IOMMU Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 0/2] virtio: Support encrypted memory on powerpc secure guests
@ 2019-10-12  1:25 Ram Pai
  2019-10-12  1:25 ` [PATCH 1/2] dma-mapping: Add dma_addr_is_phys_addr() Ram Pai
  2019-10-12  1:36 ` [PATCH 0/2] virtio: Support encrypted memory on powerpc secure guests Ram Pai
  0 siblings, 2 replies; 13+ messages in thread
From: Ram Pai @ 2019-10-12  1:25 UTC (permalink / raw)
  To: linux-kernel
  Cc: andmike, sukadev, b.zolnierkie, benh, jasowang, aik, linuxram,
	mdroth, virtualization, paulus, iommu, paul.burton, mpe,
	robin.murphy, linuxppc-dev, hch, david

 **We would like the patches to be merged through the virtio tree.  Please
 review, and ack merging the DMA mapping change through that tree. Thanks!**

 The memory of powerpc secure guests can't be accessed by the hypervisor /
 virtio device except for a few memory regions designated as 'shared'.
 
 At the moment, Linux uses bounce-buffering to communicate with the
 hypervisor, with a bounce buffer marked as shared. This is how the DMA API
 is implemented on this platform.
 
 In particular, the most convenient way to use virtio on this platform is by
 making virtio use the DMA API: in fact, this is exactly what happens if the
 virtio device exposes the flag VIRTIO_F_ACCESS_PLATFORM.  However, bugs in the
 hypervisor on the powerpc platform do not allow setting this flag, with some
 hypervisors already in the field that don't set this flag. At the moment they
 are forced to use emulated devices when guest is in secure mode; virtio is
 only useful when guest is not secure.
 
 Normally, both device and driver must support VIRTIO_F_ACCESS_PLATFORM:
 if one of them doesn't, the other mustn't assume it for communication
 to work.
 
 However, a guest-side work-around is possible to enable virtio
 for these hypervisors with guest in secure mode: it so happens that on
 powerpc secure platform the DMA address is actually a physical address -
 that of the bounce buffer. For these platforms we can make the virtio
 driver go through the DMA API even though the device itself ignores
 the DMA API.
 
 These patches implement this work around for virtio: we detect that
 - secure guest mode is enabled - so we know that since we don't share
   most memory and Hypervisor has not enabled VIRTIO_F_ACCESS_PLATFORM,
   regular virtio code won't work.
 - DMA API is giving us addresses that are actually also physical
   addresses.
 - Hypervisor has not enabled VIRTIO_F_ACCESS_PLATFORM.
 
 and if all conditions are true, we force all data through the bounce
 buffer.
 
 To put it another way, from hypervisor's point of view DMA API is
 not required: hypervisor would be happy to get access to all of guest
 memory. That's why it does not set VIRTIO_F_ACCESS_PLATFORM. However,
 guest decides that it does not trust the hypervisor and wants to force
 a bounce buffer for its own reasons.


Thiago Jung Bauermann (2):
  dma-mapping: Add dma_addr_is_phys_addr()
  virtio_ring: Use DMA API if memory is encrypted

 arch/powerpc/include/asm/dma-mapping.h | 21 +++++++++++++++++++++
 arch/powerpc/platforms/pseries/Kconfig |  1 +
 drivers/virtio/virtio.c                | 18 ++++++++++++++++++
 drivers/virtio/virtio_ring.c           |  8 ++++++++
 include/linux/dma-mapping.h            | 20 ++++++++++++++++++++
 include/linux/virtio_config.h          | 14 ++++++++++++++
 kernel/dma/Kconfig                     |  3 +++
 7 files changed, 85 insertions(+)

-- 
1.8.3.1

_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu

^ permalink raw reply	[flat|nested] 13+ messages in thread

end of thread, back to index

Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-12  1:25 [PATCH 0/2] virtio: Support encrypted memory on powerpc secure guests Ram Pai
2019-10-12  1:25 ` [PATCH 1/2] dma-mapping: Add dma_addr_is_phys_addr() Ram Pai
2019-10-12  1:25   ` [PATCH 2/2] virtio_ring: Use DMA API if memory is encrypted Ram Pai
2019-10-14  4:52     ` David Gibson
2019-10-15  7:35     ` Christoph Hellwig
2019-10-16  7:55       ` Ram Pai
2019-10-17  2:33       ` Jason Wang
2019-10-21  8:36       ` David Gibson
2019-10-14  4:51   ` [PATCH 1/2] dma-mapping: Add dma_addr_is_phys_addr() David Gibson
2019-10-14 10:29     ` Robin Murphy
2019-10-15  7:30       ` Ram Pai
2019-10-15  7:31       ` Christoph Hellwig
2019-10-12  1:36 ` [PATCH 0/2] virtio: Support encrypted memory on powerpc secure guests Ram Pai

IOMMU Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-iommu/0 linux-iommu/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-iommu linux-iommu/ https://lore.kernel.org/linux-iommu \
		iommu@lists.linux-foundation.org
	public-inbox-index linux-iommu

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.linux-foundation.lists.iommu


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git