On Thu, Jul 15, 2021 at 02:18:26PM -0300, Jason Gunthorpe wrote: > On Thu, Jul 15, 2021 at 09:21:41AM -0700, Raj, Ashok wrote: > > On Thu, Jul 15, 2021 at 12:23:25PM -0300, Jason Gunthorpe wrote: > > > On Thu, Jul 15, 2021 at 06:57:57AM -0700, Raj, Ashok wrote: > > > > On Thu, Jul 15, 2021 at 09:48:13AM -0300, Jason Gunthorpe wrote: > > > > > On Thu, Jul 15, 2021 at 06:49:54AM +0000, Tian, Kevin wrote: > > > > > > > > > > > No. You are right on this case. I don't think there is a way to > > > > > > differentiate one mdev from the other if they come from the > > > > > > same parent and attached by the same guest process. In this > > > > > > case the fault could be reported on either mdev (e.g. the first > > > > > > matching one) to get it fixed in the guest. > > > > > > > > > > If the IOMMU can't distinguish the two mdevs they are not isolated > > > > > and would have to share a group. Since group sharing is not supported > > > > > today this seems like a non-issue > > > > > > > > Does this mean we have to prevent 2 mdev's from same pdev being assigned to > > > > the same guest? > > > > > > No, it means that the IOMMU layer has to be able to distinguish them. > > > > Ok, the guest has no control over it, as it see 2 separate pci devices and > > thinks they are all different. > > > > Only time when it can fail is during the bind operation. From guest > > perspective a bind in vIOMMU just turns into a write to local table and a > > invalidate will cause the host to update the real copy from the shadow. > > > > There is no way to fail the bind? and Allocation of the PASID is also a > > separate operation and has no clue how its going to be used in the guest. > > You can't attach the same RID to the same PASID twice. The IOMMU code > should prevent this. > > As we've talked about several times, it seems to me the vIOMMU > interface is misdesigned for the requirements you have. The hypervisor > should have a role in allocating the PASID since there are invisible > hypervisor restrictions. This is one of them. Allocating a PASID is a separate step from binding, isn't it? In vt-d we have a virtual command interface that can fail an allocation of PASID. But which device its bound to is a dynamic thing that only gets at bind_mm() right? > > > Do we have any isolation requirements here? its the same process. So if the > > page-request it sent to guest and even if you report it for mdev1, after > > the PRQ is resolved by guest, the request from mdev2 from the same guest > > should simply work? > > I think we already talked about this and said it should not be done. I get the should not be done, I'm wondering where should that be implemented?
