On 14-Feb-19 1:41 PM, Shahaf Shuler wrote:
Thursday, February 14, 2019 2:22 PM, Alejandro Lucero:
>Any current NIC or device will work with virtual addresses if IOMMU is
in place, not matter if the device isĀ IOMMU-aware or not.
Not sure what you mean here. For example Intel devices works w/ VFIO and
use iova to provide buffers to NIC. hence protection between multiple
process is by application responsibility or new VFIO container.
As far as VFIO is concerned, "multiprocess protection" is not a thing,
because the device cannot be used twice in the first place - each usage
is strictly limited to one VFIO container. We just sidestep this
"limitation" by sharing container/device file descriptors with multiple
processes via IPC.
So while it's technically true that multiprocess protection is
"application responsibility" because we can pass around fd's, it's still
protected by the kernel. IOVA mappings are per-container, so the same
IOVA range can be mapped twice (thrice...), as long as it's for a
different set of devices, in effect making them virtual addresses.
--
Thanks,
Anatoly
