From: Michael Ellerman <mpe@ellerman.id.au>
To: Alexey Kardashevskiy <aik@ozlabs.ru>, linuxppc-dev@lists.ozlabs.org
Cc: Alexey Kardashevskiy <aik@ozlabs.ru>,
Ram Pai <linuxram@us.ibm.com>,
Thiago Jung Bauermann <bauerman@linux.ibm.com>,
kvm-ppc@vger.kernel.org,
David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [PATCH kernel 3/3] powerpc/pseries/iommu: Do not use H_PUT_TCE_INDIRECT in secure VM
Date: Fri, 13 Dec 2019 10:20:10 +0000 [thread overview]
Message-ID: <87v9qko7c5.fsf@mpe.ellerman.id.au> (raw)
In-Reply-To: <20191213084537.27306-4-aik@ozlabs.ru>
Alexey Kardashevskiy <aik@ozlabs.ru> writes:
> H_PUT_TCE_INDIRECT uses a 4K page with TCEs to allow handling up to 512
> TCEs per hypercall. While it is a decent optimization, we rather share
> less of secure VM memory so let's avoid sharing.
>
> This only allows H_PUT_TCE_INDIRECT for normal (not secure) VMs.
>
> This keeps using H_STUFF_TCE as it does not require sharing.
>
> Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
> ---
>
> Possible alternatives are:
>
> 1. define FW_FEATURE_STUFFTCE (to allow H_STUFF_TCE) in addition to
> FW_FEATURE_MULTITCE (make it only enable H_PUT_TCE_INDIRECT) and enable
> only FW_FEATURE_STUFFTCE for SVM; pro = no SVM mention in iommu.c,
> con = a FW feature bit with very limited use
Yes let's do that please.
Actually let's rename FW_FEATURE_MULTITCE to FW_FEATURE_PUT_TCE_IND (?)
to make it clear that's what it controls now.
You should just be able to add two entries to hypertas_fw_features_table
that both look for "hcall-multi-tce". And then the SVM code disables the
PUT_TCE_IND feature at some point.
cheers
>
> 2. disable FW_FEATURE_MULTITCE and loose H_STUFF_TCE which adds a delay
> in booting process
> ---
> arch/powerpc/platforms/pseries/iommu.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/arch/powerpc/platforms/pseries/iommu.c b/arch/powerpc/platforms/pseries/iommu.c
> index f6e9b87c82fc..2334a67c7614 100644
> --- a/arch/powerpc/platforms/pseries/iommu.c
> +++ b/arch/powerpc/platforms/pseries/iommu.c
> @@ -192,7 +192,8 @@ static int tce_buildmulti_pSeriesLP(struct iommu_table *tbl, long tcenum,
> int ret = 0;
> unsigned long flags;
>
> - if ((npages = 1) || !firmware_has_feature(FW_FEATURE_MULTITCE)) {
> + if ((npages = 1) || !firmware_has_feature(FW_FEATURE_MULTITCE) ||
> + is_secure_guest()) {
> return tce_build_pSeriesLP(tbl->it_index, tcenum,
> tbl->it_page_shift, npages, uaddr,
> direction, attrs);
> @@ -402,7 +403,8 @@ static int tce_setrange_multi_pSeriesLP(unsigned long start_pfn,
> u64 rc = 0;
> long l, limit;
>
> - if (!firmware_has_feature(FW_FEATURE_MULTITCE)) {
> + if (!firmware_has_feature(FW_FEATURE_MULTITCE) ||
> + is_secure_guest()) {
> unsigned long tceshift = be32_to_cpu(maprange->tce_shift);
> unsigned long dmastart = (start_pfn << PAGE_SHIFT) +
> be64_to_cpu(maprange->dma_base);
> --
> 2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Michael Ellerman <mpe@ellerman.id.au>
To: Alexey Kardashevskiy <aik@ozlabs.ru>, linuxppc-dev@lists.ozlabs.org
Cc: Alexey Kardashevskiy <aik@ozlabs.ru>,
Ram Pai <linuxram@us.ibm.com>,
Thiago Jung Bauermann <bauerman@linux.ibm.com>,
kvm-ppc@vger.kernel.org,
David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [PATCH kernel 3/3] powerpc/pseries/iommu: Do not use H_PUT_TCE_INDIRECT in secure VM
Date: Fri, 13 Dec 2019 21:20:10 +1100 [thread overview]
Message-ID: <87v9qko7c5.fsf@mpe.ellerman.id.au> (raw)
In-Reply-To: <20191213084537.27306-4-aik@ozlabs.ru>
Alexey Kardashevskiy <aik@ozlabs.ru> writes:
> H_PUT_TCE_INDIRECT uses a 4K page with TCEs to allow handling up to 512
> TCEs per hypercall. While it is a decent optimization, we rather share
> less of secure VM memory so let's avoid sharing.
