From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933491AbcDSQUQ (ORCPT ); Tue, 19 Apr 2016 12:20:16 -0400 Received: from mx1.redhat.com ([209.132.183.28]:35081 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932860AbcDSQUO (ORCPT ); Tue, 19 Apr 2016 12:20:14 -0400 Date: Tue, 19 Apr 2016 19:20:08 +0300 From: "Michael S. Tsirkin" To: Andy Lutomirski Cc: David Woodhouse , "qemu-devel@nongnu.org Developers" , "linux-kernel@vger.kernel.org" , Paolo Bonzini , peterx@redhat.com, Cornelia Huck , Stefan Hajnoczi , Kevin Wolf , Amit Shah , qemu-block@nongnu.org, Jason Wang , Alex Williamson , Andy Lutomirski , Christian Borntraeger , Wei Liu , Linux Virtualization , kvm list Subject: Re: [PATCH RFC] fixup! virtio: convert to use DMA api Message-ID: <20160419191914-mutt-send-email-mst@redhat.com> References: <1460992923.3765.8.camel@infradead.org> <20160418182320-mutt-send-email-mst@redhat.com> <1460994701.3765.23.camel@infradead.org> <20160418190203-mutt-send-email-mst@redhat.com> <1461004173.3765.73.camel@infradead.org> <20160419130732-mutt-send-email-mst@redhat.com> <20160419190520-mutt-send-email-mst@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 19, 2016 at 09:12:03AM -0700, Andy Lutomirski wrote: > On Tue, Apr 19, 2016 at 9:09 AM, Michael S. Tsirkin wrote: > > On Tue, Apr 19, 2016 at 09:02:14AM -0700, Andy Lutomirski wrote: > >> On Tue, Apr 19, 2016 at 3:27 AM, Michael S. Tsirkin wrote: > >> > On Mon, Apr 18, 2016 at 12:24:15PM -0700, Andy Lutomirski wrote: > >> >> On Mon, Apr 18, 2016 at 11:29 AM, David Woodhouse wrote: > >> >> > For x86, you *can* enable virtio-behind-IOMMU if your DMAR tables tell > >> >> > the truth, and even legacy kernels ought to cope with that. > >> >> > FSVO 'ought to' where I suspect some of them will actually crash with a > >> >> > NULL pointer dereference if there's no "catch-all" DMAR unit in the > >> >> > tables, which puts it back into the same camp as ARM and Power. > >> >> > >> >> I think x86 may get a bit of a free pass here. AFAIK the QEMU IOMMU > >> >> implementation on x86 has always been "experimental", so it just might > >> >> be okay to change it in a way that causes some older kernels to OOPS. > >> >> > >> >> --Andy > >> > > >> > Since it's experimental, it might be OK to change *guest kernels* > >> > such that they oops on old QEMU. > >> > But guest kernels were not experimental - so we need a QEMU mode that > >> > makes them work fine. The more functionality is available in this QEMU > >> > mode, the betterm because it's going to be the default for a while. For > >> > the same reason, it is preferable to also have new kernels not crash in > >> > this mode. > >> > > >> > >> People add QEMU features that need new guest kernels all time time. > >> If you enable virtio-scsi and try to boot a guest that's too old, it > >> won't work. So I don't see anything fundamentally wrong with saying > >> that the non-experimental QEMU Q35 IOMMU mode won't boot if the guest > >> kernel is too old. It might be annoying, since old kernels do work on > >> actual Q35 hardware, but it at least seems to be that it might be > >> okay. > >> > >> --Andy > > > > Yes but we need a mode that makes both old and new kernels work, and > > that should be the default for a while. this is what the > > IOMMU_PASSTHROUGH flag was about: old kernels ignore it and bypass DMA > > API, new kernels go "oh compatibility mode" and bypass the IOMMU > > within DMA API. > > I thought that PLATFORM served that purpose. Woudn't the host > advertise PLATFORM support and, if the guest doesn't ack it, the host > device would skip translation? Or is that problematic for vfio? Exactly that's problematic for security. You can't allow guest driver to decide whether device skips security. > > > > -- > > MST > > > > -- > Andy Lutomirski > AMA Capital Management, LLC