From: David Matlack <dmatlack@google.com>
To: Yi Liu <yi.l.liu@intel.com>
Cc: "Alex Williamson" <alex@shazbot.org>,
"Bjorn Helgaas" <bhelgaas@google.com>,
"Adithya Jayachandran" <ajayachandra@nvidia.com>,
"Alexander Graf" <graf@amazon.com>,
"Alex Mastro" <amastro@fb.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Ankit Agrawal" <ankita@nvidia.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Askar Safin" <safinaskar@gmail.com>,
"Borislav Petkov (AMD)" <bp@alien8.de>,
"Chris Li" <chrisl@kernel.org>,
"Dapeng Mi" <dapeng1.mi@linux.intel.com>,
"David Rientjes" <rientjes@google.com>,
"Feng Tang" <feng.tang@linux.alibaba.com>,
"Jacob Pan" <jacob.pan@linux.microsoft.com>,
"Jason Gunthorpe" <jgg@nvidia.com>,
"Jason Gunthorpe" <jgg@ziepe.ca>,
"Jonathan Corbet" <corbet@lwn.net>,
"Josh Hilke" <jrhilke@google.com>, "Kees Cook" <kees@kernel.org>,
"Kevin Tian" <kevin.tian@intel.com>,
kexec@lists.infradead.org, kvm@vger.kernel.org,
"Leon Romanovsky" <leon@kernel.org>,
"Leon Romanovsky" <leonro@nvidia.com>,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-kselftest@vger.kernel.org, linux-mm@kvack.org,
linux-pci@vger.kernel.org, "Li RongQing" <lirongqing@baidu.com>,
"Lukas Wunner" <lukas@wunner.de>,
"Marco Elver" <elver@google.com>,
"Michał Winiarski" <michal.winiarski@intel.com>,
"Mike Rapoport" <rppt@kernel.org>,
"Parav Pandit" <parav@nvidia.com>,
"Pasha Tatashin" <pasha.tatashin@soleen.com>,
"Paul E. McKenney" <paulmck@kernel.org>,
"Pawan Gupta" <pawan.kumar.gupta@linux.intel.com>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
"Pranjal Shrivastava" <praan@google.com>,
"Pratyush Yadav" <pratyush@kernel.org>,
"Raghavendra Rao Ananta" <rananta@google.com>,
"Randy Dunlap" <rdunlap@infradead.org>,
"Rodrigo Vivi" <rodrigo.vivi@intel.com>,
"Saeed Mahameed" <saeedm@nvidia.com>,
"Samiullah Khawaja" <skhawaja@google.com>,
"Shuah Khan" <skhan@linuxfoundation.org>,
"Vipin Sharma" <vipinsh@google.com>,
"Vivek Kasireddy" <vivek.kasireddy@intel.com>,
"William Tu" <witu@nvidia.com>,
"Zhu Yanjun" <yanjun.zhu@linux.dev>
Subject: Re: [PATCH v3 03/24] PCI: Require Live Update preserved devices are in singleton iommu_groups
Date: Wed, 25 Mar 2026 17:29:48 +0000 [thread overview]
Message-ID: <acQbjF53aIzv7Ieq@google.com> (raw)
In-Reply-To: <b16f93af-1ec6-43f5-b4d0-b1d390e3c23c@intel.com>
On 2026-03-25 07:12 PM, Yi Liu wrote:
>
>
> On 3/25/26 02:00, David Matlack wrote:
> > On 2026-03-24 09:07 PM, Yi Liu wrote:
> > > On 3/24/26 07:57, David Matlack wrote:
> > > > Require that Live Update preserved devices are in singleton iommu_groups
> > > > during preservation (outgoing kernel) and retrieval (incoming kernel).
> > > >
> > > > PCI devices preserved across Live Update will be allowed to perform
> > > > memory transactions throughout the Live Update. Thus IOMMU groups for
> > > > preserved devices must remain fixed. Since all current use cases for
> > > > Live Update are for PCI devices in singleton iommu_groups, require that
> > > > as a starting point. This avoids the complexity of needing to enforce
> > > > arbitrary iommu_group topologies while still allowing all current use
> > > > cases.
> > > >
> > > > Suggested-by: Jason Gunthorpe <jgg@nvidia.com>
> > > > Signed-off-by: David Matlack <dmatlack@google.com>
> > > > ---
> > > > drivers/pci/liveupdate.c | 34 +++++++++++++++++++++++++++++++++-
> > > > 1 file changed, 33 insertions(+), 1 deletion(-)
> > > >
> > > > diff --git a/drivers/pci/liveupdate.c b/drivers/pci/liveupdate.c
> > > > index bec7b3500057..a3dbe06650ff 100644
> > > > --- a/drivers/pci/liveupdate.c
> > > > +++ b/drivers/pci/liveupdate.c
> > > > @@ -75,6 +75,8 @@
> > > > *
> > > > * * The device must not be a Physical Function (PF).
