On 08.12.20 02:54, David Gibson wrote:
> On Fri, Dec 04, 2020 at 03:43:10PM +0100, Halil Pasic wrote:
>> On Fri, 4 Dec 2020 09:29:59 +0100
>> Christian Borntraeger <borntraeger@xxxxxxxxxx> wrote:
>>
>>> On 04.12.20 09:17, Cornelia Huck wrote:
>>>> On Fri, 4 Dec 2020 09:10:36 +0100
>>>> Christian Borntraeger <borntraeger@xxxxxxxxxx> wrote:
>>>>
>>>>> On 04.12.20 06:44, David Gibson wrote:
>>>>>> The default behaviour for virtio devices is not to use the platforms normal
>>>>>> DMA paths, but instead to use the fact that it's running in a hypervisor
>>>>>> to directly access guest memory. That doesn't work if the guest's memory
>>>>>> is protected from hypervisor access, such as with AMD's SEV or POWER's PEF.
>>>>>>
>>>>>> So, if a securable guest memory mechanism is enabled, then apply the
>>>>>> iommu_platform=on option so it will go through normal DMA mechanisms.
>>>>>> Those will presumably have some way of marking memory as shared with
>>>>>> the hypervisor or hardware so that DMA will work.
>>>>>>
>>>>>> Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>
>>>>>> Reviewed-by: Dr. David Alan Gilbert <dgilbert@xxxxxxxxxx>
>>>>>> ---
>>>>>> hw/core/machine.c | 13 +++++++++++++
>>>>>> 1 file changed, 13 insertions(+)
>>>>>>
>>>>>> diff --git a/hw/core/machine.c b/hw/core/machine.c
>>>>>> index a67a27d03c..d16273d75d 100644
>>>>>> --- a/hw/core/machine.c
>>>>>> +++ b/hw/core/machine.c
>>>>>> @@ -28,6 +28,8 @@
>>>>>> #include "hw/mem/nvdimm.h"
>>>>>> #include "migration/vmstate.h"
>>>>>> #include "exec/securable-guest-memory.h"
>>>>>> +#include "hw/virtio/virtio.h"
>>>>>> +#include "hw/virtio/virtio-pci.h"
>>>>>>
>>>>>> GlobalProperty hw_compat_5_1[] = {
>>>>>> { "vhost-scsi", "num_queues", "1"},
>>>>>> @@ -1169,6 +1171,17 @@ void machine_run_board_init(MachineState *machine)
>>>>>> * areas.
>>>>>> */
>>>>>> machine_set_mem_merge(OBJECT(machine), false, &error_abort);
>>>>>> +
>>>>>> + /*
>>>>>> + * Virtio devices can't count on directly accessing guest
>>>>>> + * memory, so they need iommu_platform=on to use normal DMA
>>>>>> + * mechanisms. That requires also disabling legacy virtio
>>>>>> + * support for those virtio pci devices which allow it.
>>>>>> + */
>>>>>> + object_register_sugar_prop(TYPE_VIRTIO_PCI, "disable-legacy",
>>>>>> + "on", true);
>>>>>> + object_register_sugar_prop(TYPE_VIRTIO_DEVICE, "iommu_platform",
>>>>>> + "on", false);
>>>>>
>>>>> I have not followed all the history (sorry). Should we also set iommu_platform
>>>>> for virtio-ccw? Halil?
>>>>>
>>>>
>>>> That line should add iommu_platform for all virtio devices, shouldn't
>>>> it?
>>>
>>> Yes, sorry. Was misreading that with the line above.
>>>
>>
>> I believe this is the best we can get. In a sense it is still a
>> pessimization,
>
> I'm not really clear on what you're getting at here.
I think Halils point is that somebody might come up with a solution where things would
work even without iommu_platform. But as he said, still the best setting we can get
to cover all cases.
