Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5380308imu; Tue, 29 Jan 2019 18:36:54 -0800 (PST) X-Google-Smtp-Source: ALg8bN6GlErrmMLtNqib4a6bHiM/s/XfNWkx72jXgc4TDJQ94w3j2WwzWlmIu0hkZcPgRJXp2u1X X-Received: by 2002:a17:902:9f89:: with SMTP id g9mr28812647plq.214.1548815814355; Tue, 29 Jan 2019 18:36:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548815814; cv=none; d=google.com; s=arc-20160816; b=m8w0z0KVpppICQB9Y0IEg0zAgdXSYTIPcFTi+HdRRDb/ZC0Wm+6O1LF2GfeMfMWF0G UvHaWv6ueiNbCTZ0HwhqwbZtM3cPnO2XABQD/Xr2e1qsxCKa0JEFQPJxgMLely6HHfmt 5ewOvAkd1TN+FDqZo/1KPkO3MbFceRbEmzzOtQt7ufKnr9r/lJowlJEb2utYzSdGDnKK uCHZLa8Sf/7Ec/n6cvXUKuh5zLrRZMZ8nCm0eqQeEJeOc38UTEzR6kkvFUWd9+1yArc0 a4uiZwpV57lZfH4c9ppFwDyjc9f90xXtfy50zRFi6MEzWXyy1e9S3Jy7i3WEuMXkJC71 fvEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=0qEs8DOF8gsYhzHhyO8CFuYgA9EDy+gKtTg0G/qOJmM=; b=IsZR8Jr7caHSu85fFTzLtRZ7nWelQEXLgPq6q/SBy4JBPE0GOl500ce+U6KmgFeiBD hdIBCS/QX4707vmbU36mph4rg+58tT2LSVZx3osa4mOK6i0q7uAfIx1R6KTZnYfsEZCx faoRYkofUl1whBl6l1Yx/KISAKoBw4TMhTsuvo1U5/LpYYb0H+ITnjUoLYSqQowmxgRa ulx9i5pkEWAAO589b0iLDr6A3J/UPwm9HR0dfrH4O6S4CqUKcGEb8sqBnZiRsWUrMAA2 rcXXfmL0Jh6ZJNyjWLdZ7gxWlEPvPEqqWtUQojnH4A5q/ThwTqG67+Fkx8g6MaYN9fVI 4BkA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m187si227380pfm.51.2019.01.29.18.36.38; Tue, 29 Jan 2019 18:36:54 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729879AbfA3CgM (ORCPT + 99 others); Tue, 29 Jan 2019 21:36:12 -0500 Received: from mx1.redhat.com ([209.132.183.28]:33074 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727942AbfA3CgL (ORCPT ); Tue, 29 Jan 2019 21:36:11 -0500 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 217CEC070154; Wed, 30 Jan 2019 02:36:11 +0000 (UTC) Received: from redhat.com (ovpn-123-79.rdu2.redhat.com [10.10.123.79]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4060153; Wed, 30 Jan 2019 02:36:09 +0000 (UTC) Date: Tue, 29 Jan 2019 21:36:08 -0500 From: "Michael S. Tsirkin" To: Jason Wang Cc: Thiago Jung Bauermann , virtualization@lists.linux-foundation.org, linuxppc-dev@lists.ozlabs.org, iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org, Christoph Hellwig , David Gibson , Alexey Kardashevskiy , Paul Mackerras , Benjamin Herrenschmidt , Ram Pai , Jean-Philippe Brucker Subject: Re: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted Message-ID: <20190129213137-mutt-send-email-mst@kernel.org> References: <87zhrj8kcp.fsf@morokweng.localdomain> <87womn8inf.fsf@morokweng.localdomain> <20190129134750-mutt-send-email-mst@kernel.org> <6c68f7f7-1b28-6eba-9b8b-2c32efac9701@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <6c68f7f7-1b28-6eba-9b8b-2c32efac9701@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 30 Jan 2019 02:36:11 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jan 30, 2019 at 10:24:01AM +0800, Jason Wang wrote: > > On 2019/1/30 上午3:02, Michael S. Tsirkin wrote: > > On Tue, Jan 29, 2019 at 03:42:44PM -0200, Thiago Jung Bauermann wrote: > > > Fixing address of powerpc mailing list. > > > > > > Thiago Jung Bauermann writes: > > > > > > > Hello, > > > > > > > > With Christoph's rework of the DMA API that recently landed, the patch > > > > below is the only change needed in virtio to make it work in a POWER > > > > secure guest under the ultravisor. > > > > > > > > The other change we need (making sure the device's dma_map_ops is NULL > > > > so that the dma-direct/swiotlb code is used) can be made in > > > > powerpc-specific code. > > > > > > > > Of course, I also have patches (soon to be posted as RFC) which hook up > > > > to the powerpc secure guest support code. > > > > > > > > What do you think? > > > > > > > > From d0629a36a75c678b4a72b853f8f7f8c17eedd6b3 Mon Sep 17 00:00:00 2001 > > > > From: Thiago Jung Bauermann > > > > Date: Thu, 24 Jan 2019 22:08:02 -0200 > > > > Subject: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted > > > > > > > > The host can't access the guest memory when it's encrypted, so using > > > > regular memory pages for the ring isn't an option. Go through the DMA API. > > > > > > > > Signed-off-by: Thiago Jung Bauermann > > Well I think this will come back to bite us (witness xen which is now > > reworking precisely this path - but at least they aren't to blame, xen > > came before ACCESS_PLATFORM). > > > > I also still think the right thing would have been to set > > ACCESS_PLATFORM for all systems where device can't access all memory. > > > > But I also think I don't have the energy to argue about power secure > > guest anymore. So be it for power secure guest since the involved > > engineers disagree with me. Hey I've been wrong in the past ;). > > > > But the name "sev_active" makes me scared because at least AMD guys who > > were doing the sensible thing and setting ACCESS_PLATFORM (unless I'm > > wrong? I reemember distinctly that's so) will likely be affected too. > > We don't want that. > > > > So let's find a way to make sure it's just power secure guest for now > > pls. > > > > I also think we should add a dma_api near features under virtio_device > > such that these hacks can move off data path. > > > Anyway the current Xen code is conflict with spec which said: > > "If this feature bit is set to 0, then the device has same access to memory > addresses supplied to it as the driver has. In particular, the device will > always use physical addresses matching addresses used by the driver > (typically meaning physical addresses used by the CPU) and not translated > further, and can access any address supplied to it by the driver. When > clear, this overrides any platform-specific description of whether device > access is limited or translated in any way, e.g. whether an IOMMU may be > present. " > > I wonder how much value that the above description can give us. It's kind of > odd that the behavior of "when the feature is not negotiated" is described > in the spec. Hmm what's odd about it? We need to describe the behaviour is all cases. > Personally I think we can remove the above and then we can > switch to use DMA API unconditionally in guest driver. It may have single > digit regression probably, we can try to overcome it. > > Thanks This has been discussed ad nauseum. virtio is all about compatibility. Losing a couple of lines of code isn't worth breaking working setups. People that want "just use DMA API no tricks" now have the option. Setting a flag in a feature bit map is literally a single line of code in the hypervisor. So stop pushing for breaking working legacy setups and just fix it in the right place. > > > > > By the way could you please respond about virtio-iommu and > > why there's no support for ACCESS_PLATFORM on power? > > > > I have Cc'd you on these discussions. > > > > > > Thanks! > > > > > > > > --- > > > > drivers/virtio/virtio_ring.c | 5 ++++- > > > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > > > > > diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c > > > > index cd7e755484e3..321a27075380 100644 > > > > --- a/drivers/virtio/virtio_ring.c > > > > +++ b/drivers/virtio/virtio_ring.c > > > > @@ -259,8 +259,11 @@ static bool vring_use_dma_api(struct virtio_device *vdev) > > > > * not work without an even larger kludge. Instead, enable > > > > * the DMA API if we're a Xen guest, which at least allows > > > > * all of the sensible Xen configurations to work correctly. > > > > + * > > > > + * Also, if guest memory is encrypted the host can't access > > > > + * it directly. In this case, we'll need to use the DMA API. > > > > */ > > > > - if (xen_domain()) > > > > + if (xen_domain() || sev_active()) > > > > return true; > > > > > > > > return false; > > > > > > -- > > > Thiago Jung Bauermann > > > IBM Linux Technology Center