Re: [PATCH v1 7/9] iommu/tegra: gart: Provide single domain and group for all devices

[Dmitry Osipenko]

On 14.05.2018 21:18, Robin Murphy wrote:
> On 11/05/18 21:05, Dmitry Osipenko wrote:
>> On 11.05.2018 15:32, Robin Murphy wrote:
>>> On 08/05/18 19:16, Dmitry Osipenko wrote:
>>>> GART aperture is shared by all devices, hence there is a single IOMMU
>>>> domain and group shared by these devices. Allocation of a group per
>>>> device only wastes resources and allowance of having more than one domain
>>>> is simply wrong because IOMMU mappings made by the users of "different"
>>>> domains will stomp on each other.
>>>
>>> Strictly, that reasoning is a bit backwards - allocating multiple groups is the
>>> conceptually-wrong thing if the GART cannot differentiate between different
>>> devices, whereas having multiple domains *exist* is no real problem, it's merely
>>> that only one can be active at any point in time (which will inherently become
>>> the case once all devices are grouped together).
>>
>> IIUC, the IOMMU domain represents the address space. There is only one address
>> space in a case of GART, the GART's aperture. So GART not only isn't
>> differentiating between different devices, but also between different domains.
> 
> Right, but that's the same as many other IOMMUs (exynos, rockchip, mtk, etc.) -
> the point is that an IOMMU domain represents *an* address space, but if nothing
> is attached to that domain, it's just a set of logical mappings which doesn't
> need to be backed by real hardware. It's specifically *because* these IOMMUs
> also can't differentiate between devices that things work out neatly - there's
> only one group, which can only be attached to a single domain at once, so there
> is never a time when more than one domain needs to be backed by hardware. Think
> of the IOMMU+devices as a CPU and the domains as processes ;)

\I think\ I understand what you are trying to convey. The "domain swapping"
functionality sounds like a good idea, but I don't see any practical application
to a such functionality right now. Your suggestion also feels a bit like an
implicit ad hoc to me, maybe we could extended IOMMU API to support somewhat
like "explicit domain swapping" for device drivers if multiple platforms will
need that.

In a case of the Tegra-GART driver, I'd prefer to allow having only a single
IOMMU domain in the system for the starter and implement other features on by
as-needed basis.

>>>> Signed-off-by: Dmitry Osipenko <digetx@xxxxxxxxx>
>>>> ---
>>>> ÂÂ drivers/iommu/tegra-gart.c | 107 +++++++++----------------------------
>>>> ÂÂ 1 file changed, 24 insertions(+), 83 deletions(-)
>>>>
>>>> diff --git a/drivers/iommu/tegra-gart.c b/drivers/iommu/tegra-gart.c
>>>> index 5b2d27620350..ebc105c201bd 100644
>>>> --- a/drivers/iommu/tegra-gart.c
>>>> +++ b/drivers/iommu/tegra-gart.c
