Re: [PATCH 1/2] mm: move force_dma_unencrypted() to mem_encrypt.h

[PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · Halil Pasic <pasic@linux.ibm.com> · 2020-02-20
[PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · Halil Pasic <pasic@linux.ibm.com> · 2020-02-20
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · Christoph Hellwig <hch@lst.de> · 2020-02-20
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · David Gibson <hidden> · 2020-02-21
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · Jason Wang <jasowang@redhat.com> · 2020-02-21
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · Halil Pasic <pasic@linux.ibm.com> · 2020-02-21
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · Halil Pasic <pasic@linux.ibm.com> · 2020-02-21
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · Christoph Hellwig <hch@lst.de> · 2020-02-21
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · David Gibson <hidden> · 2020-02-24
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · Halil Pasic <pasic@linux.ibm.com> · 2020-02-24
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · Halil Pasic <pasic@linux.ibm.com> · 2020-02-21
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · Christoph Hellwig <hch@lst.de> · 2020-02-21
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · Halil Pasic <pasic@linux.ibm.com> · 2020-02-21
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · "Michael S. Tsirkin" <mst@redhat.com> · 2020-02-22
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · Christoph Hellwig <hch@lst.de> · 2020-02-24
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · "Michael S. Tsirkin" <mst@redhat.com> · 2020-02-20
RE: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · Ram Pai <hidden> · 2020-02-21
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · David Gibson <hidden> · 2020-02-21
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · Halil Pasic <pasic@linux.ibm.com> · 2020-02-21
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · Tom Lendacky <thomas.lendacky@amd.com> · 2020-02-21
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · David Gibson <hidden> · 2020-02-24
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · "Michael S. Tsirkin" <mst@redhat.com> · 2020-02-21
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · Christoph Hellwig <hch@lst.de> · 2020-02-21
Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected · Halil Pasic <pasic@linux.ibm.com> · 2020-02-21
[PATCH 1/2] mm: move force_dma_unencrypted() to mem_encrypt.h · Halil Pasic <pasic@linux.ibm.com> · 2020-02-20
Re: [PATCH 1/2] mm: move force_dma_unencrypted() to mem_encrypt.h · Christoph Hellwig <hch@lst.de> · 2020-02-20
Re: [PATCH 1/2] mm: move force_dma_unencrypted() to mem_encrypt.h · Christian Borntraeger <hidden> · 2020-02-20
Re: [PATCH 1/2] mm: move force_dma_unencrypted() to mem_encrypt.h · Christoph Hellwig <hch@lst.de> · 2020-02-20
Re: [PATCH 1/2] mm: move force_dma_unencrypted() to mem_encrypt.h · Christian Borntraeger <hidden> · 2020-02-20
Re: [PATCH 1/2] mm: move force_dma_unencrypted() to mem_encrypt.h · David Gibson <hidden> · 2020-02-21
Re: [PATCH 1/2] mm: move force_dma_unencrypted() to mem_encrypt.h · Halil Pasic <pasic@linux.ibm.com> · 2020-02-21
Re: [PATCH 1/2] mm: move force_dma_unencrypted() to mem_encrypt.h · "Michael S. Tsirkin" <mst@redhat.com> · 2020-02-21
Re: [PATCH 1/2] mm: move force_dma_unencrypted() to mem_encrypt.h · Halil Pasic <pasic@linux.ibm.com> · 2020-02-21
Re: [PATCH 1/2] mm: move force_dma_unencrypted() to mem_encrypt.h · David Gibson <hidden> · 2020-02-24
Re: [PATCH 1/2] mm: move force_dma_unencrypted() to mem_encrypt.h · Halil Pasic <pasic@linux.ibm.com> · 2020-02-24
Re: [PATCH 1/2] mm: move force_dma_unencrypted() to mem_encrypt.h · Cornelia Huck <cohuck@redhat.com> · 2020-02-25
Re: [PATCH 1/2] mm: move force_dma_unencrypted() to mem_encrypt.h · David Gibson <hidden> · 2020-02-28
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · "Michael S. Tsirkin" <mst@redhat.com> · 2020-02-20
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · "Michael S. Tsirkin" <mst@redhat.com> · 2020-02-20
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · Halil Pasic <pasic@linux.ibm.com> · 2020-02-21
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · "Michael S. Tsirkin" <mst@redhat.com> · 2020-02-20
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · Halil Pasic <pasic@linux.ibm.com> · 2020-02-21
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · Christoph Hellwig <hch@lst.de> · 2020-02-21
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · David Gibson <hidden> · 2020-02-24
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · Jason Wang <jasowang@redhat.com> · 2020-02-21
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · Halil Pasic <pasic@linux.ibm.com> · 2020-02-21
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · Jason Wang <jasowang@redhat.com> · 2020-02-24
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · "Michael S. Tsirkin" <mst@redhat.com> · 2020-02-24
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · Jason Wang <jasowang@redhat.com> · 2020-02-24
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · "Michael S. Tsirkin" <mst@redhat.com> · 2020-02-24
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · Jason Wang <jasowang@redhat.com> · 2020-02-24
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · "Michael S. Tsirkin" <mst@redhat.com> · 2020-02-24
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · Jason Wang <jasowang@redhat.com> · 2020-02-25
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · Halil Pasic <pasic@linux.ibm.com> · 2020-02-24
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · Jason Wang <jasowang@redhat.com> · 2020-02-25
Re: [PATCH 0/2] virtio: decouple protected guest RAM form VIRTIO_F_IOMMU_PLATFORM · David Gibson <hidden> · 2020-02-24

