From: Jason Gunthorpe <jgg@ziepe.ca>
To: Pasha Tatashin <pasha.tatashin@soleen.com>
Cc: Samiullah Khawaja <skhawaja@google.com>,
David Woodhouse <dwmw2@infradead.org>,
Lu Baolu <baolu.lu@linux.intel.com>,
Joerg Roedel <joro@8bytes.org>, Will Deacon <will@kernel.org>,
iommu@lists.linux.dev, YiFei Zhu <zhuyifei@google.com>,
Robin Murphy <robin.murphy@arm.com>,
Pratyush Yadav <pratyush@kernel.org>,
Kevin Tian <kevin.tian@intel.com>,
linux-kernel@vger.kernel.org, Saeed Mahameed <saeedm@nvidia.com>,
Adithya Jayachandran <ajayachandra@nvidia.com>,
Parav Pandit <parav@nvidia.com>,
Leon Romanovsky <leonro@nvidia.com>, William Tu <witu@nvidia.com>,
Vipin Sharma <vipinsh@google.com>,
dmatlack@google.com, Chris Li <chrisl@kernel.org>,
praan@google.com
Subject: Re: [RFC PATCH 13/15] iommufd: Persist iommu domains for live update
Date: Fri, 10 Oct 2025 11:24:38 -0300 [thread overview]
Message-ID: <20251010142438.GD3833649@ziepe.ca> (raw)
In-Reply-To: <CA+CK2bC58SLTrROtBQaegzSfjU+bwH_3pjjWdd+JTnHqQPuAwg@mail.gmail.com>
On Thu, Oct 09, 2025 at 09:28:44PM -0400, Pasha Tatashin wrote:
> On Thu, Oct 2, 2025 at 1:37 PM Jason Gunthorpe <jgg@ziepe.ca> wrote:
> >
> > On Thu, Oct 02, 2025 at 10:03:05AM -0700, Samiullah Khawaja wrote:
> > > > I think the simplest thing is the domain exists forever until
> > > > userspace attaches an iommufd, takes ownership of it and frees it.
> > > > Nothing to do with finish.
> > >
> > > Hmm.. I think this is tricky. There needs to be a way to clean up and
> > > discard the old state if the userspace doesn't need it.
> >
> > Why?
> >
> > Isn't "userspace doesn't need it" some extermely weird unused corner
> > case?
>
> It might be a corner case, but at cloud scale, even rare cases happen.
> For example, if four VMs are resumed and one crashes while retrieving
> half of its resources, we can't simply reboot the machine because of
> that. We must have a way to recover the machine to a normal state,
> even if some resources are not reclaimed. I would say that finish must
> be properly backward-ordered, but we still should release resources
> that are not reclaimed during finish, as well as those that were
> reclaimed but later closed.
Sure, but as I said, userspace should deal with most of this, and I
think we should lean into the worst error flows end up "leaking"
resources. They are not actually leaked, the luo still holds them and
userspace could still try again later to restore and free them. They
will get cleaned up on the next kexec, and kexec to recover from a
partially failed kexec is not an unreasonable plan...
This means think carefully about the userspace restore sequence so it
is more reliable. Like don't restore the memfd as the first thing :)
Only if there are real measurements that this is not sufficent would I
think about teaching the kernel to do a non-restore flow where it
directly destroys the object in a way that cannot fail. Eg the memfd
can directly free the page list instead of allocating an xarray. This
is alot more complex error path code to add to the kernel so lets not
do it without a strong justification.
You also can't do it until something sequences the vfio and iommufd
parts to unfreeze the memfd, this is very complicated error flows as
well.