>>>> @@ -19,7 +19,6 @@
>>>> ÂÂ Â #include <linux/io.h>
>>>> ÂÂ #include <linux/iommu.h>
>>>> -#include <linux/list.h>
>>>> ÂÂ #include <linux/module.h>
>>>> ÂÂ #include <linux/of_device.h>
>>>> ÂÂ #include <linux/slab.h>
>>>> @@ -44,22 +43,17 @@
>>>> ÂÂ #define GART_PAGE_MASKÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ \
>>>> ÂÂÂÂÂÂ (~(GART_PAGE_SIZE - 1) & ~GART_ENTRY_PHYS_ADDR_VALID)
>>>> ÂÂ -struct gart_client {
>>>> -ÂÂÂ struct deviceÂÂÂÂÂÂÂ *dev;
>>>> -ÂÂÂ struct list_headÂÂÂ list;
>>>> -};
>>>> -
>>>> ÂÂ struct gart_device {
>>>> ÂÂÂÂÂÂ void __iomemÂÂÂÂÂÂÂ *regs;
>>>> ÂÂÂÂÂÂ u32ÂÂÂÂÂÂÂÂÂÂÂ *savedata;
>>>> ÂÂÂÂÂÂ u32ÂÂÂÂÂÂÂÂÂÂÂ page_count;ÂÂÂ /* total remappable size */
>>>> ÂÂÂÂÂÂ dma_addr_tÂÂÂÂÂÂÂ iovmm_base;ÂÂÂ /* offset to vmm_area */
>>>> ÂÂÂÂÂÂ spinlock_tÂÂÂÂÂÂÂ pte_lock;ÂÂÂ /* for pagetable */
>>>> -ÂÂÂ struct list_headÂÂÂ client;
>>>> -ÂÂÂ spinlock_tÂÂÂÂÂÂÂ client_lock;ÂÂÂ /* for client list */
>>>> ÂÂÂÂÂÂ struct deviceÂÂÂÂÂÂÂ *dev;
>>>> ÂÂ ÂÂÂÂÂ struct iommu_deviceÂÂÂ iommu;ÂÂÂÂÂÂÂ /* IOMMU Core handle */
>>>> +ÂÂÂ struct iommu_groupÂÂÂ *group;ÂÂÂÂÂÂÂ /* Common IOMMU group */
>>>> +ÂÂÂ struct gart_domainÂÂÂ *domain;ÂÂÂ /* Unique IOMMU domain */
>>>> ÂÂ ÂÂÂÂÂ struct tegra_mc_gart_handle mc_gart_handle;
>>>> ÂÂ };
>>>> @@ -169,81 +163,31 @@ static inline bool gart_iova_range_valid(struct
>>>> gart_device *gart,
>>>> ÂÂ static int gart_iommu_attach_dev(struct iommu_domain *domain,
>>>> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ struct device *dev)
>>>> ÂÂ {
>>>> -ÂÂÂ struct gart_domain *gart_domain = to_gart_domain(domain);
>>>> -ÂÂÂ struct gart_device *gart = gart_domain->gart;
>>>> -ÂÂÂ struct gart_client *client, *c;
>>>> -ÂÂÂ int err = 0;
>>>> -
>>>> -ÂÂÂ client = devm_kzalloc(gart->dev, sizeof(*c), GFP_KERNEL);
>>>> -ÂÂÂ if (!client)
>>>> -ÂÂÂÂÂÂÂ return -ENOMEM;
>>>> -ÂÂÂ client->dev = dev;
>>>> -
>>>> -ÂÂÂ spin_lock(&gart->client_lock);
>>>> -ÂÂÂ list_for_each_entry(c, &gart->client, list) {
>>>> -ÂÂÂÂÂÂÂ if (c->dev == dev) {
>>>> -ÂÂÂÂÂÂÂÂÂÂÂ dev_err(gart->dev,
>>>> -ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ "%s is already attached\n", dev_name(dev));
>>>> -ÂÂÂÂÂÂÂÂÂÂÂ err = -EINVAL;
>>>> -ÂÂÂÂÂÂÂÂÂÂÂ goto fail;
>>>> -ÂÂÂÂÂÂÂ }
>>>> -ÂÂÂ }
>>>> -ÂÂÂ list_add(&client->list, &gart->client);
>>>> -ÂÂÂ spin_unlock(&gart->client_lock);
>>>> -ÂÂÂ dev_dbg(gart->dev, "Attached %s\n", dev_name(dev));
>>>> ÂÂÂÂÂÂ return 0;
>>>> -
>>>> -fail:
>>>> -ÂÂÂ devm_kfree(gart->dev, client);
>>>> -ÂÂÂ spin_unlock(&gart->client_lock);
>>>> -ÂÂÂ return err;
>>>> ÂÂ }
>>>> ÂÂ Â static void gart_iommu_detach_dev(struct iommu_domain *domain,
>>>> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ struct device *dev)
>>>> ÂÂ {
>>>> -ÂÂÂ struct gart_domain *gart_domain = to_gart_domain(domain);
>>>> -ÂÂÂ struct gart_device *gart = gart_domain->gart;
