:47 ` Christoph Hellwig
2022-04-06 15:48 ` Jason Gunthorpe via iommu
2022-04-06 15:48 ` Jason Gunthorpe
2022-04-06 15:48 ` Jason Gunthorpe
2022-04-06 15:48 ` Robin Murphy
2022-04-06 15:48 ` Robin Murphy
2022-04-06 15:48 ` Robin Murphy
2022-04-06 15:48 ` Robin Murphy
2022-04-06 13:56 ` Robin Murphy
2022-04-06 13:56 ` Robin Murphy
2022-04-06 13:56 ` Robin Murphy
2022-04-06 13:56 ` Robin Murphy
2022-04-06 14:24 ` Jason Gunthorpe via iommu
2022-04-06 14:24 ` Jason Gunthorpe
2022-04-06 14:24 ` Jason Gunthorpe
2022-04-06 15:18 ` Jason Gunthorpe via iommu
2022-04-06 15:18 ` Jason Gunthorpe
2022-04-06 15:18 ` Jason Gunthorpe
2022-04-06 15:50 ` Christoph Hellwig
2022-04-06 15:50 ` Christoph Hellwig
2022-04-06 15:50 ` Christoph Hellwig
2022-04-06 15:50 ` Christoph Hellwig
2022-04-06 16:06 ` Jason Gunthorpe via iommu
2022-04-06 16:06 ` Jason Gunthorpe
2022-04-06 16:06 ` Jason Gunthorpe
2022-04-06 16:10 ` Christoph Hellwig
2022-04-06 16:10 ` Christoph Hellwig
2022-04-06 16:10 ` Christoph Hellwig
2022-04-06 16:10 ` Christoph Hellwig
2022-04-06 17:17 ` Jason Gunthorpe via iommu
2022-04-06 17:17 ` Jason Gunthorpe
2022-04-06 17:17 ` Jason Gunthorpe
2022-04-07 7:18 ` Tian, Kevin
2022-04-07 7:18 ` Tian, Kevin
2022-04-07 7:18 ` Tian, Kevin
2022-04-07 7:18 ` Tian, Kevin
2022-04-07 13:59 ` Jason Gunthorpe via iommu
2022-04-07 13:59 ` Jason Gunthorpe
2022-04-07 13:59 ` Jason Gunthorpe
2022-04-07 15:17 ` Robin Murphy
2022-04-07 15:17 ` Robin Murphy
2022-04-07 15:17 ` Robin Murphy
2022-04-07 15:17 ` Robin Murphy
2022-04-07 15:23 ` Jason Gunthorpe
2022-04-07 15:23 ` Jason Gunthorpe
2022-04-07 15:23 ` Jason Gunthorpe via iommu
2022-04-07 22:37 ` Alex Williamson
2022-04-07 22:37 ` Alex Williamson
2022-04-07 22:37 ` Alex Williamson
2022-04-07 22:37 ` Alex Williamson
2022-04-07 15:31 ` Christoph Hellwig
2022-04-07 15:31 ` Christoph Hellwig
2022-04-07 15:31 ` Christoph Hellwig
2022-04-07 15:31 ` Christoph Hellwig
2022-04-07 8:53 ` Niklas Schnelle
2022-04-07 8:53 ` Niklas Schnelle
2022-04-07 8:53 ` Niklas Schnelle
2022-04-05 16:16 ` [PATCH 2/5] vfio: Require that devices support DMA cache coherence Jason Gunthorpe via iommu
2022-04-05 16:16 ` Jason Gunthorpe
2022-04-05 16:16 ` Jason Gunthorpe
2022-04-05 19:10 ` Alex Williamson
2022-04-05 19:10 ` Alex Williamson
2022-04-05 19:10 ` Alex Williamson
2022-04-05 19:10 ` Alex Williamson
2022-04-05 19:29 ` Jason Gunthorpe via iommu
2022-04-05 19:29 ` Jason Gunthorpe
2022-04-05 19:29 ` Jason Gunthorpe
2022-04-06 7:02 ` Tian, Kevin
2022-04-06 7:02 ` Tian, Kevin
2022-04-06 7:02 ` Tian, Kevin
2022-04-06 7:02 ` Tian, Kevin
2022-04-07 14:53 ` Jason Gunthorpe
2022-04-07 14:53 ` Jason Gunthorpe
2022-04-07 14:53 ` Jason Gunthorpe via iommu
2022-04-05 16:16 ` [PATCH 3/5] iommu: Introduce the domain op enforce_cache_coherency() Jason Gunthorpe via iommu
2022-04-05 16:16 ` Jason Gunthorpe
2022-04-05 16:16 ` Jason Gunthorpe
2022-04-05 19:50 ` Alex Williamson [this message]
2022-04-05 19:50 ` Alex Williamson
2022-04-05 19:50 ` Alex Williamson
2022-04-05 19:50 ` Alex Williamson
2022-04-05 22:57 ` Jason Gunthorpe via iommu
2022-04-05 22:57 ` Jason Gunthorpe
2022-04-05 22:57 ` Jason Gunthorpe
2022-04-05 23:31 ` Tian, Kevin
2022-04-05 23:31 ` Tian, Kevin
2022-04-05 23:31 ` Tian, Kevin
2022-04-05 23:31 ` Tian, Kevin
2022-04-06 0:08 ` Tian, Kevin
2022-04-06 0:08 ` Tian, Kevin
2022-04-06 0:08 ` Tian, Kevin
2022-04-06 0:08 ` Tian, Kevin
2022-04-06 7:09 ` Tian, Kevin
2022-04-06 7:09 ` Tian, Kevin
2022-04-06 7:09 ` Tian, Kevin
2022-04-06 7:09 ` Tian, Kevin
2022-04-06 12:27 ` Jason Gunthorpe via iommu
2022-04-06 12:27 ` Jason Gunthorpe
2022-04-06 12:27 ` Jason Gunthorpe
2022-04-05 16:16 ` [PATCH 4/5] vfio: Move the Intel no-snoop control off of IOMMU_CACHE Jason Gunthorpe via iommu
2022-04-05 16:16 ` Jason Gunthorpe
2022-04-05 16:16 ` Jason Gunthorpe
2022-04-05 16:16 ` [PATCH 5/5] iommu: Delete IOMMU_CAP_CACHE_COHERENCY Jason Gunthorpe via iommu
2022-04-05 16:16 ` Jason Gunthorpe
2022-04-05 16:16 ` Jason Gunthorpe
2022-04-06 6:52 ` [PATCH 0/5] Make the iommu driver no-snoop block feature consistent Tian, Kevin
2022-04-06 6:52 ` Tian, Kevin
2022-04-06 6:52 ` Tian, Kevin
2022-04-06 6:52 ` Tian, Kevin
2022-04-07 14:56 ` Jason Gunthorpe
2022-04-07 14:56 ` Jason Gunthorpe
2022-04-07 14:56 ` Jason Gunthorpe via iommu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220405135036.4812c51e.alex.williamson@redhat.com \
--to=alex.williamson@redhat.com \
--cc=benve@cisco.com \
--cc=cohuck@redhat.com \
--cc=dwmw2@infradead.org \
--cc=gerald.schaefer@linux.ibm.com \
--cc=hch@lst.de \
--cc=iommu@lists.linux-foundation.org \
--cc=jasowang@redhat.com \
--cc=jgg@nvidia.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=mst@redhat.com \
--cc=neescoba@cisco.com \
--cc=netdev@vger.kernel.org \
--cc=robin.murphy@arm.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.