On Tue, Apr 26, 2022 at 12:45:41PM -0600, Alex Williamson wrote: > On Tue, 26 Apr 2022 11:11:56 -0300 > Jason Gunthorpe <jgg@xxxxxxxxxx> wrote: > > > On Tue, Apr 26, 2022 at 10:08:30PM +0800, Yi Liu wrote: > > > > > > I think it is strange that the allowed DMA a guest can do depends on > > > > the order how devices are plugged into the guest, and varys from > > > > device to device? > > > > > > > > IMHO it would be nicer if qemu would be able to read the new reserved > > > > regions and unmap the conflicts before hot plugging the new device. We > > > > don't have a kernel API to do this, maybe we should have one? > > > > > > For userspace drivers, it is fine to do it. For QEMU, it's not quite easy > > > since the IOVA is GPA which is determined per the e820 table. > > > > Sure, that is why I said we may need a new API to get this data back > > so userspace can fix the address map before attempting to attach the > > new device. Currently that is not possible at all, the device attach > > fails and userspace has no way to learn what addresses are causing > > problems. > > We have APIs to get the IOVA ranges, both with legacy vfio and the > iommufd RFC, QEMU could compare these, but deciding to remove an > existing mapping is not something to be done lightly. Not quite, you can get the IOVA ranges after you attach the device, but device attach will fail if the new range restrictions intersect with the existing mappings. So we don't have an easy way to learn the new range restriction in a way that lets userspace ensure an attach will not fail due to reserved ranged overlapping with mappings. The best you could do is make a dummy IOAS then attach the device, read the mappings, detatch, and then do your unmaps. I'm imagining something like IOMMUFD_DEVICE_GET_RANGES that can be called prior to attaching on the device ID. > We must be absolutely certain that there is no DMA to that range > before doing so. Yes, but at the same time if the VM thinks it can DMA to that memory then it is quite likely to DMA to it with the new device that doesn't have it mapped in the first place. It is also a bit odd that the behavior depends on the order the devices are installed as if you plug the narrower device first then the next device will happily use the narrower ranges, but viceversa will get a different result. This is why I find it bit strange that qemu doesn't check the ranges. eg I would expect that anything declared as memory in the E820 map has to be mappable to the iommu_domain or the device should not attach at all. The P2P is a bit trickier, and I know we don't have a good story because we lack ACPI description, but I would have expected the same kind of thing. Anything P2Pable should be in the iommu_domain or the device should not attach. As with system memory there are only certain parts of the E820 map that an OS would use for P2P. (ideally ACPI would indicate exactly what combinations of devices are P2Pable and then qemu would use that drive the mandatory address ranges in the IOAS) > > > yeah. qemu can filter the P2P BAR mapping and just stop it in qemu. We > > > haven't added it as it is something you will add in future. so didn't > > > add it in this RFC. :-) Please let me know if it feels better to filter > > > it from today. > > > > I currently hope it will use a different map API entirely and not rely > > on discovering the P2P via the VMA. eg using a DMABUF FD or something. > > > > So blocking it in qemu feels like the right thing to do. > > Wait a sec, so legacy vfio supports p2p between devices, which has a > least a couple known use cases, primarily involving GPUs for at least > one of the peers, and we're not going to make equivalent support a > feature requirement for iommufd? I said "different map API" - something like IOMMU_FD_MAP_DMABUF perhaps. The trouble with taking in a user pointer to MMIO memory is that it becomes quite annoying to go from a VMA back to the actual owner object so we can establish proper refcounting and lifetime of struct-page-less memory. Requiring userspace to make that connection via a FD simplifies and generalizes this. So, qemu would say 'oh this memory is exported by VFIO, I will do VFIO_EXPORT_DMA_BUF, then do IOMMU_FD_MAP_DMABUF, then close the FD' For vfio_compat we'd have to build some hacky compat approach to discover the dmabuf for vfio-pci from the VMA. But if qemu is going this way with a new implementation I would prefer the new implementation use the new way, when we decide what it should be. As I mentioned before I would like to use DMABUF since I already have a use-case to expose DMABUF from vfio-pci to connect to RDMA. I will post the vfio DMABUF patch I have already. Jason