From: Alex Williamson <alex.williamson@redhat.com>
To: "Tian, Kevin" <kevin.tian@intel.com>
Cc: Neo Jia <cjia@nvidia.com>, Dong Jia <bjsdjshi@linux.vnet.ibm.com>,
Kirti Wankhede <kwankhede@nvidia.com>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"kraxel@redhat.com" <kraxel@redhat.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"Ruan, Shuai" <shuai.ruan@intel.com>,
"Song, Jike" <jike.song@intel.com>,
"Lv, Zhiyuan" <zhiyuan.lv@intel.com>
Subject: Re: [RFC PATCH v4 1/3] Mediated device Core driver
Date: Tue, 7 Jun 2016 16:42:18 -0600 [thread overview]
Message-ID: <20160607164218.02577f5e@ul30vt.home> (raw)
In-Reply-To: <AADFC41AFE54684AB9EE6CBC0274A5D15F8912A9@SHSMSX101.ccr.corp.intel.com>
On Tue, 7 Jun 2016 03:03:32 +0000
"Tian, Kevin" <kevin.tian@intel.com> wrote:
> > From: Alex Williamson [mailto:alex.williamson@redhat.com]
> > Sent: Tuesday, June 07, 2016 3:31 AM
> >
> > On Mon, 6 Jun 2016 10:44:25 -0700
> > Neo Jia <cjia@nvidia.com> wrote:
> >
> > > On Mon, Jun 06, 2016 at 04:29:11PM +0800, Dong Jia wrote:
> > > > On Sun, 5 Jun 2016 23:27:42 -0700
> > > > Neo Jia <cjia@nvidia.com> wrote:
> > > >
> > > > 2. VFIO_DEVICE_CCW_CMD_REQUEST
> > > > This intends to handle an intercepted channel I/O instruction. It
> > > > basically need to do the following thing:
> > >
> > > May I ask how and when QEMU knows that he needs to issue such VFIO ioctl at
> > > first place?
> >
> > Yep, this is my question as well. It sounds a bit like there's an
> > emulated device in QEMU that's trying to tell the mediated device when
> > to start an operation when we probably should be passing through
> > whatever i/o operations indicate that status directly to the mediated
> > device. Thanks,
> >
> > Alex
>
> Below is copied from Dong's earlier post which said clear that
> a guest cmd submission will trigger the whole flow:
>
> ----
> Explanation:
> Q1-Q4: Qemu side process.
> K1-K6: Kernel side process.
>
> Q1. Intercept a ssch instruction.
> Q2. Translate the guest ccw program to a user space ccw program
> (u_ccwchain).
> Q3. Call VFIO_DEVICE_CCW_CMD_REQUEST (u_ccwchain, orb, irb).
> K1. Copy from u_ccwchain to kernel (k_ccwchain).
> K2. Translate the user space ccw program to a kernel space ccw
> program, which becomes runnable for a real device.
> K3. With the necessary information contained in the orb passed in
> by Qemu, issue the k_ccwchain to the device, and wait event q
> for the I/O result.
> K4. Interrupt handler gets the I/O result, and wakes up the wait q.
> K5. CMD_REQUEST ioctl gets the I/O result, and uses the result to
> update the user space irb.
> K6. Copy irb and scsw back to user space.
> Q4. Update the irb for the guest.
> ----
Right, but this was the pre-mediated device approach, now we no longer
need step Q2 so we really only need Q1 and therefore Q3 to exist in
QEMU if those are operations that are not visible to the mediated
device; which they very well might be, since it's described as an
instruction rather than an i/o operation. It's not terrible if that's
the case, vfio-pci has its own ioctl for doing a hot reset.
> My understanding is that such thing belongs to how device is mediated
> (so device driver specific), instead of something to be abstracted in
> VFIO which manages resource but doesn't care how resource is used.
>
> Actually we have same requirement in vGPU case, that a guest driver
> needs submit GPU commands through some MMIO register. vGPU device
> model will intercept the submission request (in its own way), do its
> necessary scan/audit to ensure correctness/security, and then submit
> to physical GPU through vendor specific interface.
>
> No difference with channel I/O here.