>>>> -ÂÂÂ struct gart_client *c;
>>>> -
>>>> -ÂÂÂ spin_lock(&gart->client_lock);
>>>> -
>>>> -ÂÂÂ list_for_each_entry(c, &gart->client, list) {
>>>> -ÂÂÂÂÂÂÂ if (c->dev == dev) {
>>>> -ÂÂÂÂÂÂÂÂÂÂÂ list_del(&c->list);
>>>> -ÂÂÂÂÂÂÂÂÂÂÂ devm_kfree(gart->dev, c);
>>>> -ÂÂÂÂÂÂÂÂÂÂÂ dev_dbg(gart->dev, "Detached %s\n", dev_name(dev));
>>>> -ÂÂÂÂÂÂÂÂÂÂÂ goto out;
>>>> -ÂÂÂÂÂÂÂ }
>>>> -ÂÂÂ }
>>>> -ÂÂÂ dev_err(gart->dev, "Couldn't find\n");
>>>> -out:
>>>> -ÂÂÂ spin_unlock(&gart->client_lock);
>>>> ÂÂ }
>>>
>>> The .detach_dev callback is optional in the core API now, so you can just remove
>>> the whole thing.
>>
>> Good catch, thanks!
>>
>>>
>>>> ÂÂ static struct iommu_domain *gart_iommu_domain_alloc(unsigned type)
>>>> ÂÂ {
>>>> -ÂÂÂ struct gart_domain *gart_domain;
>>>> -ÂÂÂ struct gart_device *gart;
>>>> -
>>>> -ÂÂÂ if (type != IOMMU_DOMAIN_UNMANAGED)
>>>> -ÂÂÂÂÂÂÂ return NULL;
>>>> +ÂÂÂ struct gart_device *gart = gart_handle;
>>>> ÂÂ -ÂÂÂ gart = gart_handle;
>>>> -ÂÂÂ if (!gart)
>>>> +ÂÂÂ if (type != IOMMU_DOMAIN_UNMANAGED || gart->domain)
>>>
>>> Singleton domains are a little unpleasant given the way the IOMMU API expects
>>> things to work, but it looks fairly simple to avoid needing that at all. AFAICS
>>> you could move gart->savedata to something like gart_domain->ptes and keep it
>>> up-to-date in .map/.unmap, then in .attach_dev you just need to do something
>>> like:
>>>
>>> ÂÂÂÂÂif (gart_domain != gart->domain) {
>>> ÂÂÂÂÂÂÂÂ do_gart_setup(gart, gart_domain->ptes);
>>> ÂÂÂÂÂÂÂÂ gart->domain = gart_domain;
>>> ÂÂÂÂÂ}
>>>
>>> to context-switch the hardware state when moving the group from one domain to
>>> another (and as a bonus you would no longer need to do anything for suspend,
>>> since resume can just look at the current domain too). If in practice there's
>>> only ever one domain allocated anyway, then there's no difference in memory
>>> overhead, but you still have the benefit of the driver being more consistent
>>> with others and allowing that flexibility if anyone ever did want to play
>>> with it.
>>
>> For the starter we'll have a single domain solely used by GPU with all its
>> sub-devices. Context switching will be handled by the Tegra's DRM driver. Later
>> we may consider introducing IOMMU support for the video decoder, at least to
>> provide memory isolation for the buffers to which decoder performs writing.
>>
>> Cross-driver context switching isn't that straightforward and I think Tegra-GART
>> driver shouldn't take care of context switching in any form and only perform
>> mapping / unmapping operations. There are couple variants of how to deal with
>> the context switching:
>>
>> 1. A simple solution could be to logically split the GART's aperture space into
>> different domains, but GART's aperture won't be utilized efficiently with this
>> approach, wasting IOVA space quite a lot.
