From: Jason Wang <jasowang@redhat.com>
To: Halil Pasic <pasic@linux.ibm.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>,
Marek Szyprowski <m.szyprowski@samsung.com>,
Robin Murphy <robin.murphy@arm.com>,
Christoph Hellwig <hch@lst.de>,
linux-s390@vger.kernel.org,
virtualization@lists.linux-foundation.org,
linux-kernel@vger.kernel.org, iommu@lists.linux-foundation.org,
Christian Borntraeger <borntraeger@de.ibm.com>,
Janosch Frank <frankja@linux.ibm.com>,
Viktor Mihajlovski <mihajlov@linux.ibm.com>,
Cornelia Huck <cohuck@redhat.com>, Ram Pai <linuxram@us.ibm.com>,
Thiago Jung Bauermann <bauerman@linux.ibm.com>,
David Gibson <david@gibson.dropbear.id.au>,
"Lendacky, Thomas" <Thomas.Lendacky@amd.com>,
Michael Mueller <mimu@linux.ibm.com>
Subject: Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM
Date: Tue, 25 Feb 2020 11:30:16 +0800 [thread overview]
Message-ID: <1b2673e7-56ff-7d69-af2d-503a97408d95@redhat.com> (raw)
In-Reply-To: <20200224145607.2729f47b.pasic@linux.ibm.com>
On 2020/2/24 下午9:56, Halil Pasic wrote:
> On Mon, 24 Feb 2020 17:26:20 +0800
> Jason Wang <jasowang@redhat.com> wrote:
>
>> That's better.
>>
>> How about attached?
>>
>> Thanks
> Thanks Jason! It does avoid the translation overhead in vhost.
>
> Tested-by: Halil Pasic <pasic@linux.ibm.com>
>
> Regarding the code, you fence it in virtio-net.c, but AFAIU this feature
> has relevance for other vhost devices as well. E.g. what about vhost
> user? Would it be the responsibility of each virtio device to fence this
> on its own?
Yes, it looks to me it's better to do that in virtio_set_features_nocheck()
>
> I'm also a bit confused about the semantics of the vhost feature bit
> F_ACCESS_PLATFORM. What we have specified on virtio level is:
> """
> This feature indicates that the device can be used on a platform where
> device access to data in memory is limited and/or translated. E.g. this
> is the case if the device can be located behind an IOMMU that translates
> bus addresses from the device into physical addresses in memory, if the
> device can be limited to only access certain memory addresses or if
> special commands such as a cache flush can be needed to synchronise data
> in memory with the device. Whether accesses are actually limited or
> translated is described by platform-specific means. If this feature bit
> is set to 0, then the device has same access to memory addresses
> supplied to it as the driver has. In particular, the device will always
> use physical addresses matching addresses used by the driver (typically
> meaning physical addresses used by the CPU) and not translated further,
> and can access any address supplied to it by the driver. When clear,
> this overrides any platform-specific description of whether device
> access is limited or translated in any way, e.g. whether an IOMMU may be
> present.
> """
>
> I read this like the addresses may be IOVAs which require
> IMMU translation or GPAs which don't.
>
> On the vhost level however, it seems that F_IOMMU_PLATFORM means that
> vhost has to do the translation (via IOTLB API).
Yes.
>
> Do I understand this correctly? If yes, I believe we should document
> this properly.
Good point. I think it was probably wrong to tie F_IOMMU_PLATFORM to
IOTLB API. Technically IOTLB can work with GPA->HVA mapping. I
originally use a dedicated feature bit (you can see that from commit
log), but for some reason Michael tweak it to virtio feature bit. I
guess it was probably because at that time there's no way to specify e.g
backend capability but now we have VHOST_GET_BACKEND_FEATURES.
For now, it was probably too late to fix that but document or we can add
the support of enabling IOTLB via new backend features.
>
> BTW I'm still not 100% on the purpose and semantics of the
> F_ACCESS_PLATFORM feature bit. But that is a different problem.
