On Tue, 12 Sep 2017 02:56:29 +0800 w...@redhat.com wrote: > From: Wei Xu <w...@redhat.com> > > Recently I have been testing passing through 2 ixgbe(82599ES) nics which > belong to the same iommu group to a guest with virtual iommu(vIOMMU) on > my desktop, while vfio failed to realize the second device and prompted > error message as 'group xxx used in multiple address spaces'. > > It turned out to be that vtd doesn't know any group info while choosing > an address space for the two devices, therefore it creates two separate > address space for each which breaks granularity isolation. > > This patch fixes this by looking up if there is any exist device within > the same iommu group and shares the address space before creating a new > one. > > I am not sure if this fixes the problem in a correct way due to my limited > knowledge about vfio, please come back to me for any feedback & comments, > Thanks.
Hi Wei, Are the devices in the same IOMMU group on the host or guest or both? My impression is that host IOMMU groups with more than a single endpoint are fundamentally incompatible with vIOMMU. Even if we could enforce a VM topology which logically should place them into the same IOMMU group, IOMMU groups themselves are a Linux concept and another guest OS could rightfully attempt to use them in separate VT-d contexts. The only way we could ensure a shared context is if they were in a conventional PCI hierarchy within the VM. I'd suggest that vIOMMU should be reserved for hosts and devices which have full isolation and for which the VM and guest can create separate mappings per device. I'm not sure if what I describe is the actual problem you're facing as I thought we had quirks to expose the per-port isolation on 82599 devices, but perhaps the lack of isolation is coming from an upstream device. If I'm off, please provide further details of exactly the host and guest scenarios. Thanks, Alex > Wei Xu (3): > vfio: reusing address space for the same iommu group devices > vfio: invoke looking up address space. > vfio: remove checking duplicated vfio device > > hw/vfio/common.c | 28 ++++++++++++++++++++++++++++ > hw/vfio/pci.c | 15 ++++++--------- > include/hw/vfio/vfio-common.h | 1 + > 3 files changed, 35 insertions(+), 9 deletions(-) >
