Received: by 2002:ab2:6309:0:b0:1fb:d597:ff75 with SMTP id s9csp1256880lqt; Fri, 7 Jun 2024 12:31:11 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUamaN68cI4nMKiWDkqgNDs9yLZ1IWDHL1rP7tKQnaYi4caZy/nfjVSDT+ge+KeiPkjLLWQt8LAZcaox9BZHfTzy4uKU0p0ZC2BdOGMKw== X-Google-Smtp-Source: AGHT+IEZahd5Wn3ra76JZEWjekFWGe84Xhr7bsSf66AX1JABmHStb5qH70D+OVRCc4LROhhKzaF1 X-Received: by 2002:a05:6402:3588:b0:57c:5c50:2ef9 with SMTP id 4fb4d7f45d1cf-57c5c5033bamr2244713a12.3.1717788670780; Fri, 07 Jun 2024 12:31:10 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717788670; cv=pass; d=google.com; s=arc-20160816; b=X51DQRVXUVL5hb5oMjUzo7G7vKvvTU/PfNoWhyF3LKE9vedmdXngekjhLC0dC0AkyY OdD5r5tFm7YH+b4SNhyIVtMV9cKK1IFZByLOndj/nmZc0Izou71EIla92+QeNzrkFDB7 TO6wbFDRMY+mSxLxgne41xQ856EntF0K/2agUNh/PofzckLtfP5IieR0Y9YBzHKlwaoX muJPkhEkFgnFjcVYkcT6GGfVhp4MJQZPlQNRO6qOa+ZRDpJ3fCrQFyiXVBZQkT2zZI9O H/C/PQtlCcDlYB5hO6idbH4//FT18o0Y1y06BP0SzRRxF+STSPw1tdfehDFrxXKrrhmN IyEg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:subject:cc:to:from :date:dkim-signature; bh=5QmgpNpxh9nDLR2G9HROV7VnGZuaQYs2EZcha3VPJiY=; fh=/FTxqb3cgW5gAQTXGnEevzc711KwgprDEJ+rE8xx8AQ=; b=sNdQ3jRIK775vnnNNCytcnBGzoezDDCXzQdcNWZmauAGaw2SqxFWE6gO2+ISy7DF2R /ru8Qgq/9EkMNnqf6jvEmOsDRhvKAxidsyHS47Vo841ZnYs4Yj4VwHSXtW210XCSOKem 6D66ShwkJKE7vEBU6Bsnu45Zh//Jug5Lb47h8sbDduXJHCEI+O8CtpxiKWs8JG8GKSZK hcbxGwIyvuVxxTvFVxhjnREN9zig7sqZVPIZuPJ8oIsEmdZIQ68gK+tTtZF/YvHBWBoI M66oOX/ortzMu5XqcmEfE/ux8WmpjTaIDcwuLZ+CWlUido9t6l/dS3lOt/OyaovUVuN5 VoLg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="nt8k8nv/"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-206664-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-206664-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-57aae1fdb74si1992197a12.207.2024.06.07.12.31.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Jun 2024 12:31:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-206664-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="nt8k8nv/"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-206664-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-206664-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 7E8D31F21B10 for ; Fri, 7 Jun 2024 19:31:10 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2B13E14D2B5; Fri, 7 Jun 2024 19:31:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="nt8k8nv/" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3ED32DDC9; Fri, 7 Jun 2024 19:30:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717788659; cv=none; b=jI+3SQg7yHfWQDJwcAA52/JDN1kZaeNsV4NffZDZ8mQ3QhUypaK2NCvfk/6w5bOey7AofzR+SwZ9NgT5FtozYPIpggwXwRsSXA1Y34ccW6iHoBgdlH3AswmmwOrJg38rJc/hkaHpR8IPxra8KG5R8DyV7J54D+o9zBSVX3JWKKE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717788659; c=relaxed/simple; bh=D3j+/yjnNIGv7J2RoQZW6oh/+NmHkvPnpEUbKX+xt1I=; h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition:In-Reply-To; b=Q7MLo0EDRgC+PhM95geJzIb0LKDUYg/WeuJxoLfviHFywdsFEmUuwmm4uY4M96VZXB9LVXdVtU2/SR92GQctVd1pBRI6WAoKhxgRkwwzKeEZriPfuKrcxyrsF9ZQpBd3pleCzdRcKiODtxFBm/If/RF36gD5BXofYYa+vM74uWY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=nt8k8nv/; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7B38BC2BBFC; Fri, 7 Jun 2024 19:30:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1717788658; bh=D3j+/yjnNIGv7J2RoQZW6oh/+NmHkvPnpEUbKX+xt1I=; h=Date:From:To:Cc:Subject:In-Reply-To:From; b=nt8k8nv/j9c0E53eFscg2s+72y2p8Z1M1saOXCrq5RBsOHkjTDdtObZlW5ALXU/Gt 4ShFkTj4ji1MM06yyw3B2Sn2lUlfsVi5VxNXKJLPv1pKO9t/IwPUZh1Q4OPq4gWlw2 TJQb9KxS1YrQwhBzH0GfcjYiNWH5N1rDv9mxqEa9YrLZyphVdtFEP7M95b3b6BEIbM cVy4tFEVCOfyKRFRR6/8WxTVkK8zc4aYgL/9eJutTEuv0U2wXj3R7N9MA/F7M1kvGV gL6xkER04J7inUbibhVa87LWNucBGnRkGIB4a4mgx7PhdiDJlZ+SPrVKgKxSWDtlJf xjve7Ue/M7LCQ== Date: Fri, 7 Jun 2024 14:30:55 -0500 From: Bjorn Helgaas To: Vidya Sagar Cc: Jason Gunthorpe , "corbet@lwn.net" , "bhelgaas@google.com" , Gal Shalom , Leon Romanovsky , Thierry Reding , Jon Hunter , Masoud Moshref Javadi , Shahaf Shuler , Vikram Sethi , Shanker Donthineni , Jiandi An , Tushar Dave , "linux-doc@vger.kernel.org" , "linux-pci@vger.kernel.org" , "linux-kernel@vger.kernel.org" , Krishna