On Wed, 2013-10-02 at 20:55 -0600, Alex Williamson wrote: > So far we've succeeded at making KVM and VFIO mostly unaware of each > other, but there's an important point where that breaks down. Intel > VT-d hardware may or may not support snoop control. When snoop > control is available, intel-iommu promotes No-Snoop transactions on > PCIe to be cache coherent. That allows KVM to handle things like the > x86 WBINVD opcode as a nop. When the hardware does not support this, > KVM must implement a hardware visible WBINVD for the guest. > > We could simply let userspace tell KVM how to handle WBINVD, but it's > privileged for a reason. Allowing an arbitrary user to enable > physical WBINVD gives them more access to the hardware. Previously, > this has only been enabled for guests supporting legacy PCI device > assignment. In such cases it's necessary for proper guest execution. > We therefore create a new KVM-VFIO virtual device. The user can add > and remove VFIO groups to this device via file descriptors. KVM > makes use of the VFIO external user interface to validate that the > user has access to physical hardware and, for now, assumes the I/O > is noncoherent. Eventually we'll add an interface to allow KVM to > determine the conherency of the domain as noted in the TODO. > > Signed-off-by: Alex Williamson <alex.williamson@xxxxxxxxxx> > --- > > v2: Patches 1-3 of v1 series remain the same, not resent > - Fix cast warning from (int32_t *)u64 from get_user calls > - Add a Kconfig variable to protect kvm_vfio_ops for archs > not (yet) building virt/kvm/vfio.c There might be another option for my particular need of this. The device PCIe capability has a bit in the Device Control register that enables a device to do NoSnoop transactions. Therefore it seems like by clearing this bit on the physical device and emulating it as read-only in the guest, we can prevent the NoSnoop at the device rather than at the IOMMU. If we can prevent NoSnoop, then I don't think we need to worry about things like WBINVD emulation in KVM. Let me work on this a bit more before applying. Thanks, Alex -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html