>>
>> 2. In order to utilize aperture more efficiently, we are going to make DRM
>> driver to cache IOMMU mappings such that graphics buffer will be moved to the
>> cache-eviction list on unmapping and actually unmapped when that buffer isn't
>> in-use and there is no IOVA space for another buffer or on the buffers
>> destruction. We'll use DRM's MM scanning helper for that [0][1]. Maybe we could
>> share access to that MM helper with the video decoder somehow. Seems IOMMU API
>> isn't tailored for a such use-case, so probably having a custom
>> platform-specific API on top of the IOMMU API would be fine and with that we
>> could have cross-device/driver context switching handled by the custom API.
> 
> Yes, if the DRM driver has overall control of the domain, then drivers for other
> devices in the group are going to have to cooperate with it in terms of IOVA
> allocation. It might even make sense to have that inter-driver interface
> abstract things down to the map/unmap level, since with a limited aperture you
> really want to avoid mapping the same PA to two different IOVAs if at all possible.

Yeah, for now all that are just thoughts about the inter-driver interfaces and
whatnot, it's more important to get at least basic things up and running. So the
current plan is to go with a single IOMMU domain and make the DRM driver use it.

>> Please let me know if you have any other variants to suggest.
>>
>> [0]
>> https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/include/drm/drm_mm.h
>>
>> [1]
>> https://github.com/grate-driver/linux/commit/16e017efaa343e23e5a7d2d498915764cc806054
>>
>>
>>>
>>>> ÂÂÂÂÂÂÂÂÂÂ return NULL;
>>>> ÂÂ -ÂÂÂ gart_domain = kzalloc(sizeof(*gart_domain), GFP_KERNEL);
>>>> -ÂÂÂ if (!gart_domain)
>>>> -ÂÂÂÂÂÂÂ return NULL;
>>>> -
>>>> -ÂÂÂ gart_domain->gart = gart;
>>>> -ÂÂÂ gart_domain->domain.geometry.aperture_start = gart->iovmm_base;
>>>> -ÂÂÂ gart_domain->domain.geometry.aperture_end = gart->iovmm_base +
>>>> +ÂÂÂ gart->domain = kzalloc(sizeof(*gart->domain), GFP_KERNEL);
>>>> +ÂÂÂ if (gart->domain) {
>>>> +ÂÂÂÂÂÂÂ gart->domain->domain.geometry.aperture_start = gart->iovmm_base;
>>>> +ÂÂÂÂÂÂÂ gart->domain->domain.geometry.aperture_end = gart->iovmm_base +
>>>> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ gart->page_count * GART_PAGE_SIZE - 1;
>>>> -ÂÂÂ gart_domain->domain.geometry.force_aperture = true;
>>>> +ÂÂÂÂÂÂÂ gart->domain->domain.geometry.force_aperture = true;
>>>> +ÂÂÂÂÂÂÂ gart->domain->gart = gart;
>>>> +ÂÂÂ }
>>>> ÂÂ -ÂÂÂ return &gart_domain->domain;
>>>> +ÂÂÂ return &gart->domain->domain;
>>>> ÂÂ }
>>>> ÂÂ Â static void gart_iommu_domain_free(struct iommu_domain *domain)
>>>> @@ -251,18 +195,7 @@ static void gart_iommu_domain_free(struct iommu_domain
>>>> *domain)
>>>> ÂÂÂÂÂÂ struct gart_domain *gart_domain = to_gart_domain(domain);
>>>> ÂÂÂÂÂÂ struct gart_device *gart = gart_domain->gart;
