On Tue, Dec 08, 2020 at 01:50:05PM +0100, Cornelia Huck wrote: > On Tue, 8 Dec 2020 11:28:29 +0100 > Halil Pasic <pasic@xxxxxxxxxxxxx> wrote: > > > On Tue, 8 Dec 2020 12:54:03 +1100 > > David Gibson <david@xxxxxxxxxxxxxxxxxxxxx> wrote: > > > > > > > >>> + * Virtio devices can't count on directly accessing guest > > > > > >>> + * memory, so they need iommu_platform=on to use normal DMA > > > > > >>> + * mechanisms. That requires also disabling legacy virtio > > > > > >>> + * support for those virtio pci devices which allow it. > > > > > >>> + */ > > > > > >>> + object_register_sugar_prop(TYPE_VIRTIO_PCI, "disable-legacy", > > > > > >>> + "on", true); > > > > > >>> + object_register_sugar_prop(TYPE_VIRTIO_DEVICE, "iommu_platform", > > > > > >>> + "on", false); > > > > > >> > > > > > >> I have not followed all the history (sorry). Should we also set iommu_platform > > > > > >> for virtio-ccw? Halil? > > > > > >> > > > > > > > > > > > > That line should add iommu_platform for all virtio devices, shouldn't > > > > > > it? > > > > > > > > > > Yes, sorry. Was misreading that with the line above. > > > > > > > > > > > > > I believe this is the best we can get. In a sense it is still a > > > > pessimization, > > > > > > I'm not really clear on what you're getting at here. > > > > By pessimiziation, I mean that we are going to indicate > > _F_PLATFORM_ACCESS even if it isn't necessary, because the guest never > > opted in for confidential/memory protection/memory encryption. We have > > discussed this before, and I don't see a better solution that works for > > everybody. > > If you consider specifying the secure guest option as a way to tell > QEMU to make everything ready for running a secure guest, I'd certainly > consider it necessary. If you do not want to force it, you should not > do the secure guest preparation setup. Right, that's my feeling as well. I'm also of the opinion that !F_PLATFORM_ACCESS is kind of a nasty hack that has some other problems (e.g. it means an L1 can't safely pass the device into an L2). -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
Attachment:
signature.asc
Description: PGP signature