From: Alex Williamson <alex.williamson@redhat.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: ankita@nvidia.com, maz@kernel.org, oliver.upton@linux.dev,
james.morse@arm.com, suzuki.poulose@arm.com,
yuzenghui@huawei.com, reinette.chatre@intel.com,
surenb@google.com, stefanha@redhat.com, brauner@kernel.org,
catalin.marinas@arm.com, will@kernel.org, mark.rutland@arm.com,
kevin.tian@intel.com, yi.l.liu@intel.com, ardb@kernel.org,
akpm@linux-foundation.org, andreyknvl@gmail.com,
wangjinchao@xfusion.com, gshan@redhat.com, shahuang@redhat.com,
ricarkol@google.com, linux-mm@kvack.org, lpieralisi@kernel.org,
rananta@google.com, ryan.roberts@arm.com, david@redhat.com,
linus.walleij@linaro.org, bhe@redhat.com, aniketa@nvidia.com,
cjia@nvidia.com, kwankhede@nvidia.com, targupta@nvidia.com,
vsethi@nvidia.com, acurrid@nvidia.com, apopple@nvidia.com,
jhubbard@nvidia.com, danw@nvidia.com, kvmarm@lists.linux.dev,
mochs@nvidia.com, zhiw@nvidia.com, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v7 4/4] vfio: convey kvm that the vfio-pci device is wc safe
Date: Mon, 12 Feb 2024 10:27:18 -0700 [thread overview]
Message-ID: <20240212102718.07543659.alex.williamson@redhat.com> (raw)
In-Reply-To: <20240212172001.GE4048826@nvidia.com>
On Mon, 12 Feb 2024 13:20:01 -0400
Jason Gunthorpe <jgg@nvidia.com> wrote:
> On Mon, Feb 12, 2024 at 10:05:02AM -0700, Alex Williamson wrote:
>
> > > --- a/drivers/vfio/pci/vfio_pci_core.c
> > > +++ b/drivers/vfio/pci/vfio_pci_core.c
> > > @@ -1862,8 +1862,12 @@ int vfio_pci_core_mmap(struct vfio_device *core_vdev, struct vm_area_struct *vma
> > > /*
> > > * See remap_pfn_range(), called from vfio_pci_fault() but we can't
> > > * change vm_flags within the fault handler. Set them now.
> > > + *
> > > + * Set an additional flag VM_ALLOW_ANY_UNCACHED to convey kvm that
> > > + * the device is wc safe.
> > > */
> >
> > That's a pretty superficial comment. Check that this is accurate, but
> > maybe something like:
> >
> > The VM_ALLOW_ANY_UNCACHED flag is implemented for ARM64,
> > allowing stage 2 device mapping attributes to use Normal-NC
> ^^^^
>
> > rather than DEVICE_nGnRE, which allows guest mappings
> > supporting combining attributes (WC). This attribute has
> > potential risks with the GICv2 VCPU interface, but is expected
> > to be safe for vfio-pci use cases.
>
> Sure, if you want to elaborate more
>
> The VM_ALLOW_ANY_UNCACHED flag is implemented for ARM64,
> allowing KVM stage 2 device mapping attributes to use Normal-NC
> rather than DEVICE_nGnRE, which allows guest mappings
> supporting combining attributes (WC). ARM does not architecturally
> guarentee this is safe, and indeed some MMIO regions like the GICv2
> VCPU interface can trigger uncontained faults if Normal-NC is used.
>
> Even worse we expect there are platforms where even DEVICE_nGnRE can
> allow uncontained faults in conercases. Unfortunately existing ARM
^^^^^^^^^^
*corner cases
> IP requires platform integration to take responsibility to prevent
> this.
>
> To safely use VFIO in KVM the platform must guarantee full safety
> in the guest where no action taken against a MMIO mapping can
> trigger an uncontainer failure. We belive that most VFIO PCI
> platforms support this for both mapping types, at least in common
> flows, based on some expectations of how PCI IP is integrated. This
> can be enabled more broadly, for instance into vfio-platform
> drivers, but only after the platform vendor completes auditing for
> safety.
I like it, please incorporate into the next version.
> > And specifically, I think these other devices that may be problematic
> > as described in the cover letter is a warning against use for
> > vfio-platform, is that correct?
