Benjamin Herrenschmidt
2018-Aug-07 06:42 UTC
[RFC 0/4] Virtio uses DMA API for all devices
On Mon, 2018-08-06 at 23:21 -0700, Christoph Hellwig wrote:> On Tue, Aug 07, 2018 at 05:52:12AM +1000, Benjamin Herrenschmidt wrote: > > > It is your job to write a coherent interface specification that does > > > not depend on the used components. The hypervisor might be PAPR, > > > Linux + qemu, VMware, Hyperv or something so secret that you'd have > > > to shoot me if you had to tell me. The guest might be Linux, FreeBSD, > > > AIX, OS400 or a Hipster project of the day in Rust. As long as we > > > properly specify the interface it simplify does not matter. > > > > That's the point Christoph. The interface is today's interface. It does > > NOT change. That information is not part of the interface. > > > > It's the VM itself that is stashing away its memory in a secret place, > > and thus needs to do bounce buffering. There is no change to the virtio > > interface per-se. > > Any guest that doesn't know about your magic limited adressing is simply > not going to work, so we need to communicate that fact.The guest does. It's the guest itself that initiates it. That's my point, it's not a factor of the hypervisor, which is unchanged in that area. It's the guest itself, that makes the decision early on, to stash it's memory away in a secure place, and thus needs to establish some kind of bouce buffering via a few left over "insecure" pages. It's all done by the guest: initiated by the guest and controlled by the guest. That's why I don't see why this specifically needs to involve the hypervisor side, and thus a VIRTIO feature bit. Note that I can make it so that the same DMA ops (basically standard swiotlb ops without arch hacks) work for both "direct virtio" and "normal PCI" devices. The trick is simply in the arch to setup the iommu to map the swiotlb bounce buffer pool 1:1 in the iommu, so the iommu essentially can be ignored without affecting the physical addresses. If I do that, *all* I need is a way, from the guest itself (again, the other side dosn't know anything about it), to force virtio to use the DMA ops as if there was an iommu, that is, use whatever dma ops were setup by the platform for the pci device. Cheers, Ben.
On Tue, Aug 07, 2018 at 04:42:44PM +1000, Benjamin Herrenschmidt wrote:> Note that I can make it so that the same DMA ops (basically standard > swiotlb ops without arch hacks) work for both "direct virtio" and > "normal PCI" devices. > > The trick is simply in the arch to setup the iommu to map the swiotlb > bounce buffer pool 1:1 in the iommu, so the iommu essentially can be > ignored without affecting the physical addresses. > > If I do that, *all* I need is a way, from the guest itself (again, the > other side dosn't know anything about it), to force virtio to use the > DMA ops as if there was an iommu, that is, use whatever dma ops were > setup by the platform for the pci device.In that case just setting VIRTIO_F_IOMMU_PLATFORM in the flags should do the work (even if that isn't strictly what the current definition of the flag actually means). On the qemu side you'll need to make sure you have a way to set VIRTIO_F_IOMMU_PLATFORM without emulating an iommu, but with code to take dma offsets into account if your plaform has any (various power plaforms seem to have them, not sure if it affects your config).
Benjamin Herrenschmidt
2018-Aug-07 20:32 UTC
[RFC 0/4] Virtio uses DMA API for all devices
On Tue, 2018-08-07 at 06:55 -0700, Christoph Hellwig wrote:> On Tue, Aug 07, 2018 at 04:42:44PM +1000, Benjamin Herrenschmidt wrote: > > Note that I can make it so that the same DMA ops (basically standard > > swiotlb ops without arch hacks) work for both "direct virtio" and > > "normal PCI" devices. > > > > The trick is simply in the arch to setup the iommu to map the swiotlb > > bounce buffer pool 1:1 in the iommu, so the iommu essentially can be > > ignored without affecting the physical addresses. > > > > If I do that, *all* I need is a way, from the guest itself (again, the > > other side dosn't know anything about it), to force virtio to use the > > DMA ops as if there was an iommu, that is, use whatever dma ops were > > setup by the platform for the pci device. > > In that case just setting VIRTIO_F_IOMMU_PLATFORM in the flags should > do the work (even if that isn't strictly what the current definition > of the flag actually means). On the qemu side you'll need to make > sure you have a way to set VIRTIO_F_IOMMU_PLATFORM without emulating > an iommu, but with code to take dma offsets into account if your > plaform has any (various power plaforms seem to have them, not sure > if it affects your config).Something like that yes. I prefer a slightly different way, see below, any but in both cases, it should alleviate your concerns since it means there would be no particular mucking around with DMA ops at all, virtio would just use whatever "normal" ops we establish for all PCI devices on that platform, which will be standard ones. (swiotlb ones today and the new "integrates" ones you're cooking tomorrow). As for the flag itself, while we could set it from qemu when we get notified that the guest is going secure, both Michael and I think it's rather gross, it requires qemu to go iterate all virtio devices and "poke" something into them. It also means qemu will need some other internal nasty flag that says "set that bit but don't do iommu". It's nicer if we have a way in the guest virtio driver to do something along the lines of if ((flags & VIRTIO_F_IOMMU_PLATFORM) || arch_virtio_wants_dma_ops()) Which would have the same effect and means the issue is entirely contained in the guest. Cheers, Ben.