From patchwork Thu May 14 06:41:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Gibson X-Patchwork-Id: 11548043 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8ECB1739 for ; Thu, 14 May 2020 06:41:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 79AD8206D8 for ; Thu, 14 May 2020 06:41:37 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.b="JiqGGhhA" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726122AbgENGlg (ORCPT ); Thu, 14 May 2020 02:41:36 -0400 Received: from ozlabs.org ([203.11.71.1]:51773 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726156AbgENGle (ORCPT ); Thu, 14 May 2020 02:41:34 -0400 Received: by ozlabs.org (Postfix, from userid 1007) id 49N24n0KgMz9sV5; Thu, 14 May 2020 16:41:28 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gibson.dropbear.id.au; s=201602; t=1589438489; bh=k0mSAeZkojwKNIwD24C2dRD86F6K9cYJFAAetUG0EOY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JiqGGhhAToGIqNIEdze69O0VzI3YzskJYKdgD3u28ynBx62eab27lF9/mq0Dfs2hi IdySFU1xreOayiy8tszz8WmYb5exJD7jjdEnD3pebFJx9/49c5mMdNb87RreuJp4bT LcJhUNxT7wsGYtjSBZ3LjajPrRfwHKNaRmEnUnKo= From: David Gibson To: dgilbert@redhat.com, frankja@linux.ibm.com, pair@us.redhat.com, qemu-devel@nongnu.org, brijesh.singh@amd.com Cc: kvm@vger.kernel.org, qemu-ppc@nongnu.org, David Gibson , Richard Henderson , cohuck@redhat.com, Paolo Bonzini , Marcel Apfelbaum , "Michael S. Tsirkin" , Eduardo Habkost , qemu-devel@nongnu.-rg, mdroth@linux.vnet.ibm.com Subject: [RFC 18/18] guest memory protection: Alter virtio default properties for protected guests Date: Thu, 14 May 2020 16:41:20 +1000 Message-Id: <20200514064120.449050-19-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200514064120.449050-1-david@gibson.dropbear.id.au> References: <20200514064120.449050-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org The default behaviour for virtio devices is not to use the platforms normal DMA paths, but instead to use the fact that it's running in a hypervisor to directly access guest memory. That doesn't work if the guest's memory is protected from hypervisor access, such as with AMD's SEV or POWER's PEF. So, if a guest memory protection mechanism is enabled, then apply the iommu_platform=on option so it will go through normal DMA mechanisms. Those will presumably have some way of marking memory as shared with the hypervisor or hardware so that DMA will work. Signed-off-by: David Gibson --- hw/core/machine.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/hw/core/machine.c b/hw/core/machine.c index 37d9f7f85c..373a144171 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -28,6 +28,8 @@ #include "hw/mem/nvdimm.h" #include "migration/vmstate.h" #include "exec/guest-memory-protection.h" +#include "hw/virtio/virtio.h" +#include "hw/virtio/virtio-pci.h" GlobalProperty hw_compat_5_0[] = {}; const size_t hw_compat_5_0_len = G_N_ELEMENTS(hw_compat_5_0); @@ -1170,6 +1172,15 @@ void machine_run_board_init(MachineState *machine) * areas. */ machine_set_mem_merge(OBJECT(machine), false, &error_abort); + + /* + * Virtio devices can't count on directly accessing guest + * memory, so they need iommu_platform=on to use normal DMA + * mechanisms. That requires disabling legacy virtio support + * for virtio pci devices + */ + object_register_sugar_prop(TYPE_VIRTIO_PCI, "disable-legacy", "on"); + object_register_sugar_prop(TYPE_VIRTIO_DEVICE, "iommu_platform", "on"); } machine_class->init(machine);