On Wed, 2015-10-28 at 16:22 +0200, Michael S. Tsirkin wrote: > On Wed, Oct 28, 2015 at 11:13:29PM +0900, David Woodhouse wrote: > > On Wed, 2015-10-28 at 16:05 +0200, Michael S. Tsirkin wrote: > > > > > > Short answer - platforms need a way to discover, and express > > > different > > > security requirements of different devices. > > > > Sure. PLATFORMS need that. Do not let it go anywhere near your > > device > > drivers. Including the virtio drivers. > > But would there be any users of this outside the virtio subsystem? > If no, maybe virtio core is a logical place to keep this. Users of what? DMA API ops which basically do nothing? Sure — there are *plenty* of cases where there isn't actually an IOMMU in active use and the DMA API just returns the same address it was given. Obviously that happens in platforms without an IOMMU, but it also happens in cases where an IOMMU exists but is in passthrough mode, and it also happens in cases where an IOMMU exists somewhere in the system but only translates for *other* devices. In all cases, drivers must just use the DMA API and *it* is responsible for doing the right thing. > I don't have a problem with extending DMA API to address > more usecases. No, this isn't an extension. This is fixing a bug, on certain platforms where the DMA API has currently done the wrong thing. We have historically worked around that bug by introducing *another* bug, which is not to *use* the DMA API in the virtio driver. Sure, we can co-ordinate those two bug-fixes. But let's not talk about them as anything other than bug-fixes. > > Drivers use DMA API. No more talky. > > Well for virtio they don't ATM. And 1:1 mapping makes perfect sense > for the wast majority of users, so I can't switch them over > until the DMA API actually addresses all existing usecases. That's still not your business; it's the platform's. And there are hardware implementations of the virtio protocols on real PCI cards. And we have the option of doing IOMMU translation for the virtio devices even in a virtual machine. Just don't get involved. -- dwmw2
Attachment:
smime.p7s
Description: S/MIME cryptographic signature