>>>> ÂÂ -ÂÂÂ if (gart) {
>>>> -ÂÂÂÂÂÂÂ spin_lock(&gart->client_lock);
>>>> -ÂÂÂÂÂÂÂ if (!list_empty(&gart->client)) {
>>>> -ÂÂÂÂÂÂÂÂÂÂÂ struct gart_client *c;
>>>> -
>>>> -ÂÂÂÂÂÂÂÂÂÂÂ list_for_each_entry(c, &gart->client, list)
>>>> -ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ gart_iommu_detach_dev(domain, c->dev);
>>>> -ÂÂÂÂÂÂÂ }
>>>> -ÂÂÂÂÂÂÂ spin_unlock(&gart->client_lock);
>>>> -ÂÂÂ }
>>>> -
>>>> -ÂÂÂ kfree(gart_domain);
>>>> +ÂÂÂ kfree(gart->domain);
>>>> ÂÂ }
>>>> ÂÂ Â static int gart_iommu_map(struct iommu_domain *domain, unsigned long iova,
>>>> @@ -377,7 +310,7 @@ struct iommu_group *gart_iommu_device_group(struct device
>>>> *dev)
>>>> ÂÂÂÂÂÂ if (err)
>>>> ÂÂÂÂÂÂÂÂÂÂ return ERR_PTR(err);
>>>> ÂÂ -ÂÂÂ return generic_device_group(dev);
>>>> +ÂÂÂ return gart_handle->group;
>>>
>>> You should take a reference per device, i.e.:
>>>
>>> ÂÂÂÂÂreturn iommu_group_ref_get(gart_handle->group);
>>>
>>> otherwise removing devices could unbalance things and result in the group
>>> getting freed prematurely.
>>
>> Seems more correctly would be to remove iommu_group_put() from
>> gart_iommu_add_device().
> 
> If you're confident that no bus code will ever result in add_device() getting
> called more than once for the same device, then you could get away with that.
> AFAIK it *shouldn't* happen, but I've never managed to convince myself that it
> *can't*
Having refcount incremented more times than decremented won't be a big problem
for the Tegra-GART driver since the singleton IOMMU group is allocated during of
driver probe once and then re-used by all devices. Let's go with keeping code
clean and simple where possible, and change it only if it will cause real problems.

>>>
>>>> ÂÂ }
>>>> ÂÂ Â static int gart_iommu_of_xlate(struct device *dev,
>>>> @@ -502,8 +435,6 @@ static int tegra_gart_probe(struct platform_device *pdev)
>>>> ÂÂ ÂÂÂÂÂ gart->dev = &pdev->dev;
>>>> ÂÂÂÂÂÂ spin_lock_init(&gart->pte_lock);
>>>> -ÂÂÂ spin_lock_init(&gart->client_lock);
>>>> -ÂÂÂ INIT_LIST_HEAD(&gart->client);
>>>> ÂÂÂÂÂÂ gart->regs = gart_regs;
>>>> ÂÂÂÂÂÂ gart->iovmm_base = (dma_addr_t)res_remap->start;
>>>> ÂÂÂÂÂÂ gart->page_count = (resource_size(res_remap) >> GART_PAGE_SHIFT);
>>>> @@ -517,6 +448,14 @@ static int tegra_gart_probe(struct platform_device *pdev)
>>>> ÂÂÂÂÂÂÂÂÂÂ goto iommu_unregister;
>>>> ÂÂÂÂÂÂ }
>>>> ÂÂ +ÂÂÂ gart->group = iommu_group_alloc();
>>>> +ÂÂÂ if (IS_ERR(gart->group)) {
>>>> +ÂÂÂÂÂÂÂ ret = PTR_ERR(gart->group);
>>>> +ÂÂÂÂÂÂÂ goto free_savedata;
>>>> +ÂÂÂ }
>>>> +
>>>> +ÂÂÂ iommu_group_ref_get(gart->group);
>>>
>>> You already hold the initial reference from iommu_group_alloc(), so there's no
>>> need to take a second one at this point.
>>
>> Yes, looks like this refcount-bump isn't needed here. I'll revisit the
>> refcountings and correct them in v2 where necessary.
>>
>> Thank you very much for the review.
>>