From: Alex Williamson <alex.williamson@redhat.com>
To: Yi Liu <yi.l.liu@intel.com>
Cc: akrowiak@linux.ibm.com, jjherne@linux.ibm.com,
farman@linux.ibm.com, chao.p.peng@intel.com, kvm@vger.kernel.org,
mjrosato@linux.ibm.com, Laine Stump <laine@redhat.com>,
"libvir-list@redhat.com" <libvir-list@redhat.com>,
jasowang@redhat.com, cohuck@redhat.com, thuth@redhat.com,
peterx@redhat.com, qemu-devel@nongnu.org, pasic@linux.ibm.com,
eric.auger@redhat.com, yi.y.sun@intel.com, nicolinc@nvidia.com,
kevin.tian@intel.com, jgg@nvidia.com, eric.auger.pro@gmail.com,
david@gibson.dropbear.id.au
Subject: Re: [RFC 00/18] vfio: Adopt iommufd
Date: Fri, 22 Apr 2022 16:09:43 -0600 [thread overview]
Message-ID: <20220422160943.6ff4f330.alex.williamson@redhat.com> (raw)
In-Reply-To: <20220414104710.28534-1-yi.l.liu@intel.com>
[Cc +libvirt folks]
On Thu, 14 Apr 2022 03:46:52 -0700
Yi Liu <yi.l.liu@intel.com> wrote:
> With the introduction of iommufd[1], the linux kernel provides a generic
> interface for userspace drivers to propagate their DMA mappings to kernel
> for assigned devices. This series does the porting of the VFIO devices
> onto the /dev/iommu uapi and let it coexist with the legacy implementation.
> Other devices like vpda, vfio mdev and etc. are not considered yet.
>
> For vfio devices, the new interface is tied with device fd and iommufd
> as the iommufd solution is device-centric. This is different from legacy
> vfio which is group-centric. To support both interfaces in QEMU, this
> series introduces the iommu backend concept in the form of different
> container classes. The existing vfio container is named legacy container
> (equivalent with legacy iommu backend in this series), while the new
> iommufd based container is named as iommufd container (may also be mentioned
> as iommufd backend in this series). The two backend types have their own
> way to setup secure context and dma management interface. Below diagram
> shows how it looks like with both BEs.
>
> VFIO AddressSpace/Memory
> +-------+ +----------+ +-----+ +-----+
> | pci | | platform | | ap | | ccw |
> +---+---+ +----+-----+ +--+--+ +--+--+ +----------------------+
> | | | | | AddressSpace |
> | | | | +------------+---------+
> +---V-----------V-----------V--------V----+ /
> | VFIOAddressSpace | <------------+
> | | | MemoryListener
> | VFIOContainer list |
> +-------+----------------------------+----+
> | |
> | |
> +-------V------+ +--------V----------+
> | iommufd | | vfio legacy |
> | container | | container |
> +-------+------+ +--------+----------+
> | |
> | /dev/iommu | /dev/vfio/vfio
> | /dev/vfio/devices/vfioX | /dev/vfio/$group_id
> Userspace | |
> ===========+============================+================================
> Kernel | device fd |
> +---------------+ | group/container fd
> | (BIND_IOMMUFD | | (SET_CONTAINER/SET_IOMMU)
> | ATTACH_IOAS) | | device fd
> | | |
> | +-------V------------V-----------------+
> iommufd | | vfio |
> (map/unmap | +---------+--------------------+-------+
> ioas_copy) | | | map/unmap
> | | |
> +------V------+ +-----V------+ +------V--------+
> | iommfd core | | device | | vfio iommu |
> +-------------+ +------------+ +---------------+
>
> [Secure Context setup]
> - iommufd BE: uses device fd and iommufd to setup secure context
> (bind_iommufd, attach_ioas)
> - vfio legacy BE: uses group fd and container fd to setup secure context
> (set_container, set_iommu)
> [Device access]
> - iommufd BE: device fd is opened through /dev/vfio/devices/vfioX
> - vfio legacy BE: device fd is retrieved from group fd ioctl
> [DMA Mapping flow]
> - VFIOAddressSpace receives MemoryRegion add/del via MemoryListener
> - VFIO populates DMA map/unmap via the container BEs
> *) iommufd BE: uses iommufd
> *) vfio legacy BE: uses container fd
>
> This series qomifies the VFIOContainer object which acts as a base class
> for a container. This base class is derived into the legacy VFIO container
> and the new iommufd based container. The base class implements generic code
> such as code related to memory_listener and address space management whereas
> the derived class implements callbacks that depend on the kernel user space
> being used.
