From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754607AbcDSSCC (ORCPT ); Tue, 19 Apr 2016 14:02:02 -0400 Received: from mail-oi0-f42.google.com ([209.85.218.42]:36268 "EHLO mail-oi0-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753332AbcDSSB7 (ORCPT ); Tue, 19 Apr 2016 14:01:59 -0400 MIME-Version: 1.0 In-Reply-To: <20160419204907-mutt-send-email-mst@redhat.com> References: <1460994701.3765.23.camel@infradead.org> <20160418190203-mutt-send-email-mst@redhat.com> <1461004173.3765.73.camel@infradead.org> <20160419130732-mutt-send-email-mst@redhat.com> <20160419190520-mutt-send-email-mst@redhat.com> <20160419191914-mutt-send-email-mst@redhat.com> <1461083204.20056.8.camel@infradead.org> <20160419204907-mutt-send-email-mst@redhat.com> From: Andy Lutomirski Date: Tue, 19 Apr 2016 11:01:38 -0700 Message-ID: Subject: Re: [PATCH RFC] fixup! virtio: convert to use DMA api To: "Michael S. Tsirkin" Cc: David Woodhouse , "qemu-devel@nongnu.org Developers" , "linux-kernel@vger.kernel.org" , Paolo Bonzini , peterx@redhat.com, Cornelia Huck , Stefan Hajnoczi , Kevin Wolf , Amit Shah , qemu-block@nongnu.org, Jason Wang , Alex Williamson , Andy Lutomirski , Christian Borntraeger , Wei Liu , Linux Virtualization , kvm list Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 19, 2016 at 10:49 AM, Michael S. Tsirkin wrote: > On Tue, Apr 19, 2016 at 12:26:44PM -0400, David Woodhouse wrote: >> On Tue, 2016-04-19 at 19:20 +0300, Michael S. Tsirkin wrote: >> > >> > > I thought that PLATFORM served that purpose. Woudn't the host >> > > advertise PLATFORM support and, if the guest doesn't ack it, the host >> > > device would skip translation? Or is that problematic for vfio? >> > >> > Exactly that's problematic for security. >> > You can't allow guest driver to decide whether device skips security. >> >> Right. Because fundamentally, this *isn't* a property of the endpoint >> device, and doesn't live in virtio itself. >> >> It's a property of the platform IOMMU, and lives there. > > It's a property of the hypervisor virtio implementation, and lives there. It is now, but QEMU could, in principle, change the way it thinks about it so that virtio devices would use the QEMU DMA API but ask QEMU to pass everything through 1:1. This would be entirely invisible to guests but would make it be a property of the IOMMU implementation. At that point, maybe QEMU could find a (platform dependent) way to tell the guest what's going on. FWIW, as far as I can tell, PPC and SPARC really could, in principle, set up 1:1 mappings in the guest so that the virtio devices would work regardless of whether QEMU is ignoring the IOMMU or not -- I think the only obstacle is that the PPC and SPARC 1:1 mappings are currectly set up with an offset. I don't know too much about those platforms, but presumably the layout could be changed so that 1:1 really was 1:1. --Andy From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Lutomirski Subject: Re: [PATCH RFC] fixup! virtio: convert to use DMA api Date: Tue, 19 Apr 2016 11:01:38 -0700 Message-ID: References: <1460994701.3765.23.camel@infradead.org> <20160418190203-mutt-send-email-mst@redhat.com> <1461004173.3765.73.camel@infradead.org> <20160419130732-mutt-send-email-mst@redhat.com> <20160419190520-mutt-send-email-mst@redhat.com> <20160419191914-mutt-send-email-mst@redhat.com> <1461083204.20056.8.camel@infradead.org> <20160419204907-mutt-send-email-mst@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Cc: Kevin Wolf , Wei Liu , Andy Lutomirski , qemu-block@nongnu.org, Christian Borntraeger , Jason Wang , "qemu-devel@nongnu.org Developers" , peterx@redhat.com, "linux-kernel@vger.kernel.org" , Amit Shah , Alex Williamson , Stefan Hajnoczi , kvm list , Cornelia Huck , Paolo Bonzini , Linux Virtualization , David Woodhouse To: "Michael S. Tsirkin" Return-path: In-Reply-To: <20160419204907-mutt-send-email-mst@redhat.