On Fri, Dec 04, 2020 at 03:43:10PM +0100, Halil Pasic wrote: > On Fri, 4 Dec 2020 09:29:59 +0100 > Christian Borntraeger wrote: > > > On 04.12.20 09:17, Cornelia Huck wrote: > > > On Fri, 4 Dec 2020 09:10:36 +0100 > > > Christian Borntraeger wrote: > > > > > >> On 04.12.20 06:44, David Gibson wrote: > > >>> The default behaviour for virtio devices is not to use the platforms normal > > >>> DMA paths, but instead to use the fact that it's running in a hypervisor > > >>> to directly access guest memory. That doesn't work if the guest's memory > > >>> is protected from hypervisor access, such as with AMD's SEV or POWER's PEF. > > >>> > > >>> So, if a securable guest memory mechanism is enabled, then apply the > > >>> iommu_platform=on option so it will go through normal DMA mechanisms. > > >>> Those will presumably have some way of marking memory as shared with > > >>> the hypervisor or hardware so that DMA will work. > > >>> > > >>> Signed-off-by: David Gibson > > >>> Reviewed-by: Dr. David Alan Gilbert > > >>> --- > > >>> hw/core/machine.c | 13 +++++++++++++ > > >>> 1 file changed, 13 insertions(+) > > >>> > > >>> diff --git a/hw/core/machine.c b/hw/core/machine.c > > >>> index a67a27d03c..d16273d75d 100644 > > >>> --- a/hw/core/machine.c > > >>> +++ b/hw/core/machine.c > > >>> @@ -28,6 +28,8 @@ > > >>> #include "hw/mem/nvdimm.h" > > >>> #include "migration/vmstate.h" > > >>> #include "exec/securable-guest-memory.h" > > >>> +#include "hw/virtio/virtio.h" > > >>> +#include "hw/virtio/virtio-pci.h" > > >>> > > >>> GlobalProperty hw_compat_5_1[] = { > > >>> { "vhost-scsi", "num_queues", "1"}, > > >>> @@ -1169,6 +1171,17 @@ void machine_run_board_init(MachineState *machine) > > >>> * areas. > > >>> */ > > >>> machine_set_mem_merge(OBJECT(machine), false, &error_abort); > > >>> + > > >>> + /* > > >>> + * Virtio devices can't count on directly accessing guest > > >>> + * memory, so they need iommu_platform=on to use normal DMA > > >>> + * mechanisms. That requires also disabling legacy virtio > > >>> + * support for those virtio pci devices which allow it. > > >>> + */ > > >>> + object_register_sugar_prop(TYPE_VIRTIO_PCI, "disable-legacy", > > >>> + "on", true); > > >>> + object_register_sugar_prop(TYPE_VIRTIO_DEVICE, "iommu_platform", > > >>> + "on", false); > > >> > > >> I have not followed all the history (sorry). Should we also set iommu_platform > > >> for virtio-ccw? Halil? > > >> > > > > > > That line should add iommu_platform for all virtio devices, shouldn't > > > it? > > > > Yes, sorry. Was misreading that with the line above. > > > > I believe this is the best we can get. In a sense it is still a > pessimization, I'm not really clear on what you're getting at here. > but it is a big usability improvement compared to having > to set iommu_platform manually. > > Regards, > Halil > -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson