From: Jason Gunthorpe <jgg@nvidia.com>
To: Yi Liu <yi.l.liu@intel.com>
Cc: Alex Williamson <alex.williamson@redhat.com>,
"Tian, Kevin" <kevin.tian@intel.com>,
"joro@8bytes.org" <joro@8bytes.org>,
"robin.murphy@arm.com" <robin.murphy@arm.com>,
"cohuck@redhat.com" <cohuck@redhat.com>,
"eric.auger@redhat.com" <eric.auger@redhat.com>,
"nicolinc@nvidia.com" <nicolinc@nvidia.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"mjrosato@linux.ibm.com" <mjrosato@linux.ibm.com>,
"chao.p.peng@linux.intel.com" <chao.p.peng@linux.intel.com>,
"yi.y.sun@linux.intel.com" <yi.y.sun@linux.intel.com>,
"peterx@redhat.com" <peterx@redhat.com>,
"jasowang@redhat.com" <jasowang@redhat.com>,
"shameerali.kolothum.thodi@huawei.com"
<shameerali.kolothum.thodi@huawei.com>,
"lulu@redhat.com" <lulu@redhat.com>,
"suravee.suthikulpanit@amd.com" <suravee.suthikulpanit@amd.com>,
"intel-gvt-dev@lists.freedesktop.org"
<intel-gvt-dev@lists.freedesktop.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"Hao, Xudong" <xudong.hao@intel.com>,
"Zhao, Yan Y" <yan.y.zhao@intel.com>,
"Xu, Terrence" <terrence.xu@intel.com>,
"Jiang, Yanting" <yanting.jiang@intel.com>,
"Duan, Zhenzhong" <zhenzhong.duan@intel.com>
Subject: Re: [PATCH v4 2/9] vfio-iommufd: Create iommufd_access for noiommu devices
Date: Tue, 2 May 2023 15:22:02 -0300 [thread overview]
Message-ID: <ZFFUyhqID+LtUB/D@nvidia.com> (raw)
In-Reply-To: <c203f11f-4d9f-cf43-03ab-e41a858bdd92@intel.com>
On Sat, Apr 29, 2023 at 12:13:39AM +0800, Yi Liu wrote:
> > Whoa, noiommu is inherently unsafe an only meant to expose the vfio
> > device interface for userspace drivers that are going to do unsafe
> > things regardless. Enabling noiommu to work with mdev, pin pages, or
> > anything else should not be on our agenda. Userspaces relying on niommu
> > get the minimum viable interface and must impose a minuscule
> > incremental maintenance burden. The only reason we're spending so much
> > effort on it here is to make iommufd noiommu support equivalent to
> > group/container noiommu support. We should stop at that. Thanks,
>
> btw. I asked a question in [1] to check if we should allow attach/detach
> on noiommu devices. Jason has replied it. If in future noiommu userspace
> can pin page, then such userspace will need to attach/detach ioas. So I
> made cdev series[2] to allow attach ioas on noiommu devices. Supporting
> it from cdev day-1 may avoid probing if attach/detach is supported or
> not for specific devices when adding pin page for noiommu userspace.
>
> But now, I think such a support will not in plan, is it? If so, will it
> be better to disallow attach/detach on noiommu devices in patch [2]?
>
> [1] https://lore.kernel.org/kvm/ZEa+khH0tUFStRMW@nvidia.com/
> [2] https://lore.kernel.org/kvm/20230426150321.454465-21-yi.l.liu@intel.com/
If we block it then userspace has to act quite differently, I think we
should keep it.
My general idea to complete the no-iommu feature is to add a new IOCTL
to VFIO that is 'pin iova and return dma addr' that no-iommu userspace
would call instead of trying to abuse mlock and /proc/ to do it. That
ioctl would use the IOAS attached to the access just like a mdev would
do, so it has a real IOVA, but it is not a mdev.
unmap callback just does nothing, as Alex says it is all still totally
unsafe.
This just allows it use the mm a little more properly and safely (eg
mlock() doesn't set things like page_maybe_dma_pinned(), proc doesn't
reject things like DAX and it currently doesn't make an adjustment for
the PCI offset stuff..) So it would make DPDK a little more robust,
portable and make the whole VFIO no-iommu feature much easier to use.
To do that we need an iommufd access, an access ID and we need to link
the current IOAS to the special access, like mdev, but in any mdev
code paths.
That creating the access ID solves the reset problem as well is a nice
side effect and is the only part of this you should focus on for now..
