From: Alex Williamson <alex.williamson@redhat.com>
To: "Tian, Kevin" <kevin.tian@intel.com>
Cc: Kirti Wankhede <kwankhede@nvidia.com>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"kraxel@redhat.com" <kraxel@redhat.com>,
"cjia@nvidia.com" <cjia@nvidia.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"Ruan, Shuai" <shuai.ruan@intel.com>,
"Song, Jike" <jike.song@intel.com>,
"Lv, Zhiyuan" <zhiyuan.lv@intel.com>,
"bjsdjshi@linux.vnet.ibm.com" <bjsdjshi@linux.vnet.ibm.com>
Subject: Re: [RFC PATCH v4 0/3] Add Mediated device support[was: Add vGPU support]
Date: Sat, 28 May 2016 08:56:30 -0600 [thread overview]
Message-ID: <20160528085630.0fb79cc7@ul30vt.home> (raw)
In-Reply-To: <AADFC41AFE54684AB9EE6CBC0274A5D15F87CC98@SHSMSX101.ccr.corp.intel.com>
On Fri, 27 May 2016 22:43:54 +0000
"Tian, Kevin" <kevin.tian@intel.com> wrote:
> > From: Alex Williamson [mailto:alex.williamson@redhat.com]
> > Sent: Friday, May 27, 2016 10:55 PM
> >
> > On Fri, 27 May 2016 11:02:46 +0000
> > "Tian, Kevin" <kevin.tian@intel.com> wrote:
> >
> > > > From: Alex Williamson [mailto:alex.williamson@redhat.com]
> > > > Sent: Wednesday, May 25, 2016 9:44 PM
> > > >
> > > > On Wed, 25 May 2016 07:13:58 +0000
> > > > "Tian, Kevin" <kevin.tian@intel.com> wrote:
> > > >
> > > > > > From: Kirti Wankhede [mailto:kwankhede@nvidia.com]
> > > > > > Sent: Wednesday, May 25, 2016 3:58 AM
> > > > > >
> > > > > > This series adds Mediated device support to v4.6 Linux host kernel. Purpose
> > > > > > of this series is to provide a common interface for mediated device
> > > > > > management that can be used by different devices. This series introduces
> > > > > > Mdev core module that create and manage mediated devices, VFIO based driver
> > > > > > for mediated PCI devices that are created by Mdev core module and update
> > > > > > VFIO type1 IOMMU module to support mediated devices.
> > > > >
> > > > > Thanks. "Mediated device" is more generic than previous one. :-)
> > > > >
> > > > > >
> > > > > > What's new in v4?
> > > > > > - Renamed 'vgpu' module to 'mdev' module that represent generic term
> > > > > > 'Mediated device'.
> > > > > > - Moved mdev directory to drivers/vfio directory as this is the extension
> > > > > > of VFIO APIs for mediated devices.
> > > > > > - Updated mdev driver to be flexible to register multiple types of drivers
> > > > > > to mdev_bus_type bus.
> > > > > > - Updated mdev core driver with mdev_put_device() and mdev_get_device() for
> > > > > > mediated devices.
> > > > > >
> > > > > >
> > > > >
> > > > > Just curious. In this version you move the whole mdev core under
> > > > > VFIO now. Sorry if I missed any agreement on this change. IIRC Alex
> > > > > doesn't want VFIO to manage mdev life-cycle directly. Instead VFIO is
> > > > > just a mdev driver on created mediated devices....
> > > >
> > > > I did originally suggest keeping them separate, but as we've progressed
> > > > through the implementation, it's become more clear that the mediated
> > > > device interface is very much tied to the vfio interface, acting mostly
> > > > as a passthrough. So I thought it made sense to pull them together.
> > > > Still open to discussion of course. Thanks,
> > > >
> > >
> > > The main benefit of maintaining a separate mdev framework, IMHO, is
> > > to allow better support of both KVM and Xen. Xen doesn't work with VFIO
> > > today, because other VM's memory is not allocated from Dom0 which
> > > means VFIO within Dom0 doesn't has view/permission to control isolation
> > > for other VMs.
> >
> > Isn't this just a matter of the vfio iommu model selected? There could
> > be a vfio-iommu-xen that knows how to do the grant calls.
> >
> > > However, after some thinking I think it might not be a big problem to
> > > combine VFIO/mdev together, if we extend Xen to just use VFIO for
> > > resource enumeration. In such model, VFIO still behaves as a single
> > > kernel portal to enumerate mediated devices to user space, but give up
> > > permission control to Qemu which will request a secure agent - Xen
> > > hypervisor - to ensure isolation of VM usage on mediated device (including
> > > EPT/IOMMU configuration).
> >
> > The whole point here is to use the vfio user api and we seem to be
> > progressing towards using vfio-core as a conduit where the mediated
> > driver api is also fairly vfio-ish. So it seems we're really headed
> > towards a vfio-mediated device rather than some sort generic mediated
> > driver interface. I would object to leaving permission control to
> > QEMU, QEMU is just a vfio user, there are others like DPDK. The kernel
> > needs to be in charge of protecting itself and users from each other,
> > QEMU can't do this, which is part of reason that KVM has moved to vfio
> > rather than the pci-sysfs resource interface.
> >
> > > I'm not sure whether VFIO can support this usage today. It is somehow
> > > similar to channel io passthru in s390, where we also rely on Qemu to
> > > mediate ccw commands to ensure isolation. Maybe just some slight
> > > extension is required (e.g. not assume some API must be invoked). Of
> > > course Qemu side vfio code also need some change. If this can work,
> > > at least we can first put it as the enumeration interface for mediated
> > > device in Xen. In the future it may be extended to cover normal Xen
> > > PCI assignment as well instead of using sysfs to read PCI resource
> > > today.
> >
> > The channel io proposal doesn't rely on QEMU for security either, the
> > mediation occurs in the host kernel, parsing the ccw command program,
> > and doing translations to replace the guest physical addresses with
> > verified and pinned host physical addresses before submitting the
> > program to be run. A mediated device is policed by the mediated
> > vendor driver in the host kernel, QEMU is untrusted, just like any
> > other user.
> >
> > If xen is currently using pci-sysfs for mapping device resources, then
> > vfio should be directly usable, which leaves the IOMMU interfaces, such
> > as pinning and mapping user memory and making use of the IOMMU API,
> > that part of vfio is fairly modular though IOMMU groups is a fairly
> > fundamental concept within the core. Thanks,
> >
>
> My impression was that you don't like hypervisor specific thing in VFIO,
> which makes it a bit tricky to accomplish those tasks in kernel. If we
> can add Xen specific logic directly in VFIO (like vfio-iommu-xen you
> mentioned), the whole thing would be easier.
If vfio is hosted in dom0, then Xen is the platform and we need to
interact with the hypervisor to manage the iommu. That said, there are
aspects of vfio that do not seem to map well to a hypervisor managed
iommu or a Xen-like hypervisor. For instance, how does dom0 manage
iommu groups and what's the distinction of using vfio to manage a
userspace driver in dom0 versus managing a device for another domain.
In the case of kvm, vfio has no dependency on kvm, there is some minor
interaction, but we're not running on kvm and it's not appropriate to
use vfio as a gateway to interact with a hypervisor that may or may not
exist. Thanks,
Alex
WARNING: multiple messages have this Message-ID (diff)
From: Alex Williamson <alex.williamson@redhat.com>
To: "Tian, Kevin" <kevin.tian@intel.com>
Cc: Kirti Wankhede <kwankhede@nvidia.com>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"kraxel@redhat.com" <kraxel@redhat.com>,
"cjia@nvidia.com" <cjia@nvidia.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"Ruan, Shuai" <shuai.ruan@intel.com>,
"Song, Jike" <jike.song@intel.com>,
"Lv, Zhiyuan" <zhiyuan.lv@intel.com>,
"bjsdjshi@linux.vnet.ibm.com" <bjsdjshi@linux.vnet.ibm.com>
Subject: Re: [Qemu-devel] [RFC PATCH v4 0/3] Add Mediated device support[was: Add vGPU support]
Date: Sat, 28 May 2016 08:56:30 -0600 [thread overview]
Message-ID: <20160528085630.0fb79cc7@ul30vt.home> (raw)
In-Reply-To: <AADFC41AFE54684AB9EE6CBC0274A5D15F87CC98@SHSMSX101.ccr.corp.intel.com>
On Fri, 27 May 2016 22:43:54 +0000
"Tian, Kevin" <kevin.tian@intel.com> wrote:
> > From: Alex Williamson [mailto:alex.williamson@redhat.com]
> > Sent: Friday, May 27, 2016 10:55 PM
> >
> > On Fri, 27 May 2016 11:02:46 +0000
> > "Tian, Kevin" <kevin.tian@intel.com> wrote:
> >
> > > > From: Alex Williamson [mailto:alex.williamson@redhat.com]
> > > > Sent: Wednesday, May 25, 2016 9:44 PM
> > > >
> > > > On Wed, 25 May 2016 07:13:58 +0000
> > > > "Tian, Kevin" <kevin.tian@intel.com> wrote:
> > > >
> > > > > > From: Kirti Wankhede [mailto:kwankhede@nvidia.com]
> > > > > > Sent: Wednesday, May 25, 2016 3:58 AM
> > > > > >
> > > > > > This series adds Mediated device support to v4.6 Linux host kernel. Purpose
> > > > > > of this series is to provide a common interface for mediated device
> > > > > > management that can be used by different devices. This series introduces
> > > > > > Mdev core module that create and manage mediated devices, VFIO based driver
> > > > > > for mediated PCI devices that are created by Mdev core module and update
> > > > > > VFIO type1 IOMMU module to support mediated devices.
> > > > >
> > > > > Thanks. "Mediated device" is more generic than previous one. :-)
> > > > >
> > > > > >
> > > > > > What's new in v4?
> > > > > > - Renamed 'vgpu' module to 'mdev' module that represent generic term
> > > > > > 'Mediated device'.
> > > > > > - Moved mdev directory to drivers/vfio directory as this is the extension
> > > > > > of VFIO APIs for mediated devices.
> > > > > > - Updated mdev driver to be flexible to register multiple types of drivers
> > > > > > to mdev_bus_type bus.
> > > > > > - Updated mdev core driver with mdev_put_device() and mdev_get_device() for
> > > > > > mediated devices.
> > > > > >
> > > > > >
> > > > >
> > > > > Just curious. In this version you move the whole mdev core under
> > > > > VFIO now. Sorry if I missed any agreement on this change. IIRC Alex
> > > > > doesn't want VFIO to manage mdev life-cycle directly. Instead VFIO is
> > > > > just a mdev driver on created mediated devices....
> > > >
> > > > I did originally suggest keeping them separate, but as we've progressed
> > > > through the implementation, it's become more clear that the mediated
> > > > device interface is very much tied to the vfio interface, acting mostly
> > > > as a passthrough. So I thought it made sense to pull them together.
> > > > Still open to discussion of course. Thanks,
> > > >
> > >
> > > The main benefit of maintaining a separate mdev framework, IMHO, is
> > > to allow better support of both KVM and Xen. Xen doesn't work with VFIO
> > > today, because other VM's memory is not allocated from Dom0 which
> > > means VFIO within Dom0 doesn't has view/permission to control isolation
> > > for other VMs.
> >
> > Isn't this just a matter of the vfio iommu model selected? There could
> > be a vfio-iommu-xen that knows how to do the grant calls.
> >
> > > However, after some thinking I think it might not be a big problem to
> > > combine VFIO/mdev together, if we extend Xen to just use VFIO for
> > > resource enumeration. In such model, VFIO still behaves as a single
> > > kernel portal to enumerate mediated devices to user space, but give up
> > > permission control to Qemu which will request a secure agent - Xen
> > > hypervisor - to ensure isolation of VM usage on mediated device (including
> > > EPT/IOMMU configuration).
> >
> > The whole point here is to use the vfio user api and we seem to be
> > progressing towards using vfio-core as a conduit where the mediated
> > driver api is also fairly vfio-ish. So it seems we're really headed
> > towards a vfio-mediated device rather than some sort generic mediated
> > driver interface. I would object to leaving permission control to
> > QEMU, QEMU is just a vfio user, there are others like DPDK. The kernel
> > needs to be in charge of protecting itself and users from each other,
> > QEMU can't do this, which is part of reason that KVM has moved to vfio
> > rather than the pci-sysfs resource interface.
> >
> > > I'm not sure whether VFIO can support this usage today. It is somehow
> > > similar to channel io passthru in s390, where we also rely on Qemu to
> > > mediate ccw commands to ensure isolation. Maybe just some slight
> > > extension is required (e.g. not assume some API must be invoked). Of
> > > course Qemu side vfio code also need some change. If this can work,
> > > at least we can first put it as the enumeration interface for mediated
> > > device in Xen. In the future it may be extended to cover normal Xen
> > > PCI assignment as well instead of using sysfs to read PCI resource
> > > today.
