[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9618afae-2a91-6e4e-e8c3-cb83e2f5c3d9@linux.ibm.com>
Date: Tue, 15 Mar 2022 09:36:08 -0400
From: Matthew Rosato <mjrosato@...ux.ibm.com>
To: Jason Gunthorpe <jgg@...dia.com>,
Alex Williamson <alex.williamson@...hat.com>
Cc: linux-s390@...r.kernel.org, cohuck@...hat.com,
schnelle@...ux.ibm.com, farman@...ux.ibm.com, pmorel@...ux.ibm.com,
borntraeger@...ux.ibm.com, hca@...ux.ibm.com, gor@...ux.ibm.com,
gerald.schaefer@...ux.ibm.com, agordeev@...ux.ibm.com,
svens@...ux.ibm.com, frankja@...ux.ibm.com, david@...hat.com,
imbrenda@...ux.ibm.com, vneethv@...ux.ibm.com,
oberpar@...ux.ibm.com, freude@...ux.ibm.com, thuth@...hat.com,
pasic@...ux.ibm.com, joro@...tes.org, will@...nel.org,
pbonzini@...hat.com, corbet@....net, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, iommu@...ts.linux-foundation.org,
linux-doc@...r.kernel.org
Subject: Re: [PATCH v4 15/32] vfio: introduce KVM-owned IOMMU type
On 3/14/22 7:18 PM, Jason Gunthorpe wrote:
> On Mon, Mar 14, 2022 at 04:50:33PM -0600, Alex Williamson wrote:
>
>>> +/*
>>> + * The KVM_IOMMU type implies that the hypervisor will control the mappings
>>> + * rather than userspace
>>> + */
>>> +#define VFIO_KVM_IOMMU 11
>>
>> Then why is this hosted in the type1 code that exposes a wide variety
>> of userspace interfaces? Thanks,
>
> It is really badly named, this is the root level of a 2 stage nested
> IO page table, and this approach needed a special flag to distinguish
> the setup from the normal iommu_domain.
^^ Yes, this.
>
> If we do try to stick this into VFIO it should probably use the
> VFIO_TYPE1_NESTING_IOMMU instead - however, we would like to delete
> that flag entirely as it was never fully implemented, was never used,
> and isn't part of what we are proposing for IOMMU nesting on ARM
> anyhow. (So far I've found nobody to explain what the plan here was..)
>
I'm open to suggestions on how better to tie this into vfio. The
scenario basically plays out that:
1) the iommu will be domain_alloc'd once VFIO_SET_IOMMU is issued -- so
at that time (or earlier) we have to make the decision on whether to use
the standard IOMMU or this alternate KVM/nested IOMMU.
2) At the time VFIO_SET_IOMMU is received, we have not yet associated
the vfio group with a KVM, so we can't (today) use this as an indicator
to guess which IOMMU strategy to use.
3) Ideally, even if we changed QEMU vfio to make the KVM association
earlier, it would be nice to still be able to indicate that we want to
use the standard iommu/type1 despite a KVM association existing (e.g.
backwards compatibility with older QEMU that lacks 'interpretation'
support, nested virtualization scenarios).
> This is why I said the second level should be an explicit iommu_domain
> all on its own that is explicitly coupled to the KVM to read the page
> tables, if necessary.
Maybe I misunderstood this. Are you proposing 2 layers of IOMMU that
interact with each other within host kernel space?
A second level runs the guest tables, pins the appropriate pieces from
the guest to get the resulting phys_addr(s) which are then passed via
iommu to a first level via map (or unmap)?
>
> But I'm not sure that reading the userspace io page tables with KVM is
> even the best thing to do - the iommu driver already has the pinned
> memory, it would be faster and more modular to traverse the io page
> tables through the pfns in the root iommu_domain than by having KVM do
> the translations. Lets see what Matthew says..
OK, you lost me a bit here. And this may be associated with the above.
So, what the current implementation is doing is reading the guest DMA
tables (which we must pin the first time we access them) and then map
the PTEs of the associated guest DMA entries into the associated host
DMA table (so, again pin and place the address, or unpin and
invalidate). Basically we are shadowing the first level DMA table as a
copy of the second level DMA table with the host address(es) of the
pinned guest page(s).
I'm unclear where you are proposing the pinning be done if not by the
iommu domain traversing the tables to perform the 'shadow' operation.
Powered by blists - more mailing lists