Re: [PATCH 2/2] virtio_ring: Use DMA API if memory is encrypted
On Tue, Oct 15, 2019 at 09:35:01AM +0200, Christoph Hellwig wrote: > On Fri, Oct 11, 2019 at 06:25:19PM -0700, Ram Pai wrote: > > From: Thiago Jung Bauermann > > > > Normally, virtio enables DMA API with VIRTIO_F_IOMMU_PLATFORM, which must > > be set by both device and guest driver. However, as a hack, when DMA API > > returns physical addresses, guest driver can use the DMA API; even though > > device does not set VIRTIO_F_IOMMU_PLATFORM and just uses physical > > addresses. > > Sorry, but this is a complete bullshit hack. Driver must always use > the DMA API if they do DMA, and if virtio devices use physical addresses > that needs to be returned through the platform firmware interfaces for > the dma setup. If you don't do that yet (which based on previous > informations you don't), you need to fix it, and we can then quirk > old implementations that already are out in the field. > > In other words: we finally need to fix that virtio mess and not pile > hacks on top of hacks. Christoph, if I understand correctly, your objection isn't so much to the proposed change here of itself, except insofar as it entrenches virtio's existing code allowing it to either use the DMA api or bypass it and use physical addresses directly. Is that right, or have I missed something? Where do you envisage the decision to bypass the IOMMU being made? The virtio spec more or less states that virtio devices use hypervisor magic to access physical addresses directly, rather than using normal DMA channels. The F_IOMMU_PLATFORM flag then overrides that, since it obviously won't work for hardware devices. The platform code isn't really in a position to know that virtio devices are (usually) magic. So were you envisaging the virtio driver explicitly telling the platform to use bypassing DMA operations? -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson signature.asc Description: PGP signature ___ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
Re: [PATCH 2/2] virtio_ring: Use DMA API if memory is encrypted
On 2019/10/15 下午3:35, Christoph Hellwig wrote: On Fri, Oct 11, 2019 at 06:25:19PM -0700, Ram Pai wrote: From: Thiago Jung Bauermann Normally, virtio enables DMA API with VIRTIO_F_IOMMU_PLATFORM, which must be set by both device and guest driver. However, as a hack, when DMA API returns physical addresses, guest driver can use the DMA API; even though device does not set VIRTIO_F_IOMMU_PLATFORM and just uses physical addresses. Sorry, but this is a complete bullshit hack. Driver must always use the DMA API if they do DMA, and if virtio devices use physical addresses that needs to be returned through the platform firmware interfaces for the dma setup. If you don't do that yet (which based on previous informations you don't), you need to fix it, and we can then quirk old implementations that already are out in the field. In other words: we finally need to fix that virtio mess and not pile hacks on top of hacks. I agree, the only reason for IOMMU_PLATFORM is to make sure guest works for some old and buggy qemu when vIOMMU is enabled which seems useless (note we don't even support vIOMMU migration in that case). Thanks ___ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
RE: [PATCH 2/2] virtio_ring: Use DMA API if memory is encrypted
On Tue, Oct 15, 2019 at 09:35:01AM +0200, Christoph Hellwig wrote: > On Fri, Oct 11, 2019 at 06:25:19PM -0700, Ram Pai wrote: > > From: Thiago Jung Bauermann > > > > Normally, virtio enables DMA API with VIRTIO_F_IOMMU_PLATFORM, which must > > be set by both device and guest driver. However, as a hack, when DMA API > > returns physical addresses, guest driver can use the DMA API; even though > > device does not set VIRTIO_F_IOMMU_PLATFORM and just uses physical > > addresses. > > Sorry, but this is a complete bullshit hack. Driver must always use > the DMA API if they do DMA, and if virtio devices use physical addresses > that needs to be returned through the platform firmware interfaces for > the dma setup. If you don't do that yet (which based on previous > informations you don't), you need to fix it, and we can then quirk > old implementations that already are out in the field. > > In other words: we finally need to fix that virtio mess and not pile > hacks on top of hacks. So force all virtio devices to use DMA API, except when VIRTIO_F_IOMMU_PLATFORM is not enabled? Any help detailing the idea, will enable us fix this issue once for all. Will something like below work? It removes the prior hacks, and always uses DMA API; except when VIRTIO_F_IOMMU_PLATFORM is not enabled. diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c index c8be1c4..b593d3d 100644 --- a/drivers/virtio/virtio_ring.c +++ b/drivers/virtio/virtio_ring.c @@ -240,22 +240,10 @@ static inline bool virtqueue_use_indirect(struct virtqueue *_vq, static bool vring_use_dma_api(struct virtio_device *vdev) { - if (!virtio_has_iommu_quirk(vdev)) - return true; - - /* Otherwise, we are left to guess. */ - /* -* In theory, it's possible to have a buggy QEMU-supposed -* emulated Q35 IOMMU and Xen enabled at the same time. On -* such a configuration, virtio has never worked and will -* not work without an even larger kludge. Instead, enable -* the DMA API if we're a Xen guest, which at least allows -* all of the sensible Xen configurations to work correctly. -*/ - if (xen_domain()) - return true; + if (virtio_has_iommu_quirk(vdev)) + return false; - return false; + return true; } size_t virtio_max_dma_size(struct virtio_device *vdev) -- Ram Pai ___ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
Re: [PATCH 2/2] virtio_ring: Use DMA API if memory is encrypted
On Fri, Oct 11, 2019 at 06:25:19PM -0700, Ram Pai wrote: > From: Thiago Jung Bauermann > > Normally, virtio enables DMA API with VIRTIO_F_IOMMU_PLATFORM, which must > be set by both device and guest driver. However, as a hack, when DMA API > returns physical addresses, guest driver can use the DMA API; even though > device does not set VIRTIO_F_IOMMU_PLATFORM and just uses physical > addresses. Sorry, but this is a complete bullshit hack. Driver must always use the DMA API if they do DMA, and if virtio devices use physical addresses that needs to be returned through the platform firmware interfaces for the dma setup. If you don't do that yet (which based on previous informations you don't), you need to fix it, and we can then quirk old implementations that already are out in the field. In other words: we finally need to fix that virtio mess and not pile hacks on top of hacks. ___ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
Re: [PATCH 2/2] virtio_ring: Use DMA API if memory is encrypted
On Fri, Oct 11, 2019 at 06:25:19PM -0700, Ram Pai wrote: > From: Thiago Jung Bauermann > > Normally, virtio enables DMA API with VIRTIO_F_IOMMU_PLATFORM, which must > be set by both device and guest driver. However, as a hack, when DMA API > returns physical addresses, guest driver can use the DMA API; even though > device does not set VIRTIO_F_IOMMU_PLATFORM and just uses physical > addresses. > > Doing this works-around POWER secure guests for which only the bounce > buffer is accessible to the device, but which don't set > VIRTIO_F_IOMMU_PLATFORM due to a set of hypervisor and architectural bugs. > To guard against platform changes, breaking any of these assumptions down > the road, we check at probe time and fail if that's not the case. > > cc: Benjamin Herrenschmidt > cc: David Gibson > cc: Michael Ellerman > cc: Paul Mackerras > cc: Michael Roth > cc: Alexey Kardashevskiy > cc: Jason Wang > cc: Christoph Hellwig > Suggested-by: Michael S. Tsirkin > Signed-off-by: Ram Pai > Signed-off-by: Thiago Jung Bauermann Reviewed-by: David Gibson I don't know that this is the most elegant solution possible. But it's simple, gets the job done and pretty unlikely to cause mysterious breakage down the road. -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson signature.asc Description: PGP signature ___ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization