From: Alex Williamson <alex.williamson@redhat.com>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Alexey Kardashevskiy <aik@ozlabs.ru>,
linuxppc-dev@lists.ozlabs.org,
David Gibson <david@gibson.dropbear.id.au>,
Alexander Graf <agraf@suse.de>, Paul Mackerras <paulus@samba.org>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
kvm-ppc@vger.kernel.org, Rusty Russell <rusty@rustcorp.com.au>
Subject: Re: [PATCH 3/4] KVM: PPC: Add support for IOMMU in-kernel handling
Date: Tue, 18 Jun 2013 08:48:55 -0600 [thread overview]
Message-ID: <1371566935.22681.169.camel@ul30vt.home> (raw)
In-Reply-To: <1371530335.21896.169.camel@pasglop>
On Tue, 2013-06-18 at 14:38 +1000, Benjamin Herrenschmidt wrote:
> On Mon, 2013-06-17 at 20:32 -0600, Alex Williamson wrote:
>
> > Right, we don't want to create dependencies across modules. I don't
> > have a vision for how this should work. This is effectively a complete
> > side-band to vfio, so we're really just dealing in the iommu group
> > space. Maybe there needs to be some kind of registration of ownership
> > for the group using some kind of token. It would need to include some
> > kind of notification when that ownership ends. That might also be a
> > convenient tag to toggle driver probing off for devices in the group.
> > Other ideas? Thanks,
>
> All of that smells nasty like it will need a pile of bloody
> infrastructure.... which makes me think it's too complicated and not the
> right approach.
>
> How does access control work today on x86/VFIO ? Can you give me a bit
> more details ? I didn't get a good grasp in your previous email....
The current model is not x86 specific, but it only covers doing iommu
and device access through vfio. The kink here is that we're trying to
do device access and setup through vfio, but iommu manipulation through
kvm. We may want to revisit whether we can do the in-kernel iommu
manipulation through vfio rather than kvm.
For vfio in general, the group is the unit of ownership. A user is
granted access to /dev/vfio/$GROUP through file permissions. The user
opens the group and a container (/dev/vfio/vfio) and calls SET_CONTAINER
on the group. If supported by the platform, multiple groups can be set
to the same container, which allows for iommu domain sharing. Once a
group is associated with a container, an iommu backend can be
initialized for the container. Only then can a device be accessed
through the group.
So even if we were to pass a vfio group file descriptor into kvm and it
matched as some kind of ownership token on the iommu group, it's not
clear that's sufficient to assume we can start programming the iommu.
Thanks,
Alex
> From the look of it, the VFIO file descriptor is what has the "access
> control" to the underlying iommu, is this right ? So we somewhat need to
> transfer (or copy) that ownership from the VFIO fd to the KVM VM.
>
> I don't see a way to do that without some cross-layering here...
>
> Rusty, are you aware of some kernel mechanism we can use for that ?
>
> Cheers,
> Ben.
