* [PATCH 0/2] kvm: IOMMU read-only mapping support @ 2013-01-24 22:03 Alex Williamson 2013-01-24 22:04 ` [PATCH 1/2] kvm: Force IOMMU remapping on memory slot read-only flag changes Alex Williamson ` (3 more replies) 0 siblings, 4 replies; 18+ messages in thread From: Alex Williamson @ 2013-01-24 22:03 UTC (permalink / raw) To: gleb, kvm; +Cc: yoshikawa_takuya_b1, linux-kernel, xiaoguangrong A couple patches to make KVM IOMMU support honor read-only mappings. This causes an un-map, re-map when the read-only flag changes and makes use of it when setting IOMMU attributes. Thanks, Alex --- Alex Williamson (2): kvm: Force IOMMU remapping on memory slot read-only flag changes kvm: Obey read-only mappings in iommu virt/kvm/iommu.c | 4 +++- virt/kvm/kvm_main.c | 28 ++++++++++++++++++++++++---- 2 files changed, 27 insertions(+), 5 deletions(-) ^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH 1/2] kvm: Force IOMMU remapping on memory slot read-only flag changes 2013-01-24 22:03 [PATCH 0/2] kvm: IOMMU read-only mapping support Alex Williamson @ 2013-01-24 22:04 ` Alex Williamson 2013-01-25 2:58 ` Xiao Guangrong 2013-01-24 22:04 ` [PATCH 2/2] kvm: Obey read-only mappings in iommu Alex Williamson ` (2 subsequent siblings) 3 siblings, 1 reply; 18+ messages in thread From: Alex Williamson @ 2013-01-24 22:04 UTC (permalink / raw) To: gleb, kvm; +Cc: yoshikawa_takuya_b1, linux-kernel, xiaoguangrong Memory slot flags can be altered without changing other parameters of the slot. The read-only attribute is the only one the IOMMU cares about, so generate an un-map, re-map when this occurs. This also avoid unnecessarily re-mapping the slot when no IOMMU visible changes are made. Signed-off-by: Alex Williamson <alex.williamson@redhat.com> --- virt/kvm/kvm_main.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 5e709eb..3fec2cd 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -731,6 +731,7 @@ int __kvm_set_memory_region(struct kvm *kvm, struct kvm_memory_slot *slot; struct kvm_memory_slot old, new; struct kvm_memslots *slots = NULL, *old_memslots; + bool old_iommu_mapped; r = check_memory_region_flags(mem); if (r) @@ -772,6 +773,8 @@ int __kvm_set_memory_region(struct kvm *kvm, new.npages = npages; new.flags = mem->flags; + old_iommu_mapped = old.npages; + /* * Disallow changing a memory slot's size or changing anything about * zero sized slots that doesn't involve making them non-zero. @@ -835,6 +838,7 @@ int __kvm_set_memory_region(struct kvm *kvm, /* slot was deleted or moved, clear iommu mapping */ kvm_iommu_unmap_pages(kvm, &old); + old_iommu_mapped = false; /* From this point no new shadow pages pointing to a deleted, * or moved, memslot will be created. * @@ -863,11 +867,27 @@ int __kvm_set_memory_region(struct kvm *kvm, goto out_free; } - /* map new memory slot into the iommu */ + /* + * IOMMU mapping: New slots need to be mapped. Old slots need to be + * un-mapped and re-mapped if their base changes or if flags that the + * iommu cares about change (read-only). Base change unmapping is + * handled above with slot deletion, so we only unmap incompatible + * flags here. Anything else the iommu might care about for existing + * slots (size changes, userspace addr changes) is disallowed above, + * so any other attribute changes getting here can be skipped. + */ if (npages) { - r = kvm_iommu_map_pages(kvm, &new); - if (r) - goto out_slots; + if (old_iommu_mapped && + ((new.flags ^ old.flags) & KVM_MEM_READONLY)) { + kvm_iommu_unmap_pages(kvm, &old); + old_iommu_mapped = false; + } + + if (!old_iommu_mapped) { + r = kvm_iommu_map_pages(kvm, &new); + if (r) + goto out_slots; + } } /* actual memory is freed via old in kvm_free_physmem_slot below */ ^ permalink raw reply related [flat|nested] 18+ messages in thread
