[Intel-gfx] [PATCH v2 10/11] vfio: Make vfio_container optionally compiled
Alex Williamson
alex.williamson at redhat.com
Wed Nov 9 17:18:09 UTC 2022
On Tue, 8 Nov 2022 20:54:58 -0400
Jason Gunthorpe <jgg at nvidia.com> wrote:
> On Tue, Nov 08, 2022 at 03:28:31PM -0700, Alex Williamson wrote:
>
> > Perhaps this should have been obvious, but I'm realizing that
> > vfio-noiommu mode is completely missing without VFIO_CONTAINER, which
> > seems a barrier to deprecating VFIO_CONTAINER and perhaps makes it a
>
> Yes, it is the same as the allow_unsafe_interrupts - it is something
> that currently goes missing if you turn off VFIO_CONTAINER.
>
> This seems straightforward enough to resolve in a followup, we mostly
> just need someone with an existing no-iommu application to test
> compatability against. Keeping it working with the device cdev will
> also be a bit interesting. If you have or know about some application
> I can try to make a patch.
DPDK supports no-iommu mode.
> > question whether IOMMUFD should really be taking over /dev/vfio/vfio.
> > No-iommu mode has users.
>
> I view VFIO_CONTAINER=n as a process. An aspiration we can work
> toward.
>
> At this point there are few places that might want to use it. Android
> perhaps, for example. It is also useful for testing. One of the main
> values is you can switch the options and feed the kernel into an
> existing test environment and see what happens. This is how we are
> able to quickly get s390 mdev testing, for instance.
>
> We are not going to get to a widely useful VFIO_CONTAINER=n if we
> don't have a target that people can test against and evaluate what
> compatability gaps may exist.
>
> So, everytime we find something like this - let's think about how can
> we make iommufd compatibility handle it and not jump straight to
> giving up :)
>
> I'm kind of thinking v6.4 might be a reasonable kernel target when we
> might have closed off enough things.
I agree that it's very useful for testing, I'm certainly not suggesting
to give up, but I'm not sure where no-iommu lives when iommufd owns
/dev/vfio/vfio. Given the unsafe interrupts discussion, it doesn't
seem like the type of thing that would be a priority for iommufd.
We're on a path where vfio accepts an iommufd as a container, and
ultimately iommufd becomes the container provider, supplanting the
IOMMU driver registration aspect of vfio. I absolutely want type1 and
spapr backends to get replaced by iommufd, but reluctance to support
aspects of vfio "legacy" behavior doesn't give me warm fuzzies about a
wholesale hand-off of the container to a different subsystem, for
example vs an iommufd shim spoofing type1 support.
Unfortunately we no longer have a CONFIG_EXPERIMENTAL option to hide
behind for disabling VFIO_CONTAINER, so regardless of our intentions
that a transition is some time off, it may become an issue sooner than
we expect. Thanks,
Alex
More information about the Intel-gfx
mailing list