>
>
next prev parent reply other threads:[~2013-06-18 14:48 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-05 6:11 [PATCH 0/4 v3] KVM: PPC: IOMMU in-kernel handling Alexey Kardashevskiy
2013-06-05 6:11 ` [PATCH 1/4] KVM: PPC: Add support for multiple-TCE hcalls Alexey Kardashevskiy
2013-06-16 4:20 ` Benjamin Herrenschmidt
2013-06-16 22:06 ` Alexander Graf
2013-06-17 7:55 ` Alexey Kardashevskiy
2013-06-17 8:02 ` Alexander Graf
2013-06-17 8:34 ` Alexey Kardashevskiy
2013-06-17 8:40 ` Alexander Graf
2013-06-17 8:51 ` Alexey Kardashevskiy
2013-06-17 10:46 ` Alexander Graf
2013-06-17 10:48 ` Alexander Graf
2013-06-17 8:37 ` Benjamin Herrenschmidt
2013-06-17 8:42 ` Alexander Graf
2013-06-05 6:11 ` [PATCH 2/4] powerpc: Prepare to support kernel handling of IOMMU map/unmap Alexey Kardashevskiy
2013-06-16 4:26 ` Benjamin Herrenschmidt
2013-06-16 4:31 ` Benjamin Herrenschmidt
2013-06-17 9:17 ` Alexey Kardashevskiy
2013-06-05 6:11 ` [PATCH 3/4] KVM: PPC: Add support for IOMMU in-kernel handling Alexey Kardashevskiy
2013-06-16 4:39 ` Benjamin Herrenschmidt
2013-06-19 3:17 ` Alexey Kardashevskiy
2013-06-16 22:25 ` Alexander Graf
2013-06-16 22:39 ` Benjamin Herrenschmidt
2013-06-17 3:13 ` Alex Williamson
2013-06-17 3:56 ` Benjamin Herrenschmidt
2013-06-18 2:32 ` Alex Williamson
2013-06-18 4:38 ` Benjamin Herrenschmidt
2013-06-18 14:48 ` Alex Williamson [this message]
2013-06-18 21:58 ` Benjamin Herrenschmidt
2013-06-19 3:35 ` Rusty Russell
2013-06-19 4:59 ` Benjamin Herrenschmidt
2013-06-19 9:58 ` Alexander Graf
2013-06-19 14:50 ` Benjamin Herrenschmidt
2013-06-19 15:49 ` Alex Williamson
2013-06-20 4:58 ` Alexey Kardashevskiy
2013-06-20 5:28 ` David Gibson
2013-06-20 7:47 ` Benjamin Herrenschmidt
2013-06-20 8:48 ` Alexey Kardashevskiy
2013-06-20 14:55 ` Alex Williamson
2013-06-22 8:25 ` Alexey Kardashevskiy
2013-06-22 12:03 ` David Gibson
2013-06-22 14:28 ` Alex Williamson
2013-06-24 3:52 ` David Gibson
2013-06-24 4:41 ` Alex Williamson
2013-06-27 11:01 ` David Gibson
2013-06-22 23:28 ` Benjamin Herrenschmidt
2013-06-24 3:54 ` David Gibson
2013-06-24 3:58 ` Benjamin Herrenschmidt
2013-06-05 6:11 ` [PATCH 4/4] KVM: PPC: Add hugepage " Alexey Kardashevskiy
2013-06-16 4:46 ` Benjamin Herrenschmidt
2013-06-17 16:35 ` Paolo Bonzini
2013-06-12 3:14 ` [PATCH 0/4 v3] KVM: PPC: " Benjamin Herrenschmidt
-- strict thread matches above, loose matches on Subject: below --
2013-05-21 3:06 [PATCH 0/4 v2] " Alexey Kardashevskiy
2013-05-21 3:06 ` [PATCH 3/4] KVM: PPC: Add support for " Alexey Kardashevskiy
2013-05-22 21:06 ` Scott Wood
2013-05-25 2:45 ` David Gibson
2013-05-27 2:44 ` Alexey Kardashevskiy
2013-05-28 17:45 ` Scott Wood
2013-05-28 23:30 ` Alexey Kardashevskiy
2013-05-28 23:35 ` Scott Wood
2013-05-29 0:12 ` Alexey Kardashevskiy
2013-05-29 20:05 ` Scott Wood
2013-05-29 23:10 ` Alexey Kardashevskiy
2013-05-29 23:14 ` Scott Wood
2013-05-29 23:29 ` Alexey Kardashevskiy
2013-05-29 23:32 ` Scott Wood
2013-05-27 10:23 ` Paolo Bonzini
2013-05-27 14:26 ` Alexey Kardashevskiy
2013-05-27 14:41 ` Paolo Bonzini
2013-05-28 16:32 ` Scott Wood
2013-05-29 0:20 ` Alexey Kardashevskiy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1371566935.22681.169.camel@ul30vt.home \
--to=alex.williamson@redhat.com \
--cc=agraf@suse.de \
--cc=aik@ozlabs.ru \
--cc=benh@kernel.crashing.org \
--cc=david@gibson.dropbear.id.au \
--cc=kvm-ppc@vger.kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=paulus@samba.org \
--cc=rusty@rustcorp.com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).