Yes, I aggree that we should decouple the features that does not belongs
to device (protected, encrypted, swiotlb etc) from F_IOMMU_PLATFORM. But
Michael and other have their points as well.
Thanks
>
> Regards,
> Halil
>
WARNING: multiple messages have this Message-ID (diff)
From: Jason Wang <jasowang@redhat.com>
To: Halil Pasic <pasic@linux.ibm.com>
Cc: linux-s390@vger.kernel.org, Janosch Frank <frankja@linux.ibm.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
Cornelia Huck <cohuck@redhat.com>, Ram Pai <linuxram@us.ibm.com>,
linux-kernel@vger.kernel.org,
virtualization@lists.linux-foundation.org,
Christian Borntraeger <borntraeger@de.ibm.com>,
iommu@lists.linux-foundation.org,
David Gibson <david@gibson.dropbear.id.au>,
Michael Mueller <mimu@linux.ibm.com>,
"Lendacky, Thomas" <Thomas.Lendacky@amd.com>,
Viktor Mihajlovski <mihajlov@linux.ibm.com>,
Robin Murphy <robin.murphy@arm.com>,
Christoph Hellwig <hch@lst.de>
Subject: Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM
Date: Tue, 25 Feb 2020 11:30:16 +0800 [thread overview]
Message-ID: <1b2673e7-56ff-7d69-af2d-503a97408d95@redhat.com> (raw)
In-Reply-To: <20200224145607.2729f47b.pasic@linux.ibm.com>
On 2020/2/24 下午9:56, Halil Pasic wrote:
> On Mon, 24 Feb 2020 17:26:20 +0800
> Jason Wang <jasowang@redhat.com> wrote:
>
>> That's better.
>>
>> How about attached?
>>
>> Thanks
> Thanks Jason! It does avoid the translation overhead in vhost.
>
> Tested-by: Halil Pasic <pasic@linux.ibm.com>
>
> Regarding the code, you fence it in virtio-net.c, but AFAIU this feature
> has relevance for other vhost devices as well. E.g. what about vhost
> user? Would it be the responsibility of each virtio device to fence this
> on its own?
Yes, it looks to me it's better to do that in virtio_set_features_nocheck()
>
> I'm also a bit confused about the semantics of the vhost feature bit
> F_ACCESS_PLATFORM. What we have specified on virtio level is:
> """
> This feature indicates that the device can be used on a platform where
> device access to data in memory is limited and/or translated. E.g. this
> is the case if the device can be located behind an IOMMU that translates
> bus addresses from the device into physical addresses in memory, if the
> device can be limited to only access certain memory addresses or if
> special commands such as a cache flush can be needed to synchronise data
> in memory with the device. Whether accesses are actually limited or
> translated is described by platform-specific means. If this feature bit
> is set to 0, then the device has same access to memory addresses
> supplied to it as the driver has. In particular, the device will always
> use physical addresses matching addresses used by the driver (typically
> meaning physical addresses used by the CPU) and not translated further,
> and can access any address supplied to it by the driver. When clear,
> this overrides any platform-specific description of whether device
> access is limited or translated in any way, e.g. whether an IOMMU may be
> present.
> """
>
> I read this like the addresses may be IOVAs which require
> IMMU translation or GPAs which don't.
>
> On the vhost level however, it seems that F_IOMMU_PLATFORM means that
> vhost has to do the translation (via IOTLB API).
Yes.
>
> Do I understand this correctly? If yes, I believe we should document
> this properly.
Good point. I think it was probably wrong to tie F_IOMMU_PLATFORM to
IOTLB API. Technically IOTLB can work with GPA->HVA mapping. I
originally use a dedicated feature bit (you can see that from commit
log), but for some reason Michael tweak it to virtio feature bit. I
guess it was probably because at that time there's no way to specify e.g
backend capability but now we have VHOST_GET_BACKEND_FEATURES.
For now, it was probably too late to fix that but document or we can add
the support of enabling IOTLB via new backend features.
>
> BTW I'm still not 100% on the purpose and semantics of the
> F_ACCESS_PLATFORM feature bit. But that is a different problem.
