WIP, pinning works

[   28.720626] NOIOMMU: no_iommu: unmapping IOVA 0x1000000 size 0x8000
[   28.720878] NOIOMMU: no_iommu: unmapping IOVA 0x1008000 size 0x8000
[   28.721367] Unable to handle kernel paging request at virtual address fffffc1fbff00008
[   28.721419] Mem abort info:
[   28.721433]   ESR = 0x0000000096000007
[   28.721484]   EC = 0x25: DABT (current EL), IL = 32 bits
[   28.721540]   SET = 0, FnV = 0
[   28.721575]
** replaying previous printk message **
[   28.721575]   EA = 0, S1PTW = 0
[   28.721602]   FSC = 0x07: level 3 translation fault
[   28.721629] Data abort info:
[   28.721642]   ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000
[   28.721671]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[   28.721698]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[   28.721743] swapper pgtable: 64k pages, 52-bit VAs, pgdp=000000012dea0000
[   28.721761] [fffffc1fbff00008] pgd=0000000130050403, p4d=0000000130050403, pud=0000000130050403, pmd=1000000100f20403, pte=0000000000000000
[   28.722288] Internal error: Oops: 0000000096000007 [#1]  SMP
[   28.724579] Modules linked in:
[   28.725116] CPU: 1 UID: 0 PID: 152 Comm: vfio-noiommu-pc Tainted: G        W           6.17.0-rc2-00036-gb13c949bd2d3-dirty torvalds#313 PREEMPT
[   28.725743] Tainted: [W]=WARN
[   28.725860] Hardware name: QEMU QEMU Virtual Machine, BIOS 2024.02-2 03/11/2024
[   28.726251] pstate: 60402009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   28.726605] pc : unpin_user_page_range_dirty_lock+0x40/0x130
[   28.727284] lr : batch_unpin+0xbc/0xf0
[   28.727447] sp : ffff800085baf830
[   28.727604] x29: ffff800085baf830 x28: 0000000000000000 x27: 0000000000000000
[   28.727941] x26: 0000000000000001 x25: 0000000000000000 x24: ffff800081958440
[   28.728259] x23: 0000000000000000 x22: fffffc1fbff00000 x21: 0000000000000001
[   28.728532] x20: 0000000000000001 x19: 0000000000000001 x18: 00000000ffffffff
[   28.728770] x17: 00000000c9f3662f x16: 00000000d722bb96 x15: ffff800085baf390
[   28.729023] x14: ffff800083e943cf x13: ffff80008393f9a8 x12: 0000000000000885
[   28.729339] x11: 00000000000002d7 x10: ffff80008399bdd0 x9 : ffff80008393f9a8
[   28.729693] x8 : 00000001000012d7 x7 : ffff8000839979a8 x6 : 00000000000022d7
[   28.729959] x5 : ffff800085baf9b0 x4 : ffff800085baf9a8 x3 : 0000000000000000
[   28.730301] x2 : fffffc1fbff00000 x1 : 0000000000000001 x0 : fffffc1fbff00000
[   28.730643] Call trace:
[   28.730873]  unpin_user_page_range_dirty_lock+0x40/0x130 (P)
[   28.731215]  batch_unpin+0xbc/0xf0
[   28.731388]  __iopt_area_unfill_domain+0x230/0x330
[   28.731591]  iopt_area_unfill_domain+0x14/0x20
[   28.731776]  iopt_table_remove_domain+0x1f0/0x264
[   28.731983]  iommufd_hwpt_paging_destroy+0x74/0x130
[   28.732176]  iommufd_object_remove+0x1b8/0x21c
[   28.732353]  iommufd_device_detach+0x44/0xe4
[   28.732503]  vfio_iommufd_physical_detach_ioas+0x38/0x54
[   28.732693]  vfio_df_ioctl_detach_pt+0x158/0x1b0
[   28.732874]  vfio_device_fops_unl_ioctl+0x188/0xa68
[   28.733086]  __arm64_sys_ioctl+0xb4c/0xbdc
[   28.733260]  invoke_syscall.constprop.0+0x74/0xcc
[   28.733472]  do_el0_svc+0x4c/0xbc
[   28.733633]  el0_svc+0xdc/0x12c
[   28.733779]  el0t_64_sync_handler+0x40/0xe4
[   28.733965]  el0t_64_sync+0x198/0x19c
[   28.734324] Code: a9046bf9 d280001 d503201f 8b191ac2 (f9400440)
[   28.734748] ---[ end trace 0000000000000000 ]---

