From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Christoph Hellwig <hch@infradead.org>,
Will Deacon <will.deacon@arm.com>,
Anshuman Khandual <khandual@linux.vnet.ibm.com>,
virtualization@lists.linux-foundation.org,
linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
aik@ozlabs.ru, robh@kernel.org, joe@perches.com,
elfring@users.sourceforge.net, david@gibson.dropbear.id.au,
jasowang@redhat.com, mpe@ellerman.id.au, linuxram@us.ibm.com,
haren@linux.vnet.ibm.com, paulus@samba.org,
srikar@linux.vnet.ibm.com, robin.murphy@arm.com,
jean-philippe.brucker@arm.com, marc.zyngier@arm.com
Subject: Re: [RFC 0/4] Virtio uses DMA API for all devices
Date: Thu, 02 Aug 2018 10:33:05 -0500 [thread overview]
Message-ID: <7779442d7889ee943b3e4ff6c63ec90b4a58b79d.camel@kernel.crashing.org> (raw)
In-Reply-To: <20180802003823-mutt-send-email-mst@kernel.org>
On Thu, 2018-08-02 at 00:56 +0300, Michael S. Tsirkin wrote:
> > but it's not, VMs are
> > created in "legacy" mode all the times and we don't know at VM creation
> > time whether it will become a secure VM or not. The way our secure VMs
> > work is that they start as a normal VM, load a secure "payload" and
> > call the Ultravisor to "become" secure.
> >
> > So we're in a bit of a bind here. We need that one-liner optional arch
> > hook to make virtio use swiotlb in that "IOMMU bypass" case.
> >
> > Ben.
>
> And just to make sure I understand, on your platform DMA APIs do include
> some of the cache flushing tricks and this is why you don't want to
> declare iommu support in the hypervisor?
I'm not sure I parse what you mean.
We don't need cache flushing tricks. The problem we have with our
"secure" VMs is that:
- At VM creation time we have no idea it's going to become a secure
VM, qemu doesn't know anything about it, and thus qemu (or other
management tools, libvirt etc...) are going to create "legacy" (ie
iommu bypass) virtio devices.
- Once the VM goes secure (early during boot but too late for qemu),
it will need to make virtio do bounce-buffering via swiotlb because
qemu cannot physically access most VM pages (blocked by HW security
features), we need to bounce buffer using some unsecure pages that are
accessible to qemu.
That said, I wouldn't object for us to more generally switch long run
to changing qemu so that virtio on powerpc starts using the IOMMU as a
default provided we fix our guest firmware to understand it (it
currently doesn't), and provided we verify that the performance impact
on things like vhost is negligible.
Cheers,
Ben.
next prev parent reply other threads:[~2018-08-02 15:34 UTC|newest]
Thread overview: 119+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-20 3:59 [RFC 0/4] Virtio uses DMA API for all devices Anshuman Khandual
2018-07-20 3:59 ` [RFC 1/4] virtio: Define virtio_direct_dma_ops structure Anshuman Khandual
2018-07-30 9:24 ` Christoph Hellwig
2018-07-31 4:01 ` Anshuman Khandual
2018-07-20 3:59 ` [RFC 2/4] virtio: Override device's DMA OPS with virtio_direct_dma_ops selectively Anshuman Khandual
2018-07-28 8:56 ` Anshuman Khandual
2018-07-28 21:16 ` Michael S. Tsirkin
2018-07-30 4:15 ` Anshuman Khandual
2018-07-30 9:30 ` Christoph Hellwig
2018-07-31 6:39 ` Anshuman Khandual
2018-07-30 9:25 ` Christoph Hellwig
2018-07-31 7:00 ` Anshuman Khandual
2018-07-20 3:59 ` [RFC 3/4] virtio: Force virtio core to use DMA API callbacks for all virtio devices Anshuman Khandual
2018-07-20 3:59 ` [RFC 4/4] virtio: Add platform specific DMA API translation for virito devices Anshuman Khandual
2018-07-20 13:15 ` Michael S. Tsirkin
2018-07-23 2:16 ` Anshuman Khandual
2018-07-25 4:30 ` Anshuman Khandual
2018-07-25 13:31 ` Michael S. Tsirkin
2018-07-20 13:16 ` [RFC 0/4] Virtio uses DMA API for all devices Michael S. Tsirkin
2018-07-23 6:28 ` Anshuman Khandual
2018-07-23 9:08 ` Michael S. Tsirkin
2018-07-25 3:26 ` Anshuman Khandual
2018-07-27 11:31 ` Michael S. Tsirkin
2018-07-28 8:37 ` Anshuman Khandual
2018-07-27 9:58 ` Will Deacon
2018-07-27 10:58 ` Anshuman Khandual
2018-07-30 9:34 ` Christoph Hellwig
2018-07-30 10:28 ` Michael S. Tsirkin
2018-07-30 11:18 ` Christoph Hellwig
2018-07-30 13:26 ` Michael S. Tsirkin
