On 13.11.23 21:24, David Woodhouse wrote:
On Fri, 2023-10-27 at 07:27 +0200, Juergen Gross wrote:On 26.10.23 22:56, Stefano Stabellini wrote:On Thu, 26 Oct 2023, David Woodhouse wrote:On Thu, 2023-10-26 at 13:36 -0700, Stefano Stabellini wrote:This seems like a lot of code to replace that simpler option... is there a massive performance win from doing it this way? Would we want to use this trick for the Xen PV backends (qdisk, qnic) *too*? Might it make sense to introduce the simple version and *then* the optimisation, with some clear benchmarking to show the win?This is not done for performance but for safety (as in safety certifications, ISO 26262, etc.). This is to enable unprivileged virtio backends running in a DomU. By unprivileged I mean a virtio backend that is unable to map arbitrary memory (the xenforeignmemory interface is prohibited). The goal is to run Xen on safety-critical systems such as cars, industrial robots and more. In this configuration there is no traditional Dom0 in the system at all. If you would like to know more: https://www.youtube.com/watch?v=tisljY6Bqv0&list=PLYyw7IQjL-zHtpYtMpFR3KYdRn0rcp5Xn&index=8Yeah, I understand why we're using grant mappings instead of just directly having access via foreignmem mappings. That wasn't what I was confused about. What I haven't worked out is why we're implementing this through an automatically-populated MemoryRegion in QEMU, rather than just using grant mapping ops like we always have. It seems like a lot of complexity just to avoid calling qemu_xen_gnttab_map_refs() from the virtio backend.I think there are two questions here. One question is "Why do we need all the new grant mapping code added to xen-mapcache.c in patch #7? Can't we use qemu_xen_gnttab_map_refs() instead?"The main motivation was to _avoid_ having to change all the backends. My implementation enables _all_ qemu based virtio backends to use grant mappings. And if a new backend is added to qemu, there will be no change required to make it work with grants.I'm not really convinced I buy that. This is a lot of complexity, and don't backends need to call an appropriate mapping function to map via an IOMMU if it's present anyway? Make then call a helper where you can do this in one place directly instead of through a fake MemoryRegion, and you're done, surely?
That was tested with unmodified block and net backends in qemu. Maybe I missed something, but I think the IOMMU accesses are _not_ covering accesses to the virtio rings from qemu. And this is something you really want for driver domains. Juergen
OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
