From: Jason Gunthorpe <jgg@ziepe.ca>
To: Samiullah Khawaja <skhawaja@google.com>
Cc: Pasha Tatashin <pasha.tatashin@soleen.com>,
David Woodhouse <dwmw2@infradead.org>,
Lu Baolu <baolu.lu@linux.intel.com>,
Joerg Roedel <joro@8bytes.org>, Will Deacon <will@kernel.org>,
iommu@lists.linux.dev, YiFei Zhu <zhuyifei@google.com>,
Robin Murphy <robin.murphy@arm.com>,
Pratyush Yadav <pratyush@kernel.org>,
Kevin Tian <kevin.tian@intel.com>,
linux-kernel@vger.kernel.org, Saeed Mahameed <saeedm@nvidia.com>,
Adithya Jayachandran <ajayachandra@nvidia.com>,
Parav Pandit <parav@nvidia.com>,
Leon Romanovsky <leonro@nvidia.com>, William Tu <witu@nvidia.com>,
Vipin Sharma <vipinsh@google.com>,
dmatlack@google.com, Chris Li <chrisl@kernel.org>,
praan@google.com
Subject: Re: [RFC PATCH 13/15] iommufd: Persist iommu domains for live update
Date: Thu, 2 Oct 2025 14:37:15 -0300 [thread overview]
Message-ID: <20251002173715.GH3195829@ziepe.ca> (raw)
In-Reply-To: <CAAywjhQrAWPjb8YtO=+G+pfJpW7p-rwrj03zB8ZqdhB0wtsO0w@mail.gmail.com>
On Thu, Oct 02, 2025 at 10:03:05AM -0700, Samiullah Khawaja wrote:
> > I think the simplest thing is the domain exists forever until
> > userspace attaches an iommufd, takes ownership of it and frees it.
> > Nothing to do with finish.
>
> Hmm.. I think this is tricky. There needs to be a way to clean up and
> discard the old state if the userspace doesn't need it.
Why?
Isn't "userspace doesn't need it" some extermely weird unused corner
case?
This should not be automatic or divorced from userspace, if the
operator would like to switch something out of LUO then they should
have userspace that co-ordinates this. Receive the iommufd, close it,
install a normal kernel driver.
Why make special code in the kernel to sequence this automatically?
> session manager (VMM or LUOD) decides that the finish needs to happen
> and the iommufd (or the underlying HWPTs) are not restored, it means
> that LUOD has decided that the VM is not going to come up and the
> preserved state and resources (domain, device, memory) need to be
> freed/released.
I've been assuming if luo fails so catastrophically the whole node
would reboot to recover.
Is there really a case where you might say a kexec happens and a
single VM out of many doesn't survive? Seems weird..
So to repeat above, if this is something people want then the
userspace should complete luo restoring the failed vm and then turn
around and free up all the resources. Why should the kernel
automatically do the same operations?
Maybe userspace needs some contingency flow where there is a dedicated
reaper program for a luo session. The VMM crashes during restore, OK,
we pass the luo FD to a reaper and it cleans up the objects in the
session and closes it.
> > Maybe the HWPT has to be auto-created inside the iommufd as soon as it
> > is attached. The "restore" ioctl would just return back the ID of this
> > already created HWPT.
>
> Once we return the ID, do we make this HWPT mutable? Or is this
> re-created HWPT just a handle to keep the domain ownership?
That's a bigger question..
For starting I was imagining that the restored iommu_domain was
immutable, eg it does not have map and unmap operations. It never
becomes mutable.
As I outlined this special luo immutable domain is then attached
during early boot, which sould be a NOP, and gets turned into a HWPT
during iommufd restoration. The only thing userspace should be able to
do with that HWPT handle is destroy it after replacing it.
