Re: [PATCH 02/11] driver core: Set DMA ownership during driver bind/unbind
From: Robin Murphy
Date: Mon Nov 15 2021 - 10:37:50 EST
On 2021-11-15 13:24, Jason Gunthorpe via iommu wrote:
On Mon, Nov 15, 2021 at 05:19:02AM -0800, Christoph Hellwig wrote:
On Mon, Nov 15, 2021 at 10:05:43AM +0800, Lu Baolu wrote:
@@ -566,6 +567,12 @@ static int really_probe(struct device *dev, struct device_driver *drv)
goto done;
}
+ if (!drv->suppress_auto_claim_dma_owner) {
+ ret = iommu_device_set_dma_owner(dev, DMA_OWNER_KERNEL, NULL);
+ if (ret)
+ return ret;
+ }
I'd expect this to go into iommu_setup_dma_ops (and its arm and s390
equivalents), as that is what claims an IOMMU for in-kernel usage
If iommu_device_set_dma_owner(dev_a) fails changes dynamically
depending on what iommu_device_set_dma_owner(dev_b, DMA_OWNER_USER)
have been done.
The whole point here is that doing a
iommu_device_set_dma_owner(dev_b, DMA_OWNER_USER)
needs to revoke kernel usage from a whole bunch of other devices in
the same group.
revoking kernel usage means it needs to ensure that no driver is bound
and prevent future drivers from being bound.
iommu_setup_dma_ops() is something done once early on in boot, not at
every driver probe, so I don't see how it can help??
Note that there's some annoying inconsistency across architectures, and
with the {acpi,of}_dma_configure() code in general. I guess Christoph
might be thinking of the case where iommu_setup_dma_ops() *does* end up
being called off the back of the bus->dma_configure() hook a few lines
below the context above.
iommu_setup_dma_ops() itself is indeed not the appropriate place for
this (the fact that it can be called as late as driver probe is subtly
broken and still on my list to fix...) but
bus->dma_configure() definitely is. Only a handful of buses care about
IOMMUs, and possibly even fewer of them support VFIO, so I'm in full
agreement with Greg and Christoph that this absolutely warrants being
scoped per-bus. I mean, we literally already have infrastructure to
prevent drivers binding if the IOMMU/DMA configuration is broken or not
ready yet; why would we want a totally different mechanism to prevent
driver binding when the only difference is that that configuration *is*
ready and working to the point that someone's already claimed it for
other purposes?
Robin.