Received: by 10.223.185.116 with SMTP id b49csp4901150wrg; Tue, 27 Feb 2018 04:42:13 -0800 (PST) X-Google-Smtp-Source: AH8x2256krPjbbL0rPQBn0jCW9dCxozqW08D7jGyIN0E6IqAPEUFx2Sk/M0Pf9/lzNEj+S9+Fmg8 X-Received: by 2002:a17:902:7593:: with SMTP id j19-v6mr13494643pll.408.1519735333715; Tue, 27 Feb 2018 04:42:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519735333; cv=none; d=google.com; s=arc-20160816; b=Zfkn5wZEQYJIJl7TRK+r/grwHs5ZNQSKwV4DktIhdDlKWl4kufHHw+a/orl0b1Vyr6 UXcvhyX9ox1seQlXEohiDAW4sOtyt7I1PnGAUC3fJthY0HpWwqTAuYGUbQ/Sike0IKN3 JKm4Q3ExCxK8y8Vzzob4JDFr3g0uo7NSNDf+0EImoO+N3n+37xNsClxdysqs3LoEusgb ykXAf7P1nrVrhDlfJQD7mzM0VMPU+1zgseNQc8LuQmFKydHbKZ4Hk0ZBxjLImwVZYk7r UPyYymat8tLmZHVxCwFDcXJxU0t/TivaBB8KxuNIbBvKgdKFb7rhiB8Qjrz+afG1aO9B UfuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:references:cc:to:from:subject:dkim-signature :arc-authentication-results; bh=zkwmNPk4+gD3oGQN10/MQnEBFhiawQWLeE6k/XKXYfA=; b=x7NfDf1eHcz/4Xy4iMrmv5VDsIHTFMxMLwPOV1a92us3VW1Ik+NqhpQisIe2Gjsu+g /DpuqsFQ2dD1p3G7Q1x9k/PvjrrRyFYmt5S/XoMCu7SjXxDUzFU9XuRuG6xNTt+jOdXz fbuL2VwH3XNTwc48I6Fi3BwNK4mir0rOlhHcPRtN2m7rGUb8dy6y4DCPCYLvBWEuRanQ gMGIcPW/PWwF3mZcqn1budLFVRVdmxe4mUwCB7fmxdCUzmWeunG4dN7AZebw47OMWktG 2vERvHSWY2YNcgMFyyw2SLFow/BOUjKhJFV8CC7CXzwxQrTYiTj6QJbkAcJcPrcUNd86 tynA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=M73FKuMd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a25si6958377pgn.429.2018.02.27.04.41.59; Tue, 27 Feb 2018 04:42:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=M73FKuMd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752930AbeB0Mkv (ORCPT + 99 others); Tue, 27 Feb 2018 07:40:51 -0500 Received: from mail-lf0-f65.google.com ([209.85.215.65]:36221 "EHLO mail-lf0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932111AbeB0Mkr (ORCPT ); Tue, 27 Feb 2018 07:40:47 -0500 Received: by mail-lf0-f65.google.com with SMTP id g72so7853077lfg.3 for ; Tue, 27 Feb 2018 04:40:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:from:to:cc:references:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=zkwmNPk4+gD3oGQN10/MQnEBFhiawQWLeE6k/XKXYfA=; b=M73FKuMdd8b6/Dpd6aKr3853ndaLtPOCZ15kIaUx6U4oQhYqGijpkrae2KtW2NcSBh 9j6icTrs2xPs3k+Mjy54Z4BUNfyPb65JR+gvLbcFIgWjPv1Iy4iY/LH4u1yngBjii7Bq XWwpEaZmxdUtxDP8pcXmkx55wyFehzQPe+7lNIXS1TOUQ3AQktTHh9V2MJPRInxz2hUm evWkq5AprcJkikET07vnEtql62Y8yivkzB92JT+OALz/G55giqMmM6e1QHshLou88B+n YHiyRpQ/i6mODIgHaquwKT9o/DFEDphM1LnjCdqmoTwA9hBLQS2Ra8rd+bC08piF2ogU 9rYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:cc:references:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=zkwmNPk4+gD3oGQN10/MQnEBFhiawQWLeE6k/XKXYfA=; b=d9V9e8wiH5QpokfWPlWZZuEgaev87u9swHK0QavjnGBdZ7sPoLIz+NrRszIM93+JFv DWlUZXgv2J49UqCcyrmwzShkGBN2yzuQQoxu9g8jPivyYr+PzFNJGzxomeSgYdkn3/FG 7PJoKbQ5u6TVib5C78ZhxmD/36ngqCzeCdZFUViYt60awerFJ0lBJMvfZ8bxvZOZ7+Ex WJ7hKOIGsEpCEo6fbCoUCTRhUUXaOe6mbgieVqH3f6ZVbADXmbluhv9bIxv7EJ8+Mrnz /YFFDzCofJumujHqcvhutieWoFex4c4pMCL95r/ZQWmM6rdm9xHuHNL5zlfTxJEiTDE6 Li7w== X-Gm-Message-State: APf1xPA0Hz346Pty9L15U4X3DtsHFhaMH6ix9V+6CXhYUg/IH+W5upIb X0b6Rknd8ByKgn1qWMZjV50= X-Received: by 10.46.81.25 with SMTP id f25mr9981601ljb.50.1519735244905; Tue, 27 Feb 2018 04:40:44 -0800 (PST) Received: from [10.17.182.9] (ll-56.209.223.85.sovam.net.ua. [85.223.209.56]) by smtp.gmail.com with ESMTPSA id g23sm2558935ljg.4.2018.02.27.04.40.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Feb 2018 04:40:43 -0800 (PST) Subject: Re: [PATCH 0/9] drm/xen-front: Add support for Xen PV display frontend From: Oleksandr Andrushchenko To: xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org, airlied@linux.ie, daniel.vetter@intel.com, seanpaul@chromium.org, gustavo@padovan.org, jgross@suse.com, boris.ostrovsky@oracle.com, konrad.wilk@oracle.com Cc: Oleksandr Andrushchenko References: <1519200222-20623-1-git-send-email-andr2000@gmail.com> <4c7e6f65-1787-3815-22b5-f9495e388c06@gmail.com> Message-ID: <7e265c53-db9a-0946-6b1c-b946bcbb4100@gmail.com> Date: Tue, 27 Feb 2018 14:40:42 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <4c7e6f65-1787-3815-22b5-f9495e388c06@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Please find some more clarifications on VirtIO use with Xen (I would like to thank Xen community for helping with this) 1. Possible security issues - VirtIO devices are PCI bus masters, thus allowing real device (running, for example, in untrusted driver domain) to get control over guest's memory by writing to its memory 2. VirtIO currently uses GFNs written into the shared ring, without Xen grants support. This will require generic grant-mapping/sharing layer to be added to VirtIO. 3. VirtIO requires QEMU PCI emulation for setting up a device. Xen PV (and PVH) domains don't use QEMU for platform emulation in order to reduce attack surface. (PVH is in the process of gaining PCI config space emulation though, but it is optional, not a requirement) 4. Most of the PV drivers a guest uses at the moment are Xen PV drivers, e.g. net, block, console, so only virtio-gpu will require QEMU to run. Although this use case would work on x86 it will require additional changes to get this running on ARM, which is my target platform. Thank you, Oleksandr On 02/26/2018 10:21 AM, Oleksandr Andrushchenko wrote: > ** > > *Hi, all!* > > * > > Last *Friday* some concerns on #dri-devel were raised wrt "yet > > another driver" for Xen and why not virtio-gpu. Let me highlight > > on why we need a new paravirtualized driver for Xen and why we > > can't just use virtio. Hope this helps the communities (both Xen > > and DRI) to have better understanding of this work and our motivation. > > > Disclaimer: some or all of the below may sound weak argument or > > not 100% correct, so any help on clarifying the below is more > > than welcome ;) > > > 1. First of all, we are targeting ARM embedded use-cases and for > > ARM we do not use QEMU [1]: "...Xen on ARM is not just a straight > > 1:1 port of x86 Xen... Xen on ARM does not need QEMU because it does > > not do any emulation. It accomplishes the goal by exploiting > > virtualization support in hardware as much as possible and using > > paravirtualized interfaces for IO." > > > That being said it is still possible to run virtio-gpu and Xen+QEMU: [2] > > > In this case QEMU can be used for device virtualization, e.g. network, > > block, console. But these already exist as Xen para-virtualized drivers > > again eliminating the need for QEMU: typical ARM system runs > para-virtualized > > drivers for network, block, console etc. > > > 2. virtio-gpu requires PCI/MMIO emulation > > virtio-gpu (virtio-gpu-pci) require virtio-pci, but para-virtualized > device > > drivers do not need this. > > > 3. No need for 3d/virgl. > > There are use-cases which either do not use OpenGL at all or will use > > custom virtualization solutions allowing sharing of a real GPU with > guest, > > e.g. vGPU approach. > > > 4. More freedom for buffer allocation. > > As of now virtio-gpu is only capable of allocating buffers via TTM, while > > there are use-cases where we need to have more freedom: > > for systems which do not provide IOMMU support, but having specific > > requirements for display buffers, it is possible to allocate such buffers > > at backend side and share those with the frontend driver. > > For example, if host domain is 1:1 mapped and has DRM/GPU hardware > expecting > > physically contiguous memory (in PA, not IPA), this allows implementing > > zero-copying use-cases. > > > 5. Zero-copying support at backend side > > Having native Xen implementation allows implementing zero-copying > use-cases > > on backend side with the help of supporting driver DRM driver [3] > which we > > hope to upstream as well (it is not yet ready in terms of code cleanup). > > > 6. QEMU backends for virtio-gpu cannot be used as is, e.g. guest displays > > could be just a part of the final user experience. Thus, a QEMU backend > > must be modified to interact, for example, with Automotive Grade Linux > > display manager. So, QEMU part needs modifications. > > In our use-case we have a backend which supports multi-touch and guest > > display(s) and running either as a weston client (which is not supported > > by QEMU at the moment?) or KMS/DRM client. This allows us to enable much > > more use-cases**without the need to run QEMU. > > * > > *Thank you,* > > **Oleksandr Andrushchenko* > * > > * > * > > *[1] > https://wiki.xen.org/wiki/Xen_ARM_with_Virtualization_Extensions_whitepaper* > > * > > [2] https://elinux.org/R-Car/Virtualization > > [3] > https://github.com/xen-troops/linux/blob/ces2018/drivers/gpu/drm/xen/xen_drm_zcopy_drv.c > > > * > > > On 02/21/2018 10:03 AM, Oleksandr Andrushchenko wrote: >> From: Oleksandr Andrushchenko >> >> Hello! >> >> This patch series adds support for Xen [1] para-virtualized >> frontend display driver. It implements the protocol from >> include/xen/interface/io/displif.h [2]. >> Accompanying backend [3] is implemented as a user-space application >> and its helper library [4], capable of running as a Weston client >> or DRM master. >> Configuration of both backend and frontend is done via >> Xen guest domain configuration options [5]. >> >> ******************************************************************************* >> >> * Driver limitations >> ******************************************************************************* >> >>   1. Configuration options 1.1 (contiguous display buffers) and 2 >> (backend >>      allocated buffers) below are not supported at the same time. >> >>   2. Only primary plane without additional properties is supported. >> >>   3. Only one video mode supported which resolution is configured via >> XenStore. >> >>   4. All CRTCs operate at fixed frequency of 60Hz. >> >> ******************************************************************************* >> >> * Driver modes of operation in terms of display buffers used >> ******************************************************************************* >> >>   Depending on the requirements for the para-virtualized environment, >> namely >>   requirements dictated by the accompanying DRM/(v)GPU drivers >> running in both >>   host and guest environments, number of operating modes of >> para-virtualized >>   display driver are supported: >>    - display buffers can be allocated by either frontend driver or >> backend >>    - display buffers can be allocated to be contiguous in memory or not >> >>   Note! Frontend