On 1/14/19 12:20 PM, Michael S. Tsirkin wrote: > On Mon, Jan 14, 2019 at 08:41:37PM +0800, Jason Wang wrote: >> >> On 2019/1/14 下午5:50, Christoph Hellwig wrote: >>> On Mon, Jan 14, 2019 at 05:41:56PM +0800, Jason Wang wrote: >>>> On 2019/1/11 下午5:15, Joerg Roedel wrote: >>>>> On Fri, Jan 11, 2019 at 11:29:31AM +0800, Jason Wang wrote: >>>>>> Just wonder if my understanding is correct IOMMU_PLATFORM must be set for >>>>>> all virtio devices under AMD-SEV guests? >>>>> Yes, that is correct. Emulated DMA can only happen on the SWIOTLB >>>>> aperture, because that memory is not encrypted. The guest bounces the >>>>> data then to its encrypted memory. >>>>> >>>>> Regards, >>>>> >>>>> Joerg >>>> >>>> Thanks, have you tested vhost-net in this case. I suspect it may not work >>> Which brings me back to my pet pevee that we need to take actions >>> that virtio uses the proper dma mapping API by default with quirks >>> for legacy cases. The magic bypass it uses is just causing problems >>> over problems. >> >> >> Yes, I fully agree with you. This is probably an exact example of such >> problem. >> >> Thanks > > I don't think so - the issue is really that DMA API does not yet handle > the SEV case 100% correctly. I suspect passthrough devices would have > the same issue. > In case of SEV, emulated DMA is performed through the SWIOTLB (which bounces the encrypted buffers). The issue reported here will happen on any platform which is making use of SWIOTLB. We could easily reproduce the the virtio-blk failure if we configure swiotlb=force in non SEV guest. Unfortunately in case of SEV the SWIOTLB is must. As Jorge highlighted the main issue is limitation of the SWIOTLB, it does not support allocation/map larger than 256Kb. > In fact whoever sets IOMMU_PLATFORM is completely unaffected by > Christoph's pet peeve. > > Christoph is saying that !IOMMU_PLATFORM devices should hide the > compatibility code in a special per-device DMA API implementation. > Which would be fine especially if we can manage not to introduce a bunch > of indirect calls all over the place and hurt performance. It's just > that the benefit is unlikely to be big (e.g. we can't also get rid of > the virtio specific memory barriers) so no one was motivated enough to > work on it. >