Re: [PATCH 12/14] iommufd: Add APIs to preserve/unpreserve a vfio cdev
From: Samiullah Khawaja
Date: Wed Mar 25 2026 - 16:46:36 EST
On Wed, Mar 25, 2026 at 08:24:24PM +0000, Pranjal Shrivastava wrote:
On Tue, Feb 03, 2026 at 10:09:46PM +0000, Samiullah Khawaja wrote:
Add APIs that can be used to preserve and unpreserve a vfio cdev. Use
the APIs exported by the IOMMU core to preserve/unpreserve device. Pass
the LUO preservation token of the attached iommufd into IOMMU preserve
device API. This establishes the ownership of the device with the
preserved iommufd.
Signed-off-by: Samiullah Khawaja <skhawaja@xxxxxxxxxx>
---
drivers/iommu/iommufd/device.c | 69 ++++++++++++++++++++++++++++++++++
include/linux/iommufd.h | 23 ++++++++++++
2 files changed, 92 insertions(+)
diff --git a/drivers/iommu/iommufd/device.c b/drivers/iommu/iommufd/device.c
index 4c842368289f..30cb5218093b 100644
--- a/drivers/iommu/iommufd/device.c
+++ b/drivers/iommu/iommufd/device.c
@@ -2,6 +2,7 @@
/* Copyright (c) 2021-2022, NVIDIA CORPORATION & AFFILIATES
*/
#include <linux/iommu.h>
+#include <linux/iommu-lu.h>
#include <linux/iommufd.h>
#include <linux/pci-ats.h>
#include <linux/slab.h>
@@ -1661,3 +1662,71 @@ int iommufd_get_hw_info(struct iommufd_ucmd *ucmd)
iommufd_put_object(ucmd->ictx, &idev->obj);
return rc;
}
+
+#ifdef CONFIG_IOMMU_LIVEUPDATE
+int iommufd_device_preserve(struct liveupdate_session *s,
+ struct iommufd_device *idev,
+ u64 *tokenp)
+{
+ struct iommufd_group *igroup = idev->igroup;
+ struct iommufd_hwpt_paging *hwpt_paging;
+ struct iommufd_hw_pagetable *hwpt;
+ struct iommufd_attach *attach;
+ int ret;
+
+ mutex_lock(&igroup->lock);
+ attach = xa_load(&igroup->pasid_attach, IOMMU_NO_PASID);
By explicitly looking up IOMMU_NO_PASID, we skip any PASID attachments
the device might have. Since PASID live update is NOT supported in this
series, should we check if the pasid_attach xarray contains anything
other than IOMMU_NO_PASID and return -EOPNOTSUPP?
Otherwise, we silently fail to preserve those domains without informing
the VMM?
VMM should be able to preserve the NO_PASID domains even if it has PASID
attachments. This is the intended behaviour, I will document it in the
uAPI docs.
+ if (!attach) {
+ ret = -ENOENT;
+ goto out;
+ }
+
+ hwpt = attach->hwpt;
+ hwpt_paging = find_hwpt_paging(hwpt);
+ if (!hwpt_paging || !hwpt_paging->lu_preserve) {
+ ret = -EINVAL;
+ goto out;
+ }
+
+ ret = liveupdate_get_token_outgoing(s, idev->ictx->file, tokenp);
+ if (ret)
+ goto out;
+
+ ret = iommu_preserve_device(hwpt_paging->common.domain,
+ idev->dev,
+ *tokenp);
+out:
+ mutex_unlock(&igroup->lock);
+ return ret;
+}
+EXPORT_SYMBOL_NS_GPL(iommufd_device_preserve, "IOMMUFD");
+
+void iommufd_device_unpreserve(struct liveupdate_session *s,
+ struct iommufd_device *idev,
+ u64 token)
+{
+ struct iommufd_group *igroup = idev->igroup;
+ struct iommufd_hwpt_paging *hwpt_paging;
+ struct iommufd_hw_pagetable *hwpt;
+ struct iommufd_attach *attach;
+
+ mutex_lock(&igroup->lock);
+ attach = xa_load(&igroup->pasid_attach, IOMMU_NO_PASID);
+ if (!attach) {
+ WARN_ON(-ENOENT);
WARN_ON takes a condition.. if we want this to be printed always, why
not WARN_ON(1, "...") ? What's the significance of having -ENOENT as a
condition?
Will update this.
+ goto out;
+ }
+
+ hwpt = attach->hwpt;
+ hwpt_paging = find_hwpt_paging(hwpt);
+ if (!hwpt_paging || !hwpt_paging->lu_preserve) {
+ WARN_ON(-EINVAL);
Same here for -EINVAL?
Same here.
+ goto out;
+ }
+
+ iommu_unpreserve_device(hwpt_paging->common.domain, idev->dev);
+out:
+ mutex_unlock(&igroup->lock);
+}
+EXPORT_SYMBOL_NS_GPL(iommufd_device_unpreserve, "IOMMUFD");
+#endif
[ ----- >8 ----- ]
Thanks,
Praan
Thanks,
Sami