On Sun, 2015-11-08 at 12:37 +0200, Michael S. Tsirkin wrote: > On Thu, Oct 29, 2015 at 05:18:56PM +0100, David Woodhouse wrote: > > On Thu, 2015-10-29 at 11:01 +0200, Michael S. Tsirkin wrote: > > > > > > But you trust your hypervisor (you have no choice anyway), > > > and you don't want the overhead of tweaking IOMMU > > > on data path for virtio. Thus iommu=on is out too. > > > > That's not at all special for virtio or guest VMs. Even with real > > hardware, we might want performance from *some* devices, and security > > from others. See the DMA_ATTR_IOMMU_BYPASS which is currently being > > discussed. > > Right. So let's wait for that discussion to play out?
That discussion is purely about a requested optimisation. This one is about correctness. > > But of course the easy answer in *your* case it just to ask the > > hypervisor not to put the virtio devices behind an IOMMU at all. Which > > we were planning to remain the default behaviour. > > One can't do this for x86 ATM, can one? The converse is true, in fact — currently, there's no way to tell qemu-system-x86 that you *do* want it to put the virtio devices behind the emulated IOMMU, as it has no support for that. Which is a bit sad really, since the DMAR table that qemu advertises to the guest does *tell* the guest that the virtio devices are behind the emulated IOMMU. In the short term, we'll be fixing the DMAR table, and still not actually making it possible to put the virtio devices behind the emulated IOMMU. In the fullness of time, however, we *will* be fixing the qemu IOMMU code so that it can translate for virtio devices — and for assigned physical devices, which I believe are also broken at the moment when qemu emulates an IOMMU. > > In all cases, the DMA API shall do the right thing. > > I have no problem with that. For example, can we teach > the DMA API on intel x86 to use PT for virtio by default? > That would allow merging Andy's patches with > full compatibility with old guests and hosts. A quirk so that we *notice* the bug in the existing qemu DMAR table, and disbelieve what it says about the virtio devices? Alternatively, we could just recognise that the emulated IOMMU support in qemu is an experimental feature and doesn't work right, yet. Are people really using it in anger? If we do want to do a quirk, then we should make it get it right for assigned devices too. To start with, do you want to try to express the criteria for "the DMAR table lies and <this> device is actually untranslated" in a form of prose which could reasonably be translated into code? -- David Woodhouse Open Source Technology Centre david.woodho...@intel.com Intel Corporation
Description: S/MIME cryptographic signature