* Re: [PATCH 1/2] kvm: Force IOMMU remapping on memory slot read-only flag changes 2013-01-24 22:04 ` [PATCH 1/2] kvm: Force IOMMU remapping on memory slot read-only flag changes Alex Williamson @ 2013-01-25 2:58 ` Xiao Guangrong 0 siblings, 0 replies; 18+ messages in thread From: Xiao Guangrong @ 2013-01-25 2:58 UTC (permalink / raw) To: Alex Williamson; +Cc: gleb, kvm, yoshikawa_takuya_b1, linux-kernel On 01/25/2013 06:04 AM, Alex Williamson wrote: > Memory slot flags can be altered without changing other parameters of > the slot. The read-only attribute is the only one the IOMMU cares > about, so generate an un-map, re-map when this occurs. This also > avoid unnecessarily re-mapping the slot when no IOMMU visible changes > are made. > Reviewed-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com> ^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH 2/2] kvm: Obey read-only mappings in iommu 2013-01-24 22:03 [PATCH 0/2] kvm: IOMMU read-only mapping support Alex Williamson 2013-01-24 22:04 ` [PATCH 1/2] kvm: Force IOMMU remapping on memory slot read-only flag changes Alex Williamson @ 2013-01-24 22:04 ` Alex Williamson 2013-01-25 1:17 ` [PATCH 0/2] kvm: IOMMU read-only mapping support Takuya Yoshikawa 2013-01-27 15:29 ` Gleb Natapov 3 siblings, 0 replies; 18+ messages in thread From: Alex Williamson @ 2013-01-24 22:04 UTC (permalink / raw) To: gleb, kvm; +Cc: yoshikawa_takuya_b1, linux-kernel, xiaoguangrong We've been ignoring read-only mappings and programming everything into the iommu as read-write. Fix this to only include the write access flag when read-only is not set. Signed-off-by: Alex Williamson <alex.williamson@redhat.com> --- virt/kvm/iommu.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c index 4a340cb..72a130b 100644 --- a/virt/kvm/iommu.c +++ b/virt/kvm/iommu.c @@ -76,7 +76,9 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) gfn = slot->base_gfn; end_gfn = gfn + slot->npages; - flags = IOMMU_READ | IOMMU_WRITE; + flags = IOMMU_READ; + if (!(slot->flags & KVM_MEM_READONLY)) + flags |= IOMMU_WRITE; if (kvm->arch.iommu_flags & KVM_IOMMU_CACHE_COHERENCY) flags |= IOMMU_CACHE; ^ permalink raw reply related [flat|nested] 18+ messages in thread
* Re: [PATCH 0/2] kvm: IOMMU read-only mapping support 2013-01-24 22:03 [PATCH 0/2] kvm: IOMMU read-only mapping support Alex Williamson 2013-01-24 22:04 ` [PATCH 1/2] kvm: Force IOMMU remapping on memory slot read-only flag changes Alex Williamson 2013-01-24 22:04 ` [PATCH 2/2] kvm: Obey read-only mappings in iommu Alex Williamson @ 2013-01-25 1:17 ` Takuya Yoshikawa 2013-01-25 3:28 ` Xiao Guangrong 2013-01-27 15:29 ` Gleb Natapov 3 siblings, 1 reply; 18+ messages in thread From: Takuya Yoshikawa @ 2013-01-25 1:17 UTC (permalink / raw) To: Alex Williamson; +Cc: gleb, kvm, linux-kernel, xiaoguangrong On Thu, 24 Jan 2013 15:03:57 -0700 Alex Williamson <alex.williamson@redhat.com> wrote: > A couple patches to make KVM IOMMU support honor read-only mappings. > This causes an un-map, re-map when the read-only flag changes and > makes use of it when setting IOMMU attributes. Thanks, Looks good to me. I think I can naturally update my patch after this gets merged. Thanks, Takuya ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/2] kvm: IOMMU read-only mapping support 2013-01-25 1:17 ` [PATCH 0/2] kvm: IOMMU read-only mapping support Takuya Yoshikawa @ 2013-01-25 3:28 ` Xiao Guangrong 2013-01-25 3:59 ` Takuya Yoshikawa 2013-01-28 10:59 ` Gleb Natapov 0 siblings, 2 replies; 18+ messages in thread From: Xiao Guangrong @ 2013-01-25 3:28 UTC (permalink / raw) To: Takuya Yoshikawa; +Cc: Alex Williamson, gleb, kvm, linux-kernel On 01/25/2013 09:17 AM, Takuya Yoshikawa wrote: > On Thu, 24 Jan 2013 15:03:57 -0700 > Alex Williamson <alex.williamson@redhat.com> wrote: > >> A couple patches to make KVM IOMMU support honor read-only mappings. >> This causes an un-map, re-map when the read-only flag changes and >> makes use of it when setting IOMMU attributes. Thanks, > > Looks good to me. > > I think I can naturally update my patch after this gets merged. > Please wait. The commit c972f3b1 changed the write-protect behaviour - it does wirte-protection only when dirty flag is set. [ I did not see this commit when we discussed the problem before. ] Further more, i notice that write-protect is not enough, when do sync shadow page: FNAME(sync_page): host_writable = sp->spt[i] & SPTE_HOST_WRITEABLE; set_spte(vcpu, &sp->spt[i], pte_access, PT_PAGE_TABLE_LEVEL, gfn, spte_to_pfn(sp->spt[i]), true, false, host_writable); It sets spte based on the old value that means the readonly flag check is missed. We need to call kvm_arch_flush_shadow_all under this case. ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/2] kvm: IOMMU read-only mapping support 2013-01-25 3:28 ` Xiao Guangrong @ 2013-01-25 3:59 ` Takuya Yoshikawa 2013-01-25 4:28 ` Takuya Yoshikawa 2013-01-28 10:59 ` Gleb Natapov 1 sibling, 1 reply; 18+ messages in thread From: Takuya Yoshikawa @ 2013-01-25 3:59 UTC (permalink / raw) To: Xiao Guangrong; +Cc: Alex Williamson, gleb, kvm, linux-kernel On Fri, 25 Jan 2013 11:28:40 +0800 Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com> wrote: > > I think I can naturally update my patch after this gets merged. > > > > Please wait. The patch I mentioned above won't change anything. Just cleans up set_memory_region(). The only possible change which we discussed before was whether we call iommu_map() on a flags change. > The commit c972f3b1 changed the write-protect behaviour - it does > wirte-protection only when dirty flag is set. > [ I did not see this commit when we discussed the problem before. ] I'll look at the commit later, after the lunch break. > Further more, i notice that write-protect is not enough, when do sync > shadow page: > > FNAME(sync_page): > > host_writable = sp->spt[i] & SPTE_HOST_WRITEABLE; > > set_spte(vcpu, &sp->spt[i], pte_access, > PT_PAGE_TABLE_LEVEL, gfn, > spte_to_pfn(sp->spt[i]), true, false, > host_writable); > > It sets spte based on the old value that means the readonly flag check > is missed. We need to call kvm_arch_flush_shadow_all under this case. So the change needed will be in arch/x86. in arch_commit_* one. Right? Note: I'm not touching arch_* memory slot APIs now because ARM KVM is coming now. So no problem, the flags will be passed as before. Takuya ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/2] kvm: IOMMU read-only mapping support 2013-01-25 3:59 ` Takuya Yoshikawa @ 2013-01-25 4:28 ` Takuya Yoshikawa 0 siblings, 0 replies; 18+ messages in thread From: Takuya Yoshikawa @ 2013-01-25 4:28 UTC (permalink / raw) To: Takuya Yoshikawa; +Cc: Xiao Guangrong, Alex Williamson, gleb, kvm, linux-kernel On Fri, 25 Jan 2013 12:59:12 +0900 Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp> wrote: > > The commit c972f3b1 changed the write-protect behaviour - it does > > wirte-protection only when dirty flag is set. > > [ I did not see this commit when we discussed the problem before. ] > > I'll look at the commit later, after the lunch break. I've done! So we need to do: if (npages && (GET_DIRTY || RDONLY)) write protect About sync_page, I'm not sure what is the best fix. Takuya > > > Further more, i notice that write-protect is not enough, when do sync > > shadow page: > > > > FNAME(sync_page): > > > > host_writable = sp->spt[i] & SPTE_HOST_WRITEABLE; > > > > set_spte(vcpu, &sp->spt[i], pte_access, > > PT_PAGE_TABLE_LEVEL, gfn, > > spte_to_pfn(sp->spt[i]), true, false, > > host_writable); > > > > It sets spte based on the old value that means the readonly flag check > > is missed. We need to call kvm_arch_flush_shadow_all under this case. > > So the change needed will be in arch/x86. > in arch_commit_* one. > > Right? > > Note: I'm not touching arch_* memory slot APIs now because ARM KVM > is coming now. So no problem, the flags will be passed as before. > > Takuya -- Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp> ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/2] kvm: IOMMU read-only mapping support 2013-01-25 3:28 ` Xiao Guangrong 2013-01-25 3:59 ` Takuya Yoshikawa @ 2013-01-28 10:59 ` Gleb Natapov 2013-01-28 12:25 ` Takuya Yoshikawa 2013-01-29 3:06 ` Xiao Guangrong 1 sibling, 2 replies; 18+ messages in thread From: Gleb Natapov @ 2013-01-28 10:59 UTC (permalink / raw) To: Xiao Guangrong; +Cc: Takuya Yoshikawa, Alex Williamson, kvm, linux-kernel On Fri, Jan 25, 2013 at 11:28:40AM +0800, Xiao Guangrong wrote: > On 01/25/2013 09:17 AM, Takuya Yoshikawa wrote: > > On Thu, 24 Jan 2013 15:03:57 -0700 > > Alex Williamson <alex.williamson@redhat.com> wrote: > > > >> A couple patches to make KVM IOMMU support honor read-only mappings. > >> This causes an un-map, re-map when the read-only flag changes and > >> makes use of it when setting IOMMU attributes. Thanks, > > > > Looks good to me. > > > > I think I can naturally update my patch after this gets merged. > > > > Please wait. > > The commit c972f3b1 changed the write-protect behaviour - it does > wirte-protection only when dirty flag is set. > [ I did not see this commit when we discussed the problem before. ] > > Further more, i notice that write-protect is not enough, when do sync > shadow page: > > FNAME(sync_page): > > host_writable = sp->spt[i] & SPTE_HOST_WRITEABLE; > > set_spte(vcpu, &sp->spt[i], pte_access, > PT_PAGE_TABLE_LEVEL, gfn, > spte_to_pfn(sp->spt[i]), true, false, > host_writable); > > It sets spte based on the old value that means the readonly flag check > is missed. We need to call kvm_arch_flush_shadow_all under this case. Why not just disallow changing memory region KVM_MEM_READONLY flag without deleting the region? -- Gleb. ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/2] kvm: IOMMU read-only mapping support 2013-01-28 10:59 ` Gleb Natapov @ 2013-01-28 12:25 ` Takuya Yoshikawa 2013-01-28 15:36 ` Alex Williamson 2013-01-29 3:06 ` Xiao Guangrong 1 sibling, 1 reply; 18+ messages in thread From: Takuya Yoshikawa @ 2013-01-28 12:25 UTC (permalink / raw) To: Gleb Natapov Cc: Xiao Guangrong, Takuya Yoshikawa, Alex Williamson, kvm, linux-kernel On Mon, 28 Jan 2013 12:59:03 +0200 Gleb Natapov <gleb@redhat.com> wrote: > > It sets spte based on the old value that means the readonly flag check > > is missed. We need to call kvm_arch_flush_shadow_all under this case. > Why not just disallow changing memory region KVM_MEM_READONLY flag > without deleting the region? Sounds good. If you prefer, I can fold the required change into my patch. Takuya ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/2] kvm: IOMMU read-only mapping support 2013-01-28 12:25 ` Takuya Yoshikawa @ 2013-01-28 15:36 ` Alex Williamson 2013-01-29 2:12 ` Takuya Yoshikawa 0 siblings, 1 reply; 18+ messages in thread From: Alex Williamson @ 2013-01-28 15:36 UTC (permalink / raw) To: Takuya Yoshikawa Cc: Gleb Natapov, Xiao Guangrong, Takuya Yoshikawa, kvm, linux-kernel On Mon, 2013-01-28 