> >
> > The channel io proposal doesn't rely on QEMU for security either, the
> > mediation occurs in the host kernel, parsing the ccw command program,
> > and doing translations to replace the guest physical addresses with
> > verified and pinned host physical addresses before submitting the
> > program to be run. A mediated device is policed by the mediated
> > vendor driver in the host kernel, QEMU is untrusted, just like any
> > other user.
> >
> > If xen is currently using pci-sysfs for mapping device resources, then
> > vfio should be directly usable, which leaves the IOMMU interfaces, such
> > as pinning and mapping user memory and making use of the IOMMU API,
> > that part of vfio is fairly modular though IOMMU groups is a fairly
> > fundamental concept within the core. Thanks,
> >
>
> My impression was that you don't like hypervisor specific thing in VFIO,
> which makes it a bit tricky to accomplish those tasks in kernel. If we
> can add Xen specific logic directly in VFIO (like vfio-iommu-xen you
> mentioned), the whole thing would be easier.
If vfio is hosted in dom0, then Xen is the platform and we need to
interact with the hypervisor to manage the iommu. That said, there are
aspects of vfio that do not seem to map well to a hypervisor managed
iommu or a Xen-like hypervisor. For instance, how does dom0 manage
iommu groups and what's the distinction of using vfio to manage a
userspace driver in dom0 versus managing a device for another domain.
In the case of kvm, vfio has no dependency on kvm, there is some minor
interaction, but we're not running on kvm and it's not appropriate to
use vfio as a gateway to interact with a hypervisor that may or may not
exist. Thanks,
Alex
next prev parent reply other threads:[~2016-05-28 14:56 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-24 19:58 [RFC PATCH v4 0/3] Add Mediated device support[was: Add vGPU support] Kirti Wankhede
2016-05-24 19:58 ` [Qemu-devel] " Kirti Wankhede
2016-05-24 19:58 ` [RFC PATCH v4 1/3] Mediated device Core driver Kirti Wankhede
2016-05-24 19:58 ` [Qemu-devel] " Kirti Wankhede
2016-05-25 7:55 ` Tian, Kevin
2016-05-25 7:55 ` [Qemu-devel] " Tian, Kevin
2016-05-25 14:47 ` Kirti Wankhede
2016-05-25 14:47 ` [Qemu-devel] " Kirti Wankhede
2016-05-27 9:00 ` Tian, Kevin
2016-05-27 9:00 ` [Qemu-devel] " Tian, Kevin
2016-05-25 22:39 ` Alex Williamson
2016-05-25 22:39 ` [Qemu-devel] " Alex Williamson
2016-05-26 9:03 ` Kirti Wankhede
2016-05-26 9:03 ` [Qemu-devel] " Kirti Wankhede
2016-05-26 14:06 ` Alex Williamson
2016-05-26 14:06 ` [Qemu-devel] " Alex Williamson
2016-06-03 8:57 ` Dong Jia
2016-06-03 8:57 ` [Qemu-devel] " Dong Jia
2016-06-03 9:40 ` Tian, Kevin
2016-06-03 9:40 ` [Qemu-devel] " Tian, Kevin
2016-06-06 2:24 ` Dong Jia
2016-06-06 2:24 ` [Qemu-devel] " Dong Jia
2016-06-06 5:27 ` Kirti Wankhede
2016-06-06 5:27 ` [Qemu-devel] " Kirti Wankhede
2016-06-06 6:01 ` Dong Jia
2016-06-06 6:01 ` [Qemu-devel] " Dong Jia
2016-06-06 6:27 ` Neo Jia
2016-06-06 6:27 ` [Qemu-devel] " Neo Jia
2016-06-06 8:29 ` Dong Jia
