From: Punit Agrawal <punit.agrawal@arm.com>
To: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
Cc: kvm@vger.kernel.org, will.deacon@arm.com, robin.murphy@arm.com,
lorenzo.pieralisi@arm.com, marc.zyngier@arm.com
Subject: Re: [PATCH v2 kvmtool 06/10] Add PCI device passthrough using VFIO
Date: Mon, 31 Jul 2017 18:52:38 +0100 [thread overview]
Message-ID: <878tj4ze6x.fsf@e105922-lin.cambridge.arm.com> (raw)
In-Reply-To: <20170622170536.14319-7-jean-philippe.brucker@arm.com> (Jean-Philippe Brucker's message of "Thu, 22 Jun 2017 18:05:32 +0100")
Hi Jean-Philippe,
A couple of queries below -
Jean-Philippe Brucker <jean-philippe.brucker@arm.com> writes:
> Assigning devices using VFIO allows the guest to have direct access to the
> device, whilst filtering accesses to sensitive areas by trapping config
> space accesses and mapping DMA with an IOMMU.
>
> This patch adds a new option to lkvm run: --vfio-group=<group_number>.
> Before assigning a device to a VM, some preparation is required. As
> described in Linux Documentation/vfio.txt, the device driver need to be
Nitpick: "needs"
> changed to vfio-pci:
>
> $ dev=0000:00:00.0
>
> $ echo $dev > /sys/bus/pci/devices/$dev/driver/unbind
> $ echo vfio-pci > /sys/bus/pci/devices/$dev/driver_override
> $ echo $dev > /sys/bus/pci/drivers_probe
> $ readlink /sys/bus/pci/devices/$dev/iommu_group
> ../../../kernel/iommu_groups/5
>
> Adding --vfio[-group]=5 to lkvm-run will pass the device to the guest.
> Multiple groups can be passed to the guest by adding more --vfio
> parameters.
>
> This patch only implements PCI with INTx. MSI-X routing will be added in a
> subsequent patch, and at some point we might add support for passing
> platform devices to guests.
>
> Signed-off-by: Will Deacon <will.deacon@arm.com>
> Signed-off-by: Robin Murphy <robin.murphy@arm.com>
> Signed-off-by: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
> ---
> Makefile | 2 +
> arm/pci.c | 1 +
> builtin-run.c | 5 +
> include/kvm/kvm-config.h | 3 +
> include/kvm/pci.h | 3 +-
> include/kvm/vfio.h | 57 +++++++
> vfio/core.c | 395 +++++++++++++++++++++++++++++++++++++++++++++++
> vfio/pci.c | 365 +++++++++++++++++++++++++++++++++++++++++++
> 8 files changed, 830 insertions(+), 1 deletion(-)
> create mode 100644 include/kvm/vfio.h
> create mode 100644 vfio/core.c
> create mode 100644 vfio/pci.c
>
[...]
> +static int vfio_container_init(struct kvm *kvm)
> +{
> + int api, i, ret, iommu_type;;
> +
> + /* Create a container for our IOMMU groups */
> + vfio_container = open(VFIO_DEV_NODE, O_RDWR);
> + if (vfio_container == -1) {
> + ret = errno;
> + pr_err("Failed to open %s", VFIO_DEV_NODE);
> + return ret;
> + }
> +
> + api = ioctl(vfio_container, VFIO_GET_API_VERSION);
> + if (api != VFIO_API_VERSION) {
> + pr_err("Unknown VFIO API version %d", api);
> + return -ENODEV;
> + }
We are using the VFIO_API_VERSION pulled in from linux/vfio.h. Will
kvmtool be in trouble if for some reason the API version is incompatibly
incremented in the future?
> +
> + iommu_type = vfio_get_iommu_type();
> + if (iommu_type < 0) {
> + pr_err("VFIO type-1 IOMMU not supported on this platform");
> + return iommu_type;
> + }
> +
> + /* Sanity check our groups and add them to the container */
> + for (i = 0; i < kvm->cfg.num_vfio_groups; ++i) {
> + ret = vfio_group_init(kvm, &kvm->cfg.vfio_group[i]);
> + if (ret)
> + return ret;
> + }
> +
> + /* Finalise the container */
> + if (ioctl(vfio_container, VFIO_SET_IOMMU, iommu_type)) {
> + ret = -errno;
> + pr_err("Failed to set IOMMU type %d for VFIO container",
> + iommu_type);
> + return ret;
Just checking - is there a need to remove the groups from the containers
(added by VFIO_GROUP_SET_CONTAINER in vfio_group_init()) before erroring
out here? I imagine freeing of the vfio_container when kvmtool is
cleaning up after itself will do the right thing.
Thanks,
Punit
> + } else {
> + pr_info("Using IOMMU type %d for VFIO container", iommu_type);
> + }
> +
> + return kvm__for_each_mem_bank(kvm, KVM_MEM_TYPE_RAM, vfio_map_mem_bank,
> + NULL);
> +}
> +
> +static int vfio__init(struct kvm *kvm)
> +{
> + int ret;
> +
> + if (!kvm->cfg.num_vfio_groups)
> + return 0;
> +
> + ret = vfio_container_init(kvm);
> + if (ret)
> + return ret;
> +
> + ret = vfio_configure_iommu_groups(kvm);
> + if (ret)
> + return ret;
> +
> + return 0;
> +}
> +dev_base_init(vfio__init);
> +
> +static int vfio__exit(struct kvm *kvm)
> +{
> + int i;
> +
> + if (!kvm->cfg.num_vfio_groups)
> + return 0;
> +
> + for (i = 0; i < kvm->cfg.num_vfio_groups; ++i)
> + vfio_group_exit(kvm, &kvm->cfg.vfio_group[i]);
> +
> + kvm__for_each_mem_bank(kvm, KVM_MEM_TYPE_RAM, vfio_unmap_mem_bank, NULL);
> + return close(vfio_container);
> +}
> +dev_base_exit(vfio__exit);
[...]
next prev parent reply other threads:[~2017-07-31 17:52 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-22 17:05 [PATCH v2 kvmtool 00/10] Add PCI passthrough support with VFIO Jean-Philippe Brucker
2017-06-22 17:05 ` [PATCH v2 kvmtool 01/10] pci: add config operations callbacks on the PCI header Jean-Philippe Brucker
2017-06-22 17:05 ` [PATCH v2 kvmtool 02/10] pci: allow to specify IRQ type for PCI devices Jean-Philippe Brucker
2017-06-22 17:05 ` [PATCH v2 kvmtool 03/10] irq: add irqfd helpers Jean-Philippe Brucker
2017-07-31 17:55 ` Punit Agrawal
2017-08-02 15:17 ` Jean-Philippe Brucker
2017-06-22 17:05 ` [PATCH v2 kvmtool 04/10] Extend memory bank API with memory types Jean-Philippe Brucker
2017-06-22 17:05 ` [PATCH v2 kvmtool 05/10] pci: add capability helpers Jean-Philippe Brucker
2017-06-22 17:05 ` [PATCH v2 kvmtool 06/10] Add PCI device passthrough using VFIO Jean-Philippe Brucker
2017-07-31 17:52 ` Punit Agrawal [this message]
2017-08-02 15:17 ` Jean-Philippe Brucker
2017-08-03 9:36 ` Punit Agrawal
2017-08-03 11:24 ` Jean-Philippe Brucker
2017-06-22 17:05 ` [PATCH v2 kvmtool 07/10] vfio-pci: add MSI-X support Jean-Philippe Brucker
2017-07-31 17:49 ` Punit Agrawal
2017-08-01 16:04 ` Punit Agrawal
2017-08-02 15:18 ` Jean-Philippe Brucker
2017-08-03 10:25 ` Punit Agrawal
2017-08-03 10:53 ` Jean-Philippe Brucker
2017-08-18 17:42 ` Jean-Philippe Brucker
2017-08-22 11:25 ` Punit Agrawal
2017-06-22 17:05 ` [PATCH v2 kvmtool 08/10] vfio-pci: add MSI support Jean-Philippe Brucker
2017-06-22 17:05 ` [PATCH v2 kvmtool 09/10] Introduce reserved memory regions Jean-Philippe Brucker
2017-06-22 17:05 ` [PATCH v2 kvmtool 10/10] vfio: check reserved regions before mapping DMA Jean-Philippe Brucker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878tj4ze6x.fsf@e105922-lin.cambridge.arm.com \
--to=punit.agrawal@arm.com \
--cc=jean-philippe.brucker@arm.com \
--cc=kvm@vger.kernel.org \
--cc=lorenzo.pieralisi@arm.com \
--cc=marc.zyngier@arm.com \
--cc=robin.murphy@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).