Re: [PATCH 5/8] x86/mmu: Add mm-based PASID refcounting

From: Thomas Gleixner
Date: Thu Sep 23 2021 - 13:48:40 EST


On Thu, Sep 23 2021 at 09:40, Tony Luck wrote:
> On Thu, Sep 23, 2021 at 04:36:50PM +0200, Thomas Gleixner wrote:
>> This code is again defining that PASID is entirely restricted to
>> INTEL. It's true, that no other vendor supports this, but PASID is
>> a non-vendor specific concept.
>>
>> Sticking this into INTEL code means that any other PASID implementation
>> has to rip it out again from INTEL code and make it a run time property.
>>
>> The refcounting issue should be the same for all PASID mechanisms which
>> attach PASID to a mm. What's INTEL specific about that?
>>
>> So can we pretty please do that correct right away?
>
> It's a bit messy (surprise).
>
> There are two reasons to hold a refcount on a PASID
>
> 1) The process has done a bind on a device that uses PASIDs
>
> This one isn't dependent on Intel.

Yep.

> 2) A task within a process is using ENQCMD (and thus holds
> a reference on the PASID because IA32_PASID MSR for this
> task has the PASID value loaded with the enable bit set).
>
> This is (currently) Intel specific (until others
> implement an ENQCMD-like feature to allow apps to
> access PASID enabled devices without going through
> the OS).

Right, but all it does is to grab another reference on the PASID and if
the task exits it needs to be dropped, right?

So you already added 'has_valid_pasid' to task_struct, which is a
misnomer btw. The meaning of this flag is that the task is actually
using the PASID (in the ENQCMD case written to the MSR) beyond the
purposes of the PASID which is attached to current->mm.

But the information which is important from a pasid resource management
POV is whether the task actually holds a seperate refcount on the PASID
or not. That's completely generic. It does not matter whether the task
uses it to populate the IA32_PASID_MSR or to just keeps it in memory
just because it can. The point is that is holds a refcount.

So we can have a generic interface:

int iommu_pasid_get_task_ref()
{
if (current->holds_pasid_ref)
return -EYOUGOTONEALREADY;

if (!has_pasid(current->mm)
return -EWHATAREYOUASKINGFOR;

if (!iommu->pasid_get_ref)
return -EHOWDIDYOUMAKEUPAPASID;

if (iommu->pasid_get_ref())
return -ETHEIOMMUDOESNOTLIKEYOU;

current->holds_pasid_ref = true;
return 0;
}

Actually letting this return a bool should be good enough, but you get
the idea.

void iommu_pasid_put_task_ref()
{
if (!current->holds_pasid_ref)
return;
current->holds_pasid_ref = false;
iommu->pasid_put_ref();
}

Which makes the exception handling in traps.c the real x86/intel
specific muck:

bool fixup_pasid_exception(...)
{
/* ENCQMD and future muck */
if (!per_task_pasid_usage_enabled())
return false;
if (iommu_pasid_get_ref())
return false;
fpu_write_task_pasid();
return true;
}

fpu_write_task_pasid() can just grab the pasid from current->mm->pasid
and be done with it.

The task exit code can just call iommu_pasid_put_task_ref() from the
generic code and not from within x86.

That means you want in Kconfig:

PASID_TASK_REFS
bool

and select that when a IOMMU supporting it is enabled and provide either
the proper protypes or stub functions depending on that.

Hmm?

Thanks,

tglx