2016-06-06 8:29 ` [Qemu-devel] " Dong Jia
2016-06-06 17:44 ` Neo Jia
2016-06-06 17:44 ` [Qemu-devel] " Neo Jia
2016-06-06 19:31 ` Alex Williamson
2016-06-06 19:31 ` [Qemu-devel] " Alex Williamson
2016-06-07 3:03 ` Tian, Kevin
2016-06-07 3:03 ` [Qemu-devel] " Tian, Kevin
2016-06-07 22:42 ` Alex Williamson
2016-06-07 22:42 ` [Qemu-devel] " Alex Williamson
2016-06-08 1:18 ` Tian, Kevin
2016-06-08 1:18 ` [Qemu-devel] " Tian, Kevin
2016-06-08 1:39 ` Alex Williamson
2016-06-08 1:39 ` [Qemu-devel] " Alex Williamson
2016-06-08 3:18 ` Dong Jia
2016-06-08 3:18 ` [Qemu-devel] " Dong Jia
2016-06-08 3:48 ` Neo Jia
2016-06-08 3:48 ` [Qemu-devel] " Neo Jia
2016-06-08 6:13 ` Dong Jia
2016-06-08 6:13 ` [Qemu-devel] " Dong Jia
2016-06-08 6:22 ` Neo Jia
2016-06-08 6:22 ` [Qemu-devel] " Neo Jia
2016-06-08 4:29 ` Alex Williamson
2016-06-08 4:29 ` [Qemu-devel] " Alex Williamson
2016-06-15 6:37 ` Dong Jia
2016-06-15 6:37 ` [Qemu-devel] " Dong Jia
2016-05-24 19:58 ` [RFC PATCH v4 2/3] VFIO driver for mediated PCI device Kirti Wankhede
2016-05-24 19:58 ` [Qemu-devel] " Kirti Wankhede
2016-05-25 8:15 ` Tian, Kevin
2016-05-25 8:15 ` [Qemu-devel] " Tian, Kevin
2016-05-25 13:04 ` Kirti Wankhede
2016-05-25 13:04 ` [Qemu-devel] " Kirti Wankhede
2016-05-27 10:03 ` Tian, Kevin
2016-05-27 10:03 ` [Qemu-devel] " Tian, Kevin
2016-05-27 15:13 ` Alex Williamson
2016-05-27 15:13 ` [Qemu-devel] " Alex Williamson
2016-05-24 19:58 ` [RFC PATCH v4 3/3] VFIO Type1 IOMMU: Add support for mediated devices Kirti Wankhede
2016-05-24 19:58 ` [Qemu-devel] " Kirti Wankhede
2016-06-01 8:40 ` Dong Jia
2016-06-01 8:40 ` [Qemu-devel] " Dong Jia
2016-06-02 7:56 ` Neo Jia
2016-06-02 7:56 ` [Qemu-devel] " Neo Jia
2016-06-03 8:32 ` Dong Jia
2016-06-03 8:32 ` [Qemu-devel] " Dong Jia
2016-06-03 8:37 ` Tian, Kevin
2016-06-03 8:37 ` [Qemu-devel] " Tian, Kevin
2016-05-25 7:13 ` [RFC PATCH v4 0/3] Add Mediated device support[was: Add vGPU support] Tian, Kevin
2016-05-25 7:13 ` [Qemu-devel] " Tian, Kevin
2016-05-25 13:43 ` Alex Williamson
2016-05-25 13:43 ` [Qemu-devel] " Alex Williamson
2016-05-27 11:02 ` Tian, Kevin
2016-05-27 11:02 ` [Qemu-devel] " Tian, Kevin
2016-05-27 14:54 ` Alex Williamson
2016-05-27 14:54 ` [Qemu-devel] " Alex Williamson
2016-05-27 22:43 ` Tian, Kevin
2016-05-27 22:43 ` [Qemu-devel] " Tian, Kevin
2016-05-28 14:56 ` Alex Williamson [this message]
2016-05-28 14:56 ` Alex Williamson
2016-05-31 2:29 ` Jike Song
2016-05-31 2:29 ` [Qemu-devel] " Jike Song
2016-05-31 14:29 ` Alex Williamson
2016-05-31 14:29 ` [Qemu-devel] " Alex Williamson
2016-06-02 2:11 ` Jike Song
2016-06-02 2:11 ` [Qemu-devel] " Jike Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160528085630.0fb79cc7@ul30vt.home \
--to=alex.williamson@redhat.com \
--cc=bjsdjshi@linux.vnet.ibm.com \
--cc=cjia@nvidia.com \
--cc=jike.song@intel.com \
--cc=kevin.tian@intel.com \
--cc=kraxel@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=kwankhede@nvidia.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=shuai.ruan@intel.com \
--cc=zhiyuan.lv@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.