Re: [PATCH RFC 00/15] Add VFIO mediated device support and IMS support for the idxd driver.

From: Raj, Ashok
Date: Wed Apr 22 2020 - 17:14:40 EST

Next message: tip-bot2 for Ian Rogers: "[tip: perf/urgent] perf/core: fix parent pid/tid in task exit events"
Previous message: Dmitry Torokhov: "Re: [PATCH] Input: xpad - Add custom init packet for Xbox One S controllers"
In reply to: Jason Gunthorpe: "Re: [PATCH RFC 00/15] Add VFIO mediated device support and IMS support for the idxd driver."
Next in thread: Jason Gunthorpe: "Re: [PATCH RFC 00/15] Add VFIO mediated device support and IMS support for the idxd driver."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Jason

> > >
> > > I'm feeling really skeptical that adding all this PCI config space and
> > > MMIO BAR emulation to the kernel just to cram this into a VFIO
> > > interface is a good idea, that kind of stuff is much safer in
> > > userspace.
> > >
> > > Particularly since vfio is not really needed once a driver is using
> > > the PASID stuff. We already have general code for drivers to use to
> > > attach a PASID to a mm_struct - and using vfio while disabling all the
> > > DMA/iommu config really seems like an abuse.
> >
> > Well, this series is for virtualizing idxd device to VMs, instead of
> > supporting SVA for bare metal processes. idxd implements a
> > hardware-assisted mediated device technique called Intel Scalable
> > I/O Virtualization,
>
> I'm familiar with the intel naming scheme.
>
> > which allows each Assignable Device Interface (ADI, e.g. a work
> > queue) tagged with an unique PASID to ensure fine-grained DMA
> > isolation when those ADIs are assigned to different VMs. For this
> > purpose idxd utilizes the VFIO mdev framework and IOMMU aux-domain
> > extension. Bare metal SVA will be enabled for idxd later by using
> > the general SVA code that you mentioned. Both paths will co-exist
> > in the end so there is no such case of disabling DMA/iommu config.
>
> Again, if you will have a normal SVA interface, there is no need for a
> VFIO version, just use normal SVA for both.
>
> PCI emulation should try to be in userspace, not the kernel, for
> security.

Not sure we completely understand your proposal. Mediated devices
are software constructed and they have protected resources like
interrupts and stuff and VFIO already provids abstractions to export
to user space.

Native SVA is simply passing the process CR3 handle to IOMMU so
IOMMU knows how to walk process page tables, kernel handles things
like page-faults, doing device tlb invalidations and such.

That by itself doesn't translate to what a guest typically does
with a VDEV. There are other control paths that need to be serviced
from the kernel code via VFIO. For speed path operations like
ringing doorbells and such they are directly managed from guest.

How do you propose to use the existing SVA api's to also provide
full device emulation as opposed to using an existing infrastructure
that's already in place?

Perhaps Alex can ease Jason's concerns?

Cheers,
Ashok

Next message: tip-bot2 for Ian Rogers: "[tip: perf/urgent] perf/core: fix parent pid/tid in task exit events"
Previous message: Dmitry Torokhov: "Re: [PATCH] Input: xpad - Add custom init packet for Xbox One S controllers"
In reply to: Jason Gunthorpe: "Re: [PATCH RFC 00/15] Add VFIO mediated device support and IMS support for the idxd driver."
Next in thread: Jason Gunthorpe: "Re: [PATCH RFC 00/15] Add VFIO mediated device support and IMS support for the idxd driver."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]