Thota , Manikanta Maddireddy , "sagar.tv@gmail.com" , Joerg Roedel , Will Deacon , Robin Murphy , "iommu@lists.linux.dev" Subject: Re: [PATCH V3] PCI: Extend ACS configurability Message-ID: <20240607193055.GA855605@bhelgaas> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Mon, Jun 03, 2024 at 07:50:59AM +0000, Vidya Sagar wrote: > Hi Bjorn, > Could you let me know if Jason's reply answers your question? > Please let me know if you are looking for any more information. I think we should add some of that content to the commit log. It needs: - Subject line that advertises some good thing. - A description of why users want this. I have no idea what the actual benefit is, but I'm looking for something at the level of "The default ACS settings put A and B in different IOMMU groups, preventing P2PDMA between them. If we disable ACS X, A and B will be put in the same group and P2PDMA will work". - A primer on how users can affect IOMMU groups by enabling/ disabling ACS settings so they can use this without just blind trial and error. A note that this is immutable except at boot time. - A pointer to the code that determines IOMMU groups based on the ACS settings. Similar to the above, but more useful for developers. If we assert "for iommu_groups to form correctly ...", a hint about why/where this is so would be helpful. "Correctly" is not quite the right word here; it's just a fact that the ACS settings determined at boot time result in certain IOMMU groups. If the user desires different groups, it's not that something is "incorrect"; it's just that the user may have to accept less isolation to get the desired IOMMU groups. > > -----Original Message----- > > From: Jason Gunthorpe > > ... > > > > On Thu, May 23, 2024 at 09:59:36AM -0500, Bjorn Helgaas wrote: > > > [+cc iommu folks] > > > > > > On Thu, May 23, 2024 at 12:05:28PM +0530, Vidya Sagar wrote: > > > > For iommu_groups to form correctly, the ACS settings in the PCIe > > > > fabric need to be setup early in the boot process, either via the > > > > BIOS or via the kernel disable_acs_redir parameter. > > > > > > Can you point to the iommu code that is involved here? It sounds like > > > the iommu_groups are built at boot time and are immutable after that? > > > > They are created when the struct device is plugged in. pci_device_group() does the > > logic. > > > > Notably groups can't/don't change if details like ACS change after the groups are > > setup. > > > > There are alot of instructions out there telling people to boot their servers and then > > manually change the ACS flags with set_pci or something, and these are not good > > instructions since it defeats the VFIO group based security mechanisms. > > > > > If we need per-device ACS config that depends on the workload, it > > > seems kind of problematic to only be able to specify this at boot > > > time. I guess we would need to reboot if we want to run a workload > > > that needs a different config? > > > > Basically. The main difference I'd see is if the server is a VM host or running bare > > metal apps. You can get more efficicenty if you change things for the bare metal case, > > and often bare metal will want to turn the iommu off while a VM host often wants > > more of it turned on. > > > > > Is this the iommu usage model we want in the long term? > > > > There is some path to more dynamic behavior here, but it would require separating > > groups into two components - devices that are together because they are physically > > sharing translation (aliases and things) from devices that are together because they > > share a security boundary (ACS). > > > > It is more believable we could dynamically change security group assigments for VFIO > > than translation group assignment. I don't know anyone interested in this right now - > > Alex and I have only talked about it as a possibility a while back. > > > > FWIW I don't view patch as excluding more dynamisism in the future, but it is the best > > way to work with the current state of affairs, and definitely better than set_pci > > instructions. > > > > Thanks, > > Jason