[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [vfio-users] [FEEDBACK NEEDED] Rewriting the Arch wiki article

On 2016-04-12 17:24, Alex Williamson wrote:
On Tue, Apr 12, 2016 at 2:30 PM, Bronek Kozicki <brok spamcop net> wrote:
2. does PCI bridge have to be in a separate IOMMU group than passed-through device?

No.  Blank is mostly correct on this, newer kernel remove the pcieport driver test and presumes any driver attached to a bridge device is ok.
Really? From what I understood reading your IOMMU article, plus from the issues I had getting my own GPU to work on the CPU-based PCIe slot on my E3-1200, I thought having a PCIe root port grouped with a PCI device made the GPU unsuited for passthrougs. What reccomendations should I give here, then?

The statement "(there's generally only one)" is completely incorrect regarding processor based root port slots.  That $30k PC that LinuxTechTips did has 7 processor based root ports between the 2 sockets.

IOMMU group isolation requires that a group is never shared between host and guest or between different guests.  However we assume that bridge devices only do DMA on behalf of the devices downstream of them, so we allow the bridge to be managed by a host driver.  So in your example, it's possible that the bridge could do redirections, but the only affected party would be the VM itself.  The same is true for a multi-function device like the GPU itself, internal routing may allow the devices to perform peer-to-peer internally.  So it's not ideal when the bridge is part of the group, but it generally works and is allowed because it can't interfere with anyone else.  I have the identical setup on my E3-1245v2 and haven't had any problems.

Where the isolation problem with root ports explodes is when another non-ACS root port is added at 01.x or there are many devices downsteam of the root port (SR-IOV).  Then we end up with an even bigger IOMMU group and the user generally doesn't want to assign all those endpoints to a single VM.

Your recommendation isn't entirely wrong, we should be doing device assignment on hardware with full isolation, but it excludes a very typical use case that often works well enough.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]