Jason
next prev parent reply other threads:[~2025-10-10 14:24 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-28 19:06 [RFC PATCH 00/15] iommu: Add live update state preservation Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 01/15] iommu/vt-d: Register with Live Update Orchestrator Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 02/15] iommu: Add rw_semaphore to serialize live update state Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 03/15] iommu/vt-d: Prevent hotplugs when live update state is not normal Samiullah Khawaja
2025-09-29 15:51 ` Jason Gunthorpe
2025-09-29 16:50 ` Pasha Tatashin
2025-09-29 17:21 ` Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 04/15] iommu: Add preserve iommu_domain op Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 05/15] iommu: Introduce API to preserve iommu domain Samiullah Khawaja
2025-09-29 15:54 ` Jason Gunthorpe
2025-09-29 18:11 ` Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 06/15] iommu/vt-d: Add stub intel iommu domain preserve op Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 07/15] iommu/vt-d: Add implementation of live update prepare callback Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 08/15] iommu/vt-d: Implement live update preserve_iommu_context Samiullah Khawaja
2025-09-29 15:57 ` Jason Gunthorpe
2025-09-28 19:06 ` [RFC PATCH 09/15] iommu/vt-d: Add live update freeze callback Samiullah Khawaja
2025-09-29 15:58 ` Jason Gunthorpe
2025-09-28 19:06 ` [RFC PATCH 10/15] iommu/vt-d: Restore iommu root_table and context on live update Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 11/15] iommufd: Add basic skeleton based on liveupdate_file_handle Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 12/15] iommufd-luo: Implement basic prepare/cancel/finish/retrieve using folios Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 13/15] iommufd: Persist iommu domains for live update Samiullah Khawaja
2025-09-29 16:00 ` Jason Gunthorpe
2025-09-29 17:32 ` Samiullah Khawaja
2025-09-29 17:43 ` Jason Gunthorpe
2025-09-29 17:45 ` Pasha Tatashin
2025-09-30 13:07 ` Pasha Tatashin
2025-09-30 13:59 ` Jason Gunthorpe
2025-09-30 15:09 ` Pasha Tatashin
2025-09-30 16:31 ` Jason Gunthorpe
2025-09-30 20:02 ` Samiullah Khawaja
2025-09-30 21:05 ` Jason Gunthorpe
2025-09-30 23:15 ` Samiullah Khawaja
2025-10-01 11:47 ` Jason Gunthorpe
2025-10-01 19:28 ` Pasha Tatashin
2025-10-02 11:57 ` Jason Gunthorpe
2025-10-02 14:43 ` Pasha Tatashin
2025-10-02 15:10 ` Jason Gunthorpe
2025-10-02 19:29 ` Samiullah Khawaja
2025-10-02 21:12 ` Jason Gunthorpe
2025-10-02 21:30 ` Pasha Tatashin
2025-10-02 22:58 ` Jason Gunthorpe
2025-10-02 23:56 ` Samiullah Khawaja
2025-10-03 12:09 ` Jason Gunthorpe
2025-10-02 1:00 ` Samiullah Khawaja
2025-10-02 13:41 ` Jason Gunthorpe
2025-10-02 14:59 ` Pasha Tatashin
2025-10-02 17:03 ` Samiullah Khawaja
2025-10-02 17:37 ` Jason Gunthorpe
2025-10-02 18:08 ` Samiullah Khawaja
2025-10-10 1:28 ` Pasha Tatashin
2025-10-10 14:24 ` Jason Gunthorpe [this message]
2025-09-28 19:06 ` [RFC PATCH 14/15] iommu/vt-d: sanitize restored root table and iommu contexts Samiullah Khawaja
2025-09-28 19:06 ` [RFC PATCH 15/15] iommufd/selftest: Add test to verify iommufd preservation Samiullah Khawaja
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251010142438.GD3833649@ziepe.ca \
--to=jgg@ziepe.ca \
--cc=ajayachandra@nvidia.com \
--cc=baolu.lu@linux.intel.com \
--cc=chrisl@kernel.org \
--cc=dmatlack@google.com \
--cc=dwmw2@infradead.org \
--cc=iommu@lists.linux.dev \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=leonro@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=parav@nvidia.com \
--cc=pasha.tatashin@soleen.com \
--cc=praan@google.com \
--cc=pratyush@kernel.org \
--cc=robin.murphy@arm.com \
--cc=saeedm@nvidia.com \
--cc=skhawaja@google.com \
--cc=vipinsh@google.com \
--cc=will@kernel.org \
--cc=witu@nvidia.com \
--cc=zhuyifei@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox