On Fri, 5 Aug 2022 15:20:24 -0300 Jason Gunthorpe <j...@nvidia.com> wrote:
> On Fri, Aug 05, 2022 at 11:24:08AM -0600, Alex Williamson wrote: > > On Thu, 4 Aug 2022 21:11:07 -0300 > > Jason Gunthorpe <j...@nvidia.com> wrote: > > > > > On Thu, Aug 04, 2022 at 01:36:24PM -0600, Alex Williamson wrote: > > > > > > > > > That is reasonable, but I'd say those three kernels only have two > > > > > > drivers and they both have vfio as a substring in their name - so > > > > > > the > > > > > > simple thing of just substring searching 'vfio' would get us over > > > > > > that > > > > > > gap. > > > > > > > > > > Looking at the aliases for exactly "vfio_pci" isn't that much more > > > > > complicated, and "feels" a lot more reliable than just doing a > > > > > substring > > > > > search for "vfio" in the driver's name. (It would be, uh, .... "not > > > > > smart" to name a driver "vfio<anything>" if it wasn't actually a vfio > > > > > variant driver (or the opposite), but I could imagine it happening; > > > > > :-/) > > > > > > This is still pretty hacky. I'm worried about what happens to the > > > kernel if this becames some crazy unintended uAPI that we never really > > > thought about carefully... This was not a use case when we designed > > > the modules.alias stuff at least. > > > > > > BTW - why not do things the normal way? > > > > > > 1. readlink /sys/bus/pci/devices/XX/iommu_group > > > 2. Compute basename of #1 > > > 3. Check if /dev/vfio/#2 exists (or /sys/class/vfio/#2) > > > > > > It has a small edge case where a multi-device group might give a false > > > positive for an undrivered device, but for the purposes of libvirt > > > that seems pretty obscure.. (while the above has false negative > > > issues, obviously) > > > > This is not a small edge case, it's extremely common. We have a *lot* > > of users assigning desktop GPUs and other consumer grade hardware, which > > are usually multi-function devices without isolation exposed via ACS or > > quirks. > > The edge case is that the user has created a multi-device group, > manually assigned device 1 in the group to VFIO, left device 2 with no > driver and then told libvirt to manually use device 2. With the above > approach libvirt won't detect this misconfiguration and qemu will > fail. > > > The vfio group exists if any devices in the group are bound to a vfio > > driver, but the device is not accessible from the group unless the > > viability test passes. That means QEMU may not be able to get access > > to the device because the device we want isn't actually bound to a vfio > > driver or another device in the group is not in a viable state. Thanks, > > This is a different misconfiguration that libvirt also won't detect, > right? In this case ownership claiming in the kernel will fail and > qemu will fail too, like above. > > This, and the above, could be handled by having libvirt also open the > group FD and get the device. It would prove both correct binding and > viability. libvirt cannot do this in the group model because the group must be isolated in a container before the device can be accessed and libvirt cannot presume the QEMU container configuration. For direct device access, this certainly becomes a possibility and I've been trying to steer things in that direction, libvirt has the option to pass an fd for the iommufd and can then pass fds for each of the devices in the new uAPI paradigm. > I had understood the point of this logic was to give better error > reporting to users so that common misconfigurations could be diagnosed > earlier. When I say 'small edge case' I mean it seems like an unlikely > misconfiguration that someone would know to setup VFIO but then use > the wrong BDFs to do it - arguably less likely than someone would know > to setup VFIO but forget to unbind the other drivers in the group? I'm not sure how much testing libvirt does of other devices in a group, Laine? AIUI here, libvirt has a managed='yes|no' option per device. In the 'yes' case libvirt will unbind devices from their host driver and bind them to vfio-pci. In the 'no' case, I believe libvirt is still doing a sanity test on the driver, but only knows about vfio-pci. The initial step is to then enlighten libvirt that other drivers can be compatible for the 'no' case and later we can make smarter choices about which driver to use or allow the user to specify (ie. a user should be able to use vfio-pci rather than a variant driver if they choose) in the 'yes' case. If libvirt is currently testing that only the target device is bound to vfio-pci, then maybe we do have gaps for the ancillary devices in the group, but that gap changes if instead we only test that a vfio group exists relative to the iommu group of the target device. Thanks, Alex