Jason
next prev parent reply other threads:[~2025-10-02 17:37 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-28 19:06 [RFC PATCH 00/15] iommu: Add live update state preservation Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 01/15] iommu/vt-d: Register with Live Update Orchestrator Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 02/15] iommu: Add rw_semaphore to serialize live update state Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 03/15] iommu/vt-d: Prevent hotplugs when live update state is not normal Samiullah Khawaja
2025-09-29 15:51 ` Jason Gunthorpe
2025-09-29 16:50 ` Pasha Tatashin
2025-09-29 17:21 ` Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 04/15] iommu: Add preserve iommu_domain op Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 05/15] iommu: Introduce API to preserve iommu domain Samiullah Khawaja
2025-09-29 15:54 ` Jason Gunthorpe
2025-09-29 18:11 ` Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 06/15] iommu/vt-d: Add stub intel iommu domain preserve op Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 07/15] iommu/vt-d: Add implementation of live update prepare callback Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 08/15] iommu/vt-d: Implement live update preserve_iommu_context Samiullah Khawaja
2025-09-29 15:57 ` Jason Gunthorpe
2025-09-28 19:06 ` [RFC PATCH 09/15] iommu/vt-d: Add live update freeze callback Samiullah Khawaja
2025-09-29 15:58 ` Jason Gunthorpe
2025-09-28 19:06 ` [RFC PATCH 10/15] iommu/vt-d: Restore iommu root_table and context on live update Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 11/15] iommufd: Add basic skeleton based on liveupdate_file_handle Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 12/15] iommufd-luo: Implement basic prepare/cancel/finish/retrieve using folios Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 13/15] iommufd: Persist iommu domains for live update Samiullah Khawaja
2025-09-29 16:00 ` Jason Gunthorpe
2025-09-29 17:32 ` Samiullah Khawaja
2025-09-29 17:43 ` Jason Gunthorpe
2025-09-29 17:45 ` Pasha Tatashin
2025-09-30 13:07 ` Pasha Tatashin
2025-09-30 13:59 ` Jason Gunthorpe
2025-09-30 15:09 ` Pasha Tatashin
2025-09-30 16:31 ` Jason Gunthorpe
2025-09-30 20:02 ` Samiullah Khawaja
2025-09-30 21:05 ` Jason Gunthorpe
2025-09-30 23:15 ` Samiullah Khawaja
2025-10-01 11:47 ` Jason Gunthorpe
2025-10-01 19:28 ` Pasha Tatashin
2025-10-02 11:57 ` Jason Gunthorpe
2025-10-02 14:43 ` Pasha Tatashin
2025-10-02 15:10 ` Jason Gunthorpe
2025-10-02 19:29 ` Samiullah Khawaja
2025-10-02 21:12 ` Jason Gunthorpe
2025-10-02 21:30 ` Pasha Tatashin
2025-10-02 22:58 ` Jason Gunthorpe
2025-10-02 23:56 ` Samiullah Khawaja
2025-10-03 12:09 ` Jason Gunthorpe
2025-10-02 1:00 ` Samiullah Khawaja
2025-10-02 13:41 ` Jason Gunthorpe
2025-10-02 14:59 ` Pasha Tatashin
2025-10-02 17:03 ` Samiullah Khawaja
2025-10-02 17:37 ` Jason Gunthorpe [this message]
2025-10-02 18:08 ` Samiullah Khawaja
2025-10-10 1:28 ` Pasha Tatashin
2025-10-10 14:24 ` Jason Gunthorpe
2025-09-28 19:06 ` [RFC PATCH 14/15] iommu/vt-d: sanitize restored root table and iommu contexts Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 15/15] iommufd/selftest: Add test to verify iommufd preservation Samiullah Khawaja
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251002173715.GH3195829@ziepe.ca \
--to=jgg@ziepe.ca \
--cc=ajayachandra@nvidia.com \
--cc=baolu.lu@linux.intel.com \
--cc=chrisl@kernel.org \
--cc=dmatlack@google.com \
--cc=dwmw2@infradead.org \
--cc=iommu@lists.linux.dev \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=leonro@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=parav@nvidia.com \
--cc=pasha.tatashin@soleen.com \
--cc=praan@google.com \
--cc=pratyush@kernel.org \
--cc=robin.murphy@arm.com \
--cc=saeedm@nvidia.com \
--cc=skhawaja@google.com \
--cc=vipinsh@google.com \
--cc=will@kernel.org \
--cc=witu@nvidia.com \
--cc=zhuyifei@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox