Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2254709imm; Thu, 2 Aug 2018 08:35:38 -0700 (PDT) X-Google-Smtp-Source: AAOMgperRhlNNhsHXt23yZmOCCPr3SzR2MxKBsE5W+qCVG/jlR/Gi2t3lbf0NGW9VitZsFlgTZPV X-Received: by 2002:a62:f587:: with SMTP id b7-v6mr3578947pfm.158.1533224138708; Thu, 02 Aug 2018 08:35:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533224138; cv=none; d=google.com; s=arc-20160816; b=b/evuo7Zki70owcaLfWdamPBe1hmdBvnx4D3CgkpVOR4/Z7ZvkEY3COe5VOGvapKcd /WaMUvct3R8/OjrnzJ+kSF4rkMPb/dB7DsO6DuqxQcs2h+sWf+OdTdHBEigmppeiEELu ROI2KTqRer/PHPOlMGKKaeLfz0bs8SbOIXFThUIgwhztYEz9qk8p+AqSgBkkL8uYCDbV vawH28S0efXe3NbeCJjHKhvCM9y+x5EoA+eL7gXbd1sG42ZCvpGvKwbob8DAIEKz0dhX dJhwOsp0c08wdmma0vvkQimb6njHUO+zEn4Rpa3UBNjxsPMI8VzOymk9GUGMibUGpPpk QKFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :arc-authentication-results; bh=B4ADIjQ7S7tyPZsEK7d/oawQHm9rKrhvsGOQumrt4Yw=; b=cUB9blmQdfLW0JjIsvCeBEQ6kfKGLngtSdHJNqebD7y7QNPW1skvYrl7GRx8TCO8+F q4LOXUdkcbi8KVTvkBhL5q54b+wVcyc8ur8vESRywohct6emI20oECgpLpR0J2orI/ZW o9HxTBqah/wofRtc6B9qSx4Xw5gl9URH43O3vXpBgJvQB1r5PpXhejENd/cqUxM4urtA DqrcXqIHypHqAxEKG9rM+rafTmrQpf9k8VtPJalkXnRb6oKUasxOYkwAJXqrQow04OfP MlHHRWCBZyXcpjvSDfJJRpbW7SrDl1j4y/FegBpFwOfHeSvo0HWtHJzARkUYitNEE52D Jn6g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 2-v6si1734366pla.509.2018.08.02.08.35.22; Thu, 02 Aug 2018 08:35:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387636AbeHBR0Q (ORCPT + 99 others); Thu, 2 Aug 2018 13:26:16 -0400 Received: from gate.crashing.org ([63.228.1.57]:57863 "EHLO gate.crashing.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387523AbeHBR0Q (ORCPT ); Thu, 2 Aug 2018 13:26:16 -0400 Received: from localhost (localhost.localdomain [127.0.0.1]) by gate.crashing.org (8.14.1/8.14.1) with ESMTP id w72FX5HD015091; Thu, 2 Aug 2018 10:33:06 -0500 Message-ID: <7779442d7889ee943b3e4ff6c63ec90b4a58b79d.camel@kernel.crashing.org> Subject: Re: [RFC 0/4] Virtio uses DMA API for all devices From: Benjamin Herrenschmidt To: "Michael S. Tsirkin" Cc: Christoph Hellwig , Will Deacon , Anshuman Khandual , virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, aik@ozlabs.ru, robh@kernel.org, joe@perches.com, elfring@users.sourceforge.net, david@gibson.dropbear.id.au, jasowang@redhat.com, mpe@ellerman.id.au, linuxram@us.ibm.com, haren@linux.vnet.ibm.com, paulus@samba.org, srikar@linux.vnet.ibm.com, robin.murphy@arm.com, jean-philippe.brucker@arm.com, marc.zyngier@arm.com Date: Thu, 02 Aug 2018 10:33:05 -0500 In-Reply-To: <20180802003823-mutt-send-email-mst@kernel.org> References: <20180720035941.6844-1-khandual@linux.vnet.ibm.com> <20180727095804.GA25592@arm.com> <20180730093414.GD26245@infradead.org> <20180730125100-mutt-send-email-mst@kernel.org> <20180730111802.GA9830@infradead.org> <20180730155633-mutt-send-email-mst@kernel.org> <20180731173052.GA17153@infradead.org> <3d6e81511571260de1c8047aaffa8ac4df093d2e.camel@kernel.crashing.org> <20180802003823-mutt-send-email-mst@kernel.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.4 (3.28.4-1.fc28) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2018-08-02 at 00:56 +0300, Michael S. Tsirkin wrote: > > but it's not, VMs are > > created in "legacy" mode all the times and we don't know at VM creation > > time whether it will become a secure VM or not. The way our secure VMs > > work is that they start as a normal VM, load a secure "payload" and > > call the Ultravisor to "become" secure. > > > > So we're in a bit of a bind here. We need that one-liner optional arch > > hook to make virtio use swiotlb in that "IOMMU bypass" case. > > > > Ben. > > And just to make sure I understand, on your platform DMA APIs do include > some of the cache flushing tricks and this is why you don't want to > declare iommu support in the hypervisor? I'm not sure I parse what you mean. We don't need cache flushing tricks. The problem we have with our "secure" VMs is that: - At VM creation time we have no idea it's going to become a secure VM, qemu doesn't know anything about it, and thus qemu (or other management tools, libvirt etc...) are going to create "legacy" (ie iommu bypass) virtio devices. - Once the VM goes secure (early during boot but too late for qemu), it will need to make virtio do bounce-buffering via swiotlb because qemu cannot physically access most VM pages (blocked by HW security features), we need to bounce buffer using some unsecure pages that are accessible to qemu. That said, I wouldn't object for us to more generally switch long run to changing qemu so that virtio on powerpc starts using the IOMMU as a default provided we fix our guest firmware to understand it (it currently doesn't), and provided we verify that the performance impact on things like vhost is negligible. Cheers, Ben.