From: Eugenio Perez Martin <eperezma@redhat.com>
To: Jason Wang <jasowang@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>,
Yan Zhao <yan.y.zhao@intel.com>,
Juan Quintela <quintela@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
qemu-devel@nongnu.org, Peter Xu <peterx@redhat.com>,
Eric Auger <eric.auger@redhat.com>, Avi Kivity <avi@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [RFC v3 1/1] memory: Skip bad range assertion if notifier supports arbitrary masks
Date: Wed, 12 Aug 2020 10:49:39 +0200 [thread overview]
Message-ID: <CAJaqyWe0_wcXHgbAVAVNCTpG7O4YKF6FMkgKsf6SfW4dEZ4A5g@mail.gmail.com> (raw)
In-Reply-To: <2443886f-2109-e048-b47f-886c896613ab@redhat.com>
On Wed, Aug 12, 2020 at 4:24 AM Jason Wang <jasowang@redhat.com> wrote:
>
>
> On 2020/8/12 上午1:55, Eugenio Pérez wrote:
> > Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
> > ---
> > hw/virtio/vhost.c | 2 +-
> > include/exec/memory.h | 2 ++
> > softmmu/memory.c | 10 ++++++++--
> > 3 files changed, 11 insertions(+), 3 deletions(-)
> >
> > diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
> > index 1a1384e7a6..e74ad9e09b 100644
> > --- a/hw/virtio/vhost.c
> > +++ b/hw/virtio/vhost.c
> > @@ -729,7 +729,7 @@ static void vhost_iommu_region_add(MemoryListener *listener,
> > iommu_idx = memory_region_iommu_attrs_to_index(iommu_mr,
> > MEMTXATTRS_UNSPECIFIED);
> > iommu_notifier_init(&iommu->n, vhost_iommu_unmap_notify,
> > - IOMMU_NOTIFIER_UNMAP,
> > + IOMMU_NOTIFIER_UNMAP | IOMMU_NOTIFIER_IOTLB,
>
>
> I think we can safely drop IOMMU_NOTIFIER_UNMAP here since device IOTLB
> is sufficient.
>
> Btw, IOMMU_NOTIFIER_IOTLB is kind of confusing, maybe something like
> IOMMU_NOTIFIER_DEVIOTLB.
>
Got it, will change.
>
> > section->offset_within_region,
> > int128_get64(end),
> > iommu_idx);
> > diff --git a/include/exec/memory.h b/include/exec/memory.h
> > index 307e527835..4d94c1e984 100644
> > --- a/include/exec/memory.h
> > +++ b/include/exec/memory.h
> > @@ -87,6 +87,8 @@ typedef enum {
> > IOMMU_NOTIFIER_UNMAP = 0x1,
> > /* Notify entry changes (newly created entries) */
> > IOMMU_NOTIFIER_MAP = 0x2,
> > + /* Notify changes on IOTLB entries */
> > + IOMMU_NOTIFIER_IOTLB = 0x04,
> > } IOMMUNotifierFlag;
> >
> > #define IOMMU_NOTIFIER_ALL (IOMMU_NOTIFIER_MAP | IOMMU_NOTIFIER_UNMAP)
> > diff --git a/softmmu/memory.c b/softmmu/memory.c
> > index af25987518..e2c5f6d0e7 100644
> > --- a/softmmu/memory.c
> > +++ b/softmmu/memory.c
> > @@ -1895,6 +1895,7 @@ void memory_region_notify_one(IOMMUNotifier *notifier,
>
>
> (we probably need a better name of this function, at least something
> like "memory_region_iommu_notify_one").
>
Ok will change.
>
> > {
> > IOMMUNotifierFlag request_flags;
> > hwaddr entry_end = entry->iova + entry->addr_mask;
> > + IOMMUTLBEntry tmp = *entry;
> >
> > /*
> > * Skip the notification if the notification does not overlap
> > @@ -1904,7 +1905,12 @@ void memory_region_notify_one(IOMMUNotifier *notifier,
> > return;
> > }
> >
> > - assert(entry->iova >= notifier->start && entry_end <= notifier->end);
> > + if (notifier->notifier_flags & IOMMU_NOTIFIER_IOTLB) {
> > + tmp.iova = MAX(tmp.iova, notifier->start);
> > + tmp.addr_mask = MIN(entry_end, notifier->end) - tmp.iova;
>
>
> Any reason for doing such re-calculation here, a comment would be helpful.
>
It was proposed by Peter, but I understand as limiting the
address+range we pass to the notifier. Although vhost seems to support
it as long as it contains (notifier->start, notifier->end) in range, a
future notifier might not.
It could be done as iommu_entry_crop(IOMMUTLBEntry *entry, const
IOMMUNotifier *notifier) though.
>
> > + } else {
> > + assert(entry->iova >= notifier->start && entry_end <= notifier->end);
>
>
> I wonder if it's better to convert the assert so some kind of log or
> warn here.
>
I think that if we transform that assert to a log, we should also tell
the guest that something went wrong. Or would it be enough notifying
the bad range?
