From: "Alex Bennée" <alex.bennee@linaro.org>
To: Cornelia Huck <cohuck@redhat.com>
Cc: Viresh Kumar <viresh.kumar@linaro.org>,
virtio-dev@lists.oasis-open.org,
"Michael S. Tsirkin" <mst@redhat.com>,
Vincent Guittot <vincent.guittot@linaro.org>,
stratos-dev@op-lists.linaro.org,
Erik Schilling <erik.schilling@linaro.org>,
Manos Pitsidianakis <manos.pitsidianakis@linaro.org>,
Mathieu Poirier <mathieu.poirier@linaro.org>,
Matias Ezequiel Vara Larsen <matiasevara@gmail.com>,
Bill Mills <bill.mills@linaro.org>
Subject: [virtio-dev] Re: [PATCH] virtio-transport: Clarify requirements
Date: Mon, 18 Dec 2023 14:09:08 +0000 [thread overview]
Message-ID: <87cyv361rv.fsf@draig.linaro.org> (raw)
In-Reply-To: <87ttoffydj.fsf@redhat.com> (Cornelia Huck's message of "Mon, 18 Dec 2023 14:12:24 +0100")
Cornelia Huck <cohuck@redhat.com> writes:
> On Tue, Dec 05 2023, Alex Bennée <alex.bennee@linaro.org> wrote:
>
>> Cornelia Huck <cohuck@redhat.com> writes:
>>
>>> On Tue, Dec 05 2023, Viresh Kumar <viresh.kumar@linaro.org> wrote:
>>>> +
>>>> +The device MUST present each event, in a transport defined way, from the
>>>> +moment it takes place until the driver acknowledges the event.
>>>
<snip>
>>>> +
>>>> +\drivernormative{\subsection}{Virtio Transport Requirements}{Virtio Transport Options}
>>>> +
>>>> +The driver MUST NOT access guest memory locations outside what's made
>>>> +available by the device to the driver.
>>>
>>> I don't think that makes sense -- I'd assume most guest memory locations
>>> do not have anything to do with virtio, and we should try to avoid
>>> host/guest terminology.
>>
>> I agree guest memory isn't the right terminology here. However there are
>> discussions about how to implement secure buffers for VirtIO - so for
>> example a buffer mediated by some sort of secure layer. In those cases
>> the driver may not have access to it outside of the transactions.
>
> Yes, I think we need to limit the scope of "guest memory" here. I think
> we are basically wanting to deal with any memory used by virtio (device
> type including memory access controlled by it, transport, and the
> protocol itself). We would be talking about memory made available to the
> device by the driver for explicit usage to implement the virtio spec. I
> think this would cover mediation by a secure layer as well (with the
> driver calling into that secure layer?) Or does the (host) device end up
> donating memory to the (guest) driver, and we need to make sure it
> doesn't scribble over it?
I'm not sure if we have example of the host donating memory apart from
the sort of static partitioning we see with guests on start-up where a
region is defined as shared. The Xen grant model leaves the guest to
grant access to its own pages to the backend.
I guess for firmware mediated sharing this would still be driven by the
guest rather than the host?
>
>>>> +
>>>> +The driver MUST NOT access virtqueue contents before the device notifies
>>>> +about the readiness of the same.
>>>> +
>>>> +The driver MUST NOT access buffers, after it has added them to the
>>>> +virtqueue and notified the device about their availability. The driver
>>>> +MAY access them after the device has processed them and notified the
>>>> +driver of their availability, in a transport defined way.
>>>> +
>>>> +The driver MAY ask the device to reset the virtqueues if, for example,
>>>> +the driver times out waiting for a notification from the device for a
>>>> +previously queued request.
>>>
>>> Again, I believe this has already been covered in the generic
>>> sections -- do we instead need to specify that a transport MUST provide
>>> a method to do xy? (or SHOULD, MAY, as applicable -- it would be good to
>>> list explicitly what is mandatory for a transport to implement, and what
>>> is optional.)
>>
>> Yes I think so. The s390x channel transport gets referenced because it
>> has a nice enumerated list of operations. It would be good to codify
>> which operations are mandatory for all transports and which are
>> optional.
>
> The problem with the ccw transport is that while it has a nice list of
> operations, (a) it only covers guest-initiated actions,
What examples of host initiated actions are there (aside from an IPI
indicating a receive VirtQueue has buffers waiting)?
> (b) probably not
> all of them shold be mandatory (and some of them are more of an artifact
> of how channel I/O works),
These ones?
#define CCW_CMD_SET_IND 0x43
#define CCW_CMD_SET_CONF_IND 0x53
#define CCW_CMD_SET_IND_ADAPTER 0x73
> and (c) it only implements a subset of the
> defined operations (which makes the not-implemented ones de facto
> optional, of course :) But yes, we could use it as a starting point.
Got to start somewhere :-)
--
Alex Bennée
Virtualisation Tech Lead @ Linaro
---------------------------------------------------------------------
To unsubscribe, e-mail: virtio-dev-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: virtio-dev-help@lists.oasis-open.org
next prev parent reply other threads:[~2023-12-18 14:09 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-05 10:20 [virtio-dev] [PATCH] virtio-transport: Clarify requirements Viresh Kumar
2023-12-05 13:18 ` [virtio-dev] " Cornelia Huck
2023-12-05 13:54 ` Alex Bennée
2023-12-18 13:12 ` Cornelia Huck
2023-12-18 14:09 ` Alex Bennée [this message]
2023-12-20 12:43 ` Cornelia Huck
2023-12-06 9:43 ` Viresh Kumar
2023-12-18 7:00 ` Viresh Kumar
2023-12-18 14:02 ` Cornelia Huck
2023-12-18 14:19 ` Alex Bennée
[not found] ` <8b278f33-4702-4a7c-bb80-e11c316234c4@linaro.org>
2023-12-20 13:50 ` Cornelia Huck
2024-01-29 10:35 ` Viresh Kumar
2024-01-29 16:22 ` Cornelia Huck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87cyv361rv.fsf@draig.linaro.org \
--to=alex.bennee@linaro.org \
--cc=bill.mills@linaro.org \
--cc=cohuck@redhat.com \
--cc=erik.schilling@linaro.org \
--cc=manos.pitsidianakis@linaro.org \
--cc=mathieu.poirier@linaro.org \
--cc=matiasevara@gmail.com \
--cc=mst@redhat.com \
--cc=stratos-dev@op-lists.linaro.org \
--cc=vincent.guittot@linaro.org \
--cc=viresh.kumar@linaro.org \
--cc=virtio-dev@lists.oasis-open.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).