>
> Maybe more like "we have a general consensus that vfio-pci is likely
> safe due to how PCI IP is typically integrated, but it is much less
> obvious for other VFIO bus types. As there is no known WC user for
> vfio-platform drivers be conservative and do not enable it."
Ok. Thanks for the clarification.
Alex
WARNING: multiple messages have this Message-ID (diff)
From: Alex Williamson <alex.williamson@redhat.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: ankita@nvidia.com, maz@kernel.org, oliver.upton@linux.dev,
james.morse@arm.com, suzuki.poulose@arm.com,
yuzenghui@huawei.com, reinette.chatre@intel.com,
surenb@google.com, stefanha@redhat.com, brauner@kernel.org,
catalin.marinas@arm.com, will@kernel.org, mark.rutland@arm.com,
kevin.tian@intel.com, yi.l.liu@intel.com, ardb@kernel.org,
akpm@linux-foundation.org, andreyknvl@gmail.com,
wangjinchao@xfusion.com, gshan@redhat.com, shahuang@redhat.com,
ricarkol@google.com, linux-mm@kvack.org, lpieralisi@kernel.org,
rananta@google.com, ryan.roberts@arm.com, david@redhat.com,
linus.walleij@linaro.org, bhe@redhat.com, aniketa@nvidia.com,
cjia@nvidia.com, kwankhede@nvidia.com, targupta@nvidia.com,
vsethi@nvidia.com, acurrid@nvidia.com, apopple@nvidia.com,
jhubbard@nvidia.com, danw@nvidia.com, kvmarm@lists.linux.dev,
mochs@nvidia.com, zhiw@nvidia.com, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v7 4/4] vfio: convey kvm that the vfio-pci device is wc safe
Date: Mon, 12 Feb 2024 10:27:18 -0700 [thread overview]
Message-ID: <20240212102718.07543659.alex.williamson@redhat.com> (raw)
In-Reply-To: <20240212172001.GE4048826@nvidia.com>
On Mon, 12 Feb 2024 13:20:01 -0400
Jason Gunthorpe <jgg@nvidia.com> wrote:
> On Mon, Feb 12, 2024 at 10:05:02AM -0700, Alex Williamson wrote:
>
> > > --- a/drivers/vfio/pci/vfio_pci_core.c
> > > +++ b/drivers/vfio/pci/vfio_pci_core.c
> > > @@ -1862,8 +1862,12 @@ int vfio_pci_core_mmap(struct vfio_device *core_vdev, struct vm_area_struct *vma
> > > /*
> > > * See remap_pfn_range(), called from vfio_pci_fault() but we can't
> > > * change vm_flags within the fault handler. Set them now.
> > > + *
> > > + * Set an additional flag VM_ALLOW_ANY_UNCACHED to convey kvm that
> > > + * the device is wc safe.
> > > */
> >
> > That's a pretty superficial comment. Check that this is accurate, but
> > maybe something like:
> >
> > The VM_ALLOW_ANY_UNCACHED flag is implemented for ARM64,
> > allowing stage 2 device mapping attributes to use Normal-NC
> ^^^^
>
> > rather than DEVICE_nGnRE, which allows guest mappings
> > supporting combining attributes (WC). This attribute has
> > potential risks with the GICv2 VCPU interface, but is expected
> > to be safe for vfio-pci use cases.
>
> Sure, if you want to elaborate more
>
> The VM_ALLOW_ANY_UNCACHED flag is implemented for ARM64,
> allowing KVM stage 2 device mapping attributes to use Normal-NC
> rather than DEVICE_nGnRE, which allows guest mappings
> supporting combining attributes (WC). ARM does not architecturally
> guarentee this is safe, and indeed some MMIO regions like the GICv2
> VCPU interface can trigger uncontained faults if Normal-NC is used.
>
> Even worse we expect there are platforms where even DEVICE_nGnRE can
> allow uncontained faults in conercases. Unfortunately existing ARM
^^^^^^^^^^
*corner cases
> IP requires platform integration to take responsibility to prevent
> this.
>
> To safely use VFIO in KVM the platform must guarantee full safety
> in the guest where no action taken against a MMIO mapping can
> trigger an uncontainer failure. We belive that most VFIO PCI
> platforms support this for both mapping types, at least in common
> flows, based on some expectations of how PCI IP is integrated. This
> can be enabled more broadly, for instance into vfio-platform
> drivers, but only after the platform vendor completes auditing for
> safety.
I like it, please incorporate into the next version.
> > And specifically, I think these other devices that may be problematic
> > as described in the cover letter is a warning against use for
> > vfio-platform, is that correct?
>
> Maybe more like "we have a general consensus that vfio-pci is likely
> safe due to how PCI IP is typically integrated, but it is much less
> obvious for other VFIO bus types. As there is no known WC user for
> vfio-platform drivers be conservative and do not enable it."
Ok. Thanks for the clarification.
Alex
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2024-02-12 17:27 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-11 17:47 [PATCH v7 0/4] kvm: arm64: allow the VM to select DEVICE_* and NORMAL_NC for IO memory ankita
2024-02-11 17:47 ` ankita
2024-02-11 17:47 ` [PATCH v7 1/4] kvm: arm64: introduce new flag for non-cacheable " ankita
2024-02-11 17:47 ` ankita
2024-02-11 17:47 ` [PATCH v7 2/4] mm: introduce new flag to indicate wc safe ankita
2024-02-11 17:47 ` ankita
2024-02-12 13:13 ` David Hildenbrand
2024-02-12 13:13 ` David Hildenbrand
2024-02-13 3:41 ` Ankit Agrawal
2024-02-13 3:41 ` Ankit Agrawal
2024-02-11 17:47 ` [PATCH v7 3/4] kvm: arm64: set io memory s2 pte as normalnc for vfio pci device ankita
2024-02-11 17:47 ` ankita
2024-02-11 17:47 ` [PATCH v7 4/4] vfio: convey kvm that the vfio-pci device is wc safe ankita
2024-02-11 17:47 ` ankita
2024-02-12 13:16 ` David Hildenbrand
2024-02-12 13:16 ` David Hildenbrand
2024-02-12 17:05 ` Alex Williamson
2024-02-12 17:05 ` Alex Williamson
2024-02-12 17:20 ` Jason Gunthorpe
2024-02-12 17:20 ` Jason Gunthorpe
2024-02-12 17:27 ` Alex Williamson [this message]
2024-02-12 17:27 ` Alex Williamson
2024-02-13 1:59 ` Ankit Agrawal
2024-02-13 1:59 ` Ankit Agrawal
2024-02-12 10:26 ` [PATCH v7 0/4] kvm: arm64: allow the VM to select DEVICE_* and NORMAL_NC for IO memory David Hildenbrand
2024-02-12 10:26 ` David Hildenbrand
2024-02-12 12:56 ` Jason Gunthorpe
2024-02-12 12:56 ` Jason Gunthorpe
2024-02-12 13:06 ` David Hildenbrand
2024-02-12 13:06 ` David Hildenbrand
2024-02-12 20:24 ` Oliver Upton
2024-02-12 20:24 ` Oliver Upton
2024-02-13 2:29 ` Ankit Agrawal
2024-02-13 2:29 ` Ankit Agrawal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240212102718.07543659.alex.williamson@redhat.com \
--to=alex.williamson@redhat.com \
--cc=acurrid@nvidia.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=aniketa@nvidia.com \
--cc=ankita@nvidia.com \
--cc=apopple@nvidia.com \
--cc=ardb@kernel.org \
--cc=bhe@redhat.com \
--cc=brauner@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=cjia@nvidia.com \
--cc=danw@nvidia.com \
--cc=david@redhat.com \
--cc=gshan@redhat.com \
--cc=james.morse@arm.com \
--cc=jgg@nvidia.com \
--cc=jhubbard@nvidia.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=kwankhede@nvidia.com \
--cc=linus.walleij@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lpieralisi@kernel.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=mochs@nvidia.com \
--cc=oliver.upton@linux.dev \
--cc=rananta@google.com \
--cc=reinette.chatre@intel.com \
--cc=ricarkol@google.com \
--cc=ryan.roberts@arm.com \
--cc=shahuang@redhat.com \
--cc=stefanha@redhat.com \
--cc=surenb@google.com \
--cc=suzuki.poulose@arm.com \
--cc=targupta@nvidia.com \
--cc=vsethi@nvidia.com \
--cc=wangjinchao@xfusion.com \
--cc=will@kernel.org \
--cc=yi.l.liu@intel.com \
--cc=yuzenghui@huawei.com \
--cc=zhiw@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.