On Fri, 2023-10-27 at 07:27 +0200, Juergen Gross wrote: > On 26.10.23 22:56, Stefano Stabellini wrote: > > On Thu, 26 Oct 2023, David Woodhouse wrote: > > > On Thu, 2023-10-26 at 13:36 -0700, Stefano Stabellini wrote: > > > > > > > > > This seems like a lot of code to replace that simpler option... is > > > > > there a massive performance win from doing it this way? Would we want > > > > > to use this trick for the Xen PV backends (qdisk, qnic) *too*? Might > > > > > it > > > > > make sense to introduce the simple version and *then* the > > > > > optimisation, > > > > > with some clear benchmarking to show the win? > > > > > > > > This is not done for performance but for safety (as in safety > > > > certifications, ISO 26262, etc.). This is to enable unprivileged virtio > > > > backends running in a DomU. By unprivileged I mean a virtio backend that > > > > is unable to map arbitrary memory (the xenforeignmemory interface is > > > > prohibited). > > > > > > > > The goal is to run Xen on safety-critical systems such as cars, > > > > industrial robots and more. In this configuration there is no > > > > traditional Dom0 in the system at all. If you would like to know more: > > > > https://www.youtube.com/watch?v=tisljY6Bqv0&list=PLYyw7IQjL-zHtpYtMpFR3KYdRn0rcp5Xn&index=8 > > > > > > Yeah, I understand why we're using grant mappings instead of just > > > directly having access via foreignmem mappings. That wasn't what I was > > > confused about. > > > > > > What I haven't worked out is why we're implementing this through an > > > automatically-populated MemoryRegion in QEMU, rather than just using > > > grant mapping ops like we always have. > > > > > > It seems like a lot of complexity just to avoid calling > > > qemu_xen_gnttab_map_refs() from the virtio backend. > > > > I think there are two questions here. One question is "Why do we need > > all the new grant mapping code added to xen-mapcache.c in patch #7? > > Can't we use qemu_xen_gnttab_map_refs() instead?" > > The main motivation was to _avoid_ having to change all the backends. > > My implementation enables _all_ qemu based virtio backends to use grant > mappings. And if a new backend is added to qemu, there will be no change > required to make it work with grants.
I'm not really convinced I buy that. This is a lot of complexity, and don't backends need to call an appropriate mapping function to map via an IOMMU if it's present anyway? Make then call a helper where you can do this in one place directly instead of through a fake MemoryRegion, and you're done, surely?
smime.p7s
Description: S/MIME cryptographic signature