Yes, I aggree that we should decouple the features that does not belongs
to device (protected, encrypted, swiotlb etc) from F_IOMMU_PLATFORM. But
Michael and other have their points as well.
Thanks
>
> Regards,
> Halil
>
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
WARNING: multiple messages have this Message-ID (diff)
From: Jason Wang <jasowang-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Halil Pasic <pasic-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org>
Cc: linux-s390-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Janosch Frank <frankja-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org>,
"Michael S. Tsirkin"
<mst-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Cornelia Huck <cohuck-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Ram Pai <linuxram-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
virtualization-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
Christian Borntraeger
<borntraeger-tA70FqPdS9bQT0dZR+AlfA@public.gmane.org>,
iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
David Gibson
<david-xT8FGy+AXnRB3Ne2BGzF6laj5H9X9Tb+@public.gmane.org>,
Michael Mueller <mimu-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org>,
"Lendacky, Thomas" <Thomas.Lendacky-5C7GfCeVMHo@public.gmane.org>,
Viktor Mihajlovski
<mihajlov-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org>,
Robin Murphy <robin.murphy-5wv7dgnIgG8@public.gmane.org>,
Christoph Hellwig <hch-jcswGhMUV9g@public.gmane.org>
Subject: Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM
Date: Tue, 25 Feb 2020 11:30:16 +0800 [thread overview]
Message-ID: <1b2673e7-56ff-7d69-af2d-503a97408d95@redhat.com> (raw)
In-Reply-To: <20200224145607.2729f47b.pasic-tEXmvtCZX7AybS5Ee8rs3A@public.gmane.org>
On 2020/2/24 下午9:56, Halil Pasic wrote:
> On Mon, 24 Feb 2020 17:26:20 +0800
> Jason Wang <jasowang@redhat.com> wrote:
>
>> That's better.
>>
>> How about attached?
>>
>> Thanks
> Thanks Jason! It does avoid the translation overhead in vhost.
>
> Tested-by: Halil Pasic <pasic@linux.ibm.com>
>
> Regarding the code, you fence it in virtio-net.c, but AFAIU this feature
> has relevance for other vhost devices as well. E.g. what about vhost
> user? Would it be the responsibility of each virtio device to fence this
> on its own?
Yes, it looks to me it's better to do that in virtio_set_features_nocheck()
>
> I'm also a bit confused about the semantics of the vhost feature bit
> F_ACCESS_PLATFORM. What we have specified on virtio level is:
> """
> This feature indicates that the device can be used on a platform where
> device access to data in memory is limited and/or translated. E.g. this
> is the case if the device can be located behind an IOMMU that translates
> bus addresses from the device into physical addresses in memory, if the
> device can be limited to only access certain memory addresses or if
> special commands such as a cache flush can be needed to synchronise data
> in memory with the device. Whether accesses are actually limited or
> translated is described by platform-specific means. If this feature bit
> is set to 0, then the device has same access to memory addresses
> supplied to it as the driver has. In particular, the device will always
> use physical addresses matching addresses used by the driver (typically
> meaning physical addresses used by the CPU) and not translated further,
> and can access any address supplied to it by the driver. When clear,
> this overrides any platform-specific description of whether device
> access is limited or translated in any way, e.g. whether an IOMMU may be
> present.
> """
>
> I read this like the addresses may be IOVAs which require
> IMMU translation or GPAs which don't.
>
> On the vhost level however, it seems that F_IOMMU_PLATFORM means that
> vhost has to do the translation (via IOTLB API).
Yes.
>
> Do I understand this correctly? If yes, I believe we should document
> this properly.
Good point. I think it was probably wrong to tie F_IOMMU_PLATFORM to
IOTLB API. Technically IOTLB can work with GPA->HVA mapping. I
originally use a dedicated feature bit (you can see that from commit
log), but for some reason Michael tweak it to virtio feature bit. I
guess it was probably because at that time there's no way to specify e.g
backend capability but now we have VHOST_GET_BACKEND_FEATURES.
