Other than which domain to pass, I think this looks good.

Adding kib@. I think even ACPI_DMAR would need something like this to cope with newly arriving devices. One question for Konstantin is if the PCI-specific bit is too specific. In particular, there are provisions in VT-d for having "fake" RIDs for certain devices (like HPETs, etc.) that can then have corresponding context table entries. Maybe it would be better if we passed along just the 'rid' instead of the device_t? Not sure?

In D7667#160855, @jhb wrote:

Adding kib@. I think even ACPI_DMAR would need something like this to cope with newly arriving devices. One question for Konstantin is if the PCI-specific bit is too specific. In particular, there are provisions in VT-d for having "fake" RIDs for certain devices (like HPETs, etc.) that can then have corresponding context table entries. Maybe it would be better if we passed along just the 'rid' instead of the device_t? Not sure?

Yes, HPETs and IO-APICs are special and their RIDs are encoded in the ACPI tables. Practically there are chipset registers that are filled by BIOS with the values used for initiator id in the MSI transactions. But note that the RIDs are for interrupt remapping.

Newer VT-d spec defines so called 'ACPI Name-space Devices', which do not have PCIe structure, and device scope declaration in DMAR table directly provides RIDs for DMA requests for such devices, similar to IO-APICs and HPETS interrupt requests. I believe that mobile SkyLakes and latest atom platforms already utilize that.

So passing rid, or having different interfaces (PCIe/others) for event handlers is reasonable. I would prefer the second approach, where RID is only passed for the case where there is no PCIe path, to centralize the pcie->rid algorithm. It is quite quircky itself, and numerous bugs in PCIe/PCI(e) bridges add even more complications.

In D7667#160972, @kib wrote:

In D7667#160855, @jhb wrote:

Adding kib@. I think even ACPI_DMAR would need something like this to cope with newly arriving devices. One question for Konstantin is if the PCI-specific bit is too specific. In particular, there are provisions in VT-d for having "fake" RIDs for certain devices (like HPETs, etc.) that can then have corresponding context table entries. Maybe it would be better if we passed along just the 'rid' instead of the device_t? Not sure?

Yes, HPETs and IO-APICs are special and their RIDs are encoded in the ACPI tables. Practically there are chipset registers that are filled by BIOS with the values used for initiator id in the MSI transactions. But note that the RIDs are for interrupt remapping.

Newer VT-d spec defines so called 'ACPI Name-space Devices', which do not have PCIe structure, and device scope declaration in DMAR table directly provides RIDs for DMA requests for such devices, similar to IO-APICs and HPETS interrupt requests. I believe that mobile SkyLakes and latest atom platforms already utilize that.

So passing rid, or having different interfaces (PCIe/others) for event handlers is reasonable. I would prefer the second approach, where RID is only passed for the case where there is no PCIe path, to centralize the pcie->rid algorithm. It is quite quircky itself, and numerous bugs in PCIe/PCI(e) bridges add even more complications.

Ok, I can leave this interface as-is then. Note that in the case of the bhyve iommu stuff, we just use 'pci_get_rid()' of each PCI device directly. 3.4.1 of the VT-D spec seems to imply that this is true for any PCI-e device. IIRC, the complication you dealt with was that the effective RID for any devices behind a PCI-e->PCI bridge (or PCIe->ISA, etc.) was the RID of the bridge's PCI-e device, not always the device itself.

Eventually we should talk about what it would mean to have bhyve talk to the ACPI_DMAR driver. In particular, bhyve uses a model where there is a "host" domain all devices belong to by default. Each new VM creates a private domain and any pass through devices use that private domain / EPT tables (right now bhyve doesn't reuse the EPT tables, but it should). I'm curious if we could instead use "untranslated" entries for devices in the "host" domain instead of requiring an explicit domain? I think bhyve might be excluding the wired memory in guests from the host domain so that devices on the host can't DMA to guests, hence the complication of a "host" domain.

In D7667#161072, @jhb wrote:

Eventually we should talk about what it would mean to have bhyve talk to the ACPI_DMAR driver. In particular, bhyve uses a model where there is a "host" domain all devices belong to by default. Each new VM creates a private domain and any pass through devices use that private domain / EPT tables (right now bhyve doesn't reuse the EPT tables, but it should). I'm curious if we could instead use "untranslated" entries for devices in the "host" domain instead of requiring an explicit domain? I think bhyve might be excluding the wired memory in guests from the host domain so that devices on the host can't DMA to guests, hence the complication of a "host" domain.

Changing bhyve to use ACPI_DMAR was my goal. In particular, I split domains vs. contexts and wrote dmar_move_ctx_to_domain() for that to work, see r284869. Implementing bhyve interface on top of that functionality should be not too complicated.

But my testing environment only had haswell machine + pci bridge + lem(4) class PCI card. It was all buggy: BIOS wrongly routed INTX interrupts from under PCIe/PCI bridge (off by 1) and Intel refused to fix BIOS. PCIe/PCI bridge did not reported itself as PCIe from the host side (this was fixed by jah in r279117). And the final point was that Intel PCI ethernet adapters are buggy, they read way beyond past the descriptor rings and buffers, so DMAR faults. I just gave up for some time.

For host domain, if we mark devices participating in domain as disabled for dmar, using DMAR_DOMAIN_IDMAP is possible and that would eliminate all concern about DMAR slowing down small transfers due to high setup and (less) tear-down cost.