From: Alex Williamson <alex.williamson@redhat.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: "Tian, Kevin" <kevin.tian@intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"aaronlewis@google.com" <aaronlewis@google.com>,
"bhelgaas@google.com" <bhelgaas@google.com>,
"dmatlack@google.com" <dmatlack@google.com>,
"vipinsh@google.com" <vipinsh@google.com>,
"seanjc@google.com" <seanjc@google.com>,
"jrhilke@google.com" <jrhilke@google.com>
Subject: Re: [PATCH] vfio/pci: Separate SR-IOV VF dev_set
Date: Thu, 3 Jul 2025 14:29:04 -0600 [thread overview]
Message-ID: <20250703142904.56924edf.alex.williamson@redhat.com> (raw)
In-Reply-To: <20250703132350.GC1209783@nvidia.com>
On Thu, 3 Jul 2025 10:23:50 -0300
Jason Gunthorpe <jgg@nvidia.com> wrote:
> On Thu, Jul 03, 2025 at 06:10:19AM +0000, Tian, Kevin wrote:
> > > From: Jason Gunthorpe <jgg@nvidia.com>
> > > Sent: Thursday, July 3, 2025 1:56 AM
> > >
> > > On Wed, Jul 02, 2025 at 11:50:32AM -0600, Alex Williamson wrote:
> > > > I haven't tried it, but it may be possible to trigger a hot reset
> > > > on a user owned PF while there are open VFs. If that is possible, I
> > > > wonder if it isn't just a userspace problem though, it doesn't seem
> > > > there's anything fundamentally wrong with it from a vfio perspective.
> > > > The vf-token already indicates at the kernel level that there is
> > > > collaboration between PF and VF userspace drivers.
> > >
> > > I think it will disable SRIOV and that will leave something of a
> > > mess. Arguably we should be blocking resets that disable SRIOV inside
> > > vfio?
> > >
> >
> > Is there any reset which doesn't disable SRIOV? According to PCIe
> > spec both conventional reset and FLR targeting a PF clears the
> > VF enable bit.
>
> This is my understanding, I think there might be a little hole here in
> the vfio SRIOV support?
I wrote a test case and we don't prevent a vfio-pci userspace driver
from resetting the PF while also having open a VF, but I'm also not
sure what problem that causes.
pci_restore_state() calls pci_restore_iov_state(), so VF Enable does get
cleared by the reset (we don't actively tear down SR-IOV before reset),
but it's restored. VFs are not technically on a subordinate bus, so
none of those check prevent a bus reset. I think this is why we have
the VF token, we cannot guarantee that a userspace owner of the PF
doesn't do something stupid while the VF is in use.
Also, PF->bus != VF->bus, so VFs don't get added to the PF dev_set.
The PF will do a hot reset with just the PF group fd and of course FLR
doesn't require proof of ownership of other devices. Again, I don't
think giving each VF its own dev_set changes anything in this respect.
Should we do more here? What problem are we solving? Thanks,
Alex
next prev parent reply other threads:[~2025-07-03 20:29 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-26 22:56 [PATCH] vfio/pci: Separate SR-IOV VF dev_set Alex Williamson
2025-06-30 6:32 ` Tian, Kevin
2025-06-30 13:15 ` Yi Liu
2025-06-30 14:57 ` Alex Williamson
2025-07-02 16:00 ` Jason Gunthorpe
2025-07-02 17:50 ` Alex Williamson
2025-07-02 17:55 ` Jason Gunthorpe
2025-07-03 6:10 ` Tian, Kevin
2025-07-03 13:23 ` Jason Gunthorpe
2025-07-03 20:29 ` Alex Williamson [this message]
2025-07-03 23:35 ` Jason Gunthorpe
2025-07-15 18:42 ` Alex Williamson
2025-07-15 18:53 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250703142904.56924edf.alex.williamson@redhat.com \
--to=alex.williamson@redhat.com \
--cc=aaronlewis@google.com \
--cc=bhelgaas@google.com \
--cc=dmatlack@google.com \
--cc=jgg@nvidia.com \
--cc=jrhilke@google.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=seanjc@google.com \
--cc=vipinsh@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).