> > > > *
> > > > + * * The device must be the only device in its IOMMU group.
> > > > + *
> > > > * Preservation Behavior
> > > > * =====================
> > > > *
> > > > @@ -105,6 +107,7 @@
> > > > #include <linux/bsearch.h>
> > > > #include <linux/io.h>
> > > > +#include <linux/iommu.h>
> > > > #include <linux/kexec_handover.h>
> > > > #include <linux/kho/abi/pci.h>
> > > > #include <linux/liveupdate.h>
> > > > @@ -222,6 +225,31 @@ static void pci_ser_delete(struct pci_ser *ser, struct pci_dev *dev)
> > > > ser->nr_devices--;
> > > > }
> > > > +static int count_devices(struct device *dev, void *__nr_devices)
> > > > +{
> > > > + (*(int *)__nr_devices)++;
> > > > + return 0;
> > > > +}
> > > > +
> > >
> > > there was a related discussion on the singleton group check. have you
> > > considered the device_group_immutable_singleton() in below link?
> > >
> > > https://lore.kernel.org/linux-iommu/20220421052121.3464100-4-baolu.lu@linux.intel.com/
> >
> > Thanks for the link.
> >
> > Based on the discussion in the follow-up threads, I think the only check
> > in that function that is needed on top of what is in this patch to
> > ensure group immutability is this one:
> >
> > /*
> > * The device could be considered to be fully isolated if
> > * all devices on the path from the device to the host-PCI
> > * bridge are protected from peer-to-peer DMA by ACS.
> > */
> > if (!pci_acs_path_enabled(pdev, NULL, REQ_ACS_FLAGS))
> > return false;
> >
> > However, this would restrict Live Update support to only device
> > topologies that have these flags enabled. I am not yet sure if this
> > would be overly restrictive for the scenarios we care about supporting.
>
> yes. It's a bit different from that thread in which not only require
> singleton group but also need to be immutable.
>
> > An alternative way to ensure immutability would be to block adding
> > devices at probe time. i.e. Fail pci_device_group() if the device being
> > added has liveupdate_incoming=True, or if the group already contains a
> > device with liveupdate_{incoming,outgoing}=True. We would still need the
> > check in pci_liveupdate_preserve() to pretect against setting
> > liveupdate_outgoing=True on a device in a multi-device group.
>
> this looks good to me. But you'll disallow hotplug-in during liveupdate.
> not sure about if any decision w.r.t. hotplug. is it acceptable?
Anyone doing hotplug during the middle of a Live Update is asking for
trouble IMO. And it would only prevent a hot-plugged device from coming
up if it were to be added to the iommu_group as an existing preserved
device. I think that is reasonable.
> BTW. A question not specific to this patch. If failure happens after
> executing kexec, is there any chance to fallback to the prior kernel?
There are many failure paths during the reboot() syscall that can return
back to userspace, and then userspace can figure out how to bring the
system (e.g. VMs) back online on the current kernel.
But otherwise, kexec is currently a one way door. Once you kexec, into
the new kernel, you would have to do another Live Update to get back
into the previous kernel.
next prev parent reply other threads:[~2026-03-25 17:29 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-23 23:57 [PATCH v3 00/24] vfio/pci: Base Live Update support for VFIO device files David Matlack
2026-03-23 23:57 ` [PATCH v3 01/24] liveupdate: Export symbols needed by modules David Matlack
2026-03-23 23:57 ` [PATCH v3 02/24] PCI: Add API to track PCI devices preserved across Live Update David Matlack
2026-03-25 20:06 ` David Matlack
2026-03-25 23:12 ` Bjorn Helgaas
2026-03-26 21:39 ` David Matlack
2026-03-23 23:57 ` [PATCH v3 03/24] PCI: Require Live Update preserved devices are in singleton iommu_groups David Matlack
2026-03-24 13:07 ` Yi Liu
2026-03-24 18:00 ` David Matlack
2026-03-25 11:12 ` Yi Liu
2026-03-25 17:29 ` David Matlack [this message]
2026-03-25 23:13 ` Bjorn Helgaas
2026-03-23 23:57 ` [PATCH v3 04/24] PCI: Inherit bus numbers from previous kernel during Live Update David Matlack
2026-03-23 23:57 ` [PATCH v3 05/24] docs: liveupdate: Add documentation for PCI David Matlack
