On Fri, 4 Dec 2020 09:29:59 +0100
Christian Borntraeger <borntraeger@xxxxxxxxxx> wrote:
>
>
> On 04.12.20 09:17, Cornelia Huck wrote:
> > On Fri, 4 Dec 2020 09:10:36 +0100
> > Christian Borntraeger <borntraeger@xxxxxxxxxx> wrote:
> >
> >> On 04.12.20 06:44, David Gibson wrote:
> >>> The default behaviour for virtio devices is not to use the platforms normal
> >>> DMA paths, but instead to use the fact that it's running in a hypervisor
> >>> to directly access guest memory. That doesn't work if the guest's memory
> >>> is protected from hypervisor access, such as with AMD's SEV or POWER's PEF.
> >>>
> >>> So, if a securable guest memory mechanism is enabled, then apply the
> >>> iommu_platform=on option so it will go through normal DMA mechanisms.
> >>> Those will presumably have some way of marking memory as shared with
> >>> the hypervisor or hardware so that DMA will work.
> >>>
> >>> Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
> >>> Reviewed-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
> >>> ---
> >>> hw/core/machine.c | 13 +++++++++++++
> >>> 1 file changed, 13 insertions(+)
> >>>
> >>> diff --git a/hw/core/machine.c b/hw/core/machine.c
> >>> index a67a27d03c..d16273d75d 100644
> >>> --- a/hw/core/machine.c
> >>> +++ b/hw/core/machine.c
> >>> @@ -28,6 +28,8 @@
> >>> #include "hw/mem/nvdimm.h"
> >>> #include "migration/vmstate.h"
> >>> #include "exec/securable-guest-memory.h"
> >>> +#include "hw/virtio/virtio.h"
> >>> +#include "hw/virtio/virtio-pci.h"
> >>>
> >>> GlobalProperty hw_compat_5_1[] = {
> >>> { "vhost-scsi", "num_queues", "1"},
> >>> @@ -1169,6 +1171,17 @@ void machine_run_board_init(MachineState *machine)
> >>> * areas.
> >>> */
> >>> machine_set_mem_merge(OBJECT(machine), false, &error_abort);
> >>> +
> >>> + /*
> >>> + * Virtio devices can't count on directly accessing guest
> >>> + * memory, so they need iommu_platform=on to use normal DMA
> >>> + * mechanisms. That requires also disabling legacy virtio
> >>> + * support for those virtio pci devices which allow it.
> >>> + */
> >>> + object_register_sugar_prop(TYPE_VIRTIO_PCI, "disable-legacy",
> >>> + "on", true);
> >>> + object_register_sugar_prop(TYPE_VIRTIO_DEVICE, "iommu_platform",
> >>> + "on", false);
> >>
> >> I have not followed all the history (sorry). Should we also set iommu_platform
> >> for virtio-ccw? Halil?
> >>
> >
> > That line should add iommu_platform for all virtio devices, shouldn't
> > it?
>
> Yes, sorry. Was misreading that with the line above.
>
I believe this is the best we can get. In a sense it is still a
pessimization, but it is a big usability improvement compared to having
to set iommu_platform manually.
Regards,
Halil
