Re: [PATCH 2/2] spapr: Enable virtio iommu_platform=on by default

["Michael S. Tsirkin" <mst@redhat.com>]

On Fri, Feb 07, 2020 at 03:30:55PM +1100, David Gibson wrote:
> Traditionally, virtio devices don't do DMA by the usual path on the
> guest platform.  In particular they usually bypass any virtual IOMMU
> the guest has, using hypervisor magic to access untranslated guest
> physical addresses.
> 
> There's now the optional iommu_platform flag which can tell virtio
> devices to use the platform's normal DMA path, including any IOMMUs.
> That flag was motiviated for the case of hardware virtio
> implementations, but there are other reasons to want it.
> 
> Specifically, the fact that the virtio device doesn't use vIOMMU
> translation means that virtio devices are unsafe to pass to nested
> guests, or to use with VFIO userspace drivers inside the guest.  This
> is particularly noticeable on the pseries platform which *always* has
> a guest-visible vIOMMU.
> 
> Not using the normal DMA path also causes difficulties for the guest
> side driver when using the upcoming POWER Secure VMs (a.k.a. PEF).
> While it's theoretically possible to handle this on the guest side,
> it's really fiddly.  Given the other problems with the non-translated
> virtio device, let's just enable vIOMMU translation for virtio devices
> by default in the pseries-5.0 (and later) machine types.
> 
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

Worth noting that since iommu_platform is mandatory for guests,
this disables support for guests older than Linux 4.8.


> ---
>  hw/ppc/spapr.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 216d3b34dc..78e031e80a 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -4518,6 +4518,7 @@ static void spapr_machine_5_0_class_options(MachineClass *mc)
>       * default behaviour for virtio */
>      static GlobalProperty compat[] = {
>          { TYPE_VIRTIO_PCI, "disable-legacy", "on", },
> +        { TYPE_VIRTIO_DEVICE, "iommu_platform", "on", },
>      };
>  
>      compat_props_add(mc->compat_props, compat, G_N_ELEMENTS(compat));
> @@ -4533,6 +4534,7 @@ static void spapr_machine_4_2_class_options(MachineClass *mc)
>      SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
>      static GlobalProperty compat[] = {
>          { TYPE_VIRTIO_PCI, "disable-legacy", "auto" },
> +        { TYPE_VIRTIO_DEVICE, "iommu_platform", "off", },
>      };
>  
>      spapr_machine_5_0_class_options(mc);
> -- 
> 2.24.1