All of lore.kernel.org
 help / color / mirror / Atom feed
From: David Gibson <david@gibson.dropbear.id.au>
To: groug@kaod.org, pair@us.ibm.com, qemu-devel@nongnu.org, clg@kaod.org
Cc: mst@redhat.com, aik@ozlabs.ru, paulus@samba.org,
	mdroth@us.ibm.com, qemu-ppc@nongnu.org,
	David Gibson <david@gibson.dropbear.id.au>
Subject: [PATCH v3 2/2] spapr: Enable virtio iommu_platform=on by default
Date: Thu,  5 Mar 2020 15:30:09 +1100	[thread overview]
Message-ID: <20200305043009.611636-3-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20200305043009.611636-1-david@gibson.dropbear.id.au>

Traditionally, virtio devices don't do DMA by the usual path on the
guest platform.  In particular they usually bypass any virtual IOMMU
the guest has, using hypervisor magic to access untranslated guest
physical addresses.

There's now the optional iommu_platform flag which can tell virtio
devices to use the platform's normal DMA path, including any IOMMUs.
That flag was motiviated for the case of hardware virtio
implementations, but there are other reasons to want it.

Specifically, the fact that the virtio device doesn't use vIOMMU
translation means that virtio devices are unsafe to pass to nested
guests, or to use with VFIO userspace drivers inside the guest.  This
is particularly noticeable on the pseries platform which *always* has
a guest-visible vIOMMU.

Not using the normal DMA path also causes difficulties for the guest
side driver when using the upcoming POWER Secure VMs (a.k.a. PEF).
While it's theoretically possible to handle this on the guest side,
it's really fiddly.  Given the other problems with the non-translated
virtio device, let's just enable vIOMMU translation for virtio devices
by default in the pseries-5.0 (and later) machine types.

This does mean the new machine type will no longer support guest
kernels older than 4.8, unless they have support for the virtio
IOMMU_PLATFORM flag backported (which some distro kernels like RHEL7
do).

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 hw/ppc/spapr.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 3cfc98ac61..5ef099536e 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -4575,6 +4575,7 @@ static void spapr_machine_latest_class_options(MachineClass *mc)
      */
     static GlobalProperty compat[] = {
         { TYPE_VIRTIO_PCI, "disable-legacy", "on", },
+        { TYPE_VIRTIO_DEVICE, "iommu_platform", "on", },
     };
 
     mc->alias = "pseries";
@@ -4622,6 +4623,7 @@ static void spapr_machine_4_2_class_options(MachineClass *mc)
     SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
     static GlobalProperty compat[] = {
         { TYPE_VIRTIO_PCI, "disable-legacy", "auto" },
+        { TYPE_VIRTIO_DEVICE, "iommu_platform", "off", },
     };
 
     spapr_machine_5_0_class_options(mc);
-- 
2.24.1



  parent reply	other threads:[~2020-03-05  4:31 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-05  4:30 [PATCH v3 0/2] spapr: Use vIOMMU translation for virtio by default David Gibson
2020-03-05  4:30 ` [PATCH v3 1/2] spapr: Disable legacy virtio devices for pseries-5.0 and later David Gibson
2020-03-05 10:31   ` Greg Kurz
2020-03-10  9:43     ` Greg Kurz
2020-03-10  9:57       ` Michael S. Tsirkin
2020-03-10 11:03       ` Michael S. Tsirkin
2020-03-10 12:24         ` Greg Kurz
2020-03-10 11:56   ` Daniel P. Berrangé
2020-03-11  0:58     ` David Gibson
2020-03-11  7:11       ` Michael S. Tsirkin
2020-03-12  1:14         ` David Gibson
2020-03-12  6:41           ` Michael S. Tsirkin
2020-03-05  4:30 ` David Gibson [this message]
2020-03-05 11:59   ` [PATCH v3 2/2] spapr: Enable virtio iommu_platform=on by default Greg Kurz
2020-03-10 10:43     ` Greg Kurz
2020-03-12  4:14       ` Alexey Kardashevskiy
2020-03-12  8:02         ` Greg Kurz
2020-03-10 11:43 ` Upstream QEMU guest support policy ? Re: [PATCH v3 0/2] spapr: Use vIOMMU translation for virtio " Daniel P. Berrangé
2020-03-11  1:12   ` David Gibson
2020-03-11  7:33     ` Michael S. Tsirkin
2020-03-12  1:10       ` David Gibson
2020-03-12  6:32         ` Michael S. Tsirkin
2020-03-16  3:06           ` David Gibson
2020-03-11 10:01     ` Daniel P. Berrangé
2020-03-11 11:48       ` Michael S. Tsirkin
2020-03-12  1:09         ` David Gibson
2020-03-12  1:08       ` David Gibson
2020-03-12  9:47         ` Daniel P. Berrangé
2020-03-11 17:19 ` Greg Kurz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200305043009.611636-3-david@gibson.dropbear.id.au \
    --to=david@gibson.dropbear.id.au \
    --cc=aik@ozlabs.ru \
    --cc=clg@kaod.org \
    --cc=groug@kaod.org \
    --cc=mdroth@us.ibm.com \
    --cc=mst@redhat.com \
    --cc=pair@us.ibm.com \
    --cc=paulus@samba.org \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-ppc@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.