at 21:25 +0900, Takuya Yoshikawa wrote: > On Mon, 28 Jan 2013 12:59:03 +0200 > Gleb Natapov <gleb@redhat.com> wrote: > > > > It sets spte based on the old value that means the readonly flag check > > > is missed. We need to call kvm_arch_flush_shadow_all under this case. > > Why not just disallow changing memory region KVM_MEM_READONLY flag > > without deleting the region? > > Sounds good. > > If you prefer, I can fold the required change into my patch. That would seem to make my patch 1/2 unnecessary. Thanks, Alex ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/2] kvm: IOMMU read-only mapping support 2013-01-28 15:36 ` Alex Williamson @ 2013-01-29 2:12 ` Takuya Yoshikawa 0 siblings, 0 replies; 18+ messages in thread From: Takuya Yoshikawa @ 2013-01-29 2:12 UTC (permalink / raw) To: Alex Williamson Cc: Takuya Yoshikawa, Gleb Natapov, Xiao Guangrong, kvm, linux-kernel On Mon, 28 Jan 2013 08:36:56 -0700 Alex Williamson <alex.williamson@redhat.com> wrote: > On Mon, 2013-01-28 at 21:25 +0900, Takuya Yoshikawa wrote: > > On Mon, 28 Jan 2013 12:59:03 +0200 > > Gleb Natapov <gleb@redhat.com> wrote: > > > > > > It sets spte based on the old value that means the readonly flag check > > > > is missed. We need to call kvm_arch_flush_shadow_all under this case. > > > Why not just disallow changing memory region KVM_MEM_READONLY flag > > > without deleting the region? > > > > Sounds good. > > > > If you prefer, I can fold the required change into my patch. > > That would seem to make my patch 1/2 unnecessary. Thanks, I've decided not to fold that change into my KVM: set_memory_region: Identify the requested change explicitly since this is a functional change, see v3 I posted today. Since QEMU is not the only hypervisor using KVM, we should make the change with a proper subject informing every user of the new restriction. If the maintainers prefer to remove Alex's patch 1/2 first and then rebase my v3 patch, I can do so. Takuya ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/2] kvm: IOMMU read-only mapping support 2013-01-28 10:59 ` Gleb Natapov 2013-01-28 12:25 ` Takuya Yoshikawa @ 2013-01-29 3:06 ` Xiao Guangrong 2013-01-29 6:50 ` Gleb Natapov 1 sibling, 1 reply; 18+ messages in thread From: Xiao Guangrong @ 2013-01-29 3:06 UTC (permalink / raw) To: Gleb Natapov; +Cc: Takuya Yoshikawa, Alex Williamson, kvm, linux-kernel On 01/28/2013 06:59 PM, Gleb Natapov wrote: > On Fri, Jan 25, 2013 at 11:28:40AM +0800, Xiao Guangrong wrote: >> On 01/25/2013 09:17 AM, Takuya Yoshikawa wrote: >>> On Thu, 24 Jan 2013 15:03:57 -0700 >>> Alex Williamson <alex.williamson@redhat.com> wrote: >>> >>>> A couple patches to make KVM IOMMU support honor read-only mappings. >>>> This causes an un-map, re-map when the read-only flag changes and >>>> makes use of it when setting IOMMU attributes. Thanks, >>> >>> Looks good to me. >>> >>> I think I can naturally update my patch after this gets merged. >>> >> >> Please wait. >> >> The commit c972f3b1 changed the write-protect behaviour - it does >> wirte-protection only when dirty flag is set. >> [ I did not see this commit when we discussed the problem before. ] >> >> Further more, i notice that write-protect is not enough, when do sync >> shadow page: >> >> FNAME(sync_page): >> >> host_writable = sp->spt[i] & SPTE_HOST_WRITEABLE; >> >> set_spte(vcpu, &sp->spt[i], pte_access, >> PT_PAGE_TABLE_LEVEL, gfn, >> spte_to_pfn(sp->spt[i]), true, false, >> host_writable); >> >> It sets spte based on the old value that means the readonly flag check >> is missed. We need to call kvm_arch_flush_shadow_all under this case. > Why not just disallow changing memory region KVM_MEM_READONLY flag > without deleting the region? It will introduce some restriction when VM-sharing-mem is being implemented, but we need to do some optimization for it, at least, properly write-protect readonly pages (fix sync_page()) instead of zap_all_page. So, i guess we can do the simple fix first. ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/2] kvm: IOMMU read-only mapping support 2013-01-29 3:06 ` Xiao Guangrong @ 2013-01-29 6:50 ` Gleb Natapov 2013-01-29 7:37 ` Xiao Guangrong 0 siblings, 1 reply; 18+ messages in thread From: Gleb Natapov @ 2013-01-29 6:50 UTC (permalink / raw) To: Xiao Guangrong; +Cc: Takuya Yoshikawa, Alex Williamson, kvm, linux-kernel On Tue, Jan 29, 2013 at 11:06:43AM +0800, Xiao Guangrong wrote: > On 01/28/2013 06:59 PM, Gleb Natapov wrote: > > On Fri, Jan 25, 2013 at 11:28:40AM +0800, Xiao Guangrong wrote: > >> On 01/25/2013 09:17 AM, Takuya Yoshikawa wrote: > >>> On Thu, 24 Jan 2013 15:03:57 -0700 > >>> Alex Williamson <alex.williamson@redhat.com> wrote: > >>> > >>>> A couple patches to make KVM IOMMU support honor read-only mappings. > >>>> This causes an un-map, re-map when the read-only flag changes and > >>>> makes use of it when setting IOMMU attributes. Thanks, > >>> > >>> Looks good to me. > >>> > >>> I think I can naturally update my patch after this gets merged. > >>> > >> > >> Please wait. > >> > >> The commit c972f3b1 changed the write-protect behaviour - it does > >> wirte-protection only when dirty flag is set. > >> [ I did not see this commit when we discussed the problem before. ] > >> > >> Further more, i notice that write-protect is not enough, when do sync > >> shadow page: > >> > >> FNAME(sync_page): > >> > >> host_writable = sp->spt[i] & SPTE_HOST_WRITEABLE; > >> > >> set_spte(vcpu, &sp->spt[i], pte_access, > >> PT_PAGE_TABLE_LEVEL, gfn, > >> spte_to_pfn(sp->spt[i]), true, false, > >> host_writable); > >> > >> It sets spte based on the old value that means the readonly flag check > >> is missed. We need to call kvm_arch_flush_shadow_all under this case. > > Why not just disallow changing memory region KVM_MEM_READONLY flag > > without deleting the region? > > It will introduce some restriction when VM-sharing-mem is being implemented, > but we need to do some optimization for it, at least, properly write-protect > readonly pages (fix sync_page()) instead of zap_all_page. > What is VM-sharing-mem? > So, i guess we can do the simple fix first. > By simple fix you mean calling kvm_arch_flush_shadow_all() on READONLY flag change? -- Gleb. ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/2] kvm: IOMMU read-only mapping support 2013-01-29 6:50 ` Gleb Natapov @ 2013-01-29 7:37 ` Xiao Guangrong [not found] ` <20130129074852.GH22871@redhat.com> 0 siblings, 1 reply; 18+ messages in thread From: Xiao Guangrong @ 2013-01-29 7:37 UTC (permalink / raw) To: Gleb Natapov; +Cc: Takuya Yoshikawa, Alex Williamson, kvm, linux-kernel On 01/29/2013 02:50 PM, Gleb Natapov wrote: > On Tue, Jan 29, 2013 at 11:06:43AM +0800, Xiao Guangrong wrote: >> On 01/28/2013 06:59 PM, Gleb Natapov wrote: >>> On Fri, Jan 25, 2013 at 11:28:40AM +0800, Xiao Guangrong wrote: >>>> On 01/25/2013 09:17 AM, Takuya Yoshikawa wrote: >>>>> On Thu, 24 Jan 2013 15:03:57 -0700 >>>>> Alex Williamson <alex.williamson@redhat.com> wrote: >>>>> >>>>>> A couple patches to make KVM IOMMU support honor read-only mappings. >>>>>> This causes an un-map, re-map when the read-only flag changes and >>>>>> makes use of it when setting IOMMU attributes. Thanks, >>>>> >>>>> Looks good to me. >>>>> >>>>> I think I can naturally update my patch after this gets merged. >>>>> >>>> >>>> Please wait. >>>> >>>> The commit c972f3b1 changed the write-protect