From: Tom Lyon <pugs@lyon-about.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/1] uio_pci_generic: extensions to allow access for non-privileged processes
Date: Thu, 1 Apr 2010 09:02:41 -0700 [thread overview]
Message-ID: <201004010902.42002.pugs@lyon-about.com> (raw)
In-Reply-To: <20100401142504.GA6338@redhat.com>
On Thursday 01 April 2010 07:25:04 am Michael S. Tsirkin wrote:
> On Wed, Mar 31, 2010 at 05:08:38PM -0700, Tom Lyon wrote:
> > uio_pci_generic has previously been discussed on the KVM list, but this
> > patch has nothing to do with KVM, so it is also going to LKML.
> >
> > The point of this patch is to beef up the uio_pci_generic driver so that
> > a non-privileged user process can run a user level driver for most PCIe
> > devices. This can only be safe if there is an IOMMU in the system with
> > per-device domains.
>
> Why? Per-guest domain should be safe enough.
I'm not sure what 'per-guest' means in an ordinary process context.
>
> > Privileged users (CAP_SYS_RAWIO) are allowed if there is
> > no IOMMU.
>
> qemu does not support it, I doubt this last option is worth having.
This is extremely useful in non IOMMU systems - again, we're talking ordinary
processes, nothing to do with VMs. As long as the program can be trusted,
e.g., in embedded apps.
>
> > Specifically, I seek to allow low-latency user level network drivers (non
> > tcp/ip) which directly access SR-IOV style virtual network adapters, for
> > use with packages such as OpenMPI.
> >
> > Key areas of change:
> > - ioctl extensions to allow registration and dma mapping of memory
> > regions, with lock accounting
> > - support for mmu notifier driven de-mapping
> > - support for MSI and MSI-X interrupts (the intel 82599 VFs support only
> > MSI-X)
> > - allowing interrupt enabling and device register mapping all
> > through /dev/uio* so that permissions may be granted just by chmod
> > on /dev/uio*
>
> For non-priveledged users, we need a way to enforce that
> device is bound to an iommu.
Right now I just use iommu_found - assuming that if we have one, it is in use.
Something better would be nice.
> Further, locking really needs to be scoped with iommu domain existance
> and with iommu mappings: as long as a page is mapped in iommu,
> it must be locked. This patch does not seem to enforce that.
Sure it does. The DMA API - get_user_pages and dma_map_sg lock pages into the
MMU and the IOMMU. The MMU notifier unlocks if the user forgets to do it
explicitly.
> Also note that what we really want is a single iommu domain per guest,
> not per device.
For my networking applications, I will need the ability to talk to multiple
devices on potentially separate IOMMUs. What would per-guest mean then?
>
> For this reason, I think we should address the problem somwwhat
> differently:
> - Create a character device to represent the iommu
> - This device will handle memory locking etc
> - Allow binding this device to iommu
> - Allow other operations only after iommu is bound
There are still per-device issues with locking - in particular the size of the
device's DMA address space. The DMA API already handles this - why not use
it? It would be nice to have a way to test whether a device is truly covered
by an IOMMU, but today it appears that if an IOMMU exists, then it covers all
devices (at least as far as I can see for x86).
next prev parent reply other threads:[~2010-04-01 16:05 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-01 0:08 [PATCH 0/1] uio_pci_generic: extensions to allow access for non-privileged processes Tom Lyon
2010-04-01 0:12 ` [PATCH 1/1] " Tom Lyon
2010-04-09 9:08 ` Joerg Roedel
2010-04-09 16:27 ` Tom Lyon
2010-04-01 9:09 ` [PATCH 0/1] " Avi Kivity
2010-04-01 15:39 ` Tom Lyon
2010-04-01 15:54 ` Avi Kivity
2010-04-01 16:06 ` Tom Lyon
2010-04-01 16:10 ` Avi Kivity
2010-04-01 19:24 ` Tom Lyon
2010-04-01 20:21 ` Joerg Roedel
2010-04-02 6:43 ` Avi Kivity
2010-04-02 17:05 ` Greg KH
2010-04-09 9:58 ` Avi Kivity
2010-04-09 16:34 ` Tom Lyon
2010-04-09 16:48 ` [PATCH 0/1] uio_pci_generic: extensions to allow access for?non-privileged processes Joerg Roedel
2010-04-09 17:43 ` [PATCH 0/1] uio_pci_generic: extensions to allow access for non-privileged processes Avi Kivity
2010-04-09 20:09 ` [PATCH 0/1] uio_pci_generic: extensions to allow access for?non-privileged processes Chris Wright
2010-04-09 20:05 ` [PATCH 0/1] uio_pci_generic: extensions to allow access for non-privileged processes Chris Wright
2010-04-01 21:27 ` Tom Lyon
2010-04-02 6:44 ` Avi Kivity
2010-04-01 12:52 ` Joerg Roedel
2010-04-01 15:40 ` Tom Lyon
2010-04-01 16:07 ` Joerg Roedel
2010-04-01 19:18 ` Tom Lyon
2010-04-01 20:09 ` Joerg Roedel
2010-04-01 14:25 ` Michael S. Tsirkin
2010-04-01 16:02 ` Tom Lyon [this message]
2010-04-01 16:57 ` Joerg Roedel
2010-04-01 19:08 ` Hans J. Koch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201004010902.42002.pugs@lyon-about.com \
--to=pugs@lyon-about.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.