Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp1252814pxv; Fri, 16 Jul 2021 05:21:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxVslklwFSfVz0Hx0TbDzV5LNPKF0aGRcPRwlG9pOe2m5njb0kNg82LoQUavIawc13/hWcf X-Received: by 2002:a92:2010:: with SMTP id j16mr6277449ile.98.1626438076972; Fri, 16 Jul 2021 05:21:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626438076; cv=none; d=google.com; s=arc-20160816; b=mcazQYVb4Wfwhj2x62DexYjRyWQARrKjLqTnDjb7hgvbFujE8eFf+wdtwS9L9Sy6jR N/PlxKzGnEpORkQ53MXG3AabZYtm7LuQX/o3+7LfwxNeOxWHVS2/Af5Y8u+LvXSgigXe wNklmvjuvVCkOsXlNNrDLYKE9RECNGd6lPHpChtrudFIOek0gKhjqPexnPsNdqHw/Xxe T4hzyhh+hclR+ugZUWoDaMgN56Sahms8wTCaRQ+aLPkOan9MDAc2doV34bts8lrvSe6/ EclHeYYtWuGASoCilxjEgqJYODX0cDYaTtHxxtbBbc8Vi0qZDnQvB2nGrPylEiEhckBY mgCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=Cwyt6VM5+inv0r0CAiZnpDEOCsZd21INJj/nigtzAkQ=; b=IfMKrpt4tQuTTod6bFY9M39bnfgjdnRu+EEOhgwY2pw35yvy2Y3aDdOpBupuFh+SEz 6SW4kQBzl3OJozlxr/eumr4tf1q6PoPVyL9V3rwD8PY5xtg+xQ+wEOCqhYZKbg49l445 jUfpLvlSys/4XYZCTmhPB42v67fuU7jSxY3L1dDM1Edkqg9cR28aXQxlmt3K0ffXcuTI UZ1gQM0pEBJzIpUDeeA2ePvWbsfcqohXbN7ALhE35y3loSwQJ9QIuP9cHJ5840fONyJq mbJjnMkihkw7lUiBCsJ6NbR3bhZE2+zlDa/xaeHlC9lTUDbbqjD6xrB7mi+98MsVTGAb 8Sdg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d80si12625986iof.46.2021.07.16.05.21.03; Fri, 16 Jul 2021 05:21:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234048AbhGPMXV (ORCPT + 99 others); Fri, 16 Jul 2021 08:23:21 -0400 Received: from szxga02-in.huawei.com ([45.249.212.188]:11436 "EHLO szxga02-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232024AbhGPMXS (ORCPT ); Fri, 16 Jul 2021 08:23:18 -0400 Received: from dggemv704-chm.china.huawei.com (unknown [172.30.72.55]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4GR9GR0bgyzcdbs; Fri, 16 Jul 2021 20:17:03 +0800 (CST) Received: from dggpemm500022.china.huawei.com (7.185.36.162) by dggemv704-chm.china.huawei.com (10.3.19.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Fri, 16 Jul 2021 20:20:22 +0800 Received: from [10.174.185.67] (10.174.185.67) by dggpemm500022.china.huawei.com (7.185.36.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Fri, 16 Jul 2021 20:20:21 +0800 Subject: Re: [RFC v2] /dev/iommu uAPI proposal To: "Tian, Kevin" CC: Jason Gunthorpe , "Raj, Ashok" , "Alex Williamson (alex.williamson@redhat.com)" , Jean-Philippe Brucker , David Gibson , Jason Wang , "parav@mellanox.com" , "Enrico Weigelt, metux IT consult" , Paolo Bonzini , Joerg Roedel , Eric Auger , Jonathan Corbet , "Liu, Yi L" , "Wu, Hao" , "Jiang, Dave" , Jacob Pan , Kirti Wankhede , "Robin Murphy" , "kvm@vger.kernel.org" , "iommu@lists.linux-foundation.org" , "David Woodhouse" , LKML , "Lu Baolu" , "wanghaibin.wang@huawei.com" References: <20210715124813.GC543781@nvidia.com> <20210715135757.GC590891@otc-nc-03> <20210715152325.GF543781@nvidia.com> <20210715162141.GA593686@otc-nc-03> <20210715171826.GG543781@nvidia.com> <20210715174836.GB593686@otc-nc-03> <20210715175336.GH543781@nvidia.com> <20210715180545.GD593686@otc-nc-03> <20210715181327.GI543781@nvidia.com> From: Shenming Lu Message-ID: <013e240d-f627-3565-aba1-71b2d6f514b4@huawei.com> Date: Fri, 16 Jul 2021 20:20:20 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.2.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.174.185.67] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To dggpemm500022.china.huawei.com (7.185.36.162) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2021/7/16 9:20, Tian, Kevin wrote: > To summarize, for vIOMMU we can work with the spec owner to > define a proper interface to feedback such restriction into the guest > if necessary. For the kernel part, it's clear that IOMMU fd should > disallow two devices attached to a single [RID] or [RID, PASID] slot > in the first place. > > Then the next question is how to communicate such restriction > to the userspace. It sounds like a group, but different in concept. > An iommu group describes the minimal isolation boundary thus all > devices in the group can be only assigned to a single user. But this > case is opposite - the two mdevs (both support ENQCMD submission) > with the same parent have problem when assigned to a single VM > (in this case vPASID is vm-wide translated thus a same pPASID will be > used cross both mdevs) while they instead work pretty well when > assigned to different VMs (completely different vPASID spaces thus > different pPASIDs). > > One thought is to have vfio device driver deal with it. In this proposal > it is the vfio device driver to define the PASID virtualization policy and > report it to userspace via VFIO_DEVICE_GET_INFO. The driver understands > the restriction thus could just hide the vPASID capability when the user > calls GET_INFO on the 2nd mdev in above scenario. In this way the > user even doesn't need to know such restriction at all and both mdevs > can be assigned to a single VM w/o any problem. > The restriction only probably happens when two mdevs are assigned to one VM, how could the vfio device driver get to know this info to accurately hide the vPASID capability for the 2nd mdev when VFIO_DEVICE_GET_INFO? There is no need to do this in other cases. Thanks, Shenming