On Mon, Jul 30, 2018 at 04:26:32PM +0300, Michael S. Tsirkin wrote:> Real hardware would reuse parts of the interface but by necessity it > needs to behave slightly differently on some platforms. However for > some platforms (such as x86) a PV virtio driver will by luck work with a > PCI device backend without changes. As these platforms and drivers are > widely deployed, some people will deploy hardware like that. Should be > a non issue as by definition it's transparent to guests.On some x86. As soon as you have an iommu or strange PCI root ports things are going to start breaking apart.> > And that very much excludes arch-specific (or > > Xen-specific) overrides. > > We already committed to a xen specific hack but generally I prefer > devices that describe how they work instead of platforms magically > guessing, yes.For legacy reasons I guess we'll have to keep it, but we really need to avoid adding more junk than this.> However the question people raise is that DMA API is already full of > arch-specific tricks the likes of which are outlined in your post linked > above. How is this one much worse?None of these warts is visible to the driver, they are all handled in the architecture (possibly on a per-bus basis). So for virtio we really need to decide if it has one set of behavior as specified in the virtio spec, or if it behaves exactly as if it was on a PCI bus, or in fact probably both as you lined up. But no magic arch specific behavior inbetween.
Benjamin Herrenschmidt
2018-Jul-31 20:36 UTC
[RFC 0/4] Virtio uses DMA API for all devices
On Tue, 2018-07-31 at 10:30 -0700, Christoph Hellwig wrote:> > However the question people raise is that DMA API is already full of > > arch-specific tricks the likes of which are outlined in your post linked > > above. How is this one much worse? > > None of these warts is visible to the driver, they are all handled in > the architecture (possibly on a per-bus basis). > > So for virtio we really need to decide if it has one set of behavior > as specified in the virtio spec, or if it behaves exactly as if it > was on a PCI bus, or in fact probably both as you lined up. But no > magic arch specific behavior inbetween.The only arch specific behaviour is needed in the case where it doesn't behave like PCI. In this case, the PCI DMA ops are not suitable, but in our secure VMs, we still need to make it use swiotlb in order to bounce through non-secure pages. It would be nice if "real PCI" was the default but it's not, VMs are created in "legacy" mode all the times and we don't know at VM creation time whether it will become a secure VM or not. The way our secure VMs work is that they start as a normal VM, load a secure "payload" and call the Ultravisor to "become" secure. So we're in a bit of a bind here. We need that one-liner optional arch hook to make virtio use swiotlb in that "IOMMU bypass" case. Ben.
On Tue, Jul 31, 2018 at 03:36:22PM -0500, Benjamin Herrenschmidt wrote:> On Tue, 2018-07-31 at 10:30 -0700, Christoph Hellwig wrote: > > > However the question people raise is that DMA API is already full of > > > arch-specific tricks the likes of which are outlined in your post linked > > > above. How is this one much worse? > > > > None of these warts is visible to the driver, they are all handled in > > the architecture (possibly on a per-bus basis). > > > > So for virtio we really need to decide if it has one set of behavior > > as specified in the virtio spec, or if it behaves exactly as if it > > was on a PCI bus, or in fact probably both as you lined up. But no > > magic arch specific behavior inbetween. > > The only arch specific behaviour is needed in the case where it doesn't > behave like PCI. In this case, the PCI DMA ops are not suitable, but in > our secure VMs, we still need to make it use swiotlb in order to bounce > through non-secure pages.On arm/arm64, the problem we have is that legacy virtio devices on the MMIO transport (so definitely not PCI) have historically been advertised by qemu as not being cache coherent, but because the virtio core has bypassed DMA ops then everything has happened to work. If we blindly enable the arch DMA ops, we'll plumb in the non-coherent ops and start getting data corruption, so we do need a way to quirk virtio as being "always coherent" if we want to use the DMA ops (which we do, because our emulation platforms have an IOMMU for all virtio devices). Will
On Tue, Jul 31, 2018 at 03:36:22PM -0500, Benjamin Herrenschmidt wrote:> On Tue, 2018-07-31 at 10:30 -0700, Christoph Hellwig wrote: > > > However the question people raise is that DMA API is already full of > > > arch-specific tricks the likes of which are outlined in your post linked > > > above. How is this one much worse? > > > > None of these warts is visible to the driver, they are all handled in > > the architecture (possibly on a per-bus basis). > > > > So for virtio we really need to decide if it has one set of behavior > > as specified in the virtio spec, or if it behaves exactly as if it > > was on a PCI bus, or in fact probably both as you lined up. But no > > magic arch specific behavior inbetween. > > The only arch specific behaviour is needed in the case where it doesn't > behave like PCI. In this case, the PCI DMA ops are not suitable, but in > our secure VMs, we still need to make it use swiotlb in order to bounce > through non-secure pages. > > It would be nice if "real PCI" was the defaultI think you are mixing "real PCI" which isn't coded up yet and IOMMU bypass which is. IOMMU bypass will maybe with time become unnecessary since it seems that one can just program an IOMMU in a bypass mode instead. It's hard to blame you since right now if you disable IOMMU bypass you get a real PCI mode. But they are distinct and to allow people to enable IOMMU by default we will need to teach someone (virtio or DMA API) about this mode that does follow translation and protection rules in the IOMMU but runs on a CPU and so does not need cache flushes and whatnot. OTOH real PCI mode as opposed to default hypervisor mode does not perform as well when what you actually have is a hypervisor. So we'll likely have a mix of these two modes for a while.> but it's not, VMs are > created in "legacy" mode all the times and we don't know at VM creation > time whether it will become a secure VM or not. The way our secure VMs > work is that they start as a normal VM, load a secure "payload" and > call the Ultravisor to "become" secure. > > So we're in a bit of a bind here. We need that one-liner optional arch > hook to make virtio use swiotlb in that "IOMMU bypass" case. > > Ben.And just to make sure I understand, on your platform DMA APIs do include some of the cache flushing tricks and this is why you don't want to declare iommu support in the hypervisor? -- MST