From: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
To: "Raj, Ashok" <ashok.raj@intel.com>
Cc: "Tian, Kevin" <kevin.tian@intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"Bie, Tiwei" <tiwei.bie@intel.com>,
"Kumar, Sanjay K" <sanjay.k.kumar@intel.com>,
Kirti Wankhede <kwankhede@nvidia.com>,
"iommu@lists.linux-foundation.org"
<iommu@lists.linux-foundation.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Alex Williamson <alex.williamson@redhat.com>,
"Pan, Jacob jun" <jacob.jun.pan@intel.com>,
David Woodhouse <dwmw2@infradead.org>,
"Sun, Yi Y" <yi.y.sun@intel.com>
Subject: Re: [RFC PATCH v2 00/10] vfio/mdev: IOMMU aware mediated device
Date: Fri, 14 Sep 2018 15:39:36 +0100 [thread overview]
Message-ID: <1eea3561-f2c3-29a2-8ae4-879d8230b540@arm.com> (raw)
In-Reply-To: <20180913165520.GA14731@otc-nc-03>
On 13/09/2018 17:55, Raj, Ashok wrote:
>> For Arm SMMU we're more interested in the PASID-granular case than the
>> RID-granular one. It doesn't necessarily require vt-d rev3 scalable
>> mode, the following example can be implemented with an SMMUv3, since it
>> only needs PASID-granular first-level translation:
>
> You are right, you can simply use the first level as IOVA for every PASID.
>
> Only issue becomes when you need to assign that to a guest, you would be required
> to shadow the 1st level. If you have a 2nd level per-pasid first level can
> be managed in guest and don't require to shadow them.
Right, for us assigning a PASID-granular mdev to a guest requires shadowing
>> Another note: if for some reason you did want to allow userspace to
>> choose between first-level or second-level, you could implement the
>> VFIO_TYPE1_NESTING_IOMMU container. It acts like a VFIO_TYPE1v2_IOMMU,
>> but also sets the DOMAIN_ATTR_NESTING on the IOMMU domain. So DMA_MAP
>> ioctl on a NESTING container would populate second-level, and DMA_MAP on
>> a normal container populates first-level. But if you're always going to
>> use second-level by default, the distinction isn't necessary.
>
> Where is the nesting attribute specified? in vt-d2 it was part of context
> entry, so also meant all PASID's are nested now. In vt-d3 its part of
> PASID context.
I don't think the nesting attribute is described in details anywhere.
The SMMU drivers use it to know if they should create first- or
second-level mappings. At the moment QEMU always uses
VFIO_TYPE1v2_IOMMU, but Eric Auger is proposing a patch that adds
VFIO_TYPE1_NESTING_IOMMU to QEMU:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg559820.html
> It seems unsafe to share PASID's with different VM's since any request
> W/O PASID has only one mapping.
Which case are you talking about? It might be more confusing than
helpful, but here's my understanding of what we can assign to a guest:
| no vIOMMU | vIOMMU no PASID | vIOMMU with PASID
--------------+-------------+------------------+--------------------
VF | ok | shadow or nest | nest
mdev, SMMUv3 | ok | shadow | shadow + PV (?)
mdev, vt-d3 | ok | nest | nest + PV
The first line, assigning a PCI VF to a guest is the "basic" vfio-pci
case. Currently in QEMU it works by shadowing first-level translation.
We still have to upstream nested translation for that case. Vt-d2 didn't
support nested without PASID, vt-d3 offers RID_PASID for this. On SMMUv3
the PASID table is assigned to the guest, whereas on vt-d3 the host
manages the PASID table and individual page tables are assigned to the
guest.
Assigning an mdev (here I'm talking about the PASID-granular partition
of a VF, not the whole RID-granular VF wrapped by an mdev) could be done
by shadowing first-level translation on SMMUv3. It cannot do nested
since the VF has a single set of second-level page tables, which cannot
be used when mdevs are assigned to different VMs. Vt-d3 has one set of
second-level page tables per PASID, so it can do nested.
Since the parent device has a single PASID space, allowing the guest to
use multiple PASIDs for one mdev requires paravirtual allocation of
PASIDs (last column). Vt-d3 uses the Virtual Command Registers for that.
I assume that it is safe because the host is in charge of programming
PASIDs in the parent device, so the guest couldn't use a PASID allocated
to another mdev, but I don't know what the device's programming model
would look like. Anyway I don't think guest PASID is tackled by this
series (right?) and I don't intend to work on it for SMMUv3 (shadowing
stage-1 for vSVA seems like a bad idea...)