2018-07-31 17:30 ` Christoph Hellwig
2018-07-31 20:36 ` Benjamin Herrenschmidt
2018-08-01 8:16 ` Will Deacon
2018-08-01 8:36 ` Christoph Hellwig
2018-08-01 9:05 ` Will Deacon
2018-08-01 22:41 ` Michael S. Tsirkin
2018-08-01 22:35 ` Michael S. Tsirkin
2018-08-02 15:24 ` Benjamin Herrenschmidt
2018-08-02 15:41 ` Michael S. Tsirkin
2018-08-02 16:01 ` Benjamin Herrenschmidt
2018-08-02 17:19 ` Michael S. Tsirkin
2018-08-02 17:53 ` Benjamin Herrenschmidt
2018-08-02 20:52 ` Michael S. Tsirkin
2018-08-02 21:13 ` Benjamin Herrenschmidt
2018-08-02 21:51 ` Michael S. Tsirkin
2018-08-03 7:05 ` Christoph Hellwig
2018-08-03 15:58 ` Benjamin Herrenschmidt
2018-08-03 16:02 ` Christoph Hellwig
2018-08-03 18:58 ` Benjamin Herrenschmidt
2018-08-04 8:21 ` Christoph Hellwig
2018-08-05 1:10 ` Benjamin Herrenschmidt
2018-08-05 7:29 ` Christoph Hellwig
2018-08-05 21:16 ` Benjamin Herrenschmidt
2018-08-05 21:30 ` Benjamin Herrenschmidt
2018-08-06 9:42 ` Christoph Hellwig
2018-08-06 19:52 ` Benjamin Herrenschmidt
2018-08-07 6:21 ` Christoph Hellwig
2018-08-07 6:42 ` Benjamin Herrenschmidt
2018-08-07 13:55 ` Christoph Hellwig
2018-08-07 20:32 ` Benjamin Herrenschmidt
2018-08-08 6:31 ` Christoph Hellwig
2018-08-08 10:07 ` Benjamin Herrenschmidt
2018-08-08 12:30 ` Christoph Hellwig
2018-08-08 13:18 ` Benjamin Herrenschmidt
2018-08-08 20:31 ` Michael S. Tsirkin
2018-08-08 22:13 ` Benjamin Herrenschmidt
2018-08-09 2:00 ` Benjamin Herrenschmidt
2018-08-09 5:40 ` Christoph Hellwig
2018-09-07 0:09 ` Jiandi An
2018-09-10 6:19 ` Christoph Hellwig
2018-09-10 8:53 ` Gerd Hoffmann
2018-08-03 19:07 ` Michael S. Tsirkin
2018-08-04 1:11 ` Benjamin Herrenschmidt
2018-08-04 1:16 ` Benjamin Herrenschmidt
2018-08-05 0:22 ` Michael S. Tsirkin
2018-08-05 4:52 ` Benjamin Herrenschmidt
2018-08-06 13:46 ` Michael S. Tsirkin
2018-08-06 19:56 ` Benjamin Herrenschmidt
2018-08-06 20:35 ` Michael S. Tsirkin
2018-08-06 21:26 ` Benjamin Herrenschmidt
2018-08-06 21:46 ` Michael S. Tsirkin
2018-08-06 22:13 ` Benjamin Herrenschmidt
2018-08-06 23:16 ` Benjamin Herrenschmidt
2018-08-06 23:45 ` Michael S. Tsirkin
2018-08-07 0:18 ` Benjamin Herrenschmidt
2018-08-07 6:32 ` Christoph Hellwig
2018-08-07 6:27 ` Christoph Hellwig
2018-08-07 6:44 ` Benjamin Herrenschmidt
2018-08-07 6:18 ` Christoph Hellwig
2018-08-07 6:16 ` Christoph Hellwig
2018-08-06 23:18 ` Benjamin Herrenschmidt
2018-08-07 6:12 ` Christoph Hellwig
2018-08-04 1:18 ` Benjamin Herrenschmidt
2018-08-04 1:22 ` Benjamin Herrenschmidt
2018-08-05 0:23 ` Michael S. Tsirkin
2018-08-03 19:17 ` Michael S. Tsirkin
2018-08-04 8:15 ` Christoph Hellwig
2018-08-05 0:09 ` Michael S. Tsirkin
2018-08-05 1:11 ` Benjamin Herrenschmidt
2018-08-05 7:25 ` Christoph Hellwig
2018-08-05 0:53 ` Benjamin Herrenschmidt
2018-08-05 0:27 ` Michael S. Tsirkin
2018-08-06 14:05 ` Will Deacon
2018-08-01 21:56 ` Michael S. Tsirkin
2018-08-02 15:33 ` Benjamin Herrenschmidt [this message]
2018-08-02 20:53 ` Michael S. Tsirkin
2018-08-03 7:06 ` Christoph Hellwig
2018-08-02 20:55 ` Michael S. Tsirkin
2018-08-03 2:41 ` Jason Wang
2018-08-03 19:08 ` Michael S. Tsirkin
2018-08-04 1:21 ` Benjamin Herrenschmidt
2018-08-05 0:24 ` Michael S. Tsirkin
2018-08-06 9:02 ` Anshuman Khandual
2018-08-06 13:36 ` Michael S. Tsirkin
2018-08-06 15:24 ` Christoph Hellwig
2018-08-06 16:06 ` Michael S. Tsirkin
2018-08-06 16:10 ` Christoph Hellwig
2018-08-06 16:13 ` Michael S. Tsirkin
2018-08-06 16:34 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7779442d7889ee943b3e4ff6c63ec90b4a58b79d.camel@kernel.crashing.org \
--to=benh@kernel.crashing.org \
--cc=aik@ozlabs.ru \
--cc=david@gibson.dropbear.id.au \
--cc=elfring@users.sourceforge.net \
--cc=haren@linux.vnet.ibm.com \
--cc=hch@infradead.org \
--cc=jasowang@redhat.com \
--cc=jean-philippe.brucker@arm.com \
--cc=joe@perches.com \
--cc=khandual@linux.vnet.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=linuxram@us.ibm.com \
--cc=marc.zyngier@arm.com \
--cc=mpe@ellerman.id.au \
--cc=mst@redhat.com \
--cc=paulus@samba.org \
--cc=robh@kernel.org \
--cc=robin.murphy@arm.com \
--cc=srikar@linux.vnet.ibm.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).