Jason
next prev parent reply other threads:[~2023-05-02 18:22 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-26 14:54 [PATCH v4 0/9] Enhance vfio PCI hot reset for vfio cdev device Yi Liu
2023-04-26 14:54 ` [PATCH v4 1/9] vfio: Determine noiommu in vfio_device registration Yi Liu
2023-04-27 6:36 ` Tian, Kevin
2023-04-27 7:05 ` Liu, Yi L
2023-04-27 18:35 ` Alex Williamson
2023-04-26 14:54 ` [PATCH v4 2/9] vfio-iommufd: Create iommufd_access for noiommu devices Yi Liu
2023-04-27 6:39 ` Tian, Kevin
2023-04-27 6:59 ` Liu, Yi L
2023-04-27 18:32 ` Alex Williamson
2023-04-28 6:21 ` Yi Liu
2023-04-28 7:00 ` Tian, Kevin
2023-04-28 7:04 ` Yi Liu
2023-04-28 12:07 ` Jason Gunthorpe
2023-04-28 16:07 ` Yi Liu
2023-05-02 18:12 ` Jason Gunthorpe
2023-05-03 9:48 ` Liu, Yi L
2023-05-03 19:42 ` Jason Gunthorpe
2023-05-08 15:46 ` Liu, Yi L
2023-04-28 16:13 ` Yi Liu
2023-05-02 18:22 ` Jason Gunthorpe [this message]
2023-05-03 9:57 ` Liu, Yi L
2023-05-03 19:41 ` Jason Gunthorpe
2023-05-03 22:49 ` Alex Williamson
2023-04-26 14:54 ` [PATCH v4 3/9] vfio/pci: Update comment around group_fd get in vfio_pci_ioctl_pci_hot_reset() Yi Liu
2023-04-26 14:54 ` [PATCH v4 4/9] vfio/pci: Move the existing hot reset logic to be a helper Yi Liu
2023-04-27 6:39 ` Tian, Kevin
2023-04-26 14:54 ` [PATCH v4 5/9] vfio: Mark cdev usage in vfio_device Yi Liu
2023-04-27 6:40 ` Tian, Kevin
2023-04-27 18:43 ` Alex Williamson
2023-04-28 6:42 ` Yi Liu
2023-04-26 14:54 ` [PATCH v4 6/9] iommufd: Reserved -1 in the iommufd xarray Yi Liu
2023-04-27 6:41 ` Tian, Kevin
2023-04-27 7:09 ` Liu, Yi L
2023-04-27 11:55 ` Jason Gunthorpe
2023-04-26 14:54 ` [PATCH v4 7/9] vfio-iommufd: Add helper to retrieve iommufd_ctx and devid for vfio_device Yi Liu
2023-04-27 6:45 ` Tian, Kevin
2023-04-27 7:15 ` Liu, Yi L
2023-04-26 14:54 ` [PATCH v4 8/9] vfio/pci: Extend VFIO_DEVICE_GET_PCI_HOT_RESET_INFO for vfio device cdev Yi Liu
2023-04-27 6:51 ` Tian, Kevin
2023-04-27 20:04 ` Alex Williamson
2023-04-27 20:15 ` Alex Williamson
2023-05-08 15:32 ` Liu, Yi L
2023-05-08 20:29 ` Alex Williamson
2023-04-26 14:54 ` [PATCH v4 9/9] vfio/pci: Allow passing zero-length fd array in VFIO_DEVICE_PCI_HOT_RESET Yi Liu
2023-04-27 6:54 ` Tian, Kevin
2023-04-27 7:02 ` Liu, Yi L
2023-04-27 21:55 ` Alex Williamson
2023-05-02 12:55 ` Liu, Yi L
2023-04-26 15:07 ` [PATCH v4 0/9] Enhance vfio PCI hot reset for vfio cdev device Liu, Yi L
2023-04-28 9:28 ` Jiang, Yanting
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZFFUyhqID+LtUB/D@nvidia.com \
--to=jgg@nvidia.com \
--cc=alex.williamson@redhat.com \
--cc=chao.p.peng@linux.intel.com \
--cc=cohuck@redhat.com \
--cc=eric.auger@redhat.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=intel-gvt-dev@lists.freedesktop.org \
--cc=jasowang@redhat.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=lulu@redhat.com \
--cc=mjrosato@linux.ibm.com \
--cc=nicolinc@nvidia.com \
--cc=peterx@redhat.com \
--cc=robin.murphy@arm.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=terrence.xu@intel.com \
--cc=xudong.hao@intel.com \
--cc=yan.y.zhao@intel.com \
--cc=yanting.jiang@intel.com \
--cc=yi.l.liu@intel.com \
--cc=yi.y.sun@linux.intel.com \
--cc=zhenzhong.duan@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox