Michael S. Tsirkin
2023-Sep-21 20:45 UTC
[PATCH vfio 11/11] vfio/virtio: Introduce a vfio driver over virtio devices
On Thu, Sep 21, 2023 at 04:49:46PM -0300, Jason Gunthorpe wrote:> On Thu, Sep 21, 2023 at 03:13:10PM -0400, Michael S. Tsirkin wrote: > > On Thu, Sep 21, 2023 at 03:39:26PM -0300, Jason Gunthorpe wrote: > > > On Thu, Sep 21, 2023 at 12:53:04PM -0400, Michael S. Tsirkin wrote: > > > > > vdpa is not vfio, I don't know how you can suggest vdpa is a > > > > > replacement for a vfio driver. They are completely different > > > > > things. > > > > > Each side has its own strengths, and vfio especially is accelerating > > > > > in its capability in way that vpda is not. eg if an iommufd conversion > > > > > had been done by now for vdpa I might be more sympathetic. > > > > > > > > Yea, I agree iommufd is a big problem with vdpa right now. Cindy was > > > > sick and I didn't know and kept assuming she's working on this. I don't > > > > think it's a huge amount of work though. I'll take a look. > > > > Is there anything else though? Do tell. > > > > > > Confidential compute will never work with VDPA's approach. > > > > I don't see how what this patchset is doing is different > > wrt to Confidential compute - you trap IO accesses and emulate. > > Care to elaborate? > > This patch series isn't about confidential compute, you asked about > the future. VFIO will support confidential compute in the future, VDPA > will not.Nonsense it already works. But I did not ask about the future since I do not believe it can be confidently predicted. I asked what is missing in VDPA now for you to add this feature there and not in VFIO.> > > > There are a bunch of things that I think are important for virtio > > > > that are completely out of scope for vfio, such as migrating > > > > cross-vendor. > > > > > > VFIO supports migration, if you want to have cross-vendor migration > > > then make a standard that describes the VFIO migration data format for > > > virtio devices. > > > > This has nothing to do with data formats - you need two devices to > > behave identically. Which is what VDPA is about really. > > We've been looking at VFIO live migration extensively. Device > mediation, like VDPA does, is one legitimate approach for live > migration. It suites a certain type of heterogeneous environment well. > > But, it is equally legitimate to make the devices behave the same and > have them process a common migration data. > > This can happen in public with standards, or it can happen in private > within a cloud operator's "private-standard" environment. > > To date, in most of my discussions, I have not seen a strong appetite > for such public standards. In part due to the complexity. > > Regardles, it is not the kernel communities job to insist on one > approach or the other. > > > > You are asking us to invest in the complexity of VDPA through out > > > (keep it working, keep it secure, invest time in deploying and > > > debugging in the field) > > > > > > When it doesn't provide *ANY* value to the solution. > > > > There's no "the solution" > > Nonsense.what there's only one solution that you use the definite article?> > this sounds like a vendor only caring about solutions that involve > > that vendor's hardware exclusively, a little. > > Not really. > > Understand the DPU provider is not the vendor here. The DPU provider > gives a cloud operator a SDK to build these things. The operator is > the vendor from your perspective. > > In many cases live migration never leaves the operator's confines in > the first place. > > Even when it does, there is no real use case to live migrate a > virtio-net function from, say, AWS to GCP. > > You are pushing for a lot of complexity and software that solves a > problem people in this space don't actually have. > > As I said, VDPA is fine for the scenarios it addresses. It is an > alternative, not a replacement, for VFIO. > > Jasonyea, VDPA does trap and emulate for config accesses. which is exactly what this patch does? so why does it belong in vfio muddying up its passthrough model is beyond me, except that apparently there's some specific deployment that happens to use vfio so now whatever that deployment needs has to go into vfio whether it belongs there or not. -- MST