From: Tom Lyon <pugs@lyon-about.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/1] uio_pci_generic: extensions to allow access for non-privileged processes
Date: Thu, 1 Apr 2010 09:02:41 -0700 [thread overview]
Message-ID: <201004010902.42002.pugs@lyon-about.com> (raw)
In-Reply-To: <20100401142504.GA6338@redhat.com>
On Thursday 01 April 2010 07:25:04 am Michael S. Tsirkin wrote:
> On Wed, Mar 31, 2010 at 05:08:38PM -0700, Tom Lyon wrote:
> > uio_pci_generic has previously been discussed on the KVM list, but this
> > patch has nothing to do with KVM, so it is also going to LKML.
> >
> > The point of this patch is to beef up the uio_pci_generic driver so that
> > a non-privileged user process can run a user level driver for most PCIe
> > devices. This can only be safe if there is an IOMMU in the system with
> > per-device domains.
>
> Why? Per-guest domain should be safe enough.
I'm not sure what 'per-guest' means in an ordinary process context.
>
> > Privileged users (CAP_SYS_RAWIO) are allowed if there is
> > no IOMMU.
>
> qemu does not support it, I doubt this last option is worth having.
This is extremely useful in non IOMMU systems - again, we're talking ordinary
processes, nothing to do with VMs. As long as the program can be trusted,
e.g., in embedded apps.
>
> > Specifically, I seek to allow low-latency user level network drivers (non
> > tcp/ip) which directly access SR-IOV style virtual network adapters, for
> > use with packages such as OpenMPI.
> >
> > Key areas of change:
> > - ioctl extensions to allow registration and dma mapping of memory
> > regions, with lock accounting
> > - support for mmu notifier driven de-mapping
> > - support for MSI and MSI-X interrupts (the intel 82599 VFs support only
> > MSI-X)
> > - allowing interrupt enabling and device register mapping all
> > through /dev/uio* so that permissions may be granted just by chmod
> > on /dev/uio*
>
> For non-priveledged users, we need a way to enforce that
> device is bound to an iommu.
Right now I just use iommu_found - assuming that if we have one, it is in use.
Something better would be nice.
> Further, locking really needs to be scoped with iommu domain existance
> and with iommu mappings: as long as a page is mapped in iommu,
> it must be locked. This patch does not seem to enforce that.
Sure it does. The DMA API - get_user_pages and dma_map_sg lock pages into the
MMU and the IOMMU. The MMU notifier unlocks if the user forgets to do it
explicitly.
> Also note that what we really want is a single iommu domain per guest,
> not per device.
For my networking applications, I will need the ability to talk to multiple
devices on potentially separate IOMMUs. What would per-guest mean then?
>
> For this reason, I think we should address the problem somwwhat
> differently:
> - Create a character device to represent the iommu
> - This device will handle memory locking etc
> - Allow binding this device to iommu
> - Allow other operations only after iommu is bound
There are still per-device issues with locking - in particular the size of the
device's DMA address space. The DMA API already handles this - why not use
it? It would be nice to have a way to test whether a device is truly covered
by an IOMMU, but today it appears that if an IOMMU exists, then it covers all
devices (at least as far as I can see for x86).
next prev parent reply other threads:[~2010-04-01 16:05 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-01 0:08 [PATCH 0/1] uio_pci_generic: extensions to allow access for non-privileged processes Tom Lyon
2010-04-01 0:12 ` [PATCH 1/1] " Tom Lyon
2010-04-09 9:08 ` Joerg Roedel
2010-04-09 16:27 ` Tom Lyon
2010-04-01 9:09 ` [PATCH 0/1] " Avi Kivity
2010-04-01 15:39 ` Tom Lyon
2010-04-01 15:54 ` Avi Kivity
2010-04-01 16:06 ` Tom Lyon
2010-04-01 16:10 ` Avi Kivity
2010-04-01 19:24 ` Tom Lyon
2010-04-01 20:21 ` Joerg Roedel
2010-04-02 6:43 ` Avi Kivity
2010-04-02 17:05 ` Greg KH
2010-04-09 9:58 ` Avi Kivity
2010-04-09 16:34 ` Tom Lyon
2010-04-09 16:48 ` [PATCH 0/1] uio_pci_generic: extensions to allow access for?non-privileged processes Joerg Roedel
2010-04-09 17:43 ` [PATCH 0/1] uio_pci_generic: extensions to allow access for non-privileged processes Avi Kivity
2010-04-09 20:09 ` [PATCH 0/1] uio_pci_generic: extensions to allow access for?non-privileged processes Chris Wright
2010-04-09 20:05 ` [PATCH 0/1] uio_pci_generic: extensions to allow access for non-privileged processes Chris Wright
2010-04-01 21:27 ` Tom Lyon
2010-04-02 6:44 ` Avi Kivity
2010-04-01 12:52 ` Joerg Roedel
2010-04-01 15:40 ` Tom Lyon
2010-04-01 16:07 ` Joerg Roedel
2010-04-01 19:18 ` Tom Lyon
2010-04-01 20:09 ` Joerg Roedel
2010-04-01 14:25 ` Michael S. Tsirkin
2010-04-01 16:02 ` Tom Lyon [this message]
2010-04-01 16:57 ` Joerg Roedel
2010-04-01 19:08 ` Hans J. Koch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201004010902.42002.pugs@lyon-about.com \
--to=pugs@lyon-about.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox