From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: "linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Linux Virtualization <virtualization@lists.linux-foundation.org>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Paolo Bonzini <pbonzini@redhat.com>,
"linux390@de.ibm.com" <linux390@de.ibm.com>
Subject: Re: [PATCH v5 2/3] virtio_pci: Use the DMA API for virtqueues when possible
Date: Thu, 2 Oct 2014 12:36:39 -0400 [thread overview]
Message-ID: <20141002163639.GE1715@laptop.dumpdata.com> (raw)
In-Reply-To: <CALCETrV7xZ0df6n7tdWJx+Wpj=a8_yGaw1a+9EVDvxE4NU-a1A@mail.gmail.com>
On Tue, Sep 30, 2014 at 11:01:29AM -0700, Andy Lutomirski wrote:
> On Tue, Sep 30, 2014 at 10:53 AM, Konrad Rzeszutek Wilk
> <konrad.wilk@oracle.com> wrote:
> >> x86 will be worse than PPC, too: the special case needed to support
> >> QEMU 2.2 with IOMMU and virtio enabled with a Xen guest will be fairly
> >> large and disgusting and will only exist to support something that IMO
> >> should never have existed in the first place.
> >
> > <scratches his head> I don't follow.
>
> If you boot a Xen PV dom0 on QEMU master with -machine q35,iommu=on
> and you add a virtio device, dom0 will end up with a PCI device that
> does DMA to "machine" addresses. These addresses are not compatible
> with the DMA API (which works with bus addresses), nor are they the
> same as physical addresses.
That is presumarily because the IOMMU assumes the virtio devices are real
devices, not fake ones.
>
> So virtio in current kernels won't work for the same reason they never
> work on Xen. But virtio-pci with my patches won't work either,
> because they (or the Xen hypervisor) will try to program the IOMMU
> with a non-identity mapping, causing everything to explode.
>
> Hacking up the virtio-pci driver to explicitly ask Xen for machine
> addresses might work, but, at the very least, it will be a giant
> security hole if anyone binds a virtio device to a domain other than
> dom0 (which, again, is kind of the point of having an IOMMU).
>
> >>
> >> PPC at least avoids *that* problem by virtue of not having Xen
> >> paravirt. (And please don't add Xen paravirt to PPC -- x86 is trying
> >> to kill it off, but this is a 5-10 year project.)
> >
> > Correction:
> > - The Xen project is trying to kill some of the paravirts off.
> > - KVM uses paravirts as well (and then added some)
>
> By "paravirt" I meant PV, where there's the weird physical/machine
> address discrepancy that's visible to the guest. This is not to say
> that Xen PVH wouldn't also be screwed running on QEMU master.
>
> --Andy
next prev parent reply other threads:[~2014-10-02 16:36 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-17 5:22 [PATCH v5 0/3] virtio: Use the DMA API when appropriate Andy Lutomirski
2014-09-17 5:22 ` [PATCH v5 1/3] virtio_ring: Support DMA APIs if requested Andy Lutomirski
2014-09-17 5:22 ` [PATCH v5 2/3] virtio_pci: Use the DMA API for virtqueues when possible Andy Lutomirski
2014-09-17 12:02 ` Benjamin Herrenschmidt
2014-09-17 14:16 ` Michael S. Tsirkin
2014-09-17 16:07 ` Andy Lutomirski
2014-09-17 16:49 ` David Woodhouse
2014-09-19 21:28 ` Benjamin Herrenschmidt
2014-09-19 21:33 ` Benjamin Herrenschmidt
2014-09-20 5:59 ` Andy Lutomirski
2014-09-21 5:03 ` Benjamin Herrenschmidt
2014-09-21 5:05 ` Benjamin Herrenschmidt
2014-09-21 5:48 ` Andy Lutomirski
2014-09-21 6:01 ` David Woodhouse
2014-09-24 21:41 ` Andy Lutomirski
2014-09-24 21:50 ` Benjamin Herrenschmidt
2014-09-24 21:59 ` Andy Lutomirski
2014-09-24 22:04 ` Benjamin Herrenschmidt
2014-09-24 22:15 ` Andy Lutomirski
2014-09-24 22:38 ` Benjamin Herrenschmidt
2014-09-24 22:49 ` Andy Lutomirski
2014-09-19 21:31 ` Benjamin Herrenschmidt
2014-09-29 18:55 ` Andy Lutomirski
2014-09-29 20:49 ` Benjamin Herrenschmidt
2014-09-29 20:55 ` Andy Lutomirski
2014-09-29 21:06 ` Benjamin Herrenschmidt
2014-09-30 15:38 ` Michael S. Tsirkin
2014-09-30 15:48 ` Andy Lutomirski
2014-09-30 16:19 ` Andy Lutomirski
2014-09-30 17:53 ` Konrad Rzeszutek Wilk
2014-09-30 18:01 ` Andy Lutomirski
2014-10-02 16:36 ` Konrad Rzeszutek Wilk [this message]
2014-10-01 6:42 ` Michael S. Tsirkin
2014-09-30 15:53 ` Paolo Bonzini
2014-10-01 7:36 ` Michael S. Tsirkin
2014-09-30 20:05 ` Andy Lutomirski
2014-10-06 9:59 ` Christian Borntraeger
2014-10-06 10:48 ` Benjamin Herrenschmidt
2014-09-17 16:09 ` Ira W. Snyder
2014-09-17 16:15 ` Andy Lutomirski
2014-09-17 5:22 ` [PATCH v5 3/3] virtio_net: Stop doing DMA from the stack Andy Lutomirski
2014-09-19 18:25 ` [PATCH v5 0/3] virtio: Use the DMA API when appropriate Konrad Rzeszutek Wilk
2014-09-19 18:25 ` Konrad Rzeszutek Wilk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141002163639.GE1715@laptop.dumpdata.com \
--to=konrad.wilk@oracle.com \
--cc=benh@kernel.crashing.org \
--cc=borntraeger@de.ibm.com \
--cc=linux-s390@vger.kernel.org \
--cc=linux390@de.ibm.com \
--cc=luto@amacapital.net \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.