>
> The selection of the backend is made on a device basis using the new
> iommufd option (on/off/auto). By default the iommufd backend is selected
> if supported by the host and by QEMU (iommufd KConfig). This option is
> currently available only for the vfio-pci device. For other types of
> devices, it does not yet exist and the legacy BE is chosen by default.
I've discussed this a bit with Eric, but let me propose a different
command line interface. Libvirt generally likes to pass file
descriptors to QEMU rather than grant it access to those files
directly. This was problematic with vfio-pci because libvirt can't
easily know when QEMU will want to grab another /dev/vfio/vfio
container. Therefore we abandoned this approach and instead libvirt
grants file permissions.
However, with iommufd there's no reason that QEMU ever needs more than
a single instance of /dev/iommufd and we're using per device vfio file
descriptors, so it seems like a good time to revisit this.
The interface I was considering would be to add an iommufd object to
QEMU, so we might have a:
-device iommufd[,fd=#][,id=foo]
For non-libivrt usage this would have the ability to open /dev/iommufd
itself if an fd is not provided. This object could be shared with
other iommufd users in the VM and maybe we'd allow multiple instances
for more esoteric use cases. [NB, maybe this should be a -object rather than
-device since the iommufd is not a guest visible device?]
The vfio-pci device might then become:
-device vfio-pci[,host=DDDD:BB:DD.f][,sysfsdev=/sys/path/to/device][,fd=#][,iommufd=foo]
So essentially we can specify the device via host, sysfsdev, or passing
an fd to the vfio device file. When an iommufd object is specified,
"foo" in the example above, each of those options would use the
vfio-device access mechanism, essentially the same as iommufd=on in
your example. With the fd passing option, an iommufd object would be
required and necessarily use device level access.
In your example, the iommufd=auto seems especially troublesome for
libvirt because QEMU is going to have different locked memory
requirements based on whether we're using type1 or iommufd, where the
latter resolves the duplicate accounting issues. libvirt needs to know
deterministically which backed is being used, which this proposal seems
to provide, while at the same time bringing us more in line with fd
passing. Thoughts? Thanks,
Alex
WARNING: multiple messages have this Message-ID (diff)
From: Alex Williamson <alex.williamson@redhat.com>
To: Yi Liu <yi.l.liu@intel.com>
Cc: cohuck@redhat.com, qemu-devel@nongnu.org,
david@gibson.dropbear.id.au, thuth@redhat.com,
farman@linux.ibm.com, mjrosato@linux.ibm.com,
akrowiak@linux.ibm.com, pasic@linux.ibm.com,
jjherne@linux.ibm.com, jasowang@redhat.com, kvm@vger.kernel.org,
jgg@nvidia.com, nicolinc@nvidia.com, eric.auger@redhat.com,
eric.auger.pro@gmail.com, kevin.tian@intel.com,
chao.p.peng@intel.com, yi.y.sun@intel.com, peterx@redhat.com,
"libvir-list@redhat.com" <libvir-list@redhat.com>,
Laine Stump <laine@redhat.com>
Subject: Re: [RFC 00/18] vfio: Adopt iommufd
Date: Fri, 22 Apr 2022 16:09:43 -0600 [thread overview]
Message-ID: <20220422160943.6ff4f330.alex.williamson@redhat.com> (raw)
In-Reply-To: <20220414104710.28534-1-yi.l.liu@intel.com>
[Cc +libvirt folks]
On Thu, 14 Apr 2022 03:46:52 -0700
Yi Liu <yi.l.liu@intel.com> wrote:
> With the introduction of iommufd[1], the linux kernel provides a generic
> interface for userspace drivers to propagate their DMA mappings to kernel
> for assigned devices. This series does the porting of the VFIO devices
> onto the /dev/iommu uapi and let it coexist with the legacy implementation.
> Other devices like vpda, vfio mdev and etc. are not considered yet.
>
> For vfio devices, the new interface is tied with device fd and iommufd
> as the iommufd solution is device-centric. This is different from legacy
> vfio which is group-centric. To support both interfaces in QEMU, this
> series introduces the iommu backend concept in the form of different
> container classes. The existing vfio container is named legacy container
> (equivalent with legacy iommu backend in this series), while the new
> iommufd based container is named as iommufd container (may also be mentioned
> as iommufd backend in this series). The two backend types have their own
> way to setup secure context and dma management interface. Below diagram
> shows how it looks like with both BEs.
>
> VFIO AddressSpace/Memory
> +-------+ +----------+ +-----+ +-----+
> | pci | | platform | | ap | | ccw |
> +---+---+ +----+-----+ +--+--+ +--+--+ +----------------------+
> | | | | | AddressSpace |
> | | | | +------------+---------+
> +---V-----------V-----------V--------V----+ /
> | VFIOAddressSpace | <------------+
> | | | MemoryListener
> | VFIOContainer list |
> +-------+----------------------------+----+
> | |
> | |
> +-------V------+ +--------V----------+
> | iommufd | | vfio legacy |
> | container | | container |
> +-------+------+ +--------+----------+
> | |
> | /dev/iommu | /dev/vfio/vfio
> | /dev/vfio/devices/vfioX | /dev/vfio/$group_id
> Userspace | |
> ===========+============================+================================
> Kernel | device fd |
> +---------------+ | group/container fd
> | (BIND_IOMMUFD | | (SET_CONTAINER/SET_IOMMU)
> | ATTACH_IOAS) | | device fd
> | | |
> | +-------V------------V-----------------+
> iommufd | | vfio |
> (map/unmap | +---------+--------------------+-------+
> ioas_copy) | | | map/unmap
> | | |
> +------V------+ +-----V------+ +------V--------+
> | iommfd core | | device | | vfio iommu |
> +-------------+ +------------+ +---------------+
>
> [Secure Context setup]
> - iommufd BE: uses device fd and iommufd to setup secure context
> (bind_iommufd, attach_ioas)
> - vfio legacy BE: uses group fd and container fd to setup secure context
> (set_container, set_iommu)
> [Device access]
> - iommufd BE: device fd is opened through /dev/vfio/devices/vfioX
> - vfio legacy BE: device fd is retrieved from group fd ioctl
> [DMA Mapping flow]
> - VFIOAddressSpace receives MemoryRegion add/del via MemoryListener
> - VFIO populates DMA map/unmap via the container BEs
> *) iommufd BE: uses iommufd
> *) vfio legacy BE: uses container fd
>
> This series qomifies the VFIOContainer object which acts as a base class
> for a container. This base class is derived into the legacy VFIO container
> and the new iommufd based container. The base class implements generic code
> such as code related to memory_listener and address space management whereas
> the derived class implements callbacks that depend on the kernel user space
> being used.
>
> The selection of the backend is made on a device basis using the new
> iommufd option (on/off/auto). By default the iommufd backend is selected
> if supported by the host and by QEMU (iommufd KConfig). This option is
> currently available only for the vfio-pci device. For other types of
> devices, it does not yet exist and the legacy BE is chosen by default.
I've discussed this a bit with Eric, but let me propose a different
command line interface. Libvirt generally likes to pass file
descriptors to QEMU rather than grant it access to those files
directly. This was problematic with vfio-pci because libvirt can't
easily know when QEMU will want to grab another /dev/vfio/vfio
container. Therefore we abandoned this approach and instead libvirt
grants file permissions.
However, with iommufd there's no reason that QEMU ever needs more than
a single instance of /dev/iommufd and we're using per device vfio file
descriptors, so it seems like a good time to revisit this.
The interface I was considering would be to add an iommufd object to
QEMU, so we might have a:
-device iommufd[,fd=#][,id=foo]
For non-libivrt usage this would have the ability to open /dev/iommufd
itself if an fd is not provided. This object could be shared with
other iommufd users in the VM and maybe we'd allow multiple instances
for more esoteric use cases. [NB, maybe this should be a -object rather than
-device since the iommufd is not a guest visible device?]
The vfio-pci device might then become:
-device vfio-pci[,host=DDDD:BB:DD.f][,sysfsdev=/sys/path/to/device][,fd=#][,iommufd=foo]
So essentially we can specify the device via host, sysfsdev, or passing
an fd to the vfio device file. When an iommufd object is specified,
"foo" in the example above, each of those options would use the
vfio-device access mechanism, essentially the same as iommufd=on in
your example. With the fd passing option, an iommufd object would be
required and necessarily use device level access.
