On 04/02/2013 10:12:31 PM, Alex Williamson wrote:
On Tue, 2013-04-02 at 17:44 -0500, Scott Wood wrote:
> On 04/02/2013 04:32:04 PM, Alex Williamson wrote:
> > On Tue, 2013-04-02 at 15:57 -0500, Scott Wood wrote:
> > > On 04/02/2013 03:32:17 PM, Alex Williamson wrote:
> > > > On x86 the interrupt remapper handles this transparently when
MSI
> > > > is enabled and userspace never gets direct access to the
device
> > MSI
> > > > address/data registers.
> > >
> > > x86 has a totally different mechanism here, as far as I
understand
> > --
> > > even before you get into restrictions on mappings.
> >
> > So what control will userspace have over programming the actually
MSI
> > vectors on PAMU?
>
> Not sure what you mean -- PAMU doesn't get explicitly involved in
> MSIs. It's just another 4K page mapping (per relevant MSI bank).
If
> you want isolation, you need to make sure that an MSI group is only
> used by one VFIO group, and that you're on a chip that has alias
pages
> with just one MSI bank register each (newer chips do, but the first
> chip to have a PAMU didn't).
How does a user figure this out?
The user's involvement could be limited to setting a policy knob of
whether that degree of isolation is required (if required and
unavailable, all devices using an MSI bank would be forced into the
same group). We'd need to do something with MSI allocation so that we
avoid using an MSI bank with more than one IOMMU group where possible.
I'm not sure about the details yet, or how practical this is. There
might need to be some MSI bank assignment done as part of the VFIO
device binding process, if there are going to be more VFIO groups than
there are MSI banks (reserving one bank for host use).
-Scott
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