Well, if the GPU command is submitted through an MMIO register, is that
MMIO register part of the mediated device? If so, could the mediated
device recognize the command and do the scan/audit itself? QEMU must
not be the point at which mediation occurs for security purposes, QEMU
is userspace and userspace is not to be trusted. I'm still open to
ioctls where it makes sense, as above, we have PCI specific ioctls and
already, but we need to evaluate each one, why it needs to exist, and
whether we can skip it if the mediated device can trigger the action on
its own. After all, that's why we're using the vfio api, so we can
re-use much of the existing infrastructure, especially for a vGPU that
exposes itself as a PCI device. Thanks,
Alex
WARNING: multiple messages have this Message-ID (diff)
From: Alex Williamson <alex.williamson@redhat.com>
To: "Tian, Kevin" <kevin.tian@intel.com>
Cc: Neo Jia <cjia@nvidia.com>, Dong Jia <bjsdjshi@linux.vnet.ibm.com>,
Kirti Wankhede <kwankhede@nvidia.com>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"kraxel@redhat.com" <kraxel@redhat.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"Ruan, Shuai" <shuai.ruan@intel.com>,
"Song, Jike" <jike.song@intel.com>,
"Lv, Zhiyuan" <zhiyuan.lv@intel.com>
Subject: Re: [Qemu-devel] [RFC PATCH v4 1/3] Mediated device Core driver
Date: Tue, 7 Jun 2016 16:42:18 -0600 [thread overview]
Message-ID: <20160607164218.02577f5e@ul30vt.home> (raw)
In-Reply-To: <AADFC41AFE54684AB9EE6CBC0274A5D15F8912A9@SHSMSX101.ccr.corp.intel.com>
On Tue, 7 Jun 2016 03:03:32 +0000
"Tian, Kevin" <kevin.tian@intel.com> wrote:
> > From: Alex Williamson [mailto:alex.williamson@redhat.com]
> > Sent: Tuesday, June 07, 2016 3:31 AM
> >
> > On Mon, 6 Jun 2016 10:44:25 -0700
> > Neo Jia <cjia@nvidia.com> wrote:
> >
> > > On Mon, Jun 06, 2016 at 04:29:11PM +0800, Dong Jia wrote:
> > > > On Sun, 5 Jun 2016 23:27:42 -0700
> > > > Neo Jia <cjia@nvidia.com> wrote:
> > > >
> > > > 2. VFIO_DEVICE_CCW_CMD_REQUEST
> > > > This intends to handle an intercepted channel I/O instruction. It
> > > > basically need to do the following thing:
> > >
> > > May I ask how and when QEMU knows that he needs to issue such VFIO ioctl at
> > > first place?
> >
> > Yep, this is my question as well. It sounds a bit like there's an
> > emulated device in QEMU that's trying to tell the mediated device when
> > to start an operation when we probably should be passing through
> > whatever i/o operations indicate that status directly to the mediated
> > device. Thanks,
> >
> > Alex
>
> Below is copied from Dong's earlier post which said clear that
> a guest cmd submission will trigger the whole flow:
>
> ----
> Explanation:
> Q1-Q4: Qemu side process.
> K1-K6: Kernel side process.
>
> Q1. Intercept a ssch instruction.
> Q2. Translate the guest ccw program to a user space ccw program
> (u_ccwchain).
> Q3. Call VFIO_DEVICE_CCW_CMD_REQUEST (u_ccwchain, orb, irb).
> K1. Copy from u_ccwchain to kernel (k_ccwchain).
> K2. Translate the user space ccw program to a kernel space ccw
> program, which becomes runnable for a real device.
> K3. With the necessary information contained in the orb passed in
> by Qemu, issue the k_ccwchain to the device, and wait event q
> for the I/O result.
> K4. Interrupt handler gets the I/O result, and wakes up the wait q.
> K5. CMD_REQUEST ioctl gets the I/O result, and uses the result to
> update the user space irb.
> K6. Copy irb and scsw back to user space.
> Q4. Update the irb for the guest.
