Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp4075866imm; Mon, 6 Aug 2018 16:25:50 -0700 (PDT) X-Google-Smtp-Source: AAOMgpe4kOTqHxbUMggLNdNSm8N8Dbmbs0vAyPDtdGNI5m+pNXhEyCPd5ALRRbSFrqzNwt2OrQ1k X-Received: by 2002:aa7:82c3:: with SMTP id f3-v6mr19124230pfn.136.1533597950045; Mon, 06 Aug 2018 16:25:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533597950; cv=none; d=google.com; s=arc-20160816; b=E/B08IsCNvOnhyaDk3sD/1dcjxiGu1gF3IhtS0XU6moVtpEf1Op+Jnref6PrZTypnN VQpJAYlHNRQM7EPhteX8yOo139Mbk+6eKM2dbEjC49ShcQpuDolpaP1cElSJIHK9owZ7 z91OY7lMZyaM34FeKu7y3VEU9ZrQ4JRKO4Y9TdyJ1xXIufcRN3nySc9MLyjVYvN2nGyE 6dn2BXVWhrPT83IrEezK3Bt0/H/AY52HbExBm/SJ/ODCoLT7GyJvsB4mY/c0Z+ln9DzU vfmcouIpBVTMvfsB9Es6FZBHOiPU95AcxoHME8iBpkl8F9hjTSt0+2AUeeDUZd7K6ah9 FnRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :arc-authentication-results; bh=TVJI0MZIdLRibz959JLzQ7n8yhBMjJxj9YktO3ZS5jQ=; b=b9VQOTEC7AgDQkDflQBw7i1OGnidVYWtYDEguT+slvp9hneOxK7kGlfn9ZR5v/rzRV d/Fnc2w6dTkDw3ZhrZFm/EIZ5PX5JWg7dbPFqBFDq3EoQJkHIo7ILKiaacPvErVd/bUw +QYxAgIlULUrlOuNk4PvFHuOx7cHgSbQPEqViBkykeFmRpMBYxp3c1z/zz5Bn3v/Dyyq yB1KmLurZ7CYN5+UAxg1P6rY0rkXVm3iRVZYKSVSeNRo/60Op1LlhHc+5OKwdq6wKVyw N6hWZyU+u749n1VAS7g1HuBANoXbFh/tj3bfnXFd2Vuse4KgG7DSXi1zvF+TQWc9MEeL T8nQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f7-v6si11506079plt.4.2018.08.06.16.25.34; Mon, 06 Aug 2018 16:25:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732458AbeHGBgK (ORCPT + 99 others); Mon, 6 Aug 2018 21:36:10 -0400 Received: from gate.crashing.org ([63.228.1.57]:56567 "EHLO gate.crashing.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730444AbeHGBgJ (ORCPT ); Mon, 6 Aug 2018 21:36:09 -0400 Received: from localhost (localhost.localdomain [127.0.0.1]) by gate.crashing.org (8.14.1/8.14.1) with ESMTP id w76NIiUI013364; Mon, 6 Aug 2018 18:18:45 -0500 Message-ID: <8e985b8117407b256e2dd8f1c0a5c2e560ef03d7.camel@kernel.crashing.org> Subject: Re: [RFC 0/4] Virtio uses DMA API for all devices From: Benjamin Herrenschmidt To: "Michael S. Tsirkin" Cc: Christoph Hellwig , Will Deacon , Anshuman Khandual , virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, aik@ozlabs.ru, robh@kernel.org, joe@perches.com, elfring@users.sourceforge.net, david@gibson.dropbear.id.au, jasowang@redhat.com, mpe@ellerman.id.au, linuxram@us.ibm.com, haren@linux.vnet.ibm.com, paulus@samba.org, srikar@linux.vnet.ibm.com, robin.murphy@arm.com, jean-philippe.brucker@arm.com, marc.zyngier@arm.com Date: Tue, 07 Aug 2018 09:18:44 +1000 In-Reply-To: <20180806233024-mutt-send-email-mst@kernel.org> References: <20180802225738-mutt-send-email-mst@kernel.org> <20180803070507.GA1344@infradead.org> <20180803220443-mutt-send-email-mst@kernel.org> <051fd78e15595b414839fa8f9d445b9f4d7576c6.camel@kernel.crashing.org> <20180805031046-mutt-send-email-mst@kernel.org> <20180806164106-mutt-send-email-mst@kernel.org> <20180806233024-mutt-send-email-mst@kernel.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.4 (3.28.4-1.fc28) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2018-08-06 at 23:35 +0300, Michael S. Tsirkin wrote: > On Tue, Aug 07, 2018 at 05:56:59AM +1000, Benjamin Herrenschmidt wrote: > > On Mon, 2018-08-06 at 16:46 +0300, Michael S. Tsirkin wrote: > > > > > > > Right, we'll need some quirk to disable balloons in the guest I > > > > suppose. > > > > > > > > Passing something from libvirt is cumbersome because the end user may > > > > not even need to know about secure VMs. There are use cases where the > > > > security is a contract down to some special application running inside > > > > the secure VM, the sysadmin knows nothing about. > > > > > > > > Also there's repercussions all the way to admin tools, web UIs etc... > > > > so it's fairly wide ranging. > > > > > > > > So as long as we only need to quirk a couple of devices, it's much > > > > better contained that way. > > > > > > So just the balloon thing already means that yes management and all the > > > way to the user tools must know this is going on. Otherwise > > > user will try to inflate the balloon and wonder why this does not work. > > > > There is *dozens* of management systems out there, not even all open > > source, we won't ever be able to see the end of the tunnel if we need > > to teach every single of them, including end users, about platform > > specific new VM flags like that. > > > > .../... > > In the end I suspect you will find you have to. Maybe... we'll tackle this if/when we have to. For balloon I suspect it's not such a big deal because once secure, all the guest memory goes into the secure memory which isn't visible or accounted by the hypervisor, so there's nothing to steal but the guest is also using no HV memory (other than the few "non-secure" pages used for swiotlb and a couple of other kernel things). Future versions of our secure architecture might allow to turn arbitrary pages of memory secure/non-secure rather than relying on a separate physical pool, in which case, the balloon will be able to work normally. Cheers, Ben.