[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200729140215.0f8c4aca@jacob-builder>
Date: Wed, 29 Jul 2020 14:02:15 -0700
From: Jacob Pan <jacob.jun.pan@...ux.intel.com>
To: "Tian, Kevin" <kevin.tian@...el.com>
Cc: Alex Williamson <alex.williamson@...hat.com>,
"iommu@...ts.linux-foundation.org" <iommu@...ts.linux-foundation.org>,
LKML <linux-kernel@...r.kernel.org>,
Joerg Roedel <joro@...tes.org>,
Lu Baolu <baolu.lu@...ux.intel.com>,
David Woodhouse <dwmw2@...radead.org>,
"Liu, Yi L" <yi.l.liu@...el.com>,
"Raj, Ashok" <ashok.raj@...el.com>,
"Christoph Hellwig" <hch@...radead.org>,
Jean-Philippe Brucker <jean-philippe@...aro.com>,
Eric Auger <eric.auger@...hat.com>,
"Jonathan Corbet" <corbet@....net>, jacob.jun.pan@...ux.intel.com
Subject: Re: [PATCH v6 1/6] docs: IOMMU user API
On Wed, 29 Jul 2020 01:18:04 +0000
"Tian, Kevin" <kevin.tian@...el.com> wrote:
> > From: Alex Williamson <alex.williamson@...hat.com>
> > Sent: Wednesday, July 29, 2020 3:20 AM
> >
> [...]
> > > +
> > > +For example, IOTLB invalidations should always succeed. There is
> > > no +architectural way to report back to the vIOMMU if the UAPI
> > > data is +incompatible. If that happens, in order to guarantee
> > > IOMMU iosolation,
> >
> > isolation
> >
> > > +we have to resort to not giving completion status in vIOMMU.
> > > This may +result in VM hang.
> > > +
> > > +For this reason the following IOMMU UAPIs cannot fail without
> > > +catastrophic effect:
> > > +
> > > +1. Free PASID
> > > +2. Unbind guest PASID
> > > +3. Unbind guest PASID table (SMMU)
> > > +4. Cache invalidate
> >
> > I'm not entirely sure what we're trying to assert here. Clearly
> > cache invalidation can fail and patch 5/6 goes on to add over a
> > dozen checks of the user provided data that return an -errno. Any
> > user ioctl can fail if the user botches the parameters. So are we
> > just trying to explain the feature checking that should allow the
> > user to know supported combinations and if they adhere to them,
> > these should not fail? It's not quite worded to that effect.
> > Thanks,
>
> I guess the above wording is messed by what a UAPI should
> behave and whether the vIOMMU reports associated errors.
> UAPI can always fail, as you pointed out. vIOMMU may not
> have a matching error code though, e.g. on Intel VT-d there is no
> error reporting mechanism for cache invalidation. However,
> it is not wise to assert UAPI behavior according to vIOMMU
> definition. An error is an error. vIOMMU should just react to
> UAPI errors according to its architecture definition (e.g. ignore,
> forward to guest, hang, etc.). From this matter I feel above
> section could better be removed.
>
Yes, I agreed, the scope is not drawn clearly. This section is kind of
the relic of a previous version where responsibility of feature
checking lies with IOMMU UAPI instead of VFIO.
How about just briefly mention that upfront feature checking is
encouraged to avoid complex and catastrophic error at runtime?
I will remove the rest.
> Thanks
> Kevin
[Jacob Pan]
Powered by blists - more mailing lists