>
> This only allows H_PUT_TCE_INDIRECT for normal (not secure) VMs.
>
> This keeps using H_STUFF_TCE as it does not require sharing.
>
> Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
> ---
>
> Possible alternatives are:
>
> 1. define FW_FEATURE_STUFFTCE (to allow H_STUFF_TCE) in addition to
> FW_FEATURE_MULTITCE (make it only enable H_PUT_TCE_INDIRECT) and enable
> only FW_FEATURE_STUFFTCE for SVM; pro = no SVM mention in iommu.c,
> con = a FW feature bit with very limited use
Yes let's do that please.
Actually let's rename FW_FEATURE_MULTITCE to FW_FEATURE_PUT_TCE_IND (?)
to make it clear that's what it controls now.
You should just be able to add two entries to hypertas_fw_features_table
that both look for "hcall-multi-tce". And then the SVM code disables the
PUT_TCE_IND feature at some point.
cheers
>
> 2. disable FW_FEATURE_MULTITCE and loose H_STUFF_TCE which adds a delay
> in booting process
> ---
> arch/powerpc/platforms/pseries/iommu.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/arch/powerpc/platforms/pseries/iommu.c b/arch/powerpc/platforms/pseries/iommu.c
> index f6e9b87c82fc..2334a67c7614 100644
> --- a/arch/powerpc/platforms/pseries/iommu.c
> +++ b/arch/powerpc/platforms/pseries/iommu.c
> @@ -192,7 +192,8 @@ static int tce_buildmulti_pSeriesLP(struct iommu_table *tbl, long tcenum,
> int ret = 0;
> unsigned long flags;
>
> - if ((npages == 1) || !firmware_has_feature(FW_FEATURE_MULTITCE)) {
> + if ((npages == 1) || !firmware_has_feature(FW_FEATURE_MULTITCE) ||
> + is_secure_guest()) {
> return tce_build_pSeriesLP(tbl->it_index, tcenum,
> tbl->it_page_shift, npages, uaddr,
> direction, attrs);
> @@ -402,7 +403,8 @@ static int tce_setrange_multi_pSeriesLP(unsigned long start_pfn,
> u64 rc = 0;
> long l, limit;
>
> - if (!firmware_has_feature(FW_FEATURE_MULTITCE)) {
> + if (!firmware_has_feature(FW_FEATURE_MULTITCE) ||
> + is_secure_guest()) {
> unsigned long tceshift = be32_to_cpu(maprange->tce_shift);
> unsigned long dmastart = (start_pfn << PAGE_SHIFT) +
> be64_to_cpu(maprange->dma_base);
> --
> 2.17.1
next prev parent reply other threads:[~2019-12-13 10:20 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-13 8:45 [PATCH kernel 0/3] Enable IOMMU support for pseries Secure VMs Alexey Kardashevskiy
2019-12-13 8:45 ` Alexey Kardashevskiy
2019-12-13 8:45 ` [PATCH kernel 1/3] powerpc/pseries/iommu: Use dma_iommu_ops for Secure VM Alexey Kardashevskiy
2019-12-13 8:45 ` Alexey Kardashevskiy
2019-12-13 10:20 ` Michael Ellerman
2019-12-13 10:20 ` Michael Ellerman
2019-12-13 8:45 ` [PATCH kernel 2/3] powerpc/pseries: Allow not having ibm,hypertas-functions::hcall-multi-tce for DDW Alexey Kardashevskiy
2019-12-13 8:45 ` [PATCH kernel 2/3] powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce " Alexey Kardashevskiy
2019-12-13 20:32 ` [PATCH kernel 2/3] powerpc/pseries: Allow not having ibm,hypertas-functions::hcall-multi-tce fo Ram Pai
2019-12-13 20:32 ` [PATCH kernel 2/3] powerpc/pseries: Allow not having ibm,hypertas-functions::hcall-multi-tce for DDW Ram Pai
2019-12-13 8:45 ` [PATCH kernel 3/3] powerpc/pseries/iommu: Do not use H_PUT_TCE_INDIRECT in secure VM Alexey Kardashevskiy
2019-12-13 8:45 ` Alexey Kardashevskiy
2019-12-13 10:20 ` Michael Ellerman [this message]
2019-12-13 10:20 ` Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87v9qko7c5.fsf@mpe.ellerman.id.au \
--to=mpe@ellerman.id.au \
--cc=aik@ozlabs.ru \
--cc=bauerman@linux.ibm.com \
--cc=david@gibson.dropbear.id.au \
--cc=kvm-ppc@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=linuxram@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.