> From: Tian, Kevin > Sent: Friday, April 2, 2021 3:58 PM > > > From: Jason Gunthorpe <jgg@xxxxxxxxxx> > > Sent: Thursday, April 1, 2021 9:47 PM > > > > On Thu, Apr 01, 2021 at 01:43:36PM +0000, Liu, Yi L wrote: > > > > From: Jason Gunthorpe <jgg@xxxxxxxxxx> > > > > Sent: Thursday, April 1, 2021 9:16 PM > > > > > > > > On Thu, Apr 01, 2021 at 01:10:48PM +0000, Liu, Yi L wrote: > > > > > > From: Jason Gunthorpe <jgg@xxxxxxxxxx> > > > > > > Sent: Thursday, April 1, 2021 7:47 PM > > > > > [...] > > > > > > I'm worried Intel views the only use of PASID in a guest is with > > > > > > ENQCMD, but that is not consistent with the industry. We need to > see > > > > > > normal nested PASID support with assigned PCI VFs. > > > > > > > > > > I'm not quire flow here. Intel also allows PASID usage in guest without > > > > > ENQCMD. e.g. Passthru a PF to guest, and use PASID on it without > > > > ENQCMD. > > > > > > > > Then you need all the parts, the hypervisor calls from the vIOMMU, and > > > > you can't really use a vPASID. > > > > > > This is a diagram shows the vSVA setup. > > > > I'm not talking only about vSVA. Generic PASID support with arbitary > > mappings. > > > > And how do you deal with the vPASID vs pPASID issue if the system has > > a mix of physical devices and mdevs? > > > > We plan to support two schemes. One is vPASID identity-mapped to > pPASID then the mixed scenario just works, with the limitation of > lacking of live migration support. The other is non-identity-mapped > scheme, where live migration is supported but physical devices and > mdevs should not be mixed in one VM if both expose SVA capability > (requires some filtering check in Qemu). Although we have some > idea relaxing this restriction in the non-identity scheme, it requires > more thinking given how the vSVA uAPI is being refactored. > > In both cases the virtual VT-d will report a virtual capability to the guest, > indicating that the guest must request PASID through a vcmd register > instead of creating its own namespace. The vIOMMU returns a vPASID > to the guest upon request. The vPASID could be directly mapped to a > pPASID or allocated from a new namespace based on user configuration. > > We hope the /dev/ioasid can support both schemes, with the minimal > requirement of allowing userspace to tag a vPASID to a pPASID and > allowing mdev to translate vPASID into pPASID, i.e. not assuming that > the guest will always use pPASID. > Per your comments in other threads I suppose this requirement should be implemented in VFIO_ALLOW_PASID command instead of going through /dev/ioasid which only needs to know pPASID and its pgtable management. Thanks Kevin
