From: Alex Williamson <alex.williamson@redhat.com>
To: Minwoo Im <minwoo.im@samsung.com>
Cc: "Cédric Le Goater" <clg@kaod.org>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
"SSDR Gost Dev" <gost.dev@samsung.com>,
"Klaus Birkelund Jensen" <k.jensen@samsung.com>
Subject: Re: [PATCH] vfio/pci: add support for VF token
Date: Thu, 23 Mar 2023 12:46:10 -0600 [thread overview]
Message-ID: <20230323124610.10a55a29.alex.williamson@redhat.com> (raw)
In-Reply-To: <20230322211945epcms2p4fdcdcfdc3857d2451f24ac229f3992a8@epcms2p4>
On Thu, 23 Mar 2023 06:19:45 +0900
Minwoo Im <minwoo.im@samsung.com> wrote:
> > On Mon, 20 Mar 2023 11:03:40 +0100
> > Cédric Le Goater <clg@kaod.org> wrote:
> >
> > > On 3/20/23 08:35, Minwoo Im wrote:
> > > > VF token was introduced [1] to kernel vfio-pci along with SR-IOV
> > > > support [2]. This patch adds support VF token among PF and VF(s). To
> > > > passthu PCIe VF to a VM, kernel >= v5.7 needs this.
> > > >
> > > > It can be configured with UUID like:
> > > >
> > > > -device vfio-pci,host=DDDD:BB:DD:F,vf-token=<uuid>,...
> > > >
> > > > [1] https://lore.kernel.org/linux-
> > pci/158396393244.5601.10297430724964025753.stgit@gimli.home/
> > > > [2] https://lore.kernel.org/linux-
> > pci/158396044753.5601.14804870681174789709.stgit@gimli.home/
> > > >
> > > > Cc: Alex Williamson <alex.williamson@redhat.com>
> > > > Signed-off-by: Minwoo Im <minwoo.im@samsung.com>
> > > > Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
> > > > ---
> > > > hw/vfio/pci.c | 13 ++++++++++++-
> > > > hw/vfio/pci.h | 1 +
> > > > 2 files changed, 13 insertions(+), 1 deletion(-)
> > > >
> > > > diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
> > > > index ec9a854361..cf27f28936 100644
> > > > --- a/hw/vfio/pci.c
> > > > +++ b/hw/vfio/pci.c
> > > > @@ -2856,6 +2856,8 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
> > > > int groupid;
> > > > int i, ret;
> > > > bool is_mdev;
> > > > + char uuid[UUID_FMT_LEN];
> > > > + char *name;
> > > >
> > > > if (!vbasedev->sysfsdev) {
> > > > if (!(~vdev->host.domain || ~vdev->host.bus ||
> > > > @@ -2936,7 +2938,15 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
> > > > goto error;
> > > > }
> > > >
> > > > - ret = vfio_get_device(group, vbasedev->name, vbasedev, errp);
> > > > + if (!qemu_uuid_is_null(&vdev->vf_token)) {
> > > > + qemu_uuid_unparse(&vdev->vf_token, uuid);
> > > > + name = g_strdup_printf("%s vf_token=%s", vbasedev->name, uuid);
> > > > + } else {
> > > > + name = vbasedev->name;
> > > > + }
> > > > +
> > > > + ret = vfio_get_device(group, name, vbasedev, errp);
> > > > + g_free(name);
> > > > if (ret) {
> > > > vfio_put_group(group);
> > > > goto error;
> > >
> > > Shouldn't we set the VF token in the kernel also ? See this QEMU implementation
> > >
> > > https://lore.kernel.org/lkml/20200204161737.34696b91@w520.home/
> > >
> > > May be I misunderstood.
> > >
> >
> > I think you're referring to the part there that calls
> > VFIO_DEVICE_FEATURE in order to set a VF token. I don't think that's
> > necessarily applicable here. I believe this patch is only trying to
> > make it so that QEMU can consume a VF associated with a PF owned by a
> > userspace vfio driver, ie. not QEMU.
>
> Yes, that's what this patch exactly does.
>
> >
> > Setting the VF token is only relevant to PFs, which would require
> > significantly more SR-IOV infrastructure in QEMU than sketched out in
> > that proof-of-concept patch. Even if we did have a QEMU owned PF where
> > we wanted to generate VFs, the token we use in that case would likely
> > need to be kept private to QEMU, not passed on the command line.
> > Thanks,
>
> Can we also take a command line property for the PF for that case that
> QEMU owns a PF? I think the one who wants to make QEMU owns PF or VF
> should know the VF token. If I've missed anything, please let me know.
IIRC, the only case where a VF token is required for a PF is if there
are existing VFs in use. Opening the PF would then require a token
matching the VFs. In general though, if the PF is owned by QEMU, the
VF token should likely be an internal secret to QEMU. Configuring the
PF device with a token suggests that VFs could be created and bound to
other userspace drivers outside of the control of the QEMU instance
that owns the PF. Therefore I would not suggest adding the ability to
set the VF token for a PF without a strong use case in-hand, an
certainly not when QEMU doesn't expose SR-IOV support to be able to
manage VFs itself. Thanks,
Alex
next prev parent reply other threads:[~2023-03-23 18:46 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20230320073522epcms2p48f682ecdb73e0ae1a4850ad0712fd780@epcms2p4>
2023-03-20 7:35 ` [PATCH] vfio/pci: add support for VF token Minwoo Im
2023-03-20 10:03 ` Cédric Le Goater
2023-03-20 15:39 ` Alex Williamson
2023-03-22 21:19 ` Minwoo Im
2023-03-23 18:46 ` Alex Williamson [this message]
2023-03-24 8:42 ` Minwoo Im
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230323124610.10a55a29.alex.williamson@redhat.com \
--to=alex.williamson@redhat.com \
--cc=clg@kaod.org \
--cc=gost.dev@samsung.com \
--cc=k.jensen@samsung.com \
--cc=minwoo.im@samsung.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).