From: Alex Williamson <alex.williamson@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: quintela@redhat.com, stefanb@linux.vnet.ibm.com,
cohuck@redhat.com, qemu-devel@nongnu.org, f4bug@amsat.org,
eric.auger@redhat.com, imammedo@redhat.com,
david@gibson.dropbear.id.au, dgilbert@redhat.com,
eric.auger.pro@gmail.com
Subject: Re: [PATCH v4 1/2] tpm: CRB: Use ram_device for "tpm-crb-cmd" region
Date: Tue, 8 Feb 2022 09:36:40 -0700 [thread overview]
Message-ID: <20220208093640.1b8a54f8.alex.williamson@redhat.com> (raw)
In-Reply-To: <CAFEAcA_4+BQ=YwVpY7qfxp=FygyWa+y0tDDkEQwhY1qDRDX-tQ@mail.gmail.com>
On Tue, 8 Feb 2022 16:01:48 +0000
Peter Maydell <peter.maydell@linaro.org> wrote:
> On Tue, 8 Feb 2022 at 15:56, Eric Auger <eric.auger@redhat.com> wrote:
> >
> > Hi Peter,
> >
> > On 2/8/22 4:17 PM, Peter Maydell wrote:
> > > On Tue, 8 Feb 2022 at 15:08, Eric Auger <eric.auger@redhat.com> wrote:
> > >> Representing the CRB cmd/response buffer as a standard
> > >> RAM region causes some trouble when the device is used
> > >> with VFIO. Indeed VFIO attempts to DMA_MAP this region
> > >> as usual RAM but this latter does not have a valid page
> > >> size alignment causing such an error report:
> > >> "vfio_listener_region_add received unaligned region".
> > >> To allow VFIO to detect that failing dma mapping
> > >> this region is not an issue, let's use a ram_device
> > >> memory region type instead.
> > > This seems like VFIO's problem to me. There's nothing
> > > that guarantees alignment for memory regions at all,
> > > whether they're RAM, IO or anything else.
> >
> > VFIO dma maps all the guest RAM.
>
> Well, it can if it likes, but "this is a RAM-backed MemoryRegion"
> doesn't imply "this is really guest actual RAM RAM", so if it's
> using that as its discriminator it should probably use something else.
> What is it actually trying to do here ?
VFIO is device agnostic, we don't understand the device programming
model, we can't know how the device is programmed to perform DMA. The
only way we can provide transparent assignment of arbitrary PCI devices
is to install DMA mappings for everything in the device AddressSpace
through the system IOMMU. If we were to get a sub-page RAM mapping
through the MemoryListener and that mapping had the possibility of
being a DMA target, then we have a problem, because we cannot represent
that through the IOMMU. If the device were to use that address for DMA,
we'd likely have data loss/corruption in the VM.
AFAIK, and I thought we had some general agreement on this, declaring
device memory as ram_device is the only means we have to differentiate
MemoryRegion segments generated by a device from actual system RAM.
For device memory, we can lean on the fact that peer-to-peer DMA is
much more rare and likely involves some degree of validation by the
drivers since it can be blocked on physical hardware due to various
topology and chipset related issues. Therefore we can consider
failures to map device memory at a lower risk than failures to map
ranges we think are actual system RAM.
Are there better approaches? We can't rely on the device sitting
behind a vIOMMU in the guest to restrict the address space and we can't
afford the performance hit for dyanmic DMA mappings through a vIOMMU
either. Thanks,
Alex
next prev parent reply other threads:[~2022-02-08 17:23 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-08 13:38 [PATCH v4 0/2] TPM-CRB: Remove spurious error report when used with VFIO Eric Auger
2022-02-08 13:38 ` [PATCH v4 1/2] tpm: CRB: Use ram_device for "tpm-crb-cmd" region Eric Auger
2022-02-08 15:17 ` Peter Maydell
2022-02-08 15:56 ` Eric Auger
2022-02-08 16:01 ` Peter Maydell
2022-02-08 16:36 ` Alex Williamson [this message]
2022-02-08 17:14 ` Peter Maydell
2022-02-09 9:54 ` Eric Auger
2022-02-08 16:42 ` Eric Auger
2022-02-08 17:03 ` Dr. David Alan Gilbert
2022-02-09 9:39 ` Eric Auger
2022-02-08 17:16 ` Stefan Berger
2022-02-08 17:58 ` Eric Auger
2022-03-03 14:37 ` Eric Auger
2022-03-03 16:16 ` Marc-André Lureau
2022-03-04 9:32 ` Eric Auger
2022-02-08 13:38 ` [PATCH v4 2/2] hw/vfio/common: Silence ram device offset alignment error traces Eric Auger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220208093640.1b8a54f8.alex.williamson@redhat.com \
--to=alex.williamson@redhat.com \
--cc=cohuck@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=dgilbert@redhat.com \
--cc=eric.auger.pro@gmail.com \
--cc=eric.auger@redhat.com \
--cc=f4bug@amsat.org \
--cc=imammedo@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=stefanb@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).