Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp1781624ybz; Thu, 16 Apr 2020 15:36:54 -0700 (PDT) X-Google-Smtp-Source: APiQypJs6166wAqf1bI+oygjHF2WBgJVMmHUPB0q/yLdJD3O+RI3b2xTMv7Q0lCs7neaFC3JIicT X-Received: by 2002:a17:906:6a92:: with SMTP id p18mr229197ejr.351.1587076614131; Thu, 16 Apr 2020 15:36:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587076614; cv=none; d=google.com; s=arc-20160816; b=NYyED41t7VoC0tx0dgQkiFLmJi3Xdihy8e+eYUvZ/kkWey/4vffxbKugd44dPrKQBp lN33wCCU3UJUEXniycrLrrHg7byn2tRGnEN4Z0nHTUd3+YYptzwH4nByQyfPDqL/5X58 smLADSiNkiBVZ/iDChTE53bCCP7bYF2sRz3qB2Bf2KlIPE2Bp/ApDzEFrXxRtr3nFFLk KZrhi6XHAa8aDCM8XmZhsOwYfYj2tva0JfmoQ+S6McitDl75hogsGvaFrPdZldQ6nss2 QVj+rXQczFvd6GO8Fn6gptFv/bJF2hduTJdM3VWp8Y/q2spP4NYS8G7uvk9ESYY1Pe2J finQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:ironport-sdr:ironport-sdr; bh=dAoqWGkB2akIpShNPM/qSgmQ8J80crK9Ew81/3dLrEY=; b=iGpyMva6MiLw8o8DC8fHKadJkxkLK2CqTmoPxb7yGkbYAh37vYbXpOBkPKBioJwcoy tHjR+xctB47gDgyWrLL02ceq30MZxNkKaQrXGNq5OiA5dRLqh1ZMYNJIVc81D2BQmw4Z Zl+6hWbPMI8gsxsfsJKv/aicuXSgkZSABPAW4FHkz1BPCCEa/a/IjVSNRtHXuJ4AHqfv CGQRq4KIbmwz/Ac/GGsvmzp33RG9zrC0JUcqfUrUGWuhKzjdDEbUdj+ZxF9ad+dIbUyO IFH1OWpjA0uyTpM8iGQ0lugl3+cmwlC6BizJC7sohynQ66l+pu2mhVnBt/lz94itfy7u dnvw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n1si1833201edo.354.2020.04.16.15.36.29; Thu, 16 Apr 2020 15:36:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729162AbgDPWd4 (ORCPT + 99 others); Thu, 16 Apr 2020 18:33:56 -0400 Received: from mga03.intel.com ([134.134.136.65]:13580 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725768AbgDPWdz (ORCPT ); Thu, 16 Apr 2020 18:33:55 -0400 IronPort-SDR: ZwBMhPP3SFvuab4qqT/BzgmkmCi+Qwu3dwl4AMgW3q9N7EMWh0vO9M9L7aX3k2+WV7SVyg9aXc gUYWd1s2Sbhg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Apr 2020 15:33:54 -0700 IronPort-SDR: qL+HVzKL2Ic7CMcplwwLZTVPlnOUBNL6GpPH0JXLbt8+aCk6ATebQH08XRZ02j5/SnlXZ/sFFN OR1shIVLePIA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,392,1580803200"; d="scan'208";a="333002219" Received: from otc-nc-03.jf.intel.com (HELO otc-nc-03) ([10.54.39.25]) by orsmga001.jf.intel.com with ESMTP; 16 Apr 2020 15:33:54 -0700 Date: Thu, 16 Apr 2020 15:33:54 -0700 From: "Raj, Ashok" To: Yan Zhao Cc: "Lu, Baolu" , "Tian, Kevin" , "Liu, Yi L" , "alex.williamson@redhat.com" , "eric.auger@redhat.com" , "jacob.jun.pan@linux.intel.com" , "joro@8bytes.org" , "Tian, Jun J" , "Sun, Yi Y" , "jean-philippe@linaro.org" , "peterx@redhat.com" , "iommu@lists.linux-foundation.org" , "kvm@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "Wu, Hao" , Ashok Raj Subject: Re: [PATCH v1 0/2] vfio/pci: expose device's PASID capability to VMs Message-ID: <20200416223353.GC45480@otc-nc-03> References: <1584880394-11184-1-git-send-email-yi.l.liu@intel.com> <20200416221224.GA16688@joy-OptiPlex-7040> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200416221224.GA16688@joy-OptiPlex-7040> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Zhao On Thu, Apr 16, 2020 at 06:12:26PM -0400, Yan Zhao wrote: > On Tue, Mar 31, 2020 at 03:08:25PM +0800, Lu, Baolu wrote: > > On 2020/3/31 14:35, Tian, Kevin wrote: > > >> From: Liu, Yi L > > >> Sent: Sunday, March 22, 2020 8:33 PM > > >> > > >> From: Liu Yi L > > >> > > >> Shared Virtual Addressing (SVA), a.k.a, Shared Virtual Memory (SVM) on > > >> Intel platforms allows address space sharing between device DMA and > > >> applications. SVA can reduce programming complexity and enhance security. > > >> > > >> To enable SVA, device needs to have PASID capability, which is a key > > >> capability for SVA. This patchset exposes the device's PASID capability > > >> to guest instead of hiding it from guest. > > >> > > >> The second