Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1251915imm; Wed, 8 Aug 2018 13:32:57 -0700 (PDT) X-Google-Smtp-Source: AA+uWPzevRwhUZrkg/yBr0ufLkXbSTWrJUbyDJkiiOWjZMZS/4wx7ucHqllbqOJyC4HtEtoHCJmf X-Received: by 2002:a63:db4f:: with SMTP id x15-v6mr3887636pgi.214.1533760377767; Wed, 08 Aug 2018 13:32:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533760377; cv=none; d=google.com; s=arc-20160816; b=gubZPmscX+1XGlm0QWW8J6QWEiNZaY3J4JmzlyYqM8nUbx3Unx1rwBELxkMwYPOCRa VVEdQiaKTaGOwtzEinAPDP8xVnzM9vDDojuAUroVSmmfdrOdj+XQH+FtTSgvsqQpG3SI n6LHe6zPaUNi2NqiNWrP2Ud8GK6SYattm8wYYj9buozBIaMBxeVWU+W6u/mdVGxImoLV iFnmDnEk7If9tA7IwRldCBhXdw6dxLbAZJCJBlHEPkjjd/XEi3E1tsBel5BWRFAmh4Cy 44mcCVUbRVvP3p3QpsvXpwvCkocVv1kmcjPPchA4uRMC52DRW8vp+HIR+Vvn6CkF1fUm +8mQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :arc-authentication-results; bh=CFIjsN+OFp6QEv+wuGNoHHZPeLPlF98jICHEWJ2k1/E=; b=MJng69Qn2d3muM/51JmVELZsmG/bMqq+gr3aRlDhIQuIeubCSW7me+qkgSdGgZIWC8 9s+GSJAieipcvq1dWEuNW8/opswdlzLVj6ZrmQdqiAfTNMfr+ORNhpDgwU/yhp234vJn qgZaNIWb1gjyH2Zg/LiEzmGPvmj+jphKEve7vzByJ3xmiNPasEF3IrOVXTnAEgooVdC4 mOr/5nJUsbWJnMfsS3BRbmcn7xTSZg1pEjPCFaje2MoSpjHLx19BDGIm1wrgIq59TDM+ HzDGwiKP46uQIuCAUov70axLJjg9WPGBUHnk/6n2j/zULGgFUyaXwIxPYA/5przgReiN k9qw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o33-v6si3908254plb.192.2018.08.08.13.32.43; Wed, 08 Aug 2018 13:32:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730755AbeHHWxO (ORCPT + 99 others); Wed, 8 Aug 2018 18:53:14 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:59362 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727530AbeHHWxN (ORCPT ); Wed, 8 Aug 2018 18:53:13 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6C200402315B; Wed, 8 Aug 2018 20:31:53 +0000 (UTC) Received: from redhat.com (ovpn-116-95.ams2.redhat.com [10.36.116.95]) by smtp.corp.redhat.com (Postfix) with SMTP id B09AA2026DE8; Wed, 8 Aug 2018 20:31:47 +0000 (UTC) Date: Wed, 8 Aug 2018 23:31:46 +0300 From: "Michael S. Tsirkin" To: Benjamin Herrenschmidt Cc: Christoph Hellwig , Will Deacon , Anshuman Khandual , virtualization@lists.linux-foundation.org, linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, aik@ozlabs.ru, robh@kernel.org, joe@perches.com, elfring@users.sourceforge.net, david@gibson.dropbear.id.au, jasowang@redhat.com, mpe@ellerman.id.au, linuxram@us.ibm.com, haren@linux.vnet.ibm.com, paulus@samba.org, srikar@linux.vnet.ibm.com, robin.murphy@arm.com, jean-philippe.brucker@arm.com, marc.zyngier@arm.com Subject: Re: [RFC 0/4] Virtio uses DMA API for all devices Message-ID: <20180808232210-mutt-send-email-mst@kernel.org> References: <20180806094243.GA16032@infradead.org> <6c707d6d33ac25a42265c2e9b521c2416d72c739.camel@kernel.crashing.org> <20180807062117.GD32709@infradead.org> <20180807135505.GA29034@infradead.org> <2103ecfe52d23cec03f185d08a87bfad9c9d82b5.camel@kernel.crashing.org> <20180808063158.GA2474@infradead.org> <4b596883892b5cb5560bef26fcd249e7107173ac.camel@kernel.crashing.org> <20180808123036.GA2525@infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Wed, 08 Aug 2018 20:31:53 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Wed, 08 Aug 2018 20:31:53 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'mst@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 08, 2018 at 11:18:13PM +1000, Benjamin Herrenschmidt wrote: > Sure, but all of this is just the configuration of the iommu. But I > think we agree here, and your point remains valid, indeed my proposed > hack: > > > if ((flags & VIRTIO_F_IOMMU_PLATFORM) || arch_virtio_wants_dma_ops()) > > Will only work if the IOMMU and non-IOMMU path are completely equivalent. > > We can provide that guarantee for our secure VM case, but not generally so if > we were to go down the route of a quirk in virtio, it might be better to > make it painfully obvious that it's specific to that one case with a different > kind of turd: > > - if (xen_domain()) > + if (xen_domain() || pseries_secure_vm()) > return true; I don't think it's pseries specific actually. E.g. I suspect AMD SEV might benefit from the same kind of hack. > So to summarize, and make sure I'm not missing something, the two approaches > at hand are either: > > 1- The above, which is a one liner and contained in the guest, so that's nice, but > also means another turd in virtio which isn't ... > > 2- We force pseries to always set VIRTIO_F_IOMMU_PLATFORM, but with the current > architecture on our side that will force virtio to always go through an emulated > iommu, as pseries doesn't have the concept of a real bypass window, and thus will > impact performance for both secure and non-secure VMs. > > 3- Invent a property that can be put in selected PCI device tree nodes that > indicates that for that device specifically, the iommu can be bypassed, along with > a hypercall to turn that bypass on/off. Virtio would then use VIRTIO_F_IOMMU_PLATFORM > but its DT nodes would also have that property and Linux would notice it and turn > bypass on. For completeness, virtio could also have its own bounce buffer outside of DMA API one. I don't see lots of benefits to this though. > The resulting properties of those options are: > > 1- Is what I want because it's the simplest, provides the best performance now, > and works without code changes to qemu or non-secure Linux. However it does > add a tiny turd to virtio which is annoying. > > 2- This works but it puts the iommu in the way always, thus reducing virtio performance > accross the board for pseries unless we only do that for secure VMs but that is > difficult (as discussed earlier). > > 3- This would recover the performance lost in -2-, however it requires qemu *and* > guest changes. Specifically, existing guests (RHEL 7 etc...) would get the > performance hit of -2- unless modified to call that 'enable bypass' call, which > isn't great. > > So imho we have to chose one of 3 not-great solutions here... Unless I missed > something in your ideas of course. > > Cheers, > Ben. > >