[PATCH v3 3/6] iommu: Add return value rules to attach_dev op and APIs

Nicolin Chen posted 6 patches 2 years, 2 months ago
There is a newer version of this series
[PATCH v3 3/6] iommu: Add return value rules to attach_dev op and APIs
Posted by Nicolin Chen 2 years, 2 months ago
Cases like VFIO wish to attach a device to an existing domain that was
not allocated specifically from the device. This raises a condition
where the IOMMU driver can fail the domain attach because the domain and
device are incompatible with each other.

This is a soft failure that can be resolved by using a different domain.

Provide a dedicated errno EINVAL from the IOMMU driver during attach that
the reason why the attach failed is because of domain incompatibility.

VFIO can use this to know that the attach is a soft failure and it should
continue searching. Otherwise, the attach will be a hard failure and VFIO
will return the code to userspace.

Update kdocs to add rules of return value to the attach_dev op and APIs.

Suggested-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Nicolin Chen <nicolinc@nvidia.com>
---
 drivers/iommu/iommu.c | 24 ++++++++++++++++++++++++
 include/linux/iommu.h | 12 ++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
index 3a808146b50f..e4d2ee99a264 100644
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -1975,6 +1975,18 @@ static int __iommu_attach_device(struct iommu_domain *domain,
 	return ret;
 }
 
+/**
+ * iommu_attach_device - Attach a device to an IOMMU domain
+ * @domain: IOMMU domain to attach
+ * @dev: Device that will be attached
+ *
+ * Returns 0 on success and error code on failure
+ *
+ * Note that EINVAL may be returned as a soft failure if the domain and device
+ * are incompatible: if the domain has already been used or configured in some
+ * way, attaching the same device to a different domain may succeed. Otherwise,
+ * it may still represent some fundamental problem.
+ */
 int iommu_attach_device(struct iommu_domain *domain, struct device *dev)
 {
 	struct iommu_group *group;
@@ -2101,6 +2113,18 @@ static int __iommu_attach_group(struct iommu_domain *domain,
 	return ret;
 }
 
+/**
+ * iommu_attach_group - Attach an IOMMU group to an IOMMU domain
+ * @domain: IOMMU domain to attach
+ * @group: IOMMU group that will be attached
+ *
+ * Returns 0 on success and error code on failure
+ *
+ * Note that EINVAL may be returned as a soft failure if the domain and group
+ * are incompatible: if the domain has already been used or configured in some
+ * way, attaching the same group to a different domain may succeed. Otherwise,
+ * it may still represent some fundamental problem.
+ */
 int iommu_attach_group(struct iommu_domain *domain, struct iommu_group *group)
 {
 	int ret;
diff --git a/include/linux/iommu.h b/include/linux/iommu.h
index ea30f00dc145..90960fa8cd91 100644
--- a/include/linux/iommu.h
+++ b/include/linux/iommu.h
@@ -266,6 +266,18 @@ struct iommu_ops {
 /**
  * struct iommu_domain_ops - domain specific operations
  * @attach_dev: attach an iommu domain to a device
+ *  Return:
+ * * 0		- success
+ * * EINVAL	- the device and domain are incompatible. If this is due to some
+ *		  previous configuration of the domain, drivers shouldn't log an
+ *		  error, since it is legitimate for a caller to test reuse of an
+ *		  existing domain. Otherwise, it may still represent some other
+ *		  fundamental problem
+ * * ENOMEM	- out of memory
+ * * ENOSPC	- non-ENOMEM type of resource allocation failures
+ * * EBUSY	- device is attached to a domain and cannot be changed
+ * * ENODEV	- device specific errors, not able to be attached
+ * * <others>	- treated as ENODEV by the caller. Use is discouraged
  * @detach_dev: detach an iommu domain from a device
  * @map: map a physically contiguous memory region to an iommu domain
  * @map_pages: map a physically contiguous set of pages of the same size to
-- 
2.17.1
RE: [PATCH v3 3/6] iommu: Add return value rules to attach_dev op and APIs
Posted by Tian, Kevin 2 years, 1 month ago
> From: Nicolin Chen <nicolinc@nvidia.com>
> Sent: Thursday, September 15, 2022 3:54 PM
> 
> +/**
> + * iommu_attach_device - Attach a device to an IOMMU domain
> + * @domain: IOMMU domain to attach
> + * @dev: Device that will be attached
> + *
> + * Returns 0 on success and error code on failure
> + *
> + * Note that EINVAL may be returned as a soft failure if the domain and
> device
> + * are incompatible: if the domain has already been used or configured in
> some

I didn't get the meaning of the 'if' part.

> + * way, attaching the same device to a different domain may succeed.
> Otherwise,
> + * it may still represent some fundamental problem.

I'm not sure what the sentence after 'otherwise' actually adds to the
caller. There is no way to differentiate incompatibility vs. fundamental
problem, hence pointless for the caller to know this fact.

IMHO just state that the caller can treat -EINVAL as soft failure indicating
incompatibility issue between domain and device.

Later for @attach_dev you can add that driver may return (but not
recommend) -EINVAL for some fundamental problems.
Re: [PATCH v3 3/6] iommu: Add return value rules to attach_dev op and APIs
Posted by Nicolin Chen 2 years, 1 month ago
On Tue, Sep 20, 2022 at 06:24:58AM +0000, Tian, Kevin wrote:
> External email: Use caution opening links or attachments
> 
> 
> > From: Nicolin Chen <nicolinc@nvidia.com>
> > Sent: Thursday, September 15, 2022 3:54 PM
> >
> > +/**
> > + * iommu_attach_device - Attach a device to an IOMMU domain
> > + * @domain: IOMMU domain to attach
> > + * @dev: Device that will be attached
> > + *
> > + * Returns 0 on success and error code on failure
> > + *
> > + * Note that EINVAL may be returned as a soft failure if the domain and
> > device
> > + * are incompatible: if the domain has already been used or configured in
> > some
> 
> I didn't get the meaning of the 'if' part.

It means that the failure of attaching the device to the domain is
due to the domain configuration.

> > + * way, attaching the same device to a different domain may succeed.
> > Otherwise,
> > + * it may still represent some fundamental problem.
> 
> I'm not sure what the sentence after 'otherwise' actually adds to the
> caller. There is no way to differentiate incompatibility vs. fundamental
> problem, hence pointless for the caller to know this fact.
> 
> IMHO just state that the caller can treat -EINVAL as soft failure indicating
> incompatibility issue between domain and device.

OK. I changed to:
+ * Note that EINVAL may be returned as a soft failure if the domain and device
+ * are incompatible due to some previous configuration of the domain, in which
+ * case attaching the same device to a different domain may succeed.

> Later for @attach_dev you can add that driver may return (but not
> recommend) -EINVAL for some fundamental problems.

OK.