Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3883438pxf; Mon, 15 Mar 2021 23:26:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyLQM39lUS662o3uyliu1ggvhwp/qBeLO5FtEElz27FGeFtGWb+kkEmPgXvrPXm9Ac50nlK X-Received: by 2002:aa7:dc0b:: with SMTP id b11mr34543155edu.124.1615876013335; Mon, 15 Mar 2021 23:26:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1615876013; cv=none; d=google.com; s=arc-20160816; b=f3q3p6NfvRiP4kP9FSrKx9KsHRaeeDxwwgWK7ipMoXHTbF5b2FqIUDQHqdS0J+2/ym kqBhbA/TibRdmUhTi942xK6/5KgiaLIzGFME652AQoPVBFxj7v7Vnfjzb2TH5GWRpvaY QOqqE9cW9gy55uipb8j900Y7iMzPfoZVvC6ctiBPl0YHobr4/YMGDfK11cdArn3PqtH9 uMRNLWhTN6NSisn9db0yByVxD9ovAfaQMylUE7QbF8/fJXT1FavAvUAF3RbHF9rqK2k+ J4Q2yUY1Lk2VIhrl3oIHHLOD4Kg1XVaz/6A7saxUYkYc57Ru2RCrVRW0IkAIou4/4PjZ zaPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:ironport-sdr:ironport-sdr; bh=tvqk1516RQQeeaH87IfT3xP9cIhfQLxFjTVeoT9teTA=; b=ImdCNlKVP0Y2Q2VJwKgHeokaNehdetyzEeiEQFuwI8Q59YAQF9Eq8TzCSSXhdzQQvj hboSdSOe4UVtM/2aFv9IUHXGH/bxZrRsWVOeOtheLz1w3lzlSQ8GAFAeAKDDoVTHUgiT pt5ayjlNfl3mhDrW1lQ+q5EbfP5+HJt8uPZP5qRZArO8YI83zCUMoXU149laWZFhjLPB spkzHJ5+hXhMaSqw9Ud4ZYmd1+m5QC5sMWUMWsddmqvC9AQBG/PXzumKl8KXdIT1+G/6 gGoK8OZeGp12V+9unFvkju06Gc4M0p040gLOBmEd3zFSFStxhhmhu8MRUfwXDVs6baxs Kr0g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p13si13087054edt.516.2021.03.15.23.26.31; Mon, 15 Mar 2021 23:26:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233013AbhCOXiP (ORCPT + 99 others); Mon, 15 Mar 2021 19:38:15 -0400 Received: from mga06.intel.com ([134.134.136.31]:47444 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233779AbhCOXhv (ORCPT ); Mon, 15 Mar 2021 19:37:51 -0400 IronPort-SDR: xC46zmYawu1Ti+Z7aGKkw/MlCzzWoVdaA2whKmWXYvwtAbCBHBkAF03p8BAxyVxF/wOVsHCNfM nlRkqnXA2bFA== X-IronPort-AV: E=McAfee;i="6000,8403,9924"; a="250534644" X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="250534644" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Mar 2021 16:37:51 -0700 IronPort-SDR: Arp01YLngEKK/mATz7xeSEqowA0Khd72bSSt/H+r5puobLJP6QT2p1qIcoV2q13QyL/MIlM9d6 1Agfyzc8fi9w== X-IronPort-AV: E=Sophos;i="5.81,251,1610438400"; d="scan'208";a="412010634" Received: from jacob-builder.jf.intel.com (HELO jacob-builder) ([10.7.199.155]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Mar 2021 16:37:51 -0700 Date: Mon, 15 Mar 2021 16:40:12 -0700 From: Jacob Pan To: Tejun Heo Cc: Vipin Sharma , mkoutny@suse.com, rdunlap@infradead.org, thomas.lendacky@amd.com, brijesh.singh@amd.com, jon.grimm@amd.com, eric.vantassell@amd.com, pbonzini@redhat.com, hannes@cmpxchg.org, frankja@linux.ibm.com, borntraeger@de.ibm.com, corbet@lwn.net, seanjc@google.com, vkuznets@redhat.com, wanpengli@tencent.com, jmattson@google.com, joro@8bytes.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, gingell@google.com, rientjes@google.com, dionnaglaze@google.com, kvm@vger.kernel.org, x86@kernel.org, cgroups@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, "Tian, Kevin" , "Liu, Yi L" , "Raj, Ashok" , Alex Williamson , Jason Gunthorpe , Jacob Pan , "jean-philippe@linaro.org" , jacob.jun.pan@intel.com Subject: Re: [RFC v2 2/2] cgroup: sev: Miscellaneous cgroup documentation. Message-ID: <20210315164012.4adeabe8@jacob-builder> In-Reply-To: References: <20210303185513.27e18fce@jacob-builder> <20210312125821.22d9bfca@jacob-builder> <20210312145904.4071a9d6@jacob-builder> <20210313085701.1fd16a39@jacob-builder> <20210315151155.383a7e6e@jacob-builder> Organization: OTC X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Tejun, On Mon, 15 Mar 2021 18:19:35 -0400, Tejun Heo wrote: > Hello, > > On Mon, Mar 15, 2021 at 03:11:55PM -0700, Jacob Pan wrote: > > > Migration itself doesn't have restrictions but all resources are > > > distributed on the same hierarchy, so the controllers are supposed to > > > follow the same conventions that can be implemented by all > > > controllers. > > Got it, I guess that is the behavior required by the unified hierarchy. > > Cgroup v1 would be ok? But I am guessing we are not extending on v1? > > A new cgroup1 only controller is unlikely to be accpeted. > > > The IOASIDs are programmed into devices to generate DMA requests tagged > > with them. The IOMMU has a per device IOASID table with each entry has > > two pointers: > > - the PGD of the guest process. > > - the PGD of the host process > > > > The result of this 2 stage/nested translation is that we can share > > virtual address (SVA) between guest process and DMA. The host process > > needs to allocate multiple IOASIDs since one IOASID is needed for each > > guest process who wants SVA. > > > > The DMA binding among device-IOMMU-process is setup via a series of user > > APIs (e.g. via VFIO). > > > > If a process calls fork(), the children does not inherit the IOASIDs and > > their bindings. Children who wish to use SVA has to call those APIs to > > establish the binding for themselves. > > > > Therefore, if a host process allocates 10 IOASIDs then does a > > fork()/clone(), it cannot charge 10 IOASIDs in the new cgroup. i.e. the > > 10 IOASIDs stays with the process wherever it goes. > > > > I feel this fit in the domain model, true? > > I still don't get where migration is coming into the picture. Who's > migrating where? > Sorry, perhaps I can explain by an example. There are two cgroups: cg_A and cg_B with limit set to 20 for both. Process1 is in cg_A. The initial state is: cg_A/ioasid.current=0, cg_A/ioasid.max=20 cg_B/ioasid.current=0, cg_B/ioasid.max=20 Now, consider the following steps: 1. Process1 allocated 10 IOASIDs, cg_A/ioasid.current=10, cg_B/ioasid.current=0 2. then we want to move/migrate Process1 to cg_B. so we need uncharge 10 of cg_A, charge 10 of cg_B 3. After the migration, I expect cg_A/ioasid.current=0, cg_B/ioasid.current=10 We don't enforce the limit during this organizational change since we can't force free IOASIDs. But any new allocations will be subject to the limit set in ioasid.max. > Thanks. > Thanks, Jacob