On 3/5/20 4:15 PM, Ram Pai wrote: > On Thu, Mar 05, 2020 at 10:55:45AM +1100, David Gibson wrote: >> On Wed, Mar 04, 2020 at 04:56:09PM +0100, Cédric Le Goater wrote: >>> [ ... ] >>> >>>> (1) applied the patch which shares the EQ-page with the hypervisor. >>>> (2) set "kernel_irqchip=off" >>>> (3) set "ic-mode=xive" >>> >>> you don't have to set the interrupt mode. xive should be negotiated >>> by default. >>> >>>> (4) set "svm=on" on the kernel command line. >>>> (5) no changes to the hypervisor and ultravisor. >>>> >>>> And Boom it works!. So you were right. >>> >>> Excellent. >>> >>>> I am sending out the patch for (1) above ASAP. >>> >>> Next step, could you please try to do the same with the TIMA and ESB pfn ? >>> and use KVM. >> >> I'm a bit confused by this. Aren't the TIMA and ESB pages essentially >> IO pages, rather than memory pages from the guest's point of view? I >> assume only memory pages are protected with PEF - I can't even really >> see what protecting an IO page would even mean. > > It means, that the hypervisor and qemu cannot access the addresses used > to access the I/O pages. It can only be accessed by Ultravisor and the > SVM. > > As it stands today, those pages are accessible from the hypervisor > and not from the SVM or the ultravisor. > > To make it work, we need to enable acccess to those pages from the SVM > and from the ultravisor. One thing I am not clear is should we block > access to those pages from the hypervisor. If yes, than there is no> good way to do that, without hardware help. If no, than those GPA pages > can be shared, so that hypervisor/ultravisor/qemu/SVM can all access > those pages. They are shared. KVM will also access them, at interrupt creation, device reset and passthrough. QEMU will use them to mask on/off the interrupts in case of guest migration or machine stop/continue. C.