> ----
Right, but this was the pre-mediated device approach, now we no longer
need step Q2 so we really only need Q1 and therefore Q3 to exist in
QEMU if those are operations that are not visible to the mediated
device; which they very well might be, since it's described as an
instruction rather than an i/o operation. It's not terrible if that's
the case, vfio-pci has its own ioctl for doing a hot reset.
> My understanding is that such thing belongs to how device is mediated
> (so device driver specific), instead of something to be abstracted in
> VFIO which manages resource but doesn't care how resource is used.
>
> Actually we have same requirement in vGPU case, that a guest driver
> needs submit GPU commands through some MMIO register. vGPU device
> model will intercept the submission request (in its own way), do its
> necessary scan/audit to ensure correctness/security, and then submit
> to physical GPU through vendor specific interface.
>
> No difference with channel I/O here.
Well, if the GPU command is submitted through an MMIO register, is that
MMIO register part of the mediated device? If so, could the mediated
device recognize the command and do the scan/audit itself? QEMU must
not be the point at which mediation occurs for security purposes, QEMU
is userspace and userspace is not to be trusted. I'm still open to
ioctls where it makes sense, as above, we have PCI specific ioctls and
already, but we need to evaluate each one, why it needs to exist, and
whether we can skip it if the mediated device can trigger the action on
its own. After all, that's why we're using the vfio api, so we can
re-use much of the existing infrastructure, especially for a vGPU that
exposes itself as a PCI device. Thanks,
Alex
next prev parent reply other threads:[~2016-06-07 22:43 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-24 19:58 [RFC PATCH v4 0/3] Add Mediated device support[was: Add vGPU support] Kirti Wankhede
2016-05-24 19:58 ` [Qemu-devel] " Kirti Wankhede
2016-05-24 19:58 ` [RFC PATCH v4 1/3] Mediated device Core driver Kirti Wankhede
2016-05-24 19:58 ` [Qemu-devel] " Kirti Wankhede
2016-05-25 7:55 ` Tian, Kevin
2016-05-25 7:55 ` [Qemu-devel] " Tian, Kevin
2016-05-25 14:47 ` Kirti Wankhede
2016-05-25 14:47 ` [Qemu-devel] " Kirti Wankhede
2016-05-27 9:00 ` Tian, Kevin
2016-05-27 9:00 ` [Qemu-devel] " Tian, Kevin
2016-05-25 22:39 ` Alex Williamson
2016-05-25 22:39 ` [Qemu-devel] " Alex Williamson
2016-05-26 9:03 ` Kirti Wankhede
2016-05-26 9:03 ` [Qemu-devel] " Kirti Wankhede
2016-05-26 14:06 ` Alex Williamson
2016-05-26 14:06 ` [Qemu-devel] " Alex Williamson
2016-06-03 8:57 ` Dong Jia
2016-06-03 8:57 ` [Qemu-devel] " Dong Jia
2016-06-03 9:40 ` Tian, Kevin
2016-06-03 9:40 ` [Qemu-devel] " Tian, Kevin
2016-06-06 2:24 ` Dong Jia
2016-06-06 2:24 ` [Qemu-devel] " Dong Jia
2016-06-06 5:27 ` Kirti Wankhede
2016-06-06 5:27 ` [Qemu-devel] " Kirti Wankhede
2016-06-06 6:01 ` Dong Jia
2016-06-06 6:01 ` [Qemu-devel] " Dong Jia
2016-06-06 6:27 ` Neo Jia
2016-06-06 6:27 ` [Qemu-devel] " Neo Jia
2016-06-06 8:29 ` Dong Jia
2016-06-06 8:29 ` [Qemu-devel] " Dong Jia
2016-06-06 17:44 ` Neo Jia
2016-06-06 17:44 ` [Qemu-devel] " Neo Jia
2016-06-06 19:31 ` Alex Williamson
2016-06-06 19:31 ` [Qemu-devel] " Alex Williamson
2016-06-07 3:03 ` Tian, Kevin
2016-06-07 3:03 ` [Qemu-devel] " Tian, Kevin
2016-06-07 22:42 ` Alex Williamson [this message]
2016-06-07 22:42 ` Alex Williamson
2016-06-08 1:18 ` Tian, Kevin
2016-06-08 1:18 ` [Qemu-devel] " Tian, Kevin
2016-06-08 1:39 ` Alex Williamson
2016-06-08 1:39 ` [Qemu-devel] " Alex Williamson
2016-06-08 3:18 ` Dong Jia
2016-06-08 3:18 ` [Qemu-devel] " Dong Jia
2016-06-08 3:48 ` Neo Jia
2016-06-08 3:48 ` [Qemu-devel] " Neo Jia
2016-06-08 6:13 ` Dong Jia
2016-06-08 6:13 ` [Qemu-devel] " Dong Jia
2016-06-08 6:22 ` Neo Jia
2016-06-08 6:22 ` [Qemu-devel] " Neo Jia
2016-06-08 4:29 ` Alex Williamson
2016-06-08 4:29 ` [Qemu-devel] " Alex Williamson
2016-06-15 6:37 ` Dong Jia
2016-06-15 6:37 ` [Qemu-devel] " Dong Jia
2016-05-24 19:58 ` [RFC PATCH v4 2/3] VFIO driver for mediated PCI device Kirti Wankhede
2016-05-24 19:58 ` [Qemu-devel] " Kirti Wankhede
2016-05-25 8:15 ` Tian, Kevin
2016-05-25 8:15 ` [Qemu-devel] " Tian, Kevin
2016-05-25 13:04 ` Kirti Wankhede
2016-05-25 13:04 ` [Qemu-devel] " Kirti Wankhede
2016-05-27 10:03 ` Tian, Kevin
2016-05-27 10:03 ` [Qemu-devel] " Tian, Kevin
2016-05-27 15:13 ` Alex Williamson
2016-05-27 15:13 ` [Qemu-devel] " Alex Williamson
2016-05-24 19:58 ` [RFC PATCH v4 3/3] VFIO Type1 IOMMU: Add support for mediated devices Kirti Wankhede
2016-05-24 19:58 ` [Qemu-devel] " Kirti Wankhede
2016-06-01 8:40 ` Dong Jia
2016-06-01 8:40 ` [Qemu-devel] " Dong Jia
2016-06-02 7:56 ` Neo Jia
2016-06-02 7:56 ` [Qemu-devel] " Neo Jia
2016-06-03 8:32 ` Dong Jia
2016-06-03 8:32 ` [Qemu-devel] " Dong Jia
2016-06-03 8:37 ` Tian, Kevin
2016-06-03 8:37 ` [Qemu-devel] " Tian, Kevin
2016-05-25 7:13 ` [RFC PATCH v4 0/3] Add Mediated device support[was: Add vGPU support] Tian, Kevin
2016-05-25 7:13 ` [Qemu-devel] " Tian, Kevin
2016-05-25 13:43 ` Alex Williamson
2016-05-25 13:43 ` [Qemu-devel] " Alex Williamson
2016-05-27 11:02 ` Tian, Kevin
2016-05-27 11:02 ` [Qemu-devel] " Tian, Kevin
2016-05-27 14:54 ` Alex Williamson
2016-05-27 14:54 ` [Qemu-devel] " Alex Williamson
2016-05-27 22:43 ` Tian, Kevin
2016-05-27 22:43 ` [Qemu-devel] " Tian, Kevin
2016-05-28 14:56 ` Alex Williamson
2016-05-28 14:56 ` [Qemu-devel] " Alex Williamson
2016-05-31 2:29 ` Jike Song
2016-05-31 2:29 ` [Qemu-devel] " Jike Song
2016-05-31 14:29 ` Alex Williamson
2016-05-31 14:29 ` [Qemu-devel] " Alex Williamson
2016-06-02 2:11 ` Jike Song
2016-06-02 2:11 ` [Qemu-devel] " Jike Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160607164218.02577f5e@ul30vt.home \
--to=alex.williamson@redhat.com \
--cc=bjsdjshi@linux.vnet.ibm.com \
--cc=cjia@nvidia.com \
--cc=jike.song@intel.com \
--cc=kevin.tian@intel.com \
--cc=kraxel@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=kwankhede@nvidia.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=shuai.ruan@intel.com \
--cc=zhiyuan.lv@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.