[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YNQKKSb3onBCz+f6@yekko>
Date: Thu, 24 Jun 2021 14:29:29 +1000
From: David Gibson <david@...son.dropbear.id.au>
To: Jason Gunthorpe <jgg@...dia.com>
Cc: Joerg Roedel <joro@...tes.org>,
"Tian, Kevin" <kevin.tian@...el.com>,
Alex Williamson <alex.williamson@...hat.com>,
Jean-Philippe Brucker <jean-philippe@...aro.org>,
Jason Wang <jasowang@...hat.com>,
"parav@...lanox.com" <parav@...lanox.com>,
"Enrico Weigelt, metux IT consult" <lkml@...ux.net>,
Paolo Bonzini <pbonzini@...hat.com>,
Shenming Lu <lushenming@...wei.com>,
Eric Auger <eric.auger@...hat.com>,
Jonathan Corbet <corbet@....net>,
"Raj, Ashok" <ashok.raj@...el.com>,
"Liu, Yi L" <yi.l.liu@...el.com>, "Wu, Hao" <hao.wu@...el.com>,
"Jiang, Dave" <dave.jiang@...el.com>,
Jacob Pan <jacob.jun.pan@...ux.intel.com>,
Kirti Wankhede <kwankhede@...dia.com>,
Robin Murphy <robin.murphy@....com>,
"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
"iommu@...ts.linux-foundation.org" <iommu@...ts.linux-foundation.org>,
David Woodhouse <dwmw2@...radead.org>,
LKML <linux-kernel@...r.kernel.org>,
Lu Baolu <baolu.lu@...ux.intel.com>
Subject: Re: Plan for /dev/ioasid RFC v2
On Fri, Jun 18, 2021 at 12:15:06PM -0300, Jason Gunthorpe wrote:
> On Fri, Jun 18, 2021 at 03:47:51PM +0200, Joerg Roedel wrote:
> > Hi Kevin,
> >
> > On Thu, Jun 17, 2021 at 07:31:03AM +0000, Tian, Kevin wrote:
> > > Now let's talk about the new IOMMU behavior:
> > >
> > > - A device is blocked from doing DMA to any resource outside of
> > > its group when it's probed by the IOMMU driver. This could be a
> > > special state w/o attaching to any domain, or a new special domain
> > > type which differentiates it from existing domain types (identity,
> > > dma, or unmanged). Actually existing code already includes a
> > > IOMMU_DOMAIN_BLOCKED type but nobody uses it.
> >
> > There is a reason for the default domain to exist: Devices which require
> > RMRR mappings to be present. You can't just block all DMA from devices
> > until a driver takes over, we put much effort into making sure there is
> > not even a small window in time where RMRR regions (unity mapped regions
> > on AMD) are not mapped.
>
> Yes, I think the DMA blocking can only start around/after a VFIO type
> driver has probed() and bound to a device in the group, not much
> different from today.
But as I keep saying, some forms of grouping (and DMA aliasing as Alex
mentioned) mean that changing the domain of one device can change the
domain of another device, unavoidably. It may be rare with modern
hardware, but we still can't ignore the case.
Which means you can't DMA block until everything in the group is
managed by a vfio-like driver.
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists