Re: [for-6.0 v5 12/13] securable guest memory: Alter virtio default properties for protected guests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 4 Dec 2020 09:29:59 +0100
Christian Borntraeger <borntraeger@xxxxxxxxxx> wrote:

> 
> 
> On 04.12.20 09:17, Cornelia Huck wrote:
> > On Fri, 4 Dec 2020 09:10:36 +0100
> > Christian Borntraeger <borntraeger@xxxxxxxxxx> wrote:
> > 
> >> On 04.12.20 06:44, David Gibson wrote:
> >>> The default behaviour for virtio devices is not to use the platforms normal
> >>> DMA paths, but instead to use the fact that it's running in a hypervisor
> >>> to directly access guest memory.  That doesn't work if the guest's memory
> >>> is protected from hypervisor access, such as with AMD's SEV or POWER's PEF.
> >>>
> >>> So, if a securable guest memory mechanism is enabled, then apply the
> >>> iommu_platform=on option so it will go through normal DMA mechanisms.
> >>> Those will presumably have some way of marking memory as shared with
> >>> the hypervisor or hardware so that DMA will work.
> >>>
> >>> Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
> >>> Reviewed-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
> >>> ---
> >>>  hw/core/machine.c | 13 +++++++++++++
> >>>  1 file changed, 13 insertions(+)
> >>>
> >>> diff --git a/hw/core/machine.c b/hw/core/machine.c
> >>> index a67a27d03c..d16273d75d 100644
> >>> --- a/hw/core/machine.c
> >>> +++ b/hw/core/machine.c
> >>> @@ -28,6 +28,8 @@
> >>>  #include "hw/mem/nvdimm.h"
> >>>  #include "migration/vmstate.h"
> >>>  #include "exec/securable-guest-memory.h"
> >>> +#include "hw/virtio/virtio.h"
> >>> +#include "hw/virtio/virtio-pci.h"
> >>>  
> >>>  GlobalProperty hw_compat_5_1[] = {
> >>>      { "vhost-scsi", "num_queues", "1"},
> >>> @@ -1169,6 +1171,17 @@ void machine_run_board_init(MachineState *machine)
> >>>           * areas.
> >>>           */
> >>>          machine_set_mem_merge(OBJECT(machine), false, &error_abort);
> >>> +
> >>> +        /*
> >>> +         * Virtio devices can't count on directly accessing guest
> >>> +         * memory, so they need iommu_platform=on to use normal DMA
> >>> +         * mechanisms.  That requires also disabling legacy virtio
> >>> +         * support for those virtio pci devices which allow it.
> >>> +         */
> >>> +        object_register_sugar_prop(TYPE_VIRTIO_PCI, "disable-legacy",
> >>> +                                   "on", true);
> >>> +        object_register_sugar_prop(TYPE_VIRTIO_DEVICE, "iommu_platform",
> >>> +                                   "on", false);  
> >>
> >> I have not followed all the history (sorry). Should we also set iommu_platform
> >> for virtio-ccw? Halil?
> >>
> > 
> > That line should add iommu_platform for all virtio devices, shouldn't
> > it?
> 
> Yes, sorry. Was misreading that with the line above. 
> 

I believe this is the best we can get. In a sense it is still a
pessimization, but it is a big usability improvement compared to having
to set iommu_platform manually. 

Regards,
Halil



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux