From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:47324)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aafabbri@cisco.com>) id 1Qx0aV-0003Rd-3j
	for qemu-devel@nongnu.org; Fri, 26 Aug 2011 13:53:03 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <aafabbri@cisco.com>) id 1Qx0aT-0006zs-L5
	for qemu-devel@nongnu.org; Fri, 26 Aug 2011 13:53:03 -0400
Received: from rcdn-iport-8.cisco.com ([173.37.86.79]:61654)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aafabbri@cisco.com>) id 1Qx0aT-0006zm-E9
	for qemu-devel@nongnu.org; Fri, 26 Aug 2011 13:53:01 -0400
Date: Fri, 26 Aug 2011 10:52:54 -0700
From: Aaron Fabbri <aafabbri@cisco.com>
Message-ID: <CA7D2B86.FD79%aafabbri@cisco.com>
In-Reply-To: <571DC890-A1A3-4528-92BE-566F033FD4BF@suse.de>
Mime-version: 1.0
Content-type: text/plain;
	charset="US-ASCII"
Content-transfer-encoding: 7bit
Subject: Re: [Qemu-devel] kvm PCI assignment & VFIO ramblings
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Alexander Graf <agraf@suse.de>, "Roedel, Joerg" <joerg.roedel@amd.com>
Cc: Alexey Kardashevskiy <aik@au1.ibm.com>, "kvm@vger.kernel.org" <kvm@vger.kernel.org>, Paul Mackerras <pmac@au1.ibm.com>, "linux-pci@vger.kernel.org" <linux-pci@vger.kernel.org>, qemu-devel <qemu-devel@nongnu.org>, chrisw <chrisw@sous-sol.org>, iommu <iommu@lists.linux-foundation.org>, Avi Kivity <avi@redhat.com>, linuxppc-dev <linuxppc-dev@lists.ozlabs.org>, "benve@cisco.com" <benve@cisco.com>




On 8/26/11 7:07 AM, "Alexander Graf" <agraf@suse.de> wrote:

> 
<snip>
> 
> Forget the KVM case for a moment and think of a user space device driver. I as
> a user am not root. But I as a user when having access to /dev/vfioX want to
> be able to access the device and manage it - and only it. The admin of that
> box needs to set it up properly for me to be able to access it.
> 
> So having two steps is really the correct way to go:
> 
>   * create VFIO group
>   * use VFIO group
> 
> because the two are done by completely different users.

This is not the case for my userspace drivers using VFIO today.

Each process will open vfio devices on the fly, and they need to be able to
share IOMMU resources.

So I need the ability to dynamically bring up devices and assign them to a
group.  The number of actual devices and how they map to iommu domains is
not known ahead of time.  We have a single piece of silicon that can expose
hundreds of pci devices.

In my case, the only administrative task would be to give my processes/users
access to the vfio groups (which are initially singletons), and the
application actually opens them and needs the ability to merge groups
together to conserve IOMMU resources (assuming we're not going to expose
uiommu).

-Aaron