If a malicious guest cannot reach that point, I think that leaving it
as an assertion allows us to detect earlier the fail in my opinion
(Assert early and assert often).
Thanks!
> Thanks
>
>
> > + }
> >
> > if (entry->perm & IOMMU_RW) {
> > request_flags = IOMMU_NOTIFIER_MAP;
> > @@ -1913,7 +1919,7 @@ void memory_region_notify_one(IOMMUNotifier *notifier,
> > }
> >
> > if (notifier->notifier_flags & request_flags) {
> > - notifier->notify(notifier, entry);
> > + notifier->notify(notifier, &tmp);
> > }
> > }
> >
>
next prev parent reply other threads:[~2020-08-12 8:51 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-26 6:41 [RFC v2 0/1] memory: Delete assertion in memory_region_unregister_iommu_notifier Eugenio Pérez
2020-06-26 6:41 ` [RFC v2 1/1] " Eugenio Pérez
2020-06-26 21:29 ` Peter Xu
2020-06-27 7:26 ` Yan Zhao
2020-06-27 12:57 ` Peter Xu
2020-06-28 1:36 ` Yan Zhao
2020-06-28 7:03 ` Jason Wang
2020-06-28 14:47 ` Peter Xu
2020-06-29 5:51 ` Jason Wang
2020-06-29 13:34 ` Peter Xu
2020-06-30 2:41 ` Jason Wang
2020-06-30 8:29 ` Jason Wang
2020-06-30 9:21 ` Michael S. Tsirkin
2020-06-30 9:23 ` Jason Wang
2020-06-30 15:20 ` Peter Xu
2020-07-01 8:11 ` Jason Wang
2020-07-01 12:16 ` Peter Xu
2020-07-01 12:30 ` Jason Wang
2020-07-01 12:41 ` Peter Xu
2020-07-02 3:00 ` Jason Wang
2020-06-30 15:39 ` Peter Xu
2020-07-01 8:09 ` Jason Wang
2020-07-02 3:01 ` Jason Wang
2020-07-02 15:45 ` Peter Xu
2020-07-03 7:24 ` Jason Wang
2020-07-03 13:03 ` Peter Xu
2020-07-07 8:03 ` Jason Wang
2020-07-07 19:54 ` Peter Xu
2020-07-08 5:42 ` Jason Wang
2020-07-08 14:16 ` Peter Xu
2020-07-09 5:58 ` Jason Wang
2020-07-09 14:10 ` Peter Xu
2020-07-10 6:34 ` Jason Wang
2020-07-10 13:30 ` Peter Xu
2020-07-13 4:04 ` Jason Wang
2020-07-16 1:00 ` Peter Xu
2020-07-16 2:54 ` Jason Wang
2020-07-17 14:18 ` Peter Xu
2020-07-20 4:02 ` Jason Wang
2020-07-20 13:03 ` Peter Xu
2020-07-21 6:20 ` Jason Wang
2020-07-21 15:10 ` Peter Xu
2020-08-03 16:00 ` Eugenio Pérez
2020-08-04 20:30 ` Peter Xu
2020-08-05 5:45 ` Jason Wang
2020-08-11 17:01 ` Eugenio Perez Martin
2020-08-11 17:10 ` Eugenio Perez Martin
2020-06-29 15:05 ` [RFC v2 0/1] " Paolo Bonzini
2020-07-03 7:39 ` Eugenio Perez Martin
2020-07-03 10:10 ` Paolo Bonzini
2020-08-11 17:55 ` [RFC v3 " Eugenio Pérez
2020-08-11 17:55 ` [RFC v3 1/1] memory: Skip bad range assertion if notifier supports arbitrary masks Eugenio Pérez
2020-08-12 2:24 ` Jason Wang
2020-08-12 8:49 ` Eugenio Perez Martin [this message]
2020-08-18 14:24 ` Eugenio Perez Martin
2020-08-19 7:15 ` Jason Wang
2020-08-19 8:22 ` Eugenio Perez Martin
2020-08-19 9:36 ` Jason Wang
2020-08-19 15:50 ` Peter Xu
2020-08-20 2:28 ` Jason Wang
2020-08-21 14:12 ` Peter Xu
2020-09-01 3:05 ` Jason Wang
2020-09-01 19:35 ` Peter Xu
2020-09-02 5:13 ` Jason Wang
2020-08-11 18:10 ` [RFC v3 0/1] memory: Delete assertion in memory_region_unregister_iommu_notifier Eugenio Perez Martin
2020-08-11 19:27 ` Peter Xu
2020-08-12 14:33 ` Eugenio Perez Martin
2020-08-12 21:12 ` Peter Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAJaqyWe0_wcXHgbAVAVNCTpG7O4YKF6FMkgKsf6SfW4dEZ4A5g@mail.gmail.com \
--to=eperezma@redhat.com \
--cc=avi@redhat.com \
--cc=eric.auger@redhat.com \
--cc=jasowang@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=yan.y.zhao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).