From: David Gibson <hidden>
Date: 2020-02-28 01:04:55
Also in: linux-iommu, linux-s390, lkml

On Tue, Feb 25, 2020 at 07:08:02PM +0100, Cornelia Huck wrote:

On Mon, 24 Feb 2020 19:49:53 +0100
Halil Pasic [off-list ref] wrote:

quoted

On Mon, 24 Feb 2020 14:33:14 +1100
David Gibson [off-list ref] wrote:

quoted

On Fri, Feb 21, 2020 at 07:07:02PM +0100, Halil Pasic wrote:

quoted

On Fri, 21 Feb 2020 10:48:15 -0500
"Michael S. Tsirkin" [off-list ref] wrote:

quoted

On Fri, Feb 21, 2020 at 02:06:39PM +0100, Halil Pasic wrote:

quoted

On Fri, 21 Feb 2020 14:27:27 +1100
David Gibson [off-list ref] wrote:

quoted

On Thu, Feb 20, 2020 at 05:31:35PM +0100, Christoph Hellwig wrote:

quoted

On Thu, Feb 20, 2020 at 05:23:20PM +0100, Christian Borntraeger wrote:

quoted

From a users perspective it makes absolutely perfect sense to use the

bounce buffers when they are NEEDED. 
Forcing the user to specify iommu_platform just because you need bounce buffers
really feels wrong. And obviously we have a severe performance issue
because of the indirections.

The point is that the user should not have to specify iommu_platform.
We need to make sure any new hypervisor (especially one that might require
bounce buffering) always sets it,

So, I have draft qemu patches which enable iommu_platform by default.
But that's really because of other problems with !iommu_platform, not
anything to do with bounce buffering or secure VMs.

The thing is that the hypervisor *doesn't* require bounce buffering.
In the POWER (and maybe s390 as well) models for Secure VMs, it's the
*guest*'s choice to enter secure mode, so the hypervisor has no reason
to know whether the guest needs bounce buffering.  As far as the
hypervisor and qemu are concerned that's a guest internal detail, it
just expects to get addresses it can access whether those are GPAs
(iommu_platform=off) or IOVAs (iommu_platform=on).

I very much agree!

quoted

as was a rather bogus legacy hack

It was certainly a bad idea, but it was a bad idea that went into a
public spec and has been widely deployed for many years.  We can't
just pretend it didn't happen and move on.

Turning iommu_platform=on by default breaks old guests, some of which
we still care about.  We can't (automatically) do it only for guests
that need bounce buffering, because the hypervisor doesn't know that
ahead of time.

We could default to iommu_platform=on on s390 when the host has active
support for protected virtualization... but that's just another kind of
horrible, so let's just pretend I didn't suggest it.

Yeah, that would break migration between hosts with the feature and
hosts without - for everything, not just protected guests.  In general
any kind of guest visible configuration change based on host
properties is incompatible with the qemu/KVM migration model.

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

Attachments

signature.asc [application/pgp-signature] 833 bytes

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help