Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp50503ybi; Mon, 15 Jul 2019 16:26:00 -0700 (PDT) X-Google-Smtp-Source: APXvYqz1hqod5DbaufN7zzi96+1CsBdDLS98lOf7RpCY9rzQOy4koZjnt1vf+B+gcn8ZrTIW+ntq X-Received: by 2002:a65:62d7:: with SMTP id m23mr29639527pgv.358.1563233160531; Mon, 15 Jul 2019 16:26:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563233160; cv=none; d=google.com; s=arc-20160816; b=o40RDvFAmsZEudK3eDXrQqAshZCX/oj883X+B6MWR9vgbVankEowdTsPcWwrMut8ws f8loPUbZr21LeoVYHe1NSCYcultQ/5ZKcQlRpxrmDyCdVBHld7jc7HB/Ld6vEkEM7MJ0 a1LZbbmDtwMfRvRG9SewQRiSGZTuhwXtTjVPj7XMZBfbip26q3HCgiKAxQZKCqhg48eP KS6yZw51owRf/7tfMpYUmJBdYTqaHke6j8MO6ypZCN9t9xnubVX6ArXtwjMG78Nt7NSl IkwqfeWsd0UJvkeMSz3o9O94H4n2OtxdthwqSmxRn3wnY1fz4W1cI6OhPn3qzG00mAgA Arug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id; bh=+RNAGiT23xYPeTbYBMyd5XkIOvfF5itCKRWctA1dlcs=; b=DsodGLxgnzEJF5YeAQIpDrkuY7PEvelIXaRs6V1uqVEJmxjtzUhS21A8H1fNJPsU6x 2APt/lCRjjqo4oeCHE9Utoc7XFryj5cg51tv1Ihg5YlkXR39kgX35KoFHy6TIuf4ArIv Ele+sA3A52j57gg8WO1QNZnPMh+DlVQlZwB7A5Z4Lcbwr7tsv5BIhQElshdNQtJIbtM7 EB2qxiln5+tpQaffnF+tHDRwxDm6WvrxkEm/NcCd1yKJ831crERXMcV7SN0tj0i3SWBS Vov3oc7PhHuCvyCpCj0vRUSLNfsoxhH/9JBBkIQ+aA8LQ0GzFJ+pvatCKgPwJUWz43Pv +mZA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y10si15869681plp.117.2019.07.15.16.25.43; Mon, 15 Jul 2019 16:26:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732171AbfGOXYp (ORCPT + 99 others); Mon, 15 Jul 2019 19:24:45 -0400 Received: from gate.crashing.org ([63.228.1.57]:38865 "EHLO gate.crashing.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731284AbfGOXYp (ORCPT ); Mon, 15 Jul 2019 19:24:45 -0400 Received: from localhost (localhost.localdomain [127.0.0.1]) by gate.crashing.org (8.14.1/8.14.1) with ESMTP id x6FNO7XS032164; Mon, 15 Jul 2019 18:24:08 -0500 Message-ID: Subject: Re: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted From: Benjamin Herrenschmidt To: Thiago Jung Bauermann , "Michael S. Tsirkin" Cc: virtualization@lists.linux-foundation.org, linuxppc-dev@lists.ozlabs.org, iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org, Jason Wang , Christoph Hellwig , David Gibson , Alexey Kardashevskiy , Paul Mackerras , Ram Pai , Jean-Philippe Brucker , Michael Roth , Mike Anderson Date: Tue, 16 Jul 2019 09:24:06 +1000 In-Reply-To: <8736j7neg8.fsf@morokweng.localdomain> References: <20190323165456-mutt-send-email-mst@kernel.org> <87a7go71hz.fsf@morokweng.localdomain> <20190520090939-mutt-send-email-mst@kernel.org> <877ea26tk8.fsf@morokweng.localdomain> <20190603211528-mutt-send-email-mst@kernel.org> <877e96qxm7.fsf@morokweng.localdomain> <20190701092212-mutt-send-email-mst@kernel.org> <87d0id9nah.fsf@morokweng.localdomain> <20190715103411-mutt-send-email-mst@kernel.org> <874l3nnist.fsf@morokweng.localdomain> <20190715163453-mutt-send-email-mst@kernel.org> <8736j7neg8.fsf@morokweng.localdomain> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5-0ubuntu0.18.04.1 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2019-07-15 at 19:03 -0300, Thiago Jung Bauermann wrote: > > > Indeed. The idea is that QEMU can offer the flag, old guests can > > > reject > > > it (or even new guests can reject it, if they decide not to > > > convert into > > > secure VMs) and the feature negotiation will succeed with the > > > flag > > > unset. > > > > OK. And then what does QEMU do? Assume guest is not encrypted I > > guess? > > There's nothing different that QEMU needs to do, with or without the > flag. the perspective of the host, a secure guest and a regular guest > work the same way with respect to virtio. This is *precisely* why I was against adding a flag and touch the protocol negociation with qemu in the first place, back when I cared about that stuff... Guys, this has gone in circles over and over again. This has nothing to do with qemu. Qemu doesn't need to know about this. It's entirely guest local. This is why the one-liner in virtio was a far better and simpler solution. This is something the guest does to itself (with the participation of a ultravisor but that's not something qemu cares about at this stage, at least not as far as virtio is concerned). Basically, the guest "hides" its memory from the host using a HW secure memory facility. As a result, it needs to ensure that all of its DMA pages are bounced through insecure pages that aren't hidden. That's it, it's all guest side. Qemu shouldn't have to care about it at all. Cheers, Ben.