On Thu, 20 Feb 2020 16:29:50 -0500 "Michael S. Tsirkin" <mst@xxxxxxxxxx> wrote: > On Thu, Feb 20, 2020 at 05:06:04PM +0100, Halil Pasic wrote: > > * This usage is not congruent with standardised semantics of > > VIRTIO_F_IOMMU_PLATFORM. Guest memory protected is an orthogonal reason > > for using DMA API in virtio (orthogonal with respect to what is > > expressed by VIRTIO_F_IOMMU_PLATFORM). > > Quoting the spec: > > \item[VIRTIO_F_ACCESS_PLATFORM(33)] This feature indicates that > the device can be used on a platform where device access to data > in memory is limited and/or translated. E.g. this is the case if the device can be located > behind an IOMMU that translates bus addresses from the device into physical > addresses in memory, if the device can be limited to only access > certain memory addresses or if special commands such as > a cache flush can be needed to synchronise data in memory with > the device. Whether accesses are actually limited or translated > is described by platform-specific means. > If this feature bit is set to 0, then the device > has same access to memory addresses supplied to it as the > driver has. > In particular, the device will always use physical addresses > matching addresses used by the driver (typically meaning > physical addresses used by the CPU) > and not translated further, and can access any address supplied to it by > the driver. When clear, this overrides any platform-specific description of > whether device access is limited or translated in any way, e.g. > whether an IOMMU may be present. > > since device can't access encrypted memory, > this seems to match your case reasonably well. > As David already explained, the device does not have to access encrypted memory. In fact, we don't have memory encryption but memory protection on s390. All the device *should* ever see is non-protected memory (one that was previously shared by the guest). Our protected guests start as non-protected ones, and may or may not turn protected during their life-span. From the device perspective, really, nothing changes. I believe David explained this much better than I did. Regards, Halil