From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Michael S. Tsirkin" Subject: Re: [PATCH RFC] fixup! virtio: convert to use DMA api Date: Tue, 19 Apr 2016 19:20:08 +0300 Message-ID: <20160419191914-mutt-send-email-mst@redhat.com> References: <1460992923.3765.8.camel@infradead.org> <20160418182320-mutt-send-email-mst@redhat.com> <1460994701.3765.23.camel@infradead.org> <20160418190203-mutt-send-email-mst@redhat.com> <1461004173.3765.73.camel@infradead.org> <20160419130732-mutt-send-email-mst@redhat.com> <20160419190520-mutt-send-email-mst@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: Wei Liu , Andy Lutomirski , qemu-block@nongnu.org, Christian Borntraeger , "qemu-devel@nongnu.org Developers" , peterx@redhat.com, "linux-kernel@vger.kernel.org" , Amit Shah , Stefan Hajnoczi , kvm list , Paolo Bonzini , Linux Virtualization , David Woodhouse To: Andy Lutomirski Return-path: Content-Disposition: inline In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: virtualization-bounces@lists.linux-foundation.org Errors-To: virtualization-bounces@lists.linux-foundation.org List-Id: kvm.vger.kernel.org On Tue, Apr 19, 2016 at 09:12:03AM -0700, Andy Lutomirski wrote: > On Tue, Apr 19, 2016 at 9:09 AM, Michael S. Tsirkin wrote: > > On Tue, Apr 19, 2016 at 09:02:14AM -0700, Andy Lutomirski wrote: > >> On Tue, Apr 19, 2016 at 3:27 AM, Michael S. Tsirkin wrote: > >> > On Mon, Apr 18, 2016 at 12:24:15PM -0700, Andy Lutomirski wrote: > >> >> On Mon, Apr 18, 2016 at 11:29 AM, David Woodhouse wrote: > >> >> > For x86, you *can* enable virtio-behind-IOMMU if your DMAR tables tell > >> >> > the truth, and even legacy kernels ought to cope with that. > >> >> > FSVO 'ought to' where I suspect some of them will actually crash with a > >> >> > NULL pointer dereference if there's no "catch-all" DMAR unit in the > >> >> > tables, which puts it back into the same camp as ARM and Power. > >> >> > >> >> I think x86 may get a bit of a free pass here. AFAIK the QEMU IOMMU > >> >> implementation on x86 has always been "experimental", so it just might > >> >> be okay to change it in a way that causes some older kernels to OOPS. > >> >> > >> >> --Andy > >> > > >> > Since it's experimental, it might be OK to change *guest kernels* > >> > such that they oops on old QEMU. > >> > But guest kernels were not experimental - so we need a QEMU mode that > >> > makes them work fine. The more functionality is available in this QEMU > >> > mode, the betterm because it's going to be the default for a while. For > >> > the same reason, it is preferable to also have new kernels not crash in > >> > this mode. > >> > > >> > >> People add QEMU features that need new guest kernels all time time. > >> If you enable virtio-scsi and try to boot a guest that's too old, it > >> won't work. So I don't see anything fundamentally wrong with saying > >> that the non-experimental QEMU Q35 IOMMU mode won't boot if the guest > >> kernel is too old. It might be annoying, since old kernels do work on > >> actual Q35 hardware, but it at least seems to be that it might be > >> okay. > >> > >> --Andy > > > > Yes but we need a mode that makes both old and new kernels work, and > > that should be the default for a while. this is what the > > IOMMU_PASSTHROUGH flag was about: old kernels ignore it and bypass DMA > > API, new kernels go "oh compatibility mode" and bypass the IOMMU > > within DMA API. > > I thought that PLATFORM served that purpose. Woudn't the host > advertise PLATFORM support and, if the guest doesn't ack it, the host > device would skip translation? Or is that problematic for vfio? Exactly that's problematic for security. You can't allow guest driver to decide whether device skips security. > > > > -- > > MST > > > > -- > Andy Lutomirski > AMA Capital Management, LLC From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54622) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1asYNx-0002ZS-2O