Re: [PATCH V4 05/18] iommu/ioasid: Redefine IOASID set and allocation APIs
From: Alex Williamson
Date: Wed Apr 21 2021 - 15:33:26 EST
On Wed, 21 Apr 2021 14:52:03 -0300
Jason Gunthorpe <jgg@xxxxxxxxxx> wrote:
> On Wed, Apr 21, 2021 at 10:54:51AM -0600, Alex Williamson wrote:
>
> > That's essentially replacing vfio-core, where I think we're more
>
> I am only talking about /dev/vfio here which is basically the IOMMU
> interface part.
>
> I still expect that VFIO_GROUP_SET_CONTAINER will be used to connect
> /dev/{ioasid,vfio} to the VFIO group and all the group and device
> logic stays inside VFIO.
But that group and device logic is also tied to the container, where
the IOMMU backend is the interchangeable thing that provides the IOMMU
manipulation for that container. If you're using
VFIO_GROUP_SET_CONTAINER to associate a group to a /dev/ioasid, then
you're really either taking that group outside of vfio or you're
re-implementing group management in /dev/ioasid. I'd expect the
transition point at VFIO_SET_IOMMU.
> The appeal of unifying /dev/{ioasid,vfio} to a single fops is that it
> cleans up vfio a lot - we don't have to have two different code paths
> where one handles a vfio_container and the other a ioasid_container
> and the all the related different iommu ops and so on.
Currently vfio IOMMU backends don't know about containers either.
Setting the vfio IOMMU for a container creates an object within the
IOMMU backend representing that IOMMU context. IOMMU groups are then
attached to that context, where the IOMMU backend can add to or create a
new IOMMU domain to include that group, or if no compatible IOMMU
context can be created, reject it.
> Everything can be switched to ioasid_container all down the line. If
> it wasn't for PPC this looks fairly simple.
At what point is it no longer vfio? I'd venture to say that replacing
the container rather than invoking a different IOMMU backend is that
point.
> Since getting rid of PPC looks a bit hard, we'd be stuck with
> accepting a /dev/ioasid and then immediately wrappering it in a
> vfio_container an shimming it through a vfio_iommu_ops. It is not
> ideal at all, but in my look around I don't see a major problem if
> type1 implementation is moved to live under /dev/ioasid.
But type1 is \just\ an IOMMU backend, not "/dev/vfio". Given that
nobody flinched at removing NVLink support, maybe just deprecate SPAPR
now and see if anyone objects ;)
> For concreteness if we look at the set container flow with ioasid I'd
> say something like:
>
> vfio_group_fops_unl_ioctl()
> VFIO_GROUP_SET_CONTAINER
> vfio_group_set_container()
> if (f.file->f_op == &vfio_fops) {
> // Use a real vfio_container and vfio_iommu_driver
> driver->ops->attach_group()
> tce_iommu_attach_group()
> }
>
> if (ioasid_container = ioasid_get_from_fd(container_fd)) {
> // create a dummy vfio_container and use the ioasid driver
> container = kzalloc()
> container->iommu_driver = ioasid_shim
> driver->ops->attach_group()
> ioasid_shim_attach_group(ioasid_container, ...)
> ioasid_attach_group()
> // What used to be vfio_iommu_attach_group()
How do you handle multiple groups with the same container? Again, I'd
expect some augmentation of VFIO_SET_IOMMU so that /dev/vfio continues
to exist and manage group to container mapping and /dev/ioasid manages
the IOMMU context of that container.
>
> Broadly all the ops vfio need go through the ioasid_shim which relays
> them to the generic ioasid API.
/dev/vfio essentially already passes through all fops to the IOMMU
backend once the VFIO_SET_IOMMU is established.