behaviour - it does >>>> wirte-protection only when dirty flag is set. >>>> [ I did not see this commit when we discussed the problem before. ] >>>> >>>> Further more, i notice that write-protect is not enough, when do sync >>>> shadow page: >>>> >>>> FNAME(sync_page): >>>> >>>> host_writable = sp->spt[i] & SPTE_HOST_WRITEABLE; >>>> >>>> set_spte(vcpu, &sp->spt[i], pte_access, >>>> PT_PAGE_TABLE_LEVEL, gfn, >>>> spte_to_pfn(sp->spt[i]), true, false, >>>> host_writable); >>>> >>>> It sets spte based on the old value that means the readonly flag check >>>> is missed. We need to call kvm_arch_flush_shadow_all under this case. >>> Why not just disallow changing memory region KVM_MEM_READONLY flag >>> without deleting the region? >> >> It will introduce some restriction when VM-sharing-mem is being implemented, >> but we need to do some optimization for it, at least, properly write-protect >> readonly pages (fix sync_page()) instead of zap_all_page. >> > What is VM-sharing-mem? Sharing memory between different guests. > >> So, i guess we can do the simple fix first. >> > By simple fix you mean calling kvm_arch_flush_shadow_all() on READONLY > flag change? Simply disallow READONLY flag changing. ^ permalink raw reply [flat|nested] 18+ messages in thread
[parent not found: <20130129074852.GH22871@redhat.com>]
* Re: [PATCH 0/2] kvm: IOMMU read-only mapping support [not found] ` <20130129074852.GH22871@redhat.com> @ 2013-01-30 4:06 ` Xiao Guangrong 2013-01-30 4:26 ` Takuya Yoshikawa 0 siblings, 1 reply; 18+ messages in thread From: Xiao Guangrong @ 2013-01-30 4:06 UTC (permalink / raw) To: Gleb Natapov; +Cc: Takuya Yoshikawa, Alex Williamson, kvm, linux-kernel On 01/29/2013 03:48 PM, Gleb Natapov wrote: > On Tue, Jan 29, 2013 at 03:37:23PM +0800, Xiao Guangrong wrote: >> On 01/29/2013 02:50 PM, Gleb Natapov wrote: >>> On Tue, Jan 29, 2013 at 11:06:43AM +0800, Xiao Guangrong wrote: >>>> On 01/28/2013 06:59 PM, Gleb Natapov wrote: >>>>> On Fri, Jan 25, 2013 at 11:28:40AM +0800, Xiao Guangrong wrote: >>>>>> On 01/25/2013 09:17 AM, Takuya Yoshikawa wrote: >>>>>>> On Thu, 24 Jan 2013 15:03:57 -0700 >>>>>>> Alex Williamson <alex.williamson@redhat.com> wrote: >>>>>>> >>>>>>>> A couple patches to make KVM IOMMU support honor read-only mappings. >>>>>>>> This causes an un-map, re-map when the read-only flag changes and >>>>>>>> makes use of it when setting IOMMU attributes. Thanks, >>>>>>> >>>>>>> Looks good to me. >>>>>>> >>>>>>> I think I can naturally update my patch after this gets merged. >>>>>>> >>>>>> >>>>>> Please wait. >>>>>> >>>>>> The commit c972f3b1 changed the write-protect behaviour - it does >>>>>> wirte-protection only when dirty flag is set. >>>>>> [ I did not see this commit when we discussed the problem before. ] >>>>>> >>>>>> Further more, i notice that write-protect is not enough, when do sync >>>>>> shadow page: >>>>>> >>>>>> FNAME(sync_page): >>>>>> >>>>>> host_writable = sp->spt[i] & SPTE_HOST_WRITEABLE; >>>>>> >>>>>> set_spte(vcpu, &sp->spt[i], pte_access, >>>>>> PT_PAGE_TABLE_LEVEL, gfn, >>>>>> spte_to_pfn(sp->spt[i]), true, false, >>>>>> host_writable); >>>>>> >>>>>> It sets spte based on the old value that means the readonly flag check >>>>>> is missed. We need to call kvm_arch_flush_shadow_all under this case. >>>>> Why not just disallow changing memory region KVM_MEM_READONLY flag >>>>> without deleting the region? >>>> >>>> It will introduce some restriction when VM-sharing-mem is being implemented, >>>> but we need to do some optimization for it, at least, properly write-protect >>>> readonly pages (fix sync_page()) instead of zap_all_page. >>>> >>> What is VM-sharing-mem? >> >> Sharing memory