driver itself has no dependency on contiguous memory >> for >>         its operation. >> >> ******************************************************************************* >> >> * 1. Buffers allocated by the frontend driver. >> ******************************************************************************* >> >> >>   The below modes of operation are configured at compile-time via >>   frontend driver's kernel configuration. >> >>   1.1. Front driver configured to use GEM CMA helpers >>        This use-case is useful when used with accompanying DRM/vGPU >> driver in >>        guest domain which was designed to only work with contiguous >> buffers, >>        e.g. DRM driver based on GEM CMA helpers: such drivers can >> only import >>        contiguous PRIME buffers, thus requiring frontend driver to >> provide >>        such. In order to implement this mode of operation >> para-virtualized >>        frontend driver can be configured to use GEM CMA helpers. >> >>   1.2. Front driver doesn't use GEM CMA >>        If accompanying drivers can cope with non-contiguous memory >> then, to >>        lower pressure on CMA subsystem of the kernel, driver can >> allocate >>        buffers from system memory. >> >>   Note! If used with accompanying DRM/(v)GPU drivers this mode of >> operation >>     may require IOMMU support on the platform, so accompanying DRM/vGPU >>     hardware can still reach display buffer memory while importing PRIME >>     buffers from the frontend driver. >> >> ******************************************************************************* >> >> * 2. Buffers allocated by the backend >> ******************************************************************************* >> >> >>   This mode of operation is run-time configured via guest domain >> configuration >>   through XenStore entries. >> >>   For systems which do not provide IOMMU support, but having specific >>   requirements for display buffers it is possible to allocate such >> buffers >>   at backend side and share those with the frontend. >>   For example, if host domain is 1:1 mapped and has DRM/GPU hardware >> expecting >>   physically contiguous memory, this allows implementing zero-copying >>   use-cases. >> >> >> I would like to thank at least, but not at last the following >> people/communities who helped this driver to happen ;) >> >> 1. My team at EPAM for continuous support >> 2. Xen community for answering tons of questions on different >> modes of operation of the driver with respect to virtualized >> environment. >> 3. Rob Clark for "GEM allocation for para-virtualized DRM driver" [6] >> 4. Maarten Lankhorst for "Atomic driver and old remove FB behavior" [7] >> 5. Ville Syrjälä for "Questions on page flips and atomic modeset" [8] >> >> Thank you, >> Oleksandr Andrushchenko >> >> P.S. There are two dependencies for this driver limiting some of the >> use-cases which are on review now: >> 1. "drm/simple_kms_helper: Add {enable|disable}_vblank callback >> support" [9] >> 2. "drm/simple_kms_helper: Fix NULL pointer dereference with no >> active CRTC" [10] >> >> [1] https://wiki.xen.org/wiki/Paravirtualization_(PV)#PV_IO_Drivers >> [2] >> https://elixir.bootlin.com/linux/v4.16-rc2/source/include/xen/interface/io/displif.h >> [3] https://github.com/xen-troops/displ_be >> [4] https://github.com/xen-troops/libxenbe >> [5] >> https://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=docs/man/xl.cfg.pod.5.in;h=a699367779e2ae1212ff8f638eff0206ec1a1cc9;hb=refs/heads/master#l1257 >> [6] >> https://lists.freedesktop.org/archives/dri-devel/2017-March/136038.html >> [7] https://www.spinics.net/lists/dri-devel/msg164102.html >> [8] https://www.spinics.net/lists/dri-devel/msg164463.html >> [9] https://patchwork.freedesktop.org/series/38073/ >> [10] https://patchwork.freedesktop.org/series/38139/ >> >> Oleksandr Andrushchenko (9): >>    drm/xen-front: Introduce Xen para-virtualized frontend driver >>    drm/xen-front: Implement Xen bus state handling >>    drm/xen-front: Read driver configuration from Xen store >>    drm/xen-front: Implement Xen event channel handling >>    drm/xen-front: Implement handling of shared display buffers >>    drm/xen-front: Introduce DRM/KMS virtual display driver >>    drm/xen-front: Implement KMS/connector handling >>    drm/xen-front: Implement GEM operations >>    drm/xen-front: Implement communication with backend >> >>   drivers/gpu/drm/Kconfig                     |   2 + >>   drivers/gpu/drm/Makefile                    |   1 + >>   drivers/gpu/drm/xen/Kconfig                 |  30 ++ >>   drivers/gpu/drm/xen/Makefile                |  17 + >>   drivers/gpu/drm/xen/xen_drm_front.c         | 712 >> ++++++++++++++++++++++++++++ >>   drivers/gpu/drm/xen/xen_drm_front.h         | 154 ++++++ >>   drivers/gpu/drm/xen/xen_drm_front_cfg.c     |  84 ++++ >>   drivers/gpu/drm/xen/xen_drm_front_cfg.h     |  45 ++ >>   drivers/gpu/drm/xen/xen_drm_front_conn.c    | 125 +++++ >>   drivers/gpu/drm/xen/xen_drm_front_conn.h    |  35 ++ >>   drivers/gpu/drm/xen/xen_drm_front_drv.c     | 294 ++++++++++++ >>   drivers/gpu/drm/xen/xen_drm_front_drv.h     |  73 +++ >>   drivers/gpu/drm/xen/xen_drm_front_evtchnl.c | 399 ++++++++++++++++ >>   drivers/gpu/drm/xen/xen_drm_front_evtchnl.h |  89 ++++ >>   drivers/gpu/drm/xen/xen_drm_front_gem.c     | 360 ++++++++++++++ >>   drivers/gpu/drm/xen/xen_drm_front_gem.h     |  46 ++ >>   drivers/gpu/drm/xen/xen_drm_front_gem_cma.c |  93 ++++ >>   drivers/gpu/drm/xen/xen_drm_front_kms.c     | 299 ++++++++++++ >>   drivers/gpu/drm/xen/xen_drm_front_kms.h     |  30 ++ >>   drivers/gpu/drm/xen/xen_drm_front_shbuf.c   | 430 +++++++++++++++++ >>   drivers/gpu/drm/xen/xen_drm_front_shbuf.h   |  80 ++++ >>   21 files changed, 3398 insertions(+) >>   create mode 100644 drivers/gpu/drm/xen/Kconfig >>   create mode 100644 drivers/gpu/drm/xen/Makefile >>   create mode 100644 drivers/gpu/drm/xen/xen_drm_front.c >>   create mode 100644 drivers/gpu/drm/xen/xen_drm_front.h >>   create mode 100644 drivers/gpu/drm/xen/xen_drm_front_cfg.c >>   create mode 100644 drivers/gpu/drm/xen/xen_drm_front_cfg.h >>   create mode 100644 drivers/gpu/drm/xen/xen_drm_front_conn.c >>   create mode 100644 drivers/gpu/drm/xen/xen_drm_front_conn.h >>   create mode 100644 drivers/gpu/drm/xen/xen_drm_front_drv.c >>   create mode 100644 drivers/gpu/drm/xen/xen_drm_front_drv.h >>   create mode 100644 drivers/gpu/drm/xen/xen_drm_front_evtchnl.c >>   create mode 100644 drivers/gpu/drm/xen/xen_drm_front_evtchnl.h >>   create mode 100644 drivers/gpu/drm/xen/xen_drm_front_gem.c >>   create mode 100644 drivers/gpu/drm/xen/xen_drm_front_gem.h >>   create mode 100644 drivers/gpu/drm/xen/xen_drm_front_gem_cma.c >>   create mode 100644 drivers/gpu/drm/xen/xen_drm_front_kms.c >>   create mode 100644 drivers/gpu/drm/xen/xen_drm_front_kms.h >>   create mode 100644 drivers/gpu/drm/xen/xen_drm_front_shbuf.c >>   create mode 100644 drivers/gpu/drm/xen/xen_drm_front_shbuf.h >> >