Hi all: As the userspace vitio driver became popular, this calls for the request of secure DMA environemt (DMAR). So this series tries to make DMAR works for virtio/vhost. The idea is let virtio/vhost co-work with userspace iommu implememtation. This is done through:
- for virtio, do not assume address_space_memory and convert to use dma helpers. - for vhost kernel, implement a device IOTLB by using device IOTLB API supported by kernel. With this API, vhost kernel can query IOTLB entry for a specified iova from qemu, qemu can invalidate an arbitrary range of iova in vhost kernel. The device IOTLB API is totaly architecture independent, an example implementation was done with intel iommu by: - implement basic ATS (Address Translation Service) for virtio-pci, this will make device IOTLB visible for iommu driver in guest. - implement device IOTLB descriptor processing in intel iommu, and trigger the device IOTLB invalidation in vhost through iommu notifier. It could be easily ported to other IOMMU or architecture even if it doesn't support device IOTLB. (e.g just invalidate the vhost IOTLB during IOMMU IOTLB invalidation). Test was done by: - intel_iommu=on/strict in guest. - vfio (unsafe interrupt mode) l2fwd in guest. This main use case is the programs that use fixed mapping in guest (e.g dpdk). If 1G hugepage were used in guest, thanks to the SLLPS support, we can get 100% TLB hit rate for l2fwd in guest. For the normal kernel driver which uses lots of dynamic mapping and unmapping, we may see performance penalty, this could be optimized in the future. Please reivew. Jason Wang (8): virtio: convert to use DMA api intel_iommu: name vtd address space with devfn intel_iommu: allocate new key when creating new address space exec: introduce address_space_get_iotlb_entry() virtio-pci: address space translation service (ATS) support intel_iommu: support device iotlb descriptor memory: handle alias for iommu notifier vhost_net: device IOTLB support exec.c | 30 +++++ hw/block/virtio-blk.c | 2 +- hw/char/virtio-serial-bus.c | 3 +- hw/i386/intel_iommu.c | 92 ++++++++++++-- hw/i386/intel_iommu_internal.h | 13 +- hw/scsi/virtio-scsi.c | 4 +- hw/virtio/vhost-backend.c | 33 +++++ hw/virtio/vhost.c | 203 ++++++++++++++++++++++++++---- hw/virtio/virtio-pci.c | 23 +++- hw/virtio/virtio-pci.h | 4 + hw/virtio/virtio.c | 58 +++++---- include/exec/memory.h | 7 ++ include/hw/virtio/vhost-backend.h | 14 +++ include/hw/virtio/vhost.h | 6 + include/hw/virtio/virtio-access.h | 64 ++++++++-- include/hw/virtio/virtio-bus.h | 1 + include/hw/virtio/virtio.h | 4 +- include/standard-headers/linux/pci_regs.h | 1 + linux-headers/linux/vhost.h | 35 ++++++ memory.c | 3 + 20 files changed, 525 insertions(+), 75 deletions(-) -- 2.5.0