2026-03-23 23:57 ` [PATCH v3 06/24] vfio/pci: Register a file handler with Live Update Orchestrator David Matlack
2026-03-24 13:07 ` Yi Liu
2026-03-24 16:33 ` David Matlack
2026-03-23 23:57 ` [PATCH v3 07/24] vfio/pci: Preserve vfio-pci device files across Live Update David Matlack
2026-03-24 13:08 ` Yi Liu
2026-03-24 16:46 ` David Matlack
2026-03-23 23:58 ` [PATCH v3 08/24] vfio/pci: Retrieve preserved device files after " David Matlack
2026-03-24 13:08 ` Yi Liu
2026-03-24 17:05 ` David Matlack
2026-03-23 23:58 ` [PATCH v3 09/24] vfio/pci: Notify PCI subsystem about devices preserved across " David Matlack
2026-03-23 23:58 ` [PATCH v3 10/24] vfio: Enforce preserved devices are retrieved via LIVEUPDATE_SESSION_RETRIEVE_FD David Matlack
2026-03-23 23:58 ` [PATCH v3 11/24] vfio/pci: Store incoming Live Update state in struct vfio_pci_core_device David Matlack
2026-03-23 23:58 ` [PATCH v3 12/24] vfio/pci: Skip reset of preserved device after Live Update David Matlack
2026-03-23 23:58 ` [PATCH v3 13/24] docs: liveupdate: Add documentation for VFIO PCI David Matlack
2026-03-23 23:58 ` [PATCH v3 14/24] selftests/liveupdate: Move luo_test_utils.* into a reusable library David Matlack
2026-03-23 23:58 ` [PATCH v3 15/24] selftests/liveupdate: Add helpers to preserve/retrieve FDs David Matlack
2026-03-23 23:58 ` [PATCH v3 16/24] vfio: selftests: Build liveupdate library in VFIO selftests David Matlack
2026-03-23 23:58 ` [PATCH v3 17/24] vfio: selftests: Add Makefile support for TEST_GEN_PROGS_EXTENDED David Matlack
2026-03-23 23:58 ` [PATCH v3 18/24] vfio: selftests: Add vfio_pci_liveupdate_uapi_test David Matlack
2026-03-23 23:58 ` [PATCH v3 19/24] vfio: selftests: Initialize vfio_pci_device using a VFIO cdev FD David Matlack
2026-03-23 23:58 ` [PATCH v3 20/24] vfio: selftests: Add vfio_pci_liveupdate_kexec_test David Matlack
2026-03-23 23:58 ` [PATCH v3 21/24] vfio: selftests: Expose iommu_modes to tests David Matlack
2026-03-23 23:58 ` [PATCH v3 22/24] vfio: selftests: Expose low-level helper routines for setting up struct vfio_pci_device David Matlack
2026-03-23 23:58 ` [PATCH v3 23/24] vfio: selftests: Verify that opening VFIO device fails during Live Update David Matlack
2026-03-23 23:58 ` [PATCH v3 24/24] vfio: selftests: Add continuous DMA to vfio_pci_liveupdate_kexec_test David Matlack
2026-03-26 20:43 ` [PATCH v3 00/24] vfio/pci: Base Live Update support for VFIO device files David Matlack
-- strict thread matches above, loose matches on Subject: below --
2026-03-25 14:51 [PATCH v3 03/24] PCI: Require Live Update preserved devices are in singleton iommu_groups Liu, Yi L
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=acQbjF53aIzv7Ieq@google.com \
--to=dmatlack@google.com \
--cc=ajayachandra@nvidia.com \
--cc=akpm@linux-foundation.org \
--cc=alex@shazbot.org \
--cc=amastro@fb.com \
--cc=ankita@nvidia.com \
--cc=arnd@arndb.de \
--cc=bhelgaas@google.com \
--cc=bp@alien8.de \
--cc=chrisl@kernel.org \
--cc=corbet@lwn.net \
--cc=dapeng1.mi@linux.intel.com \
--cc=elver@google.com \
--cc=feng.tang@linux.alibaba.com \
--cc=graf@amazon.com \
--cc=jacob.pan@linux.microsoft.com \
--cc=jgg@nvidia.com \
--cc=jgg@ziepe.ca \
--cc=jrhilke@google.com \
--cc=kees@kernel.org \
--cc=kevin.tian@intel.com \
--cc=kexec@lists.infradead.org \
--cc=kvm@vger.kernel.org \
--cc=leon@kernel.org \
--cc=leonro@nvidia.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-pci@vger.kernel.org \
--cc=lirongqing@baidu.com \
--cc=lukas@wunner.de \
--cc=michal.winiarski@intel.com \
--cc=parav@nvidia.com \
--cc=pasha.tatashin@soleen.com \
--cc=paulmck@kernel.org \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=peterz@infradead.org \
--cc=praan@google.com \
--cc=pratyush@kernel.org \
--cc=rananta@google.com \
--cc=rdunlap@infradead.org \
--cc=rientjes@google.com \
--cc=rodrigo.vivi@intel.com \
--cc=rppt@kernel.org \
--cc=saeedm@nvidia.com \
--cc=safinaskar@gmail.com \
--cc=skhan@linuxfoundation.org \
--cc=skhawaja@google.com \
--cc=vipinsh@google.com \
--cc=vivek.kasireddy@intel.com \
--cc=witu@nvidia.com \
--cc=yanjun.zhu@linux.dev \
--cc=yi.l.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox