From: Anthony Liguori <anthony@codemonkey.ws>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Alex Williamson <alex.williamson@redhat.com>,
Richard Henderson <rth@twiddle.net>,
"Michael S. Tsirkin" <mst@redhat.com>,
qemu-devel@nongnu.org,
Eduard - Gabriel Munteanu <eduard.munteanu@linux360.ro>
Subject: Re: [Qemu-devel] [PATCH 08/13] iommu: Introduce IOMMU emulation infrastructure
Date: Tue, 15 May 2012 09:02:58 -0500 [thread overview]
Message-ID: <4FB26212.5050409@codemonkey.ws> (raw)
In-Reply-To: <1337050942.6727.40.camel@pasglop>
On 05/14/2012 10:02 PM, Benjamin Herrenschmidt wrote:
> On Mon, 2012-05-14 at 21:50 -0500, Anthony Liguori wrote:
>> On 05/14/2012 09:32 PM, Benjamin Herrenschmidt wrote:
>>> On Mon, 2012-05-14 at 21:03 -0500, Anthony Liguori wrote:
>>>> So the CPU thread runs in lock-step with the I/O thread. Dropping the CPU
>>>> thread lock to let the I/O thread run is a dangerous thing to do in a place like
>>>> this.
>>>>
>>>> Also, I think you'd effectively block the CPU until pending DMA operations
>>>> complete? This could be many, many, milliseconds, no? That's going to make
>>>> guests very upset.
>>>
>>> Do you see any other option ?
>>
>> Yes, ignore it.
>>
>> I have a hard time believing software depends on changing DMA translation
>> mid-way through a transaction.
>
> It's a correctness issue. It won't happen in normal circumstances but it
> can, and thus should be handled gracefully.
I think the crux of your argument is that upon a change to the translation
table, the operation acts as a barrier such that the exact moment it returns,
you're guaranteed that no DMAs are in flight with the old translation mapping.
That's not my understanding of at least VT-d and I have a hard time believing
it's true for other IOMMUs as that kind of synchronization seems like it would
be very expensive to implement in hardware.
Rather, when the IOTLB is flushed, I believe the only guarantee that you have is
that future IOTLB lookups will return the new mapping. But that doesn't mean
that there isn't a request in flight that uses the old mapping.
I will grant you that PCI transactions are typically much smaller than QEMU
transactions such that we may continue to use the old mappings for much longer
than real hardware would. But I think that still puts us well within the realm
of correctness.
> Cases where that matter are unloading of a (broken) driver, kexec/kdump
> from one guest to another etc... all involve potentially clearing all
> iommu tables while a driver might have left a device DMA'ing. The
> expectation is that the device will get target aborts from the iommu
> until the situation gets "cleaned up" in SW.
Yes, this would be worse in QEMU than on bare metal because we essentially have
a much larger translation TLB. But as I said above, I think we're well within
the specified behavior here.
>> Why does this need to be guaranteed? How can software depend on this in a
>> meaningful way?
>
> The same as TLB invalidations :-)
>
> In real HW, this is a property of the HW itself, ie, whatever MMIO is
> used to invalidate the HW TLB provides a way to ensure (usually by
> reading back) that any request pending in the iommu pipeline has either
> been completed or canned.
Can you point to a spec that says this? This doesn't match my understanding.
> When we start having page fault capable iommu's this will be even more
> important as faults will be be part of the non-error case.
We can revisit this discussion after every PCI device is changed to cope with a
page fault capable IOMMU ;-)
>>> David's approach may not be the best long term, but provided it's not
>>> totally broken (I don't know qemu locking well enough to judge how
>>> dangerous it is) then it might be a "good enough" first step until we
>>> come up with something better ?
>>
>> No, it's definitely not good enough. Dropping the global mutex in random places
>> is asking for worlds of hurt.
>>
>> If this is really important, then we need some sort of cancellation API to go
>> along with map/unmap although I doubt that's really possible.
>>
>> MMIO/PIO operations cannot block.
>
> Well, there's a truckload of cases in real HW where an MMIO/PIO read is
> used to synchronize some sort of HW operation.... I suppose nothing that
> involves blocking at this stage in qemu but I would be careful with your
> expectations here... writes are usually pipelined but blocking on a read
> response does make a lot of sense.
Blocking on an MMIO/PIO request effectively freezes a CPU. All sorts of badness
results from that. Best case scenario, you trigger soft lockup warnings.
> In any case, for the problem at hand, I can just drop the wait for now
> and maybe just print a warning if I see an existing map.
>
> We still need some kind of either locking or barrier to simply ensure
> that the updates to the TCE table are visible to other processors but
> that can be done in the backend.
>
> But I wouldn't just forget about the issue, it's going to come back and
> bite...
I think working out the exact semantics of what we need to do is absolutely
important. But I think you're taking an overly conservative approach to what we
need to provide here.
Regards,
Anthony Liguori
>
> Cheers,
> Ben.
>
>> Regards,
>>
>> Anthony Liguori
>>
>>>
>>> The normal case will be that no map exist, ie, it will almost always be
>>> a guest programming error to remove an iommu mapping while a device is
>>> actively using it, so having this case be slow is probably a non-issue.
>>>
>>> Cheers,
>>> Ben.
>>>
>>>
>
>
next prev parent reply other threads:[~2012-05-15 14:03 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-10 4:48 [Qemu-devel] [PATCH 00/13] IOMMU infrastructure Benjamin Herrenschmidt
2012-05-10 4:48 ` [Qemu-devel] [PATCH 01/13] Better support for dma_addr_t variables Benjamin Herrenschmidt
2012-05-10 4:48 ` [Qemu-devel] [PATCH 02/13] Implement cpu_physical_memory_zero() Benjamin Herrenschmidt
2012-05-15 0:42 ` Anthony Liguori
2012-05-15 1:23 ` David Gibson
2012-05-15 2:03 ` Anthony Liguori
2012-05-10 4:48 ` [Qemu-devel] [PATCH 03/13] iommu: Add universal DMA helper functions Benjamin Herrenschmidt
2012-05-10 4:48 ` [Qemu-devel] [PATCH 04/13] usb-ohci: Use " Benjamin Herrenschmidt
2012-05-10 4:48 ` [Qemu-devel] [PATCH 05/13] iommu: Make sglists and dma_bdrv helpers use new universal DMA helpers Benjamin Herrenschmidt
2012-05-10 4:49 ` [Qemu-devel] [PATCH 06/13] ide/ahci: Use universal DMA helper functions Benjamin Herrenschmidt
2012-05-21 1:51 ` [Qemu-devel] [PATCH 06/13 - UPDATED] " Benjamin Herrenschmidt
2012-05-10 4:49 ` [Qemu-devel] [PATCH 07/13] usb: Convert usb_packet_{map, unmap} to universal DMA helpers Benjamin Herrenschmidt
2012-05-10 4:49 ` [Qemu-devel] [PATCH 08/13] iommu: Introduce IOMMU emulation infrastructure Benjamin Herrenschmidt
2012-05-15 0:49 ` Anthony Liguori
2012-05-15 1:42 ` David Gibson
2012-05-15 2:03 ` Anthony Liguori
2012-05-15 2:32 ` Benjamin Herrenschmidt
2012-05-15 2:50 ` Anthony Liguori
2012-05-15 3:02 ` Benjamin Herrenschmidt
2012-05-15 14:02 ` Anthony Liguori [this message]
2012-05-15 21:55 ` Benjamin Herrenschmidt
2012-05-15 22:02 ` Anthony Liguori
2012-05-15 23:08 ` Benjamin Herrenschmidt
2012-05-15 23:58 ` Anthony Liguori
2012-05-16 0:41 ` Benjamin Herrenschmidt
2012-05-16 0:54 ` Anthony Liguori
2012-05-16 1:20 ` Benjamin Herrenschmidt
2012-05-16 19:36 ` Anthony Liguori
2012-05-10 4:49 ` [Qemu-devel] [PATCH 09/13] iommu: Add facility to cancel in-use dma memory maps Benjamin Herrenschmidt
2012-05-10 4:49 ` [Qemu-devel] [PATCH 10/13] pseries: Convert sPAPR TCEs to use generic IOMMU infrastructure Benjamin Herrenschmidt
2012-05-10 4:49 ` [Qemu-devel] [PATCH 11/13] iommu: Allow PCI to use " Benjamin Herrenschmidt
2012-05-10 4:49 ` [Qemu-devel] [PATCH 12/13] pseries: Implement IOMMU and DMA for PAPR PCI devices Benjamin Herrenschmidt
2012-05-10 4:49 ` [Qemu-devel] [PATCH 13/13] iommu: Add a memory barrier to DMA RW function Benjamin Herrenschmidt
2012-05-15 0:52 ` Anthony Liguori
2012-05-15 1:11 ` Benjamin Herrenschmidt
2012-05-15 1:44 ` David Gibson
2012-05-16 4:35 ` Benjamin Herrenschmidt
2012-05-16 5:51 ` David Gibson
2012-05-16 19:39 ` Anthony Liguori
2012-05-16 21:10 ` Benjamin Herrenschmidt
2012-05-16 21:12 ` Benjamin Herrenschmidt
2012-05-17 0:07 ` Benjamin Herrenschmidt
2012-05-17 0:24 ` Benjamin Herrenschmidt
2012-05-17 0:52 ` [Qemu-devel] [RFC/PATCH] Add a memory barrier to guest memory access functions Benjamin Herrenschmidt
2012-05-17 2:28 ` Anthony Liguori
2012-05-17 2:44 ` Benjamin Herrenschmidt
2012-05-17 22:09 ` Anthony Liguori
2012-05-18 1:04 ` David Gibson
2012-05-18 1:16 ` Benjamin Herrenschmidt
2012-05-17 3:35 ` David Gibson
2012-05-18 6:53 ` [Qemu-devel] [PATCH 13/13] iommu: Add a memory barrier to DMA RW function Paolo Bonzini
2012-05-18 8:18 ` Benjamin Herrenschmidt
2012-05-18 8:57 ` Paolo Bonzini
2012-05-18 22:26 ` Benjamin Herrenschmidt
2012-05-19 7:24 ` Paolo Bonzini
2012-05-20 21:36 ` Benjamin Herrenschmidt
2012-05-21 1:56 ` [Qemu-devel] [PATCH] Add a memory barrier to guest memory access functions Benjamin Herrenschmidt
2012-05-21 8:11 ` Paolo Bonzini
2012-05-21 8:31 ` Michael S. Tsirkin
2012-05-21 8:58 ` Benjamin Herrenschmidt
2012-05-21 9:07 ` Benjamin Herrenschmidt
2012-05-21 9:16 ` Benjamin Herrenschmidt
2012-05-21 9:34 ` Michael S. Tsirkin
2012-05-21 9:53 ` Benjamin Herrenschmidt
2012-05-21 10:31 ` Michael S. Tsirkin
2012-05-21 11:45 ` Benjamin Herrenschmidt
2012-05-21 12:18 ` Michael S. Tsirkin
2012-05-21 15:16 ` Paolo Bonzini
2012-05-21 21:58 ` [Qemu-devel] [PATCH] Add a memory barrier to guest memory access function Benjamin Herrenschmidt
2012-05-21 22:22 ` Michael S. Tsirkin
2012-05-21 22:56 ` Benjamin Herrenschmidt
2012-05-22 5:11 ` Michael S. Tsirkin
2012-05-22 0:00 ` Benjamin Herrenschmidt
2012-05-22 4:19 ` Rusty Russell
2012-05-21 22:18 ` [Qemu-devel] [PATCH] Add a memory barrier to guest memory access functions Anthony Liguori
2012-05-21 22:26 ` Benjamin Herrenschmidt
2012-05-21 22:31 ` Anthony Liguori
2012-05-21 22:44 ` Michael S. Tsirkin
2012-05-21 23:02 ` Benjamin Herrenschmidt
2012-05-22 4:34 ` [Qemu-devel] [PATCH] Add a memory barrier to DMA functions Benjamin Herrenschmidt
2012-05-22 4:51 ` Benjamin Herrenschmidt
2012-05-22 7:17 ` Benjamin Herrenschmidt
2012-05-22 11:14 ` Michael S. Tsirkin
2012-05-22 11:41 ` Benjamin Herrenschmidt
2012-05-22 12:03 ` Michael S. Tsirkin
2012-05-22 21:24 ` Benjamin Herrenschmidt
2012-05-22 21:40 ` Anthony Liguori
2012-05-21 22:37 ` [Qemu-devel] [PATCH] Add a memory barrier to guest memory access functions Michael S. Tsirkin
2012-05-15 0:52 ` [Qemu-devel] [PATCH 00/13] IOMMU infrastructure Anthony Liguori
-- strict thread matches above, loose matches on Subject: below --
2012-06-19 6:39 [Qemu-devel] [PATCH 00/13] iommu series Benjamin Herrenschmidt
2012-06-19 6:39 ` [Qemu-devel] [PATCH 08/13] iommu: Introduce IOMMU emulation infrastructure Benjamin Herrenschmidt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FB26212.5050409@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=alex.williamson@redhat.com \
--cc=benh@kernel.crashing.org \
--cc=eduard.munteanu@linux360.ro \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).