On 14/01/2019 18:20, Michael S. Tsirkin wrote:
On Mon, Jan 14, 2019 at 08:41:37PM +0800, Jason Wang wrote:
On 2019/1/14 下午5:50, Christoph Hellwig wrote:
On Mon, Jan 14, 2019 at 05:41:56PM +0800, Jason Wang wrote:
On 2019/1/11 下午5:15, Joerg Roedel wrote:
On Fri, Jan 11, 2019 at 11:29:31AM +0800, Jason Wang wrote:
Just wonder if my understanding is correct IOMMU_PLATFORM must be set for
all virtio devices under AMD-SEV guests?
Yes, that is correct. Emulated DMA can only happen on the SWIOTLB
aperture, because that memory is not encrypted. The guest bounces the
data then to its encrypted memory.
Regards,
Joerg
Thanks, have you tested vhost-net in this case. I suspect it may not work
Which brings me back to my pet pevee that we need to take actions
that virtio uses the proper dma mapping API by default with quirks
for legacy cases. The magic bypass it uses is just causing problems
over problems.
Yes, I fully agree with you. This is probably an exact example of such
problem.
Thanks
I don't think so - the issue is really that DMA API does not yet handle
the SEV case 100% correctly. I suspect passthrough devices would have
the same issue.
Huh? Regardless of which virtio devices use it or not, the DMA API is
handling the SEV case as correctly as it possibly can, by forcing
everything through the unencrypted bounce buffer. If the segments being
mapped are too big for that bounce buffer in the first place, there's
nothing it can possibly do except fail, gracefully or otherwise.
Now, in theory, yes, the real issue at hand is not unique to virtio-blk
nor SEV - any driver whose device has a sufficiently large DMA segment
size and who manages to get sufficient physically-contiguous memory
could technically generate a scatterlist segment longer than SWIOTLB can
handle. However, in practice that basically never happens, not least
because very few drivers ever override the default 64K DMA segment
limit. AFAICS nothing in drivers/virtio is calling
dma_set_max_seg_size() or otherwise assigning any dma_parms to replace
the defaults either, so the really interesting question here is how are
these apparently-out-of-spec 256K segments getting generated at all?
Robin.