From: "Stephen Bates" <sbates@raithlin.com>
To: Bjorn Helgaas <helgaas@kernel.org>,
Logan Gunthorpe <logang@deltatee.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-pci@vger.kernel.org" <linux-pci@vger.kernel.org>,
"linux-nvme@lists.infradead.org" <linux-nvme@lists.infradead.org>,
"linux-rdma@vger.kernel.org" <linux-rdma@vger.kernel.org>,
"linux-nvdimm@lists.01.org" <linux-nvdimm@lists.01.org>,
"linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
"Christoph Hellwig" <hch@lst.de>, "Jens Axboe" <axboe@kernel.dk>,
"Keith Busch" <keith.busch@intel.com>,
"Sagi Grimberg" <sagi@grimberg.me>,
"Bjorn Helgaas" <bhelgaas@google.com>,
"Jason Gunthorpe" <jgg@mellanox.com>,
"Max Gurtovoy" <maxg@mellanox.com>,
"Dan Williams" <dan.j.williams@intel.com>,
"Jérôme Glisse" <jglisse@redhat.com>,
"Benjamin Herrenschmidt" <benh@kernel.crashing.org>,
"Alex Williamson" <alex.williamson@redhat.com>
Subject: Re: [PATCH v2 04/10] PCI/P2PDMA: Clear ACS P2P flags for all devices behind switches
Date: Thu, 1 Mar 2018 18:54:01 +0000 [thread overview]
Message-ID: <0D05579B-789C-4A19-B3A2-C1A630BE31C0@raithlin.com> (raw)
In-Reply-To: <20180301180257.GH13722@bhelgaas-glaptop.roam.corp.google.com>
Thanks for the detailed review Bjorn!
>>
>> + Enabling this option will also disable ACS on all ports behind
>> + any PCIe switch. This effictively puts all devices behind any
>> + switch into the same IOMMU group.
>
> Does this really mean "all devices behind the same Root Port"?
Not necessarily. You might have a cascade of switches (i.e switches below a switch) to achieve a very large fan-out (in an NVMe SSD array for example) and we will only disable ACS on the ports below the relevant switch.
> What does this mean in terms of device security? I assume it means,
> at least, that individual devices can't be assigned to separate VMs.
This was discussed during v1 [1]. Disabling ACS on all downstream ports of the switch means that all the EPs below it have to part of the same IOMMU grouping. However it was also agreed that as long as the ACS disable occurred at boot time (which is does in v2) then the virtualization layer will be aware of it and will perform the IOMMU group formation correctly.
> I don't mind admitting that this patch makes me pretty nervous, and I
> don't have a clear idea of what the implications of this are, or how
> to communicate those to end users. "The same IOMMU group" is a pretty
> abstract idea.
Alex gave a good overview of the implications in [1].
Stephen
[1] https://marc.info/?l=linux-pci&m=151512320031739&w=2
next prev parent reply other threads:[~2018-03-01 18:54 UTC|newest]
Thread overview: 124+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-28 23:39 [PATCH v2 00/10] Copy Offload in NVMe Fabrics with P2P PCI Memory Logan Gunthorpe
