From: "Michael S. Tsirkin" <mst@redhat.com>
To: David Gibson <david@gibson.dropbear.id.au>
Cc: pair@us.ibm.com, aik@ozlabs.ru, qemu-devel@nongnu.org,
groug@kaod.org, qemu-ppc@nongnu.org, clg@kaod.org,
mdroth@us.ibm.com, paulus@samba.org
Subject: Re: [PATCH 2/2] spapr: Enable virtio iommu_platform=on by default
Date: Fri, 7 Feb 2020 01:57:49 -0500 [thread overview]
Message-ID: <20200207015435-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <20200207043055.218856-3-david@gibson.dropbear.id.au>
On Fri, Feb 07, 2020 at 03:30:55PM +1100, David Gibson wrote:
> Traditionally, virtio devices don't do DMA by the usual path on the
> guest platform. In particular they usually bypass any virtual IOMMU
> the guest has, using hypervisor magic to access untranslated guest
> physical addresses.
>
> There's now the optional iommu_platform flag which can tell virtio
> devices to use the platform's normal DMA path, including any IOMMUs.
> That flag was motiviated for the case of hardware virtio
> implementations, but there are other reasons to want it.
>
> Specifically, the fact that the virtio device doesn't use vIOMMU
> translation means that virtio devices are unsafe to pass to nested
> guests, or to use with VFIO userspace drivers inside the guest. This
> is particularly noticeable on the pseries platform which *always* has
> a guest-visible vIOMMU.
>
> Not using the normal DMA path also causes difficulties for the guest
> side driver when using the upcoming POWER Secure VMs (a.k.a. PEF).
> While it's theoretically possible to handle this on the guest side,
> it's really fiddly. Given the other problems with the non-translated
> virtio device, let's just enable vIOMMU translation for virtio devices
> by default in the pseries-5.0 (and later) machine types.
>
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Worth noting that since iommu_platform is mandatory for guests,
this disables support for guests older than Linux 4.8.
> ---
> hw/ppc/spapr.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 216d3b34dc..78e031e80a 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -4518,6 +4518,7 @@ static void spapr_machine_5_0_class_options(MachineClass *mc)
> * default behaviour for virtio */
> static GlobalProperty compat[] = {
> { TYPE_VIRTIO_PCI, "disable-legacy", "on", },
> + { TYPE_VIRTIO_DEVICE, "iommu_platform", "on", },
> };
>
> compat_props_add(mc->compat_props, compat, G_N_ELEMENTS(compat));
> @@ -4533,6 +4534,7 @@ static void spapr_machine_4_2_class_options(MachineClass *mc)
> SpaprMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
> static GlobalProperty compat[] = {
> { TYPE_VIRTIO_PCI, "disable-legacy", "auto" },
> + { TYPE_VIRTIO_DEVICE, "iommu_platform", "off", },
> };
>
> spapr_machine_5_0_class_options(mc);
> --
> 2.24.1
prev parent reply other threads:[~2020-02-07 6:58 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-07 4:30 [PATCH 0/2] spapr: Use vIOMMU translation for virtio by default David Gibson
2020-02-07 4:30 ` [PATCH 1/2] spapr: Disable legacy virtio devices for pseries-5.0 and later David Gibson
2020-02-07 6:54 ` Michael S. Tsirkin
2020-02-09 5:27 ` David Gibson
2020-02-07 4:30 ` [PATCH 2/2] spapr: Enable virtio iommu_platform=on by default David Gibson
2020-02-07 6:57 ` Michael S. Tsirkin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200207015435-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=aik@ozlabs.ru \
--cc=clg@kaod.org \
--cc=david@gibson.dropbear.id.au \
--cc=groug@kaod.org \
--cc=mdroth@us.ibm.com \
--cc=pair@us.ibm.com \
--cc=paulus@samba.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).