Does this seem accurate?
Thanks,
Jean
next prev parent reply other threads:[~2018-09-14 14:39 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-30 4:09 [RFC PATCH v2 00/10] vfio/mdev: IOMMU aware mediated device Lu Baolu
2018-08-30 4:09 ` [RFC PATCH v2 01/10] iommu: Add APIs for multiple domains per device Lu Baolu
2018-08-30 4:09 ` [RFC PATCH v2 02/10] iommu/vt-d: Add multiple domains per device query Lu Baolu
2018-09-05 19:35 ` Alex Williamson
2018-09-06 0:54 ` Lu Baolu
2018-08-30 4:09 ` [RFC PATCH v2 03/10] iommu/amd: Add default branch in amd_iommu_capable() Lu Baolu
2018-09-05 19:37 ` Alex Williamson
2018-09-06 0:55 ` Lu Baolu
2018-08-30 4:09 ` [RFC PATCH v2 04/10] iommu/vt-d: Enable/disable multiple domains per device Lu Baolu
2018-08-30 4:09 ` [RFC PATCH v2 05/10] iommu/vt-d: Attach/detach domains in auxiliary mode Lu Baolu
2018-08-30 4:09 ` [RFC PATCH v2 06/10] iommu/vt-d: Return ID associated with an auxiliary domain Lu Baolu
2018-08-30 4:09 ` [RFC PATCH v2 07/10] vfio/mdev: Add mediated device domain type Lu Baolu
2018-08-30 4:09 ` [RFC PATCH v2 08/10] vfio/type1: Add domain at(de)taching group helpers Lu Baolu
2018-09-10 16:23 ` Jean-Philippe Brucker
2018-09-12 5:02 ` Lu Baolu
2018-09-12 17:54 ` Jean-Philippe Brucker
2018-09-13 0:35 ` Tian, Kevin
2018-09-14 14:45 ` Jean-Philippe Brucker
2018-09-15 2:36 ` Tian, Kevin
2018-09-18 15:52 ` Jean-Philippe Brucker
[not found] ` <AADFC41AFE54684AB9EE6CBC0274A5D19130EAD7@SHSMSX101.ccr.corp.intel.com>
2018-09-19 2:10 ` Lu Baolu
2018-09-25 17:55 ` Jean-Philippe Brucker
2018-09-26 2:11 ` Lu Baolu
2018-08-30 4:09 ` [RFC PATCH v2 09/10] vfio/type1: Determine domain type of an mdev group Lu Baolu
2018-08-30 4:09 ` [RFC PATCH v2 10/10] vfio/type1: Attach domain for " Lu Baolu
2018-09-05 3:01 ` [RFC PATCH v2 00/10] vfio/mdev: IOMMU aware mediated device Tian, Kevin
2018-09-05 19:15 ` Alex Williamson
2018-09-06 1:29 ` Lu Baolu
2018-09-10 16:22 ` Jean-Philippe Brucker
2018-09-12 2:42 ` Lu Baolu
2018-09-12 17:54 ` Jean-Philippe Brucker
2018-09-13 0:19 ` Tian, Kevin
2018-09-13 15:03 ` Jean-Philippe Brucker
2018-09-13 16:55 ` Raj, Ashok
2018-09-14 14:39 ` Jean-Philippe Brucker [this message]
[not found] ` <AADFC41AFE54684AB9EE6CBC0274A5D191302ECE@SHSMSX101.ccr.corp.intel.com>
2018-09-14 14:40 ` Jean-Philippe Brucker
2018-09-14 21:04 ` Jacob Pan
2018-09-18 15:46 ` Jean-Philippe Brucker
2018-09-19 2:22 ` Tian, Kevin
2018-09-20 15:53 ` Jacob Pan
2018-09-14 2:46 ` Lu Baolu
2018-09-14 2:53 ` Tian, Kevin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1eea3561-f2c3-29a2-8ae4-879d8230b540@arm.com \
--to=jean-philippe.brucker@arm.com \
--cc=alex.williamson@redhat.com \
--cc=ashok.raj@intel.com \
--cc=dwmw2@infradead.org \
--cc=iommu@lists.linux-foundation.org \
--cc=jacob.jun.pan@intel.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=kwankhede@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sanjay.k.kumar@intel.com \
--cc=tiwei.bie@intel.com \
--cc=yi.y.sun@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).