Re: [PATCH 12/14] iommufd: Add APIs to preserve/unpreserve a vfio cdev

[Pranjal Shrivastava]

On Tue, Feb 03, 2026 at 10:09:46PM +0000, Samiullah Khawaja wrote:
> Add APIs that can be used to preserve and unpreserve a vfio cdev. Use
> the APIs exported by the IOMMU core to preserve/unpreserve device. Pass
> the LUO preservation token of the attached iommufd into IOMMU preserve
> device API. This establishes the ownership of the device with the
> preserved iommufd.
> 
> Signed-off-by: Samiullah Khawaja <skhawaja@xxxxxxxxxx>
> ---
>  drivers/iommu/iommufd/device.c | 69 ++++++++++++++++++++++++++++++++++
>  include/linux/iommufd.h        | 23 ++++++++++++
>  2 files changed, 92 insertions(+)
> 
> diff --git a/drivers/iommu/iommufd/device.c b/drivers/iommu/iommufd/device.c
> index 4c842368289f..30cb5218093b 100644
> --- a/drivers/iommu/iommufd/device.c
> +++ b/drivers/iommu/iommufd/device.c
> @@ -2,6 +2,7 @@
>  /* Copyright (c) 2021-2022, NVIDIA CORPORATION & AFFILIATES
>   */
>  #include <linux/iommu.h>
> +#include <linux/iommu-lu.h>
>  #include <linux/iommufd.h>
>  #include <linux/pci-ats.h>
>  #include <linux/slab.h>
> @@ -1661,3 +1662,71 @@ int iommufd_get_hw_info(struct iommufd_ucmd *ucmd)
>  	iommufd_put_object(ucmd->ictx, &idev->obj);
>  	return rc;
>  }
> +
> +#ifdef CONFIG_IOMMU_LIVEUPDATE
> +int iommufd_device_preserve(struct liveupdate_session *s,
> +			    struct iommufd_device *idev,
> +			    u64 *tokenp)
> +{
> +	struct iommufd_group *igroup = idev->igroup;
> +	struct iommufd_hwpt_paging *hwpt_paging;
> +	struct iommufd_hw_pagetable *hwpt;
> +	struct iommufd_attach *attach;
> +	int ret;
> +
> +	mutex_lock(&igroup->lock);
> +	attach = xa_load(&igroup->pasid_attach, IOMMU_NO_PASID);

By explicitly looking up IOMMU_NO_PASID, we skip any PASID attachments
the device might have. Since PASID live update is NOT supported in this
series, should we check if the pasid_attach xarray contains anything 
other than IOMMU_NO_PASID and return -EOPNOTSUPP? 

Otherwise, we silently fail to preserve those domains without informing
the VMM?

> +	if (!attach) {
> +		ret = -ENOENT;
> +		goto out;
> +	}
> +
> +	hwpt = attach->hwpt;
> +	hwpt_paging = find_hwpt_paging(hwpt);
> +	if (!hwpt_paging || !hwpt_paging->lu_preserve) {
> +		ret = -EINVAL;
> +		goto out;
> +	}
> +
> +	ret = liveupdate_get_token_outgoing(s, idev->ictx->file, tokenp);
> +	if (ret)
> +		goto out;
> +
> +	ret = iommu_preserve_device(hwpt_paging->common.domain,
> +				    idev->dev,
> +				    *tokenp);
> +out:
> +	mutex_unlock(&igroup->lock);
> +	return ret;
> +}
> +EXPORT_SYMBOL_NS_GPL(iommufd_device_preserve, "IOMMUFD");
> +
> +void iommufd_device_unpreserve(struct liveupdate_session *s,
> +			       struct iommufd_device *idev,
> +			       u64 token)
> +{
> +	struct iommufd_group *igroup = idev->igroup;
> +	struct iommufd_hwpt_paging *hwpt_paging;
> +	struct iommufd_hw_pagetable *hwpt;
> +	struct iommufd_attach *attach;
> +
> +	mutex_lock(&igroup->lock);
> +	attach = xa_load(&igroup->pasid_attach, IOMMU_NO_PASID);
> +	if (!attach) {
> +		WARN_ON(-ENOENT);

WARN_ON takes a condition.. if we want this to be printed always, why
not WARN_ON(1, "...") ? What's the significance of having -ENOENT as a
condition?

> +		goto out;
> +	}
> +
> +	hwpt = attach->hwpt;
> +	hwpt_paging = find_hwpt_paging(hwpt);
> +	if (!hwpt_paging || !hwpt_paging->lu_preserve) {
> +		WARN_ON(-EINVAL);

Same here for -EINVAL?

> +		goto out;
> +	}
> +
> +	iommu_unpreserve_device(hwpt_paging->common.domain, idev->dev);
> +out:
> +	mutex_unlock(&igroup->lock);
> +}
> +EXPORT_SYMBOL_NS_GPL(iommufd_device_unpreserve, "IOMMUFD");
> +#endif

[ ----- >8 ----- ]

Thanks,
Praan