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-block-bounces+gceqb-qemu-block=m.gmane.org@nongnu.org Sender: "Qemu-block" List-Id: kvm.vger.kernel.org On Tue, Apr 19, 2016 at 10:49 AM, Michael S. Tsirkin wrote: > On Tue, Apr 19, 2016 at 12:26:44PM -0400, David Woodhouse wrote: >> On Tue, 2016-04-19 at 19:20 +0300, Michael S. Tsirkin wrote: >> > >> > > I thought that PLATFORM served that purpose. Woudn't the host >> > > advertise PLATFORM support and, if the guest doesn't ack it, the host >> > > device would skip translation? Or is that problematic for vfio? >> > >> > Exactly that's problematic for security. >> > You can't allow guest driver to decide whether device skips security. >> >> Right. Because fundamentally, this *isn't* a property of the endpoint >> device, and doesn't live in virtio itself. >> >> It's a property of the platform IOMMU, and lives there. > > It's a property of the hypervisor virtio implementation, and lives there. It is now, but QEMU could, in principle, change the way it thinks about it so that virtio devices would use the QEMU DMA API but ask QEMU to pass everything through 1:1. This would be entirely invisible to guests but would make it be a property of the IOMMU implementation. At that point, maybe QEMU could find a (platform dependent) way to tell the guest what's going on. FWIW, as far as I can tell, PPC and SPARC really could, in principle, set up 1:1 mappings in the guest so that the virtio devices would work regardless of whether QEMU is ignoring the IOMMU or not -- I think the only obstacle is that the PPC and SPARC 1:1 mappings are currectly set up with an offset. I don't know too much about those platforms, but presumably the layout could be changed so that 1:1 really was 1:1. --Andy From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59623) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1asZyL-0001jQ-CL for qemu-devel@nongnu.org; Tue, 19 Apr 2016 14:02:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1asZyK-0007MQ-Eo for qemu-devel@nongnu.org; Tue, 19 Apr 2016 14:02:01 -0400 Received: from mail-oi0-x236.google.com ([2607:f8b0:4003:c06::236]:35686) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1asZyK-0007Lv-9e for qemu-devel@nongnu.org; Tue, 19 Apr 2016 14:02:00 -0400 Received: by mail-oi0-x236.google.com with SMTP id p188so19087498oih.2 for ; Tue, 19 Apr 2016 11:01:58 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <20160419204907-mutt-send-email-mst@redhat.com> References: <1460994701.3765.23.camel@infradead.org> <20160418190203-mutt-send-email-mst@redhat.com> <1461004173.3765.73.camel@infradead.org> <20160419130732-mutt-send-email-mst@redhat.com> <20160419190520-mutt-send-email-mst@redhat.com> <20160419191914-mutt-send-email-mst@redhat.com> <1461083204.20056.8.camel@infradead.org> <20160419204907-mutt-send-email-mst@redhat.com> From: Andy Lutomirski Date: Tue, 19 Apr 2016 11:01:38 -0700 Message-ID: Content-Type: text/plain; charset=UTF-8 Subject: Re: [Qemu-devel] [PATCH RFC] fixup! virtio: convert to use DMA api List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Michael S. Tsirkin" Cc: David Woodhouse , "qemu-devel@nongnu.org Developers" , "linux-kernel@vger.kernel.org" , Paolo Bonzini , peterx@redhat.com, Cornelia Huck , Stefan Hajnoczi , Kevin Wolf , Amit Shah , qemu-block@nongnu.org, Jason Wang , Alex Williamson , Andy Lutomirski , Christian Borntraeger , Wei Liu , Linux Virtualization , kvm list On Tue, Apr 19, 2016 at 10:49 AM, Michael S. Tsirkin wrote: > On Tue, Apr 19, 2016 at 12:26:44PM -0400, David Woodhouse wrote: >> On Tue, 2016-04-19 at 19:20 +0300, Michael S. Tsirkin wrote: >> > >> > > I thought that PLATFORM served that purpose. Woudn't the host >> > > advertise PLATFORM support and, if the guest doesn't ack it, the host >> > > device would skip translation? Or is that problematic for vfio? >> > >> > Exactly that's problematic for security. >> > You can't allow guest driver to decide whether device skips security. >> >> Right. Because fundamentally, this *isn't* a property of the endpoint >> device, and doesn't live in virtio itself. >> >> It's a property of the platform IOMMU, and lives there. > > It's a property of the hypervisor virtio implementation, and lives there. It is now, but QEMU could, in principle, change the way it thinks about it so that virtio devices would use the QEMU DMA API but ask QEMU to pass everything through 1:1. This would be entirely invisible to guests but would make it be a property of the IOMMU implementation. At that point, maybe QEMU could find a (platform dependent) way to tell the guest what's going on. FWIW, as far as I can tell, PPC and SPARC really could, in principle, set up 1:1 mappings in the guest so that the virtio devices would work regardless of whether QEMU is ignoring the IOMMU or not -- I think the only obstacle is that the PPC and SPARC 1:1 mappings are currectly set up with an offset. I don't know too much about those platforms, but presumably the layout could be changed so that 1:1 really was 1:1. --Andy