From: Alex Williamson <alex.williamson@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Pavel Fedin <p.fedin@samsung.com>,
QEMU Developers <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] [PATCH] vfio: Align iova also to IOMMU page size
Date: Thu, 03 Dec 2015 10:19:04 -0700 [thread overview]
Message-ID: <1449163144.15753.203.camel@redhat.com> (raw)
In-Reply-To: <CAFEAcA9e0W9_tR1=asqcs4=qLg_omOsrQkP9FwT+-u2o0Y5+sQ@mail.gmail.com>
On Thu, 2015-12-03 at 16:33 +0000, Peter Maydell wrote:
> On 3 December 2015 at 16:26, Alex Williamson <alex.williamson@redhat.com> wrote:
> > I feel a lot more comfortable if we limit the scope to MMIO regions of
> > PCI devices. The problems I brought up before about the device not
> > being able to DMA to a target aligned RAM address are still a
> > possibility that I think we want to catch. To do that, I think we just
> > need:
> >
> > Object *obj = memory_region_owner(section->mr);
> >
> > if (object_dynamic_cast(obj, "pci-device")) {
> > /* HOST_PAGE_ALIGN... */
> > } else {
> > /* TARGET_PAGE_ALIGN... */
> > }
>
> This looks very odd to me, in two ways: (a) behaving differently
> for PCI passthrough vs other kinds of passthrough,
It's a matter of risk. If we align an MMIO range out of existence all
we've prevented is peer-to-peer DMA between assigned devices. Chances
of anyone caring about that are slim to none. If we align RAM out of
existence, that's a much, much more significant risk that we've just
introduced a data integrity issue for the VM.
> and (b) caring
> about TARGET_PAGE_ALIGN at all. TARGET_PAGE_ALIGN really isn't
> something vfio should need to care about I think.
But I think we do. If a RAM address is target page aligned, it could be
a valid DMA target for the device. If we align it out of existence and
the device is programmed to perform a DMA to that address, the IOMMU
will block it, the VM will not be informed and will continue executing
with invalid data. The host page alignment is only relevant here if we
wanted to round down, which is probably the more correct thing to do,
but is much more complicated due to the aliasing issue I mentioned in a
previous reply. To do that we really need a MemoryListener on the
device view of the address map rather than the processor view of the
address map. Lacking that, we want the IOMMU to fault if when we're
asking it to do mappings below the granularity that it's able to do.
Thanks,
Alex
next prev parent reply other threads:[~2015-12-03 17:19 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-17 7:46 [Qemu-devel] [PATCH] vfio: Align iova also to IOMMU page size Pavel Fedin
2015-11-18 22:04 ` Alex Williamson
2015-11-19 10:29 ` Pavel Fedin
2015-11-19 23:33 ` Alex Williamson
2015-11-24 15:24 ` Pavel Fedin
2015-12-02 19:40 ` Alex Williamson
2015-12-03 9:02 ` Pavel Fedin
2015-12-03 16:26 ` Alex Williamson
2015-12-03 16:33 ` Peter Maydell
2015-12-03 17:19 ` Alex Williamson [this message]
2015-12-03 17:36 ` Peter Maydell
2015-12-03 17:58 ` Alex Williamson
2015-12-07 10:53 ` Pavel Fedin
2015-12-07 11:20 ` Peter Maydell
2015-12-08 23:42 ` Alex Williamson
2015-12-09 8:08 ` Pavel Fedin
2015-12-09 10:09 ` Alex Bennée
2015-11-24 15:34 ` Peter Maydell
2015-11-25 7:00 ` Pavel Fedin
2015-12-02 19:05 ` Alex Williamson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1449163144.15753.203.camel@redhat.com \
--to=alex.williamson@redhat.com \
--cc=p.fedin@samsung.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).