for qemu-devel@nongnu.org; Tue, 19 Apr 2016 12:20:22 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1asYNw-0000Jl-3Z for qemu-devel@nongnu.org; Tue, 19 Apr 2016 12:20:20 -0400 Date: Tue, 19 Apr 2016 19:20:08 +0300 From: "Michael S. Tsirkin" Message-ID: <20160419191914-mutt-send-email-mst@redhat.com> References: <1460992923.3765.8.camel@infradead.org> <20160418182320-mutt-send-email-mst@redhat.com> <1460994701.3765.23.camel@infradead.org> <20160418190203-mutt-send-email-mst@redhat.com> <1461004173.3765.73.camel@infradead.org> <20160419130732-mutt-send-email-mst@redhat.com> <20160419190520-mutt-send-email-mst@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [Qemu-devel] [PATCH RFC] fixup! virtio: convert to use DMA api List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Andy Lutomirski Cc: David Woodhouse , "qemu-devel@nongnu.org Developers" , "linux-kernel@vger.kernel.org" , Paolo Bonzini , peterx@redhat.com, Cornelia Huck , Stefan Hajnoczi , Kevin Wolf , Amit Shah , qemu-block@nongnu.org, Jason Wang , Alex Williamson , Andy Lutomirski , Christian Borntraeger , Wei Liu , Linux Virtualization , kvm list On Tue, Apr 19, 2016 at 09:12:03AM -0700, Andy Lutomirski wrote: > On Tue, Apr 19, 2016 at 9:09 AM, Michael S. Tsirkin wrote: > > On Tue, Apr 19, 2016 at 09:02:14AM -0700, Andy Lutomirski wrote: > >> On Tue, Apr 19, 2016 at 3:27 AM, Michael S. Tsirkin wrote: > >> > On Mon, Apr 18, 2016 at 12:24:15PM -0700, Andy Lutomirski wrote: > >> >> On Mon, Apr 18, 2016 at 11:29 AM, David Woodhouse wrote: > >> >> > For x86, you *can* enable virtio-behind-IOMMU if your DMAR tables tell > >> >> > the truth, and even legacy kernels ought to cope with that. > >> >> > FSVO 'ought to' where I suspect some of them will actually crash with a > >> >> > NULL pointer dereference if there's no "catch-all" DMAR unit in the > >> >> > tables, which puts it back into the same camp as ARM and Power. > >> >> > >> >> I think x86 may get a bit of a free pass here. AFAIK the QEMU IOMMU > >> >> implementation on x86 has always been "experimental", so it just might > >> >> be okay to change it in a way that causes some older kernels to OOPS. > >> >> > >> >> --Andy > >> > > >> > Since it's experimental, it might be OK to change *guest kernels* > >> > such that they oops on old QEMU. > >> > But guest kernels were not experimental - so we need a QEMU mode that > >> > makes them work fine. The more functionality is available in this QEMU > >> > mode, the betterm because it's going to be the default for a while. For > >> > the same reason, it is preferable to also have new kernels not crash in > >> > this mode. > >> > > >> > >> People add QEMU features that need new guest kernels all time time. > >> If you enable virtio-scsi and try to boot a guest that's too old, it > >> won't work. So I don't see anything fundamentally wrong with saying > >> that the non-experimental QEMU Q35 IOMMU mode won't boot if the guest > >> kernel is too old. It might be annoying, since old kernels do work on > >> actual Q35 hardware, but it at least seems to be that it might be > >> okay. > >> > >> --Andy > > > > Yes but we need a mode that makes both old and new kernels work, and > > that should be the default for a while. this is what the > > IOMMU_PASSTHROUGH flag was about: old kernels ignore it and bypass DMA > > API, new kernels go "oh compatibility mode" and bypass the IOMMU > > within DMA API. > > I thought that PLATFORM served that purpose. Woudn't the host > advertise PLATFORM support and, if the guest doesn't ack it, the host > device would skip translation? Or is that problematic for vfio? Exactly that's problematic for security. You can't allow guest driver to decide whether device skips security. > > > > -- > > MST > > > > -- > Andy Lutomirski > AMA Capital Management, LLC