From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 186FCA09E4; Thu, 21 Jan 2021 09:30:07 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0784F140EDF; Thu, 21 Jan 2021 09:30:07 +0100 (CET) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mails.dpdk.org (Postfix) with ESMTP id 364EE140EDB for ; Thu, 21 Jan 2021 09:30:05 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1611217804; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bC55NzgpyRR+gNyYzP5s79EZbAx6ao1H3JtUiNO4mIA=; b=e5dvAvcwG6P4E4zWfZMnj0tLKU7fcu+cxXWCjasRyLrfU/drnTDX74fsQlIDipVNncV3av 4JoyuAuUjQ6iNNGmK3js9Fv4dux/M+9EwmKutr27dDw9wzVxdWylqjz6XKR3jfrbAj4XYT SRBS1WDkkX8hil6JOsmvgj+7La/s1+Y= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-230-OyPiGlIlN1SGwAw6T7mbvQ-1; Thu, 21 Jan 2021 03:30:03 -0500 X-MC-Unique: OyPiGlIlN1SGwAw6T7mbvQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 59B22C7403; Thu, 21 Jan 2021 08:30:01 +0000 (UTC) Received: from [10.36.110.29] (unknown [10.36.110.29]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8A98F1042A40; Thu, 21 Jan 2021 08:29:56 +0000 (UTC) To: =?UTF-8?B?6LCi5Y2O5LyfKOatpOaXtuatpOWIu++8iQ==?= , ferruh.yigit@intel.com Cc: dev@dpdk.org, anatoly.burakov@intel.com, david.marchand@redhat.com, zhihong.wang@intel.com, chenbo.xia@intel.com, grive@u256.net References: <68ecd941-9c56-4de7-fae2-2ad15bdfd81a@alibaba-inc.com> <1603381885-88819-1-git-send-email-huawei.xhw@alibaba-inc.com> <1603381885-88819-4-git-send-email-huawei.xhw@alibaba-inc.com> <18871462-4d25-302a-2716-99ebec65c3ac@alibaba-inc.com> From: Maxime Coquelin Message-ID: Date: Thu, 21 Jan 2021 09:29:54 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 MIME-Version: 1.0 In-Reply-To: <18871462-4d25-302a-2716-99ebec65c3ac@alibaba-inc.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=maxime.coquelin@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Subject: Re: [dpdk-dev] [PATCH v5 3/3] PCI: don't use vfio ioctl call to access PIO resource X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 1/20/21 3:54 PM, 谢华伟(此时此刻) wrote: > > On 2021/1/13 0:58, Maxime Coquelin wrote: >> >> On 1/12/21 10:37 AM, Maxime Coquelin wrote: >>> bus/pci: ... >>> >>> On 10/22/20 5:51 PM, 谢华伟(此时此刻) wrote: >>>> From: "huawei.xhw" >>>> >>>> VFIO should use the same way to map/read/write PORT IO as UIO, for >>>> virtio PMD. >>> Please provide more details in the commit message on why the way VFIO >>> works today is wrong (The cover letter is lost once applied). > ok >>> >>>> Signed-off-by: huawei.xhw >>> Same comment about name format as on previous patches. >>> >>>> --- >>>>   drivers/bus/pci/linux/pci.c     | 8 ++++---- >>>>   drivers/bus/pci/linux/pci_uio.c | 4 +++- >>>>   2 files changed, 7 insertions(+), 5 deletions(-) >>>> >>>> diff --git a/drivers/bus/pci/linux/pci.c b/drivers/bus/pci/linux/pci.c >>>> index 0dc99e9..2ed9f2b 100644 >>>> --- a/drivers/bus/pci/linux/pci.c >>>> +++ b/drivers/bus/pci/linux/pci.c >>>> @@ -687,7 +687,7 @@ int rte_pci_write_config(const struct >>>> rte_pci_device *device, >>>>   #ifdef VFIO_PRESENT >>>>       case RTE_PCI_KDRV_VFIO: >>>>           if (pci_vfio_is_enabled()) >>>> -            ret = pci_vfio_ioport_map(dev, bar, p); >>>> +            ret = pci_uio_ioport_map(dev, bar, p); >>> Doesn't it create a regression with regards to needed capabilities? >>> My understanding is that before this patch we don't need to call iopl(), >>> whereas once applied it is required, correct? >> I did some testing today, and think it is not a regression with para- >> virtualized Virtio devices. >> >> Indeed, I thought it would be a regression with Legacy devices when >> IOMMU is enabled and the program is run as non-root (IOMMU enabled >> just to suport IOVA as VA mode). But it turns out para-virtualized >> Virtio legacy device and vIOMMU enabled is not a supported configuration >> by QEMU. >> >> Note that when noiommu mode is enabled, the app needs cap_sys_rawio, so >> same as iopl(). No regression in this case too. >> >> That said, with real (non para-virtualized) Virtio device using PIO like >> yours, doesn't your patch introduce a restriction for your device that >> it will require cap_sys_rawio whereas it would not be needed? > > I don't catch the regression issue. > > With real virtio device(hardware implemented), if it is using MMIO, no > cap_sys_rawio is required. > > If it is using PIO, iopl is required always. My understanding of the Kernel VFIO driver is that cap_sys_rawio is only necessary in noiommu mode, i.e. when VFIO is loaded with enable_unsafe_noiommu parameter set. The doc for this parameters seems to validate my understanding of the code: " MODULE_PARM_DESC(enable_unsafe_noiommu_mode, "Enable UNSAFE, no-IOMMU mode. This mode provides no device isolation, no DMA translation, no host kernel protection, cannot be used for device assignment to virtual machines, requires RAWIO permissions, and will taint the kernel. If you do not know what this is for, step away. (default: false)"); " I think that using inb/outb in the case of VFIO with IOMMU enabled won't work without cap_sys_rawio, and using it in the case of VFIO with IOMMU disabled just bypasses VFIO and so is not correct. In my opinion, what we should do is to add something like this in the DPDK documentation: - MMIO BAR: VFIO with IOMMU enabled recommended. Equivalent performance as with IGB UIO or VFIO with NOIOMMU. VFIO with IOMMU is recommended for security reasons. - PIO BAR: VFIO with IOMMU enabled is recommended for security reasons, providing proper isolation and not requiring cap_sys_rawio. However, use of IOMMU is not always possible in some cases (e.g. para-virtualized Virtio-net legacy device). Also, performance of using VFIO for PIO BARs accesses has an impact on performance as it uses pread/pwrite syscalls, whereas UIO drivers use inb/outb. If security is not a concern or IOMMU is not available, one might consider using UIO driver in this case for performance reasons. What do you think? Thanks, Maxime > >> Thanks, >> Maxime >> >>> Regards, >>> Maxime >>> >