2018-02-28 23:39 ` [PATCH v2 01/10] PCI/P2PDMA: Support peer to peer memory Logan Gunthorpe
2018-03-01 17:37 ` Bjorn Helgaas
2018-03-01 18:55 ` Logan Gunthorpe
2018-03-01 23:00 ` Bjorn Helgaas
2018-03-01 23:06 ` Logan Gunthorpe
2018-03-01 23:14 ` Stephen Bates
2018-03-01 23:45 ` Bjorn Helgaas
2018-02-28 23:39 ` [PATCH v2 02/10] PCI/P2PDMA: Add sysfs group to display p2pmem stats Logan Gunthorpe
2018-03-01 17:44 ` Bjorn Helgaas
2018-03-02 0:15 ` Logan Gunthorpe
2018-03-02 0:36 ` Dan Williams
2018-03-02 0:37 ` Logan Gunthorpe
2018-02-28 23:39 ` [PATCH v2 03/10] PCI/P2PDMA: Add PCI p2pmem dma mappings to adjust the bus offset Logan Gunthorpe
2018-03-01 17:49 ` Bjorn Helgaas
2018-03-01 19:36 ` Logan Gunthorpe
2018-02-28 23:40 ` [PATCH v2 04/10] PCI/P2PDMA: Clear ACS P2P flags for all devices behind switches Logan Gunthorpe
2018-03-01 18:02 ` Bjorn Helgaas
2018-03-01 18:54 ` Stephen Bates [this message]
2018-03-01 21:21 ` Alex Williamson
2018-03-01 21:26 ` Logan Gunthorpe
2018-03-01 21:32 ` Stephen Bates
2018-03-01 21:35 ` Jerome Glisse
2018-03-01 21:37 ` Logan Gunthorpe
2018-03-01 23:15 ` Bjorn Helgaas
2018-03-01 23:59 ` Logan Gunthorpe
2018-03-01 19:13 ` Logan Gunthorpe
2018-03-05 22:28 ` Bjorn Helgaas
2018-03-05 23:01 ` Logan Gunthorpe
2018-02-28 23:40 ` [PATCH v2 05/10] block: Introduce PCI P2P flags for request and request queue Logan Gunthorpe
2018-03-01 11:08 ` Sagi Grimberg
2018-02-28 23:40 ` [PATCH v2 06/10] IB/core: Add optional PCI P2P flag to rdma_rw_ctx_[init|destroy]() Logan Gunthorpe
2018-03-01 10:32 ` Sagi Grimberg
2018-03-01 17:16 ` Logan Gunthorpe
2018-02-28 23:40 ` [PATCH v2 07/10] nvme-pci: Use PCI p2pmem subsystem to manage the CMB Logan Gunthorpe
2018-03-05 1:33 ` Oliver
2018-03-05 16:00 ` Keith Busch
2018-03-05 17:10 ` Logan Gunthorpe
2018-03-05 18:02 ` Sinan Kaya
2018-03-05 18:09 ` Logan Gunthorpe
2018-03-06 0:49 ` Oliver
2018-03-06 1:14 ` Logan Gunthorpe
2018-03-06 10:40 ` Oliver
2018-03-05 19:57 ` Sagi Grimberg
2018-03-05 20:10 ` Jason Gunthorpe
2018-03-05 20:16 ` Logan Gunthorpe
2018-03-05 20:42 ` Keith Busch
2018-03-05 20:50 ` Jason Gunthorpe
2018-03-05 20:13 ` Logan Gunthorpe
2018-02-28 23:40 ` [PATCH v2 08/10] nvme-pci: Add support for P2P memory in requests Logan Gunthorpe
2018-03-01 11:07 ` Sagi Grimberg
2018-03-01 15:58 ` Stephen Bates
2018-03-09 5:08 ` Bart Van Assche
2018-02-28 23:40 ` [PATCH v2 09/10] nvme-pci: Add a quirk for a pseudo CMB Logan Gunthorpe
2018-03-01 11:03 ` Sagi Grimberg
2018-02-28 23:40 ` [PATCH v2 10/10] nvmet: Optionally use PCI P2P memory Logan Gunthorpe
2018-03-01 11:03 ` Sagi Grimberg
2018-03-01 16:15 ` Stephen Bates
2018-03-01 17:40 ` Logan Gunthorpe
2018-03-01 18:35 ` Sagi Grimberg
2018-03-01 18:42 ` Jason Gunthorpe
2018-03-01 19:01 ` Stephen Bates
2018-03-01 19:27 ` Logan Gunthorpe
2018-03-01 22:45 ` Jason Gunthorpe
2018-03-01 22:56 ` Logan Gunthorpe