> We end up with a ioasid.h that basically has the vfio_iommu_type1 code
> lightly recast into some 'struct iommu_container' and a set of
> ioasid_* function entry points that follow vfio_iommu_driver_ops_type1:
> ioasid_attach_group
> ioasid_detatch_group
> ioasid_<something about user pages>
> ioasid_read/ioasid_write
Again, this looks like a vfio IOMMU backend. What are we accomplishing
by replacing /dev/vfio with /dev/ioasid versus some manipulation of
VFIO_SET_IOMMU accepting a /dev/ioasid fd?
> If we have this, and /dev/ioasid implements the legacy IOCTLs, then
> /dev/vfio == /dev/ioasid and we can compile out vfio_fops and related
> from vfio.c and tell ioasid.c to create /dev/vfio instead using the
> ops it owns.
Why would we want /dev/ioasid to implement legacy ioctls instead of
simply implementing an interface to allow /dev/ioasid to be used as a
vfio IOMMU backend?
> This is a very long winded way of saying ideally we'd do
> approximately:
> git mv drivers/vfio/vfio_iommu_type1.c drivers/ioasid/ioasid.c
>
> As the first step. Essentially we declare that what is type1 is really
> the user interface to the internal kernel IOMMU kAPI, which has been
> steadily evolving since type1 was created 10 years ago.
The pseudo code above really suggests you do want to remove
/dev/vfio/vfio, but this is only one of the IOMMU backends for vfio, so
I can't quite figure out if we're talking past each other.
As I expressed in another thread, type1 has a lot of shortcomings. The
mapping interface leaves userspace trying desperately to use statically
mapped buffers because the map/unmap latency is too high. We have
horrible issues with duplicate locked page accounting across
containers. It suffers pretty hard from feature creep in various
areas. A new IOMMU backend is an opportunity to redesign some of these
things.
> > The interface of making that selection might change to accept an
> > external /dev/ioasid file descriptor, of course. Maybe you can
> > elaborate on how the vfio device and group uAPI live (or not) in
> > this new scheme were /dev/ioasid is the primary interface. Thanks,
>
> They say in vfio. You'd still open a group and you'd still pass in
> either /dev/vfio or /dev/ioasid to define the container
>
> Though, completely as an unrelated aside, I admit to not entirely
> understanding why the group is the central element of the uAPI.
>
> It is weird that the vfio "drivers" all work on the struct vfio_device
> (at least after my series), and it has a file_operations presence via
> vfio_device_fops, but instead of struct vfio_device directly having a
> 'struct device' and cdev to access the FD we get it through a group FD
> and agroup chardev via VFIO_GROUP_GET_DEVICE_FD
>
> If we were to revise this, and I don't see a huge reason to do so, I
> would put a struct device and cdev in struct vfio_device, attach the
> vfio_device directly to the ioasid and then forget about the group, at
> least as uapi, completely.
>
> Or at least I don't see where that gets into trouble, but I'm not too
> familiar with the multi-vfio in a process scenario..
The vfio_group is the unit of userspace ownership as it reflects the
IOMMU group as the unit of isolation. Ideally there's a 1:1 mapping
between device and group, but that is of course not always the case.
The IOMMU group also abstracts isolation and visibility relative to
DMA. For example, in a PCIe topology a multi-function device may not
have isolation between functions, but each requester ID is visible to
the IOMMU. This lacks isolation but not IOMMU granularity, or
visibility. A conventional PCI topology however lacks both isolation
and visibility, all devices downstream use either the PCIe-to-PCI
bridge RID or a RID derived from the secondary bus. We can also have
mixed topologies, for example PCIe-to-PCI<->PCI-to-PCIe, where the
grouping code needs to search upstream for the highest level where we
achieve both isolation and visibility.
To simplify this, we use the group as the unit of IOMMU context, again
favoring singleton group behavior.
An individual vfio_device doesn't know about these isolation
dependencies, thus while a vfio bus/device driver like vfio-pci can
expose a device, it's vfio-core than manages whether the isolated set
of devices which includes that device, ie. the group, meets the
requirements for userspace access. Thanks,
Alex