Re: [PATCH 2/2] virtio: let virtio use DMA API when guest RAM is protected

From: Christoph Hellwig
Date: Fri Feb 21 2020 - 11:39:44 EST

On Fri, Feb 21, 2020 at 03:33:40PM +0100, Halil Pasic wrote:
> > Hell no. This is a detail of the platform DMA direct implementation.
> I beg to differ. If it was a detail of the DMA direct implementation, it
> should have/would have been private to kernel/dma/direct.c.

It can't given that platforms have to implement it. It is an arch hook
for dma-direct.

> Consider what would we have to do to make PCI devices do I/O trough
> pages that were shared when the guest is running in a protected VM. The
> s390_pci_dma_ops would also need to know whether to 'force dma uencrypted'
> or not, and it's the exact same logic. I doubt simply using DMA direct
> for zPCI would do, because we still have to do all the Z specific IOMMU
> management.

And your IOMMU can't deal with the encryption bit? In the case we
could think of allowing IOMMU implementation to access it. But the
point that it is an internal detail of the DMA implementation and by
now means for drivers.