Signed-off-by: Jacob Pan <[email protected]>

Author: jacobpan

drivers/iommu/iommufd/io_pagetable.c

@@ -251,7 +251,7 @@ static struct iopt_area *iopt_area_alloc(void)
 	return area;
 }
 
-static int iopt_alloc_area_pages(struct io_pagetable *iopt,
+static noinline int iopt_alloc_area_pages(struct io_pagetable *iopt,
 				 struct list_head *pages_list,
 				 unsigned long length, unsigned long *dst_iova,
 				 int iommu_prot, unsigned int flags)

include/uapi/linux/iommufd.h

@@ -219,6 +219,17 @@ struct iommu_ioas_map {
 };
 #define IOMMU_IOAS_MAP _IO(IOMMUFD_TYPE, IOMMUFD_CMD_IOAS_MAP)
 
+struct iommu_ioas_map_noiommu {
+	__u32 size;
+	__u32 flags;
+	__u32 ioas_id;
+	__u32 __reserved;
+	__aligned_u64 user_va;
+	__aligned_u64 length;
+	__aligned_u64 iova;
+};
+#define IOMMU_IOAS_MAP_NOIOMMU _IO(IOMMUFD_TYPE, IOMMUFD_CMD_IOAS_MAP_NOIOMMU)
+
 /**
  * struct iommu_ioas_map_file - ioctl(IOMMU_IOAS_MAP_FILE)
  * @size: sizeof(struct iommu_ioas_map_file)

vfio-noiommu-pci-device-open.c

@@ -806,22 +806,24 @@ void device_reset(int devfd)
 	    printf("reset device successfully\n");
 }
 
-static void iommufd_ioas_map(int iommufd, int ioas_id, uint64_t iova, uint64_t paddr, uint64_t size)
+static void iommufd_ioas_map(int iommufd, int ioas_id, uint64_t iova,
+							 uint64_t uvaddr, uint64_t size)
 {
 	struct iommu_ioas_map map = {
 		.size = sizeof(map),
 		.flags = IOMMU_IOAS_MAP_READABLE,
 		.ioas_id = ioas_id,
 		.iova = iova,
-		.user_va = paddr,
+		.user_va = uvaddr,
 		.length = size,
 	};
 
 	if (ioctl(iommufd, IOMMU_IOAS_MAP, &map) != 0) {
 		perror("IOMMU_IOAS_MAP");
+		return;
 	}
 	printf("Successfully mapped iommufd %d IOAS %d IOVA 0x%lx to VA 0x%lx size 0x%lx\n",
-	       iommufd, ioas_id, (unsigned long)iova, (unsigned long)paddr,
+	       iommufd, ioas_id, (unsigned long)iova, (unsigned long)uvaddr,
 	       (unsigned long)size);
 }
 
@@ -867,6 +869,7 @@ int iommufd_noiommu_test(const char *bdf)
 	char *path = NULL;
 	int devfd;
 	int ioas_id;
+	uint64_t uvaddr;
 
 	struct vfio_device_bind_iommufd bind = {
 		.argsz = sizeof(bind),
@@ -902,13 +905,28 @@ int iommufd_noiommu_test(const char *bdf)
 
 	iommufd_bind(__iommufd, devfd);
 	//ioas_destroy(__iommufd, ioas_id);
-	vfio_device_attach_iommufd_pt_ioctl(devfd, ioas_id);
-	vfio_device_detach_iommufd_pt_ioctl(devfd);
-	device_reset(devfd);
+	if (vfio_device_attach_iommufd_pt_ioctl(devfd, ioas_id)) {
+		printf("Failed to attach pt to device\n");
+		return -1;
+	}
+	printf("Successfully attached PT to device\n");
+
+	uvaddr = (uint64_t)mmap(NULL, 0x2000, PROT_READ | PROT_WRITE,
+				MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+	if (uvaddr == (uint64_t)MAP_FAILED) {
+		printf("mmap failed\n");
+		return -1;
+	}
+	printf("Allocated user VA at 0x%lx\n", (unsigned long)uvaddr);
+	iommufd_ioas_map(__iommufd, ioas_id, 0x10000, uvaddr, 0x10000);
+	if (vfio_device_detach_iommufd_pt_ioctl(devfd)) {
+		printf("Failed to detach pt from device\n");
+		return -1;
+	}
+	printf("Successfully detached PT from device\n");
 
-	//ioas_alloc(__iommufd);
+	device_reset(devfd);
 
-	iommufd_ioas_map(__iommufd, ioas_id, 0x1000, 0x1000, 0x1000);
 	vfio_test_hot_reset(devfd);
 	vfio_test_device_info(devfd);