{"id":285,"date":"2018-12-06T09:55:10","date_gmt":"2018-12-06T09:55:10","guid":{"rendered":"http:\/\/www.luo666.com\/?p=285"},"modified":"2019-02-16T12:04:31","modified_gmt":"2019-02-16T12:04:31","slug":"iommu-group-and-acs-cap","status":"publish","type":"post","link":"http:\/\/www.luo666.com\/?p=285","title":{"rendered":"IOMMU group and ACS cap"},"content":{"rendered":"<div>VFIO\u505aVM\u7684\u8bbe\u5907\u76f4\u901a\u8fc7\u7a0b\u4e2d\uff0c\u9700\u8981\u628a\u76f4\u901a\u8bbe\u5907\u6240\u5728iommu group\u91cc\u9762\u6240\u6709\u7684\u8bbe\u5907\u90fdunbind\u6389\uff0c\u8fd9\u662f\u4e3a\u5565\u5462\uff0ciommu group\u53c8\u662f\u5565\uff0c\u6728\u6709\u9047\u5230\u8be5\u95ee\u9898\u7684\u5c0f\u4f19\u4f34\u4f60\u4eec\u80af\u5b9a\u5e74\u8f7b\u800c\u5bcc\u6709\uff1a\uff09\u4f60\u4eec\u7684\u8bbe\u5907\u90fd\u662f\u6709ACS\u7684\u5462\uff0c\u8fd9\u53c8\u662f\u5565\uff0c\u54b1\u5148\u6765\u770b\u770b\u5b98\u65b9\u6587\u6863\u5427\uff1a<\/div>\n<div><\/div>\n<p><!--more--><\/p>\n<div><a href=\"https:\/\/www.intel.com\/content\/dam\/doc\/application-note\/pci-sig-sr-iov-primer-sr-iov-technology-paper.pdf\">https:\/\/www.intel.com\/content\/dam\/doc\/application-note\/pci-sig-sr-iov-primer-sr-iov-technology-paper.pdf<\/a><\/div>\n<div>In a virtualized environment it is generally not desirable to have peer-to-peer transactions that do not go through the root complex. With both Direct Assignment (see Section 2.3.2) and SR-IOV, which is also a form of Direct Assignment, the PCIe transactions should go through the Root Complex in order for the Address Translation Service (or VT-d) to be utilized.<\/div>\n<div>Access Control Services (ACS) provides a mechanism by which a Peer-to-Peer PCIe transaction can be forced to go up through the PCIe Root Complex. ACS can be thought of as a kind of gate-keeper &#8211; preventing unauthorized transactions from occurring.<\/div>\n<div>Without ACS, it is possible for a PCIe Endpoint to either accidentally or intentionally (maliciously) write to an invalid\/illegal area on a peer endpoint, potentially causing problems.<\/div>\n<div><\/div>\n<div>\u770b\u8fd9\u4e2a\u6587\u7ae0\u7684\u6211\u76f8\u4fe1\u4e0d\u9700\u8981\u7ffb\u8bd1\uff0c\u6211\u8fd9\u91cc\u628a\u81ea\u5df1\u7684\u7406\u89e3\u5199\u4e00\u4e0b\u3002<\/div>\n<div>\u4e00\u4e2a\u4e0d\u5177\u6709ACS cap\u7684\u8bbe\u5907\u65e0\u6cd5\u5f3a\u5236p2p\u7684transaction\u8d70\u5230root complex\u8fdb\u800c\u88abiommu\u5904\u7406\uff0c\u8fd9\u79cd\u60c5\u51b5\u4e0b\u5b83\u5fc5\u987b\u88ab\u653e\u5728\u4e00\u4e2a\u5171\u4eab\u7684iommu group\u4e2d\uff0c\u4ee5\u4fdd\u8bc1\u8fd9\u4e9b\u6ca1\u6709ACS\u800c\u4e92\u76f8\u4e4b\u95f4\u53c8\u5b58\u5728p2p\u53ef\u80fd\u7684\u8bbe\u5907\u80fd\u591f\u5171\u4eab\u540c\u4e00\u4e2a\u5730\u5740\u7a7a\u95f4\uff0c\u5426\u5219\u4ed6\u4eec\u4e4b\u95f4\u7684p2p\u53ef\u80fd\u4f1a\u9020\u6210\u707e\u96be\u6027\u7684\u7ed3\u679c\uff08\u65e0\u6cd5\u83b7\u77e5\u6b63\u786e\u7684\u76ee\u6807\u5730\u5740\uff0c\u4f7f\u7528\u7684\u76ee\u6807\u5730\u5740\u53ef\u80fd\u662f\u4e2a\u6076\u610f\u6216\u56e0\u9519\u8bef\u4ea7\u751f\u7684\u975e\u6cd5\u5730\u5740\uff09\u3002\u540c\u65f6\u5b83\u4e5f\u4e0d\u80fd\u5047\u8bbe\u5b83\u7684\u4e0a\u6e38\u8bbe\u5907\u5177\u6709ACS cap\uff0c\u56e0\u4e3a\u4e00\u65e6\u4e0a\u6e38\u6ca1\u6709\u8fd9\u4e2a\u80fd\u529b\uff0c\u90a3\u4e48p2p\u7684\u6570\u636e\u5c06\u771f\u7684\u88ab\u76f4\u63a5\u5199\u5165\u76ee\u6807\u5730\u5740\u3002\u653e\u5728\u4e00\u4e2a\u5171\u4eabiommu group\u5185\u7684\u8bbe\u5907\u4e92\u76f8\u4e4b\u95f4\u7684p2p\u56e0\u4e3a\u5728\u540c\u4e00\u4e2aiova\u7a7a\u95f4\u662f\u53ef\u4ee5\u6b63\u5e38\u5de5\u4f5c\u7684\uff0c\u4f46\u56e0\u4e3a\u6ca1\u6709\u5730\u5740\u7a7a\u95f4\u9694\u79bb\u800c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u548c\u6570\u636e\u6cc4\u9732\u98ce\u9669\uff0c\u800c\u5bf9\u5176\u4ed6\u5177\u5907ACS\u7684\u8bbe\u5907\u6765\u8bf4\u5c31\u76f8\u5bf9\u5b89\u5168\u4e86\u3002<\/div>\n<div><\/div>\n<div>\u4e0a\u8ff0\u5b89\u5168\u6f0f\u6d1e\u5728vfio\u4e2d\u901a\u8fc7\u5224\u65adgroup\u662f\u5426viable\u6765\u89e3\u51b3\uff1a<a href=\"https:\/\/blog.csdn.net\/zgy666\/article\/details\/78607421\">https:\/\/blog.csdn.net\/zgy666\/article\/details\/78607421<\/a><\/div>\n<div>For each group, a virtual device is created under\u00a0\/dev\/vfio; prior to working with any individual device, a driver must open the group, claiming ownership of it. The access permissions on the group file control access to the underlying devices. Once the group has been opened, the driver should do an\u00a0ioctl(VFIO_GROUP_GET_INFO)\u00a0call to determine whether the group is &#8220;viable&#8221; (meaning all of the relevant devices are assigned to it) and available for use. If the group is not viable, the driver will not be able to proceed.<\/div>\n<div><\/div>\n<div>\u4e5f\u5c31\u662f\u8bf4\uff0c\u4e00\u4e2aiommu group\u4e2d\u7684\u6240\u6709\u8bbe\u5907\u5fc5\u987b\u90fdunbind\u6389\u539f\u9a71\u52a8\uff0c\u88abvfio\u63a5\u7ba1\uff0c\u800c\u4e14\u662f\u5728\u4e00\u4e2a\u865a\u62df\u7684vfio\u8bbe\u5907\u7ba1\u8f96\u4e0b<\/div>\n<p><audio style=\"display: none;\" controls=\"controls\"><\/audio><\/p>\n<p><audio style=\"display: none;\" controls=\"controls\"><\/audio><\/p>\n","protected":false},"excerpt":{"rendered":"<p>VFIO\u505aVM\u7684\u8bbe\u5907\u76f4\u901a\u8fc7\u7a0b\u4e2d\uff0c\u9700\u8981\u628a\u76f4\u901a\u8bbe\u5907\u6240\u5728iommu group\u91cc\u9762\u6240\u6709\u7684\u8bbe\u5907\u90fdunbind\u6389\uff0c\u8fd9\u662f\u4e3a\u5565\u5462\uff0ciommu group\u53c8\u662f\u5565\uff0c\u6728\u6709\u9047\u5230\u8be5\u95ee\u9898\u7684\u5c0f\u4f19\u4f34\u4f60\u4eec\u80af\u5b9a\u5e74\u8f7b\u800c\u5bcc\u6709\uff1a\uff09\u4f60\u4eec\u7684\u8bbe\u5907\u90fd\u662f\u6709ACS\u7684\u5462\uff0c\u8fd9\u53c8\u662f\u5565\uff0c\u54b1\u5148\u6765\u770b\u770b\u5b98\u65b9\u6587\u6863\u5427\uff1a<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"footnotes":"","_jetpack_memberships_contains_paid_content":false,"jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[3],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7Dhki-4B","jetpack-related-posts":[],"_links":{"self":[{"href":"http:\/\/www.luo666.com\/index.php?rest_route=\/wp\/v2\/posts\/285"}],"collection":[{"href":"http:\/\/www.luo666.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.luo666.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.luo666.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.luo666.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=285"}],"version-history":[{"count":2,"href":"http:\/\/www.luo666.com\/index.php?rest_route=\/wp\/v2\/posts\/285\/revisions"}],"predecessor-version":[{"id":305,"href":"http:\/\/www.luo666.com\/index.php?rest_route=\/wp\/v2\/posts\/285\/revisions\/305"}],"wp:attachment":[{"href":"http:\/\/www.luo666.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=285"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.luo666.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=285"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.luo666.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=285"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}