iommu/vt-d: Add nested domain allocation

This adds the support for IOMMU_HWPT_DATA_VTD_S1 type. And 'nested_parent'
is added to mark the nested parent domain to sanitize the input parent domain.

Link: https://lore.kernel.org/r/20231026044216.64964-8-yi.l.liu@intel.com
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Yi Liu <yi.l.liu@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>

diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index 292baa64188b51b9b0b81662eea8dd3ca326e34b..4ce372d5d4f3618f274228a0751e9c1dccb70155 100644 (file)
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -4077,38 +4077,39 @@ intel_iommu_domain_alloc_user(struct device *dev, u32 flags,
                              struct iommu_domain *parent,
                              const struct iommu_user_data *user_data)
 {
+       struct device_domain_info *info = dev_iommu_priv_get(dev);
+       bool dirty_tracking = flags & IOMMU_HWPT_ALLOC_DIRTY_TRACKING;
+       bool nested_parent = flags & IOMMU_HWPT_ALLOC_NEST_PARENT;
+       struct intel_iommu *iommu = info->iommu;
        struct iommu_domain *domain;
-       struct intel_iommu *iommu;
-       bool dirty_tracking;
+
+       /* Must be NESTING domain */
+       if (parent) {
+               if (!nested_supported(iommu) || flags)
+                       return ERR_PTR(-EOPNOTSUPP);
+               return intel_nested_domain_alloc(parent, user_data);
+       }
 
        if (flags &
            (~(IOMMU_HWPT_ALLOC_NEST_PARENT | IOMMU_HWPT_ALLOC_DIRTY_TRACKING)))
                return ERR_PTR(-EOPNOTSUPP);
-
-       if (parent || user_data)
-               return ERR_PTR(-EOPNOTSUPP);
-
-       iommu = device_to_iommu(dev, NULL, NULL);
-       if (!iommu)
-               return ERR_PTR(-ENODEV);
-
-       if ((flags & IOMMU_HWPT_ALLOC_NEST_PARENT) && !nested_supported(iommu))
+       if (nested_parent && !nested_supported(iommu))
                return ERR_PTR(-EOPNOTSUPP);
-
-       dirty_tracking = (flags & IOMMU_HWPT_ALLOC_DIRTY_TRACKING);
-       if (dirty_tracking && !ssads_supported(iommu))
+       if (user_data || (dirty_tracking && !ssads_supported(iommu)))
                return ERR_PTR(-EOPNOTSUPP);
 
        /*
-        * domain_alloc_user op needs to fully initialize a domain
-        * before return, so uses iommu_domain_alloc() here for
-        * simple.
+        * domain_alloc_user op needs to fully initialize a domain before
+        * return, so uses iommu_domain_alloc() here for simple.
         */
        domain = iommu_domain_alloc(dev->bus);
        if (!domain)
-               domain = ERR_PTR(-ENOMEM);
+               return ERR_PTR(-ENOMEM);
+
+       if (nested_parent)
+               to_dmar_domain(domain)->nested_parent = true;
 
-       if (!IS_ERR(domain) && dirty_tracking) {
+       if (dirty_tracking) {
                if (to_dmar_domain(domain)->use_first_level) {
                        iommu_domain_free(domain);
                        return ERR_PTR(-EOPNOTSUPP);

diff --git a/drivers/iommu/intel/iommu.h b/drivers/iommu/intel/iommu.h
index 6a97711f947aa48329c00759b87faceb5716ea62..ba9be915eb844ca24ed8e312858993ec96d813f9 100644 (file)
--- a/drivers/iommu/intel/iommu.h
+++ b/drivers/iommu/intel/iommu.h
@@ -601,6 +601,7 @@ struct dmar_domain {
                                         * level.
                                         */
        u8 dirty_tracking:1;            /* Dirty tracking is enabled */
+       u8 nested_parent:1;             /* Has other domains nested on it */
 
        spinlock_t lock;                /* Protect device tracking lists */
        struct list_head devices;       /* all devices' list */

diff --git a/drivers/iommu/intel/nested.c b/drivers/iommu/intel/nested.c
index b560ab76e126fcf857fd6839fe22f1b77c6ba5cb..b5a5563ab32c6bbb3a2e780bb010875b95dd29f4 100644 (file)
--- a/drivers/iommu/intel/nested.c
+++ b/drivers/iommu/intel/nested.c
@@ -89,7 +89,8 @@ struct iommu_domain *intel_nested_domain_alloc(struct iommu_domain *parent,
        /* Must be nested domain */
        if (user_data->type != IOMMU_HWPT_DATA_VTD_S1)
                return ERR_PTR(-EOPNOTSUPP);
-       if (parent->ops != intel_iommu_ops.default_domain_ops)
+       if (parent->ops != intel_iommu_ops.default_domain_ops ||
+           !s2_domain->nested_parent)
                return ERR_PTR(-EINVAL);
 
        ret = iommu_copy_struct_from_user(&vtd, user_data,