In your example, the iommufd=auto seems especially troublesome for
libvirt because QEMU is going to have different locked memory
requirements based on whether we're using type1 or iommufd, where the
latter resolves the duplicate accounting issues. libvirt needs to know
deterministically which backed is being used, which this proposal seems
to provide, while at the same time bringing us more in line with fd
passing. Thoughts? Thanks,
Alex
next prev parent reply other threads:[~2022-04-22 22:11 UTC|newest]
Thread overview: 125+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-14 10:46 [RFC 00/18] vfio: Adopt iommufd Yi Liu
2022-04-14 10:46 ` Yi Liu
2022-04-14 10:46 ` [RFC 01/18] scripts/update-linux-headers: Add iommufd.h Yi Liu
2022-04-14 10:46 ` Yi Liu
2022-04-14 10:46 ` [RFC 02/18] linux-headers: Import latest vfio.h and iommufd.h Yi Liu
2022-04-14 10:46 ` Yi Liu
2022-04-14 10:46 ` [RFC 03/18] hw/vfio/pci: fix vfio_pci_hot_reset_result trace point Yi Liu
2022-04-14 10:46 ` Yi Liu
2022-04-14 10:46 ` [RFC 04/18] vfio/pci: Use vbasedev local variable in vfio_realize() Yi Liu
2022-04-14 10:46 ` Yi Liu
2022-04-14 10:46 ` [RFC 05/18] vfio/common: Rename VFIOGuestIOMMU::iommu into ::iommu_mr Yi Liu
2022-04-14 10:46 ` Yi Liu
2022-04-14 10:46 ` [RFC 06/18] vfio/common: Split common.c into common.c, container.c and as.c Yi Liu
2022-04-14 10:46 ` [RFC 07/18] vfio: Add base object for VFIOContainer Yi Liu
2022-04-14 10:46 ` Yi Liu
2022-04-29 6:29 ` David Gibson
2022-04-29 6:29 ` David Gibson
2022-05-03 13:05 ` Yi Liu
2022-04-14 10:47 ` [RFC 08/18] vfio/container: Introduce vfio_[attach/detach]_device Yi Liu
2022-04-14 10:47 ` Yi Liu
2022-04-14 10:47 ` [RFC 09/18] vfio/platform: Use vfio_[attach/detach]_device Yi Liu
2022-04-14 10:47 ` Yi Liu
2022-04-14 10:47 ` [RFC 10/18] vfio/ap: " Yi Liu
2022-04-14 10:47 ` Yi Liu
2022-04-14 10:47 ` [RFC 11/18] vfio/ccw: " Yi Liu
2022-04-14 10:47 ` Yi Liu
2022-04-14 10:47 ` [RFC 12/18] vfio/container-obj: Introduce [attach/detach]_device container callbacks Yi Liu
2022-04-14 10:47 ` Yi Liu
2022-04-14 10:47 ` [RFC 13/18] vfio/container-obj: Introduce VFIOContainer reset callback Yi Liu
2022-04-14 10:47 ` Yi Liu
2022-04-14 10:47 ` [RFC 14/18] hw/iommufd: Creation Yi Liu
2022-04-14 10:47 ` Yi Liu
2022-04-14 10:47 ` [RFC 15/18] vfio/iommufd: Implement iommufd backend Yi Liu
2022-04-14 10:47 ` Yi Liu
2022-04-22 14:58 ` Jason Gunthorpe
2022-04-22 21:33 ` Alex Williamson
2022-04-22 21:33 ` Alex Williamson
2022-04-26 9:55 ` Yi Liu
2022-04-26 9:55 ` Yi Liu
2022-04-26 10:41 ` Tian, Kevin
2022-04-26 10:41 ` Tian, Kevin
2022-04-26 13:41 ` Jason Gunthorpe
2022-04-26 14:08 ` Yi Liu
2022-04-26 14:08 ` Yi Liu
2022-04-26 14:11 ` Jason Gunthorpe
2022-04-26 18:45 ` Alex Williamson
2022-04-26 18:45 ` Alex Williamson
2022-04-26 19:27 ` Jason Gunthorpe
2022-04-26 20:59 ` Alex Williamson
2022-04-26 20:59 ` Alex Williamson
2022-04-26 23:08 ` Jason Gunthorpe
2022-04-26 13:53 ` Jason Gunthorpe
2022-04-14 10:47 ` [RFC 16/18] vfio/iommufd: Add IOAS_COPY_DMA support Yi Liu
2022-04-14 10:47 ` Yi Liu
2022-04-14 10:47 ` [RFC 17/18] vfio/as: Allow the selection of a given iommu backend Yi Liu
2022-04-14 10:47 ` Yi Liu
2022-04-14 10:47 ` [RFC 18/18] vfio/pci: Add an iommufd option Yi Liu
2022-04-14 10:47 ` Yi Liu
2022-04-15 8:37 ` [RFC 00/18] vfio: Adopt iommufd Nicolin Chen
2022-04-17 10:30 ` Eric Auger
2022-04-17 10:30 ` Eric Auger
2022-04-19 3:26 ` Nicolin Chen
2022-04-25 19:40 ` Eric Auger
2022-04-25 19:40 ` Eric Auger
2022-04-18 8:49 ` Tian, Kevin
2022-04-18 8:49 ` Tian, Kevin
2022-04-18 12:09 ` Yi Liu
2022-04-18 12:09 ` Yi Liu
2022-04-25 19:51 ` Eric Auger
2022-04-25 19:51 ` Eric Auger
2022-04-25 19:55 ` Eric Auger
2022-04-25 19:55 ` Eric Auger
2022-04-26 8:39 ` Tian, Kevin
2022-04-26 8:39 ` Tian, Kevin
2022-04-22 22:09 ` Alex Williamson [this message]
2022-04-22 22:09 ` Alex Williamson
2022-04-25 10:10 ` Daniel P. Berrangé
2022-04-25 10:10 ` Daniel P. Berrangé
2022-04-25 13:36 ` Jason Gunthorpe
2022-04-25 14:37 ` Alex Williamson
2022-04-25 14:37 ` Alex Williamson
2022-04-26 8:37 ` Tian, Kevin
2022-04-26 8:37 ` Tian, Kevin
2022-04-26 12:33 ` Jason Gunthorpe
2022-04-26 16:21 ` Alex Williamson
2022-04-26 16:21 ` Alex Williamson
2022-04-26 16:42 ` Jason Gunthorpe
2022-04-26 19:24 ` Alex Williamson
2022-04-26 19:24 ` Alex Williamson
2022-04-26 19:36 ` Jason Gunthorpe
2022-04-28 3:21 ` Tian, Kevin
2022-04-28 3:21 ` Tian, Kevin
2022-04-28 14:24 ` Alex Williamson
2022-04-28 14:24 ` Alex Williamson
2022-04-28 16:20 ` Daniel P. Berrangé
2022-04-28 16:20 ` Daniel P. Berrangé
2022-04-29 0:45 ` Tian, Kevin
2022-04-29 0:45 ` Tian, Kevin
2022-04-25 20:23 ` Eric Auger
2022-04-25 20:23 ` Eric Auger
2022-04-25 22:53 ` Alex Williamson
2022-04-25 22:53 ` Alex Williamson
2022-04-26 9:47 ` Shameerali Kolothum Thodi via
2022-04-26 9:47 ` Shameerali Kolothum Thodi
2022-04-26 11:44 ` Eric Auger
2022-04-26 11:44 ` Eric Auger
2022-04-26 12:43 ` Shameerali Kolothum Thodi
2022-04-26 12:43 ` Shameerali Kolothum Thodi via
2022-04-26 16:35 ` Alex Williamson
2022-04-26 16:35 ` Alex Williamson
2022-05-09 14:24 ` Zhangfei Gao
2022-05-10 3:17 ` Yi Liu
2022-05-10 6:51 ` Eric Auger
2022-05-10 12:35 ` Zhangfei Gao
2022-05-10 12:45 ` Jason Gunthorpe
2022-05-10 14:08 ` Yi Liu
2022-05-11 14:17 ` zhangfei.gao
2022-05-12 9:01 ` zhangfei.gao
2022-05-17 8:55 ` Yi Liu
2022-05-18 7:22 ` zhangfei.gao
2022-05-18 14:00 ` Yi Liu
2022-06-28 8:14 ` Shameerali Kolothum Thodi
2022-06-28 8:14 ` Shameerali Kolothum Thodi via
2022-06-28 8:58 ` Eric Auger
2022-05-17 8:52 ` Yi Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220422160943.6ff4f330.alex.williamson@redhat.com \
--to=alex.williamson@redhat.com \
--cc=akrowiak@linux.ibm.com \
--cc=chao.p.peng@intel.com \
--cc=cohuck@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=eric.auger.pro@gmail.com \
--cc=eric.auger@redhat.com \
--cc=farman@linux.ibm.com \
--cc=jasowang@redhat.com \
--cc=jgg@nvidia.com \
--cc=jjherne@linux.ibm.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=laine@redhat.com \
--cc=libvir-list@redhat.com \
--cc=mjrosato@linux.ibm.com \
--cc=nicolinc@nvidia.com \
--cc=pasic@linux.ibm.com \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=thuth@redhat.com \
--cc=yi.l.liu@intel.com \
--cc=yi.y.sun@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.