Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp1198549ybl; Tue, 13 Aug 2019 08:51:12 -0700 (PDT) X-Google-Smtp-Source: APXvYqwbuF4miId9z4Iyq4DXn88gO8O6d/GyXysM2Z4UT/NqMFXpZjNJlOOEmKH2hV4u9GJhO4hS X-Received: by 2002:a65:6294:: with SMTP id f20mr19222791pgv.349.1565711472062; Tue, 13 Aug 2019 08:51:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565711472; cv=none; d=google.com; s=arc-20160816; b=szxq7/jRCXMqXNWO9303cV6ySRQS6B7jqJ2kkahKS9miOxgkwITCPp+k15IOtmyIOf ALs287qk49X77Z74ajPFHskcuBV1X0pEee5sTlw7qEvTqT5bbSBxpLdvvE1SfKKZj1Ld fikJZDsMvXVho4ouccxeP5DZVPwRnopHb0H5uPC0HVq4n+p/TjKT4LqAbq9pG9zQ0hvt fOzZrbym4KfCLYx6oRA1fCARMHa5TGaAujck+xBwDuKc04Q9oj+b51VQLTTYybh4du/K Q0hzPa+LX11F5soKavBmJBlOmOwdtmaMSqdvck63wRcpBInFWZhodIe3Kczri7XEXOUL 3Flg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:message-id:user-agent:in-reply-to :content-disposition:mime-version:references:reply-to:cc:to:from :date; bh=sfMJV6BCH4Jxu1t+uzPV/6WmY3YYgruUXkADT310P9U=; b=nW+WhW5LJG1KHm+lo+An62vFDGRxL+oxi2yLXZ40zcIWgWaETho7kKcWlxBpi04kFa I8I2Vofr5dhavTk0xw1i2vGCASqtx3tFRMAUqlLCMfo1PHrV1y3O5EKQC+X6mbXWkBl+ 89hq8Q0Ob/nacqFC4hFoUx+r/NmWRA9zZAdwYd/yZi5g/A0vSl941jCk6MdTUII4m5UL tCbBg3KkeVsW0izdbw2khEq0etARR5iS+5i0MlYmuduaYj9WQPJLtVVf+bcL/HfnUfXi cY98WhYVhZiwWbdWSkr4GuhG32p4Cn/u9+QtQlrz4RTjm2F2S4i9YpmfUbbR0iMxTLr4 D17w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n22si1180734pjt.55.2019.08.13.08.50.55; Tue, 13 Aug 2019 08:51:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728314AbfHMPpx (ORCPT + 99 others); Tue, 13 Aug 2019 11:45:53 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:38132 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727284AbfHMPpx (ORCPT ); Tue, 13 Aug 2019 11:45:53 -0400 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x7DFXWd5077074 for ; Tue, 13 Aug 2019 11:45:52 -0400 Received: from e06smtp03.uk.ibm.com (e06smtp03.uk.ibm.com [195.75.94.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 2ubyka1m5b-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 13 Aug 2019 11:45:51 -0400 Received: from localhost by e06smtp03.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 13 Aug 2019 16:45:49 +0100 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp03.uk.ibm.com (192.168.101.133) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 13 Aug 2019 16:45:44 +0100 Received: from b06wcsmtp001.portsmouth.uk.ibm.com (b06wcsmtp001.portsmouth.uk.ibm.com [9.149.105.160]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x7DFjgol60096752 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 13 Aug 2019 15:45:42 GMT Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D35FFA4054; Tue, 13 Aug 2019 15:45:42 +0000 (GMT) Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5D140A4060; Tue, 13 Aug 2019 15:45:40 +0000 (GMT) Received: from ram.ibm.com (unknown [9.85.191.17]) by b06wcsmtp001.portsmouth.uk.ibm.com (Postfix) with ESMTPS; Tue, 13 Aug 2019 15:45:40 +0000 (GMT) Date: Tue, 13 Aug 2019 08:45:37 -0700 From: Ram Pai To: David Gibson Cc: Christoph Hellwig , "Michael S. Tsirkin" , Thiago Jung Bauermann , virtualization@lists.linux-foundation.org, linuxppc-devel@lists.ozlabs.org, iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org, Jason Wang , Alexey Kardashevskiy , Paul Mackerras , Benjamin Herrenschmidt Reply-To: Ram Pai References: <87zhrj8kcp.fsf@morokweng.localdomain> <20190810143038-mutt-send-email-mst@kernel.org> <20190810220702.GA5964@ram.ibm.com> <20190811055607.GA12488@lst.de> <20190812095156.GD3947@umbus.fritz.box> <20190813132617.GA6426@lst.de> <20190813142439.GO3947@umbus.fritz.box> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190813142439.GO3947@umbus.fritz.box> User-Agent: Mutt/1.5.21 (2010-09-15) X-TM-AS-GCONF: 00 x-cbid: 19081315-0012-0000-0000-0000033E3613 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19081315-0013-0000-0000-000021784637 Message-Id: <20190813154537.GE5964@ram.ibm.com> Subject: RE: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-08-13_05:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=819 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1906280000 definitions=main-1908130159 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 14, 2019 at 12:24:39AM +1000, David Gibson wrote: > On Tue, Aug 13, 2019 at 03:26:17PM +0200, Christoph Hellwig wrote: > > On Mon, Aug 12, 2019 at 07:51:56PM +1000, David Gibson wrote: > > > AFAICT we already kind of abuse this for the VIRTIO_F_IOMMU_PLATFORM, > > > because to handle for cases where it *is* a device limitation, we > > > assume that if the hypervisor presents VIRTIO_F_IOMMU_PLATFORM then > > > the guest *must* select it. > > > > > > What we actually need here is for the hypervisor to present > > > VIRTIO_F_IOMMU_PLATFORM as available, but not required. Then we need > > > a way for the platform core code to communicate to the virtio driver > > > that *it* requires the IOMMU to be used, so that the driver can select > > > or not the feature bit on that basis. > > > > I agree with the above, but that just brings us back to the original > > issue - the whole bypass of the DMA OPS should be an option that the > > device can offer, not the other way around. And we really need to > > fix that root cause instead of doctoring around it. > > I'm not exactly sure what you mean by "device" in this context. Do > you mean the hypervisor (qemu) side implementation? > > You're right that this was the wrong way around to begin with, but as > well as being hard to change now, I don't see how it really addresses > the current problem. The device could default to IOMMU and allow > bypass, but the driver would still need to get information from the > platform to know that it *can't* accept that option in the case of a > secure VM. Reversed sense, but the same basic problem. > > The hypervisor does not, and can not be aware of the secure VM > restrictions - only the guest side platform code knows that. This statement is almost entirely right. I will rephrase it to make it entirely right. The hypervisor does not, and can not be aware of the secure VM requirement that it needs to do some special processing that has nothing to do with DMA address translation - only the guest side platform code know that. BTW: I do not consider 'bounce buffering' as 'DMA address translation'. DMA address translation, translates CPU address to DMA address. Bounce buffering moves the data from one buffer at a given CPU address to another buffer at a different CPU address. Unfortunately the current DMA ops conflates the two. The need to do 'DMA address translation' is something the device can enforce. But the need to do bounce buffering, is something that the device should not be aware and should be entirely a decision made locally by the kernel/driver in the secure VM. RP > > -- > David Gibson | I'll have my music baroque, and my code > david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ > | _way_ _around_! > http://www.ozlabs.org/~dgibson -- Ram Pai