[This is now based on Nicolin's iommufd patches for vIOMMU and will need to go through the iommufd tree, please ack] This brings support for the IOMMFD ioctls: - IOMMU_GET_HW_INFO - IOMMU_HWPT_ALLOC_NEST_PARENT - IOMMU_VIOMMU_ALLOC - IOMMU_DOMAIN_NESTED - IOMMU_HWPT_INVALIDATE - ops->enforce_cache_coherency() This is quite straightforward as the nested STE can just be built in the special NESTED domain op and fed through the generic update machinery. The design allows the user provided STE fragment to control several aspects of the translation, including putting the STE into a "virtual bypass" or a aborting state. This duplicates functionality available by other means, but it allows trivially preserving the VMID in the STE as we eventually move towards the vIOMMU owning the VMID. Nesting support requires the system to either support S2FWB or the stronger CANWBS ACPI flag. This is to ensure the VM cannot bypass the cache and view incoherent data, currently VFIO lacks any cache flushing that would make this safe. Yan has a series to add some of the needed infrastructure for VFIO cache flushing here: https://lore.kernel.org/linux-iommu/20240507061802.20184-1-yan.y.zhao@xxxxxxxxx/ Which may someday allow relaxing this further. The VIOMMU object provides the framework to allow the invalidation path to translate the vSID to a pSID and then issue the correct physical invalidation. This is all done in the kernel as pSID has to limited. Future patches will extend VIOMMU to handle specific HW features like vMPAM and NVIDIA's vCMDQ. Remove VFIO_TYPE1_NESTING_IOMMU since it was never used and superseded by this. This is the first series in what will be several to complete nesting support. At least: - IOMMU_RESV_SW_MSI related fixups https://lore.kernel.org/linux-iommu/cover.1722644866.git.nicolinc@xxxxxxxxxx/ - vCMDQ hypervisor support for direct invalidation queue assignment https://lore.kernel.org/linux-iommu/cover.1712978212.git.nicolinc@xxxxxxxxxx/ - KVM pinned VMID using vIOMMU for vBTM https://lore.kernel.org/linux-iommu/20240208151837.35068-1-shameerali.kolothum.thodi@xxxxxxxxxx/ - Cross instance S2 sharing - Virtual Machine Structure using vIOMMU (for vMPAM?) - Fault forwarding support through IOMMUFD's fault fd for vSVA The vIOMMU series is essential to allow the invalidations to be processed for the CD as well. It is enough to allow qemu work to progress. This is on github: https://github.com/jgunthorpe/linux/commits/smmuv3_nesting v4: - Rebase on Nicolin's patches - Add user_pasid_table=1 to support fault reporting on NESTED domains - Reorder STRTAB constants - Fix whitespace - Roll in the patches Nicolin had and merge together into a logical order Includes vIOMMU, ATS and invalidation patches v3: https://patch.msgid.link/r/0-v3-e2e16cd7467f+2a6a1-smmuv3_nesting_jgg@xxxxxxxxxx - Rebase on v6.12-rc2 - Revise commit messages - Consolidate CANWB checks into arm_smmu_master_canwbs() - Add CONFIG_ARM_SMMU_V3_IOMMUFD to compile out iommufd only features like nesting - Shift code into arm-smmu-v3-iommufd.c - Add missed IS_ERR check - Add S2FWB to arm_smmu_get_ste_used() - Fixup quirks checks - Drop ARM_SMMU_FEAT_COHERENCY checks for S2FWB - Limit S2FWB to S2 Nesting Parent domains "just in case" v2: https://patch.msgid.link/r/0-v2-621370057090+91fec-smmuv3_nesting_jgg@xxxxxxxxxx - Revise commit messages - Guard S2FWB support with ARM_SMMU_FEAT_COHERENCY, since it doesn't make sense to use S2FWB to enforce coherency on inherently non-coherent hardware. - Add missing IO_PGTABLE_QUIRK_ARM_S2FWB validation - Include formal ACPIA commit for IORT built using generate/linux/gen-patch.sh - Use FEAT_NESTING to block creating a NESTING_PARENT - Use an abort STE instead of non-valid if the user requests a non-valid vSTE - Consistently use 'nest_parent' for naming variables - Use the right domain for arm_smmu_remove_master_domain() when it removes the master - Join bitfields together - Drop arm_smmu_cache_invalidate_user patch, invalidation will exclusively go via viommu v1: https://patch.msgid.link/r/0-v1-54e734311a7f+14f72-smmuv3_nesting_jgg@xxxxxxxxxx Jason Gunthorpe (7): vfio: Remove VFIO_TYPE1_NESTING_IOMMU iommu/arm-smmu-v3: Report IOMMU_CAP_ENFORCE_CACHE_COHERENCY for CANWBS iommu/arm-smmu-v3: Implement IOMMU_HWPT_ALLOC_NEST_PARENT iommu/arm-smmu-v3: Expose the arm_smmu_attach interface iommu/arm-smmu-v3: Support IOMMU_DOMAIN_NESTED iommu/arm-smmu-v3: Use S2FWB for NESTED domains iommu/arm-smmu-v3: Allow ATS for IOMMU_DOMAIN_NESTED Nicolin Chen (5): ACPICA: IORT: Update for revision E.f ACPI/IORT: Support CANWBS memory access flag iommu/arm-smmu-v3: Support IOMMU_GET_HW_INFO via struct arm_smmu_hw_info iommu/arm-smmu-v3: Support IOMMU_VIOMMU_ALLOC iommu/arm-smmu-v3: Support IOMMU_HWPT_INVALIDATE using a VIOMMU object drivers/acpi/arm64/iort.c | 13 + drivers/iommu/Kconfig | 9 + drivers/iommu/arm/arm-smmu-v3/Makefile | 1 + .../arm/arm-smmu-v3/arm-smmu-v3-iommufd.c | 393 ++++++++++++++++++ drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 139 +++++-- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h | 92 +++- drivers/iommu/arm/arm-smmu/arm-smmu.c | 16 - drivers/iommu/io-pgtable-arm.c | 27 +- drivers/iommu/iommu.c | 10 - drivers/iommu/iommufd/vfio_compat.c | 7 +- drivers/vfio/vfio_iommu_type1.c | 12 +- include/acpi/actbl2.h | 3 +- include/linux/io-pgtable.h | 2 + include/linux/iommu.h | 5 +- include/uapi/linux/iommufd.h | 83 ++++ include/uapi/linux/vfio.h | 2 +- 16 files changed, 712 insertions(+), 102 deletions(-) create mode 100644 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-iommufd.c base-commit: 9ffbeb478d44c57b9b2e263750b1056e5faebc9b -- 2.43.0