For now, it was probably too late to fix that but document or we can add
the support of enabling IOTLB via new backend features.
>
> BTW I'm still not 100% on the purpose and semantics of the
> F_ACCESS_PLATFORM feature bit. But that is a different problem.
Yes, I aggree that we should decouple the features that does not belongs
to device (protected, encrypted, swiotlb etc) from F_IOMMU_PLATFORM. But
Michael and other have their points as well.
Thanks
>
> Regards,
> Halil
>
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2020-02-25 3:30 UTC|newest]
Thread overview: 124+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-20 16:06 [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM Halil Pasic
2020-02-20 16:06 ` Halil Pasic
2020-02-20 16:06 ` [PATCH 1/2] mm: move force_dma_unencrypted() to mem_encrypt.h Halil Pasic
2020-02-20 16:06 ` Halil Pasic
2020-02-20 16:11 ` Christoph Hellwig
2020-02-20 16:11 ` Christoph Hellwig
2020-02-20 16:23 ` Christian Borntraeger
2020-02-20 16:23 ` Christian Borntraeger
2020-02-20 16:31 ` Christoph Hellwig
2020-02-20 16:31 ` Christoph Hellwig
2020-02-20 16:31 ` Christoph Hellwig
2020-02-20 17:00 ` Christian Borntraeger
2020-02-20 17:00 ` Christian Borntraeger
2020-02-21 3:27 ` David Gibson
2020-02-21 3:27 ` David Gibson
2020-02-21 13:06 ` Halil Pasic
2020-02-21 13:06 ` Halil Pasic
2020-02-21 15:48 ` Michael S. Tsirkin
2020-02-21 15:48 ` Michael S. Tsirkin
2020-02-21 18:07 ` Halil Pasic
2020-02-21 18:07 ` Halil Pasic
2020-02-24 3:33 ` David Gibson
2020-02-24 3:33 ` David Gibson
2020-02-24 18:49 ` Halil Pasic
2020-02-24 18:49 ` Halil Pasic
2020-02-25 18:08 ` Cornelia Huck
2020-02-25 18:08 ` Cornelia Huck
2020-02-28 0:23 ` David Gibson
2020-02-28 0:23 ` David Gibson
2020-02-20 16:06 ` [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected Halil Pasic
2020-02-20 16:06 ` Halil Pasic
2020-02-20 16:13 ` Christoph Hellwig
2020-02-20 16:13 ` Christoph Hellwig
2020-02-21 2:59 ` David Gibson
2020-02-21 2:59 ` David Gibson
2020-02-21 3:41 ` Jason Wang
2020-02-21 3:41 ` Jason Wang
2020-02-21 13:31 ` Halil Pasic
2020-02-21 13:31 ` Halil Pasic
2020-02-21 13:27 ` Halil Pasic
2020-02-21 13:27 ` Halil Pasic
2020-02-21 16:36 ` Christoph Hellwig
2020-02-21 16:36 ` Christoph Hellwig
2020-02-24 6:50 ` David Gibson
2020-02-24 6:50 ` David Gibson
2020-02-24 18:59 ` Halil Pasic
2020-02-24 18:59 ` Halil Pasic
2020-02-24 18:59 ` Halil Pasic
2020-02-21 14:33 ` Halil Pasic
2020-02-21 14:33 ` Halil Pasic
2020-02-21 16:39 ` Christoph Hellwig
2020-02-21 16:39 ` Christoph Hellwig
2020-02-21 18:16 ` Halil Pasic
2020-02-21 18:16 ` Halil Pasic
2020-02-21 18:16 ` Halil Pasic
2020-02-22 19:07 ` Michael S. Tsirkin
2020-02-22 19:07 ` Michael S. Tsirkin
2020-02-24 17:16 ` Christoph Hellwig
2020-02-24 17:16 ` Christoph Hellwig
