lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250922083221.5c6a68c0.alex.williamson@redhat.com>
Date: Mon, 22 Sep 2025 08:32:21 -0600
From: Alex Williamson <alex.williamson@...hat.com>
To: Ajay Garg <ajaygargnsit@...il.com>
Cc: iommu@...ts.linux-foundation.org, linux-pci@...r.kernel.org, Linux
 Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: How are iommu-mappings set up in guest-OS for
 dma_alloc_coherent

On Sat, 20 Sep 2025 20:27:54 +0530
Ajay Garg <ajaygargnsit@...il.com> wrote:

> Thanks Alex for the clarification; really grateful.
> 
> When I had last tried attaching PCI-device to a VM (spawned via VFIO), the
> PCI-device vanished from host-device :)
> 
> So, as of today, if the PCIe device is PASID-capable, can it be :
> 
> a)
> Shared/visible both across a host-os and guest-os?
> 
> b)
> Shared/visible across more than one guest-os?

VFIO doesn't make PCI devices disappear from the host.  Maybe you're
referring to unbinding the host function driver, which might make your
NIC/HBA/GPU device disappear from the host as the PCI device is bound
to vfio-pci instead.

There are ways to multiplex devices between host and guest, SR-IOV is
currently the most common way to do this.  Here you'd have a physical
function (PF) with a host function driver, which can create multiple
virtual functions (VFs), each of which have a unique requester ID and
therefore a unique set of page tables allowing them to operate in
independent IOVA spaces for VMs.  You can imagine here that your PF
remains bound to the host function driver and continues to provide host
services, while the VFs can be assigned to VMs.

PASID is another way to do this and is often described in an SIOV
(Scalable IOV) framework, where we rely more on software to expose an
assignable entity which makes use of the combination of the physical
requester ID along with PASID to create a unique IOVA space through two
levels of IOMMU page tables.

In either case, having an SR-IOV or PASID capability on the device
doesn't automatically enable device multiplexing, there's software
required to enable these features, more so in the direction of SIOV
support as the scalability trade-off is to push more of the basic
device emulation into software.  Thanks,

Alex

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