@@ -96,6 +96,19 @@ Following IOMMUFD objects are exposed to userspace:
9696 backed by corresponding vIOMMU objects, in which case a guest OS would do
9797 the "dispatch" naturally instead of VMM trappings.
9898
99+ - IOMMUFD_OBJ_VDEVICE, representing a virtual device for an IOMMUFD_OBJ_DEVICE
100+ against an IOMMUFD_OBJ_VIOMMU. This virtual device holds the device's virtual
101+ information or attributes (related to the vIOMMU) in a VM. An immediate vDATA
102+ example can be the virtual ID of the device on a vIOMMU, which is a unique ID
103+ that VMM assigns to the device for a translation channel/port of the vIOMMU,
104+ e.g. vSID of ARM SMMUv3, vDeviceID of AMD IOMMU, and vRID of Intel VT-d to a
105+ Context Table. Potential use cases of some advanced security information can
106+ be forwarded via this object too, such as security level or realm information
107+ in a Confidential Compute Architecture. A VMM should create a vDEVICE object
108+ to forward all the device information in a VM, when it connects a device to a
109+ vIOMMU, which is a separate ioctl call from attaching the same device to an
110+ HWPT_PAGING that the vIOMMU holds.
111+
99112All user-visible objects are destroyed via the IOMMU_DESTROY uAPI.
100113
101114The diagrams below show relationships between user-visible objects and kernel
@@ -135,16 +148,16 @@ creating the objects and links::
135148 |____________| |____________| |______|
136149
137150 _______________________________________________________________________
138- | iommufd (with vIOMMU) |
151+ | iommufd (with vIOMMU/vDEVICE) |
139152 | |
140- | [5] |
141- | _____________ |
142- | | | |
143- | |----------------| vIOMMU | |
144- | | | | |
145- | | | | |
146- | | [1] | | [4] [2] |
147- | | ______ | | _____________ ________ |
153+ | [5] [6] |
154+ | _____________ _____________ |
155+ | | | | | |
156+ | |----------------| vIOMMU |<---| vDEVICE |<----| |
157+ | | | | |_____________| | |
158+ | | | | | |
159+ | | [1] | | [4] | [2] |
160+ | | ______ | | _____________ _|______ |
148161 | | | | | [3] | | | | | |
149162 | | | IOAS |<---|(HWPT_PAGING)|<---| HWPT_NESTED |<--| DEVICE | |
150163 | | |______| |_____________| |_____________| |________| |
@@ -217,6 +230,15 @@ creating the objects and links::
217230 the vIOMMU object and the HWPT_PAGING, then this vIOMMU object can be used
218231 as a nesting parent object to allocate an HWPT_NESTED object described above.
219232
233+ 6. IOMMUFD_OBJ_VDEVICE can be only manually created via the IOMMU_VDEVICE_ALLOC
234+ uAPI, provided a viommu_id for an iommufd_viommu object and a dev_id for an
235+ iommufd_device object. The vDEVICE object will be the binding between these
236+ two parent objects. Another @virt_id will be also set via the uAPI providing
237+ the iommufd core an index to store the vDEVICE object to a vDEVICE array per
238+ vIOMMU. If necessary, the IOMMU driver may choose to implement a vdevce_alloc
239+ op to init its HW for virtualization feature related to a vDEVICE. Successful
240+ completion of this operation sets up the linkages between vIOMMU and device.
241+
220242A device can only bind to an iommufd due to DMA ownership claim and attach to at
221243most one IOAS object (no support of PASID yet).
222244
@@ -230,6 +252,7 @@ User visible objects are backed by following datastructures:
230252- iommufd_hwpt_paging for IOMMUFD_OBJ_HWPT_PAGING.
231253- iommufd_hwpt_nested for IOMMUFD_OBJ_HWPT_NESTED.
232254- iommufd_viommu for IOMMUFD_OBJ_VIOMMU.
255+ - iommufd_vdevice for IOMMUFD_OBJ_VDEVICE.
233256
234257Several terminologies when looking at these datastructures:
235258
0 commit comments