patch emulates PASID capability for VFs (Virtual Function) since > > >> VFs don't implement such capability per PCIe spec. This patch emulates such > > >> capability and expose to VM if the capability is enabled in PF (Physical > > >> Function). > > >> > > >> However, there is an open for PASID emulation. If PF driver disables PASID > > >> capability at runtime, then it may be an issue. e.g. PF should not disable > > >> PASID capability if there is guest using this capability on any VF related > > >> to this PF. To solve it, may need to introduce a generic communication > > >> framework between vfio-pci driver and PF drivers. Please feel free to give > > >> your suggestions on it. > > > I'm not sure how this is addressed on bate metal today, i.e. between normal > > > kernel PF and VF drivers. I look at pasid enable/disable code in intel-iommu.c. > > > There is no check on PF/VF dependency so far. The cap is toggled when > > > attaching/detaching the PF to its domain. Let's see how IOMMU guys > > > respond, and if there is a way for VF driver to block PF driver from disabling > > > the pasid cap when it's being actively used by VF driver, then we may > > > leverage the same trick in VFIO when emulation is provided to guest. > > > > IOMMU subsystem doesn't expose any APIs for pasid enabling/disabling. > > The PCI subsystem does. It handles VF/PF like below. > > > > /** > > * pci_enable_pasid - Enable the PASID capability > > * @pdev: PCI device structure > > * @features: Features to enable > > * > > * Returns 0 on success, negative value on error. This function checks > > * whether the features are actually supported by the device and returns > > * an error if not. > > */ > > int pci_enable_pasid(struct pci_dev *pdev, int features) > > { > > u16 control, supported; > > int pasid = pdev->pasid_cap; > > > > /* > > * VFs must not implement the PASID Capability, but if a PF > > * supports PASID, its VFs share the PF PASID configuration. > > */ > > if (pdev->is_virtfn) { > > if (pci_physfn(pdev)->pasid_enabled) > > return 0; > > return -EINVAL; > > } > > > > /** > > * pci_disable_pasid - Disable the PASID capability > > * @pdev: PCI device structure > > */ > > void pci_disable_pasid(struct pci_dev *pdev) > > { > > u16 control = 0; > > int pasid = pdev->pasid_cap; > > > > /* VFs share the PF PASID configuration */ > > if (pdev->is_virtfn) > > return; > > > > > > It doesn't block disabling PASID on PF even VFs are possibly using it. > > > hi > I'm not sure, but is it possible for pci_enable_pasid() and > pci_disable_pasid() to do the same thing as pdev->driver->sriov_configure, > e.g. pci_sriov_configure_simple() below. > > It checks whether there are VFs are assigned in pci_vfs_assigned(dev). > and we can set the VF in assigned status if vfio_pci_open() is performed > on the VF. But you can still unbind the PF driver that magically causes the VF's to be removed from the guest image too correct? Only the IOMMU mucks with pasid_enable/disable. And it doesn't look like we have a path to disable without tearing down the PF binding. We originally had some refcounts and such and would do the real disable only when the refcount drops to 0, but we found it wasn't actually necessary to protect these resources like that. > > > int pci_sriov_configure_simple(struct pci_dev *dev, int nr_virtfn) > { > int rc; > > might_sleep(); > > if (!dev->is_physfn) > return -ENODEV; > > if (pci_vfs_assigned(dev)) { > pci_warn(dev, "Cannot modify SR-IOV while VFs are assigned\n"); > return -EPERM; > } > > if (nr_virtfn == 0) { > sriov_disable(dev); > return 0; > } > > rc = sriov_enable(dev, nr_virtfn); > if (rc < 0) > return rc; > > return nr_virtfn; > } > > Thanks > Yan