| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Aug 2018 23:31:46 +0300
From: "Michael S. Tsirkin" <mst@...hat.com>
To: Benjamin Herrenschmidt <benh@...nel.crashing.org>
Cc: Christoph Hellwig <hch@...radead.org>,
Will Deacon <will.deacon@....com>,
Anshuman Khandual <khandual@...ux.vnet.ibm.com>,
virtualization@...ts.linux-foundation.org,
linux-kernel@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
aik@...abs.ru, robh@...nel.org, joe@...ches.com,
elfring@...rs.sourceforge.net, david@...son.dropbear.id.au,
jasowang@...hat.com, mpe@...erman.id.au, linuxram@...ibm.com,
haren@...ux.vnet.ibm.com, paulus@...ba.org,
srikar@...ux.vnet.ibm.com, robin.murphy@....com,
jean-philippe.brucker@....com, marc.zyngier@....com
Subject: Re: [RFC 0/4] Virtio uses DMA API for all devices
On Wed, Aug 08, 2018 at 11:18:13PM +1000, Benjamin Herrenschmidt wrote:
> Sure, but all of this is just the configuration of the iommu. But I
> think we agree here, and your point remains valid, indeed my proposed
> hack:
>
> > if ((flags & VIRTIO_F_IOMMU_PLATFORM) || arch_virtio_wants_dma_ops())
>
> Will only work if the IOMMU and non-IOMMU path are completely equivalent.
>
> We can provide that guarantee for our secure VM case, but not generally so if
> we were to go down the route of a quirk in virtio, it might be better to
> make it painfully obvious that it's specific to that one case with a different
> kind of turd:
>
> - if (xen_domain())
> + if (xen_domain() || pseries_secure_vm())
> return true;
I don't think it's pseries specific actually. E.g. I suspect AMD SEV
might benefit from the same kind of hack.
> So to summarize, and make sure I'm not missing something, the two approaches
> at hand are either:
>
> 1- The above, which is a one liner and contained in the guest, so that's nice, but
> also means another turd in virtio which isn't ...
>
> 2- We force pseries to always set VIRTIO_F_IOMMU_PLATFORM, but with the current
> architecture on our side that will force virtio to always go through an emulated
> iommu, as pseries doesn't have the concept of a real bypass window, and thus will
> impact performance for both secure and non-secure VMs.
>
> 3- Invent a property that can be put in selected PCI device tree nodes that
> indicates that for that device specifically, the iommu can be bypassed, along with
> a hypercall to turn that bypass on/off. Virtio would then use VIRTIO_F_IOMMU_PLATFORM
> but its DT nodes would also have that property and Linux would notice it and turn
> bypass on.
For completeness, virtio could also have its own bounce buffer
outside of DMA API one. I don't see lots of benefits to this
though.
> The resulting properties of those options are:
>
> 1- Is what I want because it's the simplest, provides the best performance now,
> and works without code changes to qemu or non-secure Linux. However it does
> add a tiny turd to virtio which is annoying.
>
> 2- This works but it puts the iommu in the way always, thus reducing virtio performance
> accross the board for pseries unless we only do that for secure VMs but that is
> difficult (as discussed earlier).
>
> 3- This would recover the performance lost in -2-, however it requires qemu *and*
> guest changes. Specifically, existing guests (RHEL 7 etc...) would get the
> performance hit of -2- unless modified to call that 'enable bypass' call, which
> isn't great.
>
> So imho we have to chose one of 3 not-great solutions here... Unless I missed
> something in your ideas of course.
>
> Cheers,
> Ben.
>
>
Powered by blists - more mailing lists