Re: [PATCH v4 1/9] iommu: Introduce domain attachment handle

[Baolu Lu]

On 4/8/24 10:05 PM, Jason Gunthorpe wrote:
> > void iommufd_fault_domain_detach_dev(struct iommufd_hw_pagetable *hwpt,
> >                                       struct iommufd_device *idev)
> >   {
> > +       struct iommufd_fault *fault = hwpt->fault;
> > +       struct iommu_attach_handle *handle;
> > +
> >          if (WARN_ON(!hwpt->fault_capable))
> >                  return;
> >
> > +       handle = iommu_attach_handle_get(idev->igroup->group,
> > IOMMU_NO_PASID);
> >          iommu_detach_group(hwpt->domain, idev->igroup->group);
> >          iommufd_fault_iopf_disable(idev);
> But is this right? Couldn't there be PASID's doing PRI?

As far as I can see, there are two types of user PASID.

1. When a device is assigned to userspace, the PASID table is managed by
   the userspace.

   Userspace doesn't need PASID attach/detach/replace uAPIs in this
   scenario. All I/O page faults are directed to userspace through the
   hw pagetable attached to the RID.

   If hw pagetable is detached from the RID, or a non-iopf-capable
   hw pagetable is attached the RID, the PRI for user PASID is already
   broken.

2. When a device is assigned to userspace, the PASID table is managed by
   the host kernel. Userspace then needs PASID attach/detach/replace
   uAPIs to manage the hw page table for each PASID. Each PASID has its
   own hw page table for handling I/O page faults.

   Here, disabling PRI is only safe after all iopf-capable hw page
   tables for both the RID and all PASIDs are detached.

   The current code base doesn't yet support PASID attach/detach/replace
   uAPIs. Therefore, above code is safe and reasonable. However, we will
   need to revisit this code when those APIs become available.

Please correct me if my understanding is incorrect.

Best regards,
baolu