2018-03-01 23:00 ` Stephen Bates
2018-03-01 23:20 ` Jason Gunthorpe
2018-03-01 23:29 ` Logan Gunthorpe
2018-03-01 23:32 ` Stephen Bates
2018-03-01 23:49 ` Keith Busch
2018-03-01 23:52 ` Logan Gunthorpe
2018-03-01 23:53 ` Stephen Bates
2018-03-02 15:53 ` Christoph Hellwig
2018-03-02 20:51 ` Stephen Bates
2018-03-01 23:57 ` Stephen Bates
2018-03-02 0:03 ` Logan Gunthorpe
2018-03-02 16:18 ` Jason Gunthorpe
2018-03-02 17:10 ` Logan Gunthorpe
2018-03-01 19:10 ` Logan Gunthorpe
2018-03-01 3:54 ` [PATCH v2 00/10] Copy Offload in NVMe Fabrics with P2P PCI Memory Benjamin Herrenschmidt
2018-03-01 3:56 ` Benjamin Herrenschmidt
2018-03-01 18:04 ` Logan Gunthorpe
2018-03-01 20:29 ` Benjamin Herrenschmidt
2018-03-01 20:55 ` Jerome Glisse
2018-03-01 21:03 ` Logan Gunthorpe
2018-03-01 21:10 ` Jerome Glisse
2018-03-01 21:15 ` Logan Gunthorpe
2018-03-01 21:25 ` Jerome Glisse
2018-03-01 21:37 ` Stephen Bates
2018-03-02 21:38 ` Stephen Bates
2018-03-02 22:09 ` Jerome Glisse
2018-03-05 20:36 ` Stephen Bates
2018-03-01 20:55 ` Logan Gunthorpe
2018-03-01 18:09 ` Stephen Bates
2018-03-01 20:32 ` Benjamin Herrenschmidt
2018-03-01 19:21 ` Dan Williams
2018-03-01 19:30 ` Logan Gunthorpe
2018-03-01 20:34 ` Benjamin Herrenschmidt
2018-03-01 20:40 ` Benjamin Herrenschmidt
2018-03-01 20:53 ` Jason Gunthorpe
2018-03-01 20:57 ` Logan Gunthorpe
2018-03-01 22:06 ` Benjamin Herrenschmidt
2018-03-01 22:31 ` Linus Torvalds
2018-03-01 22:34 ` Benjamin Herrenschmidt
2018-03-02 16:22 ` Kani, Toshi
2018-03-02 16:57 ` Linus Torvalds
2018-03-02 17:34 ` Linus Torvalds
2018-03-02 17:38 ` Kani, Toshi
2018-03-01 21:37 ` Dan Williams
2018-03-01 21:45 ` Logan Gunthorpe
2018-03-01 21:57 ` Logan Gunthorpe
2018-03-01 23:00 ` Benjamin Herrenschmidt
2018-03-01 23:19 ` Logan Gunthorpe
2018-03-01 23:25 ` Benjamin Herrenschmidt
2018-03-02 21:44 ` Benjamin Herrenschmidt
2018-03-02 22:24 ` Logan Gunthorpe
2018-03-01 23:26 ` Benjamin Herrenschmidt
2018-03-01 23:54 ` Logan Gunthorpe
2018-03-01 21:03 ` Benjamin Herrenschmidt
2018-03-01 21:11 ` Logan Gunthorpe
2018-03-01 21:18 ` Jerome Glisse
2018-03-01 21:22 ` Logan Gunthorpe
2018-03-01 10:31 ` Sagi Grimberg
2018-03-01 19:33 ` Logan Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0D05579B-789C-4A19-B3A2-C1A630BE31C0@raithlin.com \
--to=sbates@raithlin.com \
--cc=alex.williamson@redhat.com \
--cc=axboe@kernel.dk \
--cc=benh@kernel.crashing.org \
--cc=bhelgaas@google.com \
--cc=dan.j.williams@intel.com \
--cc=hch@lst.de \
--cc=helgaas@kernel.org \
--cc=jgg@mellanox.com \
--cc=jglisse@redhat.com \
--cc=keith.busch@intel.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvdimm@lists.01.org \
--cc=linux-nvme@lists.infradead.org \
--cc=linux-pci@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=logang@deltatee.com \
--cc=maxg@mellanox.com \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).