between different guests. >> > That much I can figure out for the name itself. My question is how this > sharing will work? Why KVM_MEM_READONLY is needed for it? Why ability to > change KVM_MEM_READONLY flag without destroying memory region will be > important. What's wrong with nahanni, shared memory device we have today? I'm not clear now or maybe my memory is wrong, i need to find the origin discussion... > >>> >>>> So, i guess we can do the simple fix first. >>>> >>> By simple fix you mean calling kvm_arch_flush_shadow_all() on READONLY >>> flag change? >> >> Simply disallow READONLY flag changing. > Ok, can somebody craft a patch? Takuya, will you? ;) ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/2] kvm: IOMMU read-only mapping support 2013-01-30 4:06 ` Xiao Guangrong @ 2013-01-30 4:26 ` Takuya Yoshikawa 0 siblings, 0 replies; 18+ messages in thread From: Takuya Yoshikawa @ 2013-01-30 4:26 UTC (permalink / raw) To: Xiao Guangrong; +Cc: Gleb Natapov, Alex Williamson, kvm, linux-kernel On Wed, 30 Jan 2013 12:06:32 +0800 Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com> wrote: > >>>> So, i guess we can do the simple fix first. > >>>> > >>> By simple fix you mean calling kvm_arch_flush_shadow_all() on READONLY > >>> flag change? > >> > >> Simply disallow READONLY flag changing. > > Ok, can somebody craft a patch? > > Takuya, will you? ;) I will. Thank you for pointing out the problem. We can revisit the API later to determine what kind of changes should be allowed. Takuya ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/2] kvm: IOMMU read-only mapping support 2013-01-24 22:03 [PATCH 0/2] kvm: IOMMU read-only mapping support Alex Williamson ` (2 preceding siblings ...) 2013-01-25 1:17 ` [PATCH 0/2] kvm: IOMMU read-only mapping support Takuya Yoshikawa @ 2013-01-27 15:29 ` Gleb Natapov 3 siblings, 0 replies; 18+ messages in thread From: Gleb Natapov @ 2013-01-27 15:29 UTC (permalink / raw) To: Alex Williamson; +Cc: kvm, yoshikawa_takuya_b1, linux-kernel, xiaoguangrong On Thu, Jan 24, 2013 at 03:03:57PM -0700, Alex Williamson wrote: > A couple patches to make KVM IOMMU support honor read-only mappings. > This causes an un-map, re-map when the read-only flag changes and > makes use of it when setting IOMMU attributes. Thanks, > > Alex > Applied, thanks. > --- > > Alex Williamson (2): > kvm: Force IOMMU remapping on memory slot read-only flag changes > kvm: Obey read-only mappings in iommu > > > virt/kvm/iommu.c | 4 +++- > virt/kvm/kvm_main.c | 28 ++++++++++++++++++++++++---- > 2 files changed, 27 insertions(+), 5 deletions(-) -- Gleb. ^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2013-01-30 4:26 UTC | newest] Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2013-01-24 22:03 [PATCH 0/2] kvm: IOMMU read-only mapping support Alex Williamson 2013-01-24 22:04 ` [PATCH 1/2] kvm: Force IOMMU remapping on memory slot read-only flag changes Alex Williamson 2013-01-25 2:58 ` Xiao Guangrong 2013-01-24 22:04 ` [PATCH 2/2] kvm: Obey read-only mappings in iommu Alex Williamson 2013-01-25 1:17 ` [PATCH 0/2] kvm: IOMMU read-only mapping support Takuya Yoshikawa 2013-01-25 3:28 ` Xiao Guangrong 2013-01-25 3:59 ` Takuya Yoshikawa 2013-01-25 4:28 ` Takuya Yoshikawa 2013-01-28 10:59 ` Gleb Natapov 2013-01-28 12:25 ` Takuya Yoshikawa 2013-01-28 15:36 ` Alex Williamson 2013-01-29 2:12 ` Takuya Yoshikawa 2013-01-29 3:06 ` Xiao Guangrong 2013-01-29 6:50 ` Gleb Natapov 2013-01-29 7:37 ` Xiao Guangrong [not found] ` <20130129074852.GH22871@redhat.com> 2013-01-30 4:06 ` Xiao Guangrong 2013-01-30 4:26 ` Takuya Yoshikawa 2013-01-27 15:29 ` Gleb Natapov
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).