2020-10-28 14:24 ` Alexander Graf via iommu
2020-10-28 18:01 ` Michael S. Tsirkin
2020-10-28 18:01 ` Michael S. Tsirkin
2020-10-28 18:01 ` Michael S. Tsirkin
2020-02-20 20:55 ` Michael S. Tsirkin
2020-02-20 20:55 ` Michael S. Tsirkin
2020-02-21 1:17 ` Ram Pai
2020-02-21 1:17 ` Ram Pai
2020-02-21 1:17 ` Ram Pai
2020-02-21 3:29 ` David Gibson
2020-02-21 3:29 ` David Gibson
2020-02-21 13:12 ` Halil Pasic
2020-02-21 13:12 ` Halil Pasic
2020-02-21 15:39 ` Tom Lendacky
2020-02-21 15:39 ` Tom Lendacky
2020-02-24 6:40 ` David Gibson
2020-02-24 6:40 ` David Gibson
2020-02-24 6:40 ` David Gibson
2020-02-21 15:56 ` Michael S. Tsirkin
2020-02-21 15:56 ` Michael S. Tsirkin
2020-02-21 16:35 ` Christoph Hellwig
2020-02-21 16:35 ` Christoph Hellwig
2020-02-21 18:03 ` Halil Pasic
2020-02-21 18:03 ` Halil Pasic
2020-02-20 20:48 ` [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM Michael S. Tsirkin
2020-02-20 20:48 ` Michael S. Tsirkin
2020-02-20 21:29 ` Michael S. Tsirkin
2020-02-20 21:29 ` Michael S. Tsirkin
2020-02-21 13:37 ` Halil Pasic
2020-02-21 13:37 ` Halil Pasic
2020-02-20 21:33 ` Michael S. Tsirkin
2020-02-20 21:33 ` Michael S. Tsirkin
2020-02-21 13:49 ` Halil Pasic
2020-02-21 13:49 ` Halil Pasic
2020-02-21 16:41 ` Christoph Hellwig
2020-02-21 16:41 ` Christoph Hellwig
2020-02-24 5:44 ` David Gibson
2020-02-24 5:44 ` David Gibson
2020-02-24 5:44 ` David Gibson
2020-02-21 6:22 ` Jason Wang
2020-02-21 6:22 ` Jason Wang
2020-02-21 14:56 ` Halil Pasic
2020-02-21 14:56 ` Halil Pasic
2020-02-24 3:38 ` David Gibson
2020-02-24 3:38 ` David Gibson
2020-02-24 4:01 ` Jason Wang
2020-02-24 4:01 ` Jason Wang
2020-02-24 4:01 ` Jason Wang
2020-02-24 6:06 ` Michael S. Tsirkin
2020-02-24 6:06 ` Michael S. Tsirkin
2020-02-24 6:45 ` Jason Wang
2020-02-24 6:45 ` Jason Wang
2020-02-24 7:48 ` Michael S. Tsirkin
2020-02-24 7:48 ` Michael S. Tsirkin
2020-02-24 9:26 ` Jason Wang
2020-02-24 9:26 ` Jason Wang
2020-02-24 13:40 ` Michael S. Tsirkin
2020-02-24 13:40 ` Michael S. Tsirkin
2020-02-25 3:38 ` Jason Wang
2020-02-25 3:38 ` Jason Wang
2020-02-24 13:56 ` Halil Pasic
2020-02-24 13:56 ` Halil Pasic
2020-02-25 3:30 ` Jason Wang [this message]
2020-02-25 3:30 ` Jason Wang
2020-02-25 3:30 ` Jason Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1b2673e7-56ff-7d69-af2d-503a97408d95@redhat.com \
--to=jasowang@redhat.com \
--cc=Thomas.Lendacky@amd.com \
--cc=bauerman@linux.ibm.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=frankja@linux.ibm.com \
--cc=hch@lst.de \
--cc=iommu@lists.linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linuxram@us.ibm.com \
--cc=m.szyprowski@samsung.com \
--cc=mihajlov@linux.ibm.com \
--cc=mimu@linux.ibm.com \
--cc=mst@redhat.com \
--cc=pasic@linux.ibm.com \
--cc=robin.murphy@arm.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.