| Message ID | 20230513003600.818142-4-seanjc@google.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp5480709vqo;
Fri, 12 May 2023 17:38:33 -0700 (PDT)
X-Google-Smtp-Source:
ACHHUZ6W92qIZiYKXe34Gu1pIjxwCpfBw0iTc8XArG8nkyX5w+CKVs7VP4h6476kd5kfZkHK+s70
X-Received: by 2002:a17:903:230d:b0:1ad:164:74fc with SMTP id
d13-20020a170903230d00b001ad016474fcmr12672918plh.20.1683938312949;
Fri, 12 May 2023 17:38:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1683938312; cv=none;
d=google.com; s=arc-20160816;
b=f0g/Wc50vRT7yjOXCs7gcSkbiUHoNg9Y7pUwhLDuvrJNKpam8Fs7wqq42PL2g8pckP
fsCEHlry+SA7iPNRptRdac+XgbVPY1JZXjJte0I2hNVYK1icTW7pYLnE7BcTAPEEwHL7
0RtOFjvJ38HBbUUKN3SbEqNJJnZ6v+G6PRTomXrzoCh9lbf+N9v86IzXSikS31e+JfxJ
MSBv76fqYjM9rG8FeevcXhSOh1nl3YFdvLBJkwBu6Dd7u4aHHA1H26rmN/+PD5KpgJcH
D1n4HHD8+BbcQ7y3+AVMWn14QgdHlWAYugQBC13M9MoN5c+x0y3aEr8HKjYfLabgpUl6
Y9qQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:cc:to:from:subject:message-id:references
:mime-version:in-reply-to:date:reply-to:dkim-signature;
bh=XwIKHmmTJOUjvBBd2bP49EQ+CK24vBc6gAU6yUFfBBk=;
b=GWdkZBr6nrSSzXONI/uBOhc95ZOvPbD3sdUtdrWYpVk2JQtwcWbj089ce6RvjTT5JS
t389HLdJfQcDFxa+dsxjoiDsQNmrvTDQAywm5mdW5sflOXeVGVT5XhionXtvC4MVN1z+
dZO7oyteKf7J3F1HXnni5bC1CQNFhg+gV/Jmcy3I/cEzLCoHHbcsogDxwkoLpIlcUvRh
fXwDjworGNOKvYeDpEWQM9ARGtyIg0jgfRhBXPaFlXBY8Yz2Yw0G9NuQJotRlNj+qtbf
eNjgmMlbDqX0omXiG4xYVKmnNq/bCO8eXu7Pu25xpv7BqzlLa9ZwCOjB2NT3ccczZ6Jg
5Scw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@google.com header.s=20221208 header.b=ohttiLZp;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
h15-20020a17090a604f00b0024e01bbc607si29017730pjm.50.2023.05.12.17.38.19;
Fri, 12 May 2023 17:38:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@google.com header.s=20221208 header.b=ohttiLZp;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S241243AbjEMAgY (ORCPT <rfc822;peekingduck44@gmail.com>
+ 99 others); Fri, 12 May 2023 20:36:24 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43560 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S241030AbjEMAgO (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 12 May 2023 20:36:14 -0400
Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com
[IPv6:2607:f8b0:4864:20::114a])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9771455B7
for <linux-kernel@vger.kernel.org>;
Fri, 12 May 2023 17:36:12 -0700 (PDT)
Received: by mail-yw1-x114a.google.com with SMTP id
00721157ae682-55d9a9d19c9so154145457b3.1
for <linux-kernel@vger.kernel.org>;
Fri, 12 May 2023 17:36:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20221208; t=1683938172; x=1686530172;
h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
:date:reply-to:from:to:cc:subject:date:message-id:reply-to;
bh=XwIKHmmTJOUjvBBd2bP49EQ+CK24vBc6gAU6yUFfBBk=;
b=ohttiLZpsPQ1r/sX8xxAl1twyVbCEqfRJ26GYnVK8hVZm7MK2GYEdF7ZA6KfDLoze0
VbYx6XFNk1SS/fEqkJkTP+VVyjK0YnME2kR0EdngMXsub3zdq12IiUR9ARdG/yRIws37
LfEjvabKiZQTFXLjNUKqSrTbDAINtLC0ylCNPiTI8bFwrLHzCB6gZm71eFcafVgYHQrh
gV7/XUuGvowhA85sxAVxosReNVhIX1TZgTfGH7u3CwEH1CkV9y/ZgfeKuskmtH8catj9
MbQiDX9sRdYTt+vys8ERmAvfiTqwtP41K4yYSq9PzQudo1zgo6YZnCt+7el6TsF8Goe2
UUGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1683938172; x=1686530172;
h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
:date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=XwIKHmmTJOUjvBBd2bP49EQ+CK24vBc6gAU6yUFfBBk=;
b=TjLjq9kPRqknbS1lwyFBIdYs4tYxVk0uCWEKh1ek5U+rVUeJ2FXPMMAr167W09vShC
9WPx+BcWT3vKdigNr+2Ln4BQUMgkn/V3LLBOZ/RGHdLR2y9md6LaNMgwU+PWmQri2DQN
1sYOxJlfYsZap/iYx+lI5zv7tWUoYzt/MHjxdpyYy9sczwnER3Y1OW6CgZThroQaF5gY
VdzvOp3C0YyQ9R56Ad77qMsN7GSfn0BliQW9DJ8wi7ZYC9vfzfYZbdoNSA2D0UuvVstG
ra3Kp1j4xSIaz/uJhdtLwCESw9bKbBbmjZiwo2lSdtbTOmslPyIF7vzWyOSwbYHC96Lx
Nrng==
X-Gm-Message-State: AC+VfDw/RfdQp3sjR5qCJ7+77YEJBvnBJsa3unHiH/YnKkDy948DZUXU
SLKCpGjgliaEJRUO+l4PDbvTfSm+05s=
X-Received: from zagreus.c.googlers.com
([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
(user=seanjc job=sendgmr) by 2002:a81:af0e:0:b0:55a:5641:54be with SMTP id
n14-20020a81af0e000000b0055a564154bemr16292331ywh.6.1683938171803; Fri, 12
May 2023 17:36:11 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 12 May 2023 17:35:35 -0700
In-Reply-To: <20230513003600.818142-1-seanjc@google.com>
Mime-Version: 1.0
References: <20230513003600.818142-1-seanjc@google.com>
X-Mailer: git-send-email 2.40.1.606.ga4b1b128d6-goog
Message-ID: <20230513003600.818142-4-seanjc@google.com>
Subject: [PATCH v3 03/28] drm/i915/gvt: Verify hugepages are contiguous in
physical address space
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Zhenyu Wang <zhenyuw@linux.intel.com>,
Zhi Wang <zhi.a.wang@intel.com>
Cc: kvm@vger.kernel.org, intel-gvt-dev@lists.freedesktop.org,
intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org,
Yan Zhao <yan.y.zhao@intel.com>,
Ben Gardon <bgardon@google.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL
autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1765737300412369940?=
X-GMAIL-MSGID: =?utf-8?q?1765737300412369940?=
|
| Series |
drm/i915/gvt: KVM: KVMGT fixes and page-track cleanups
|
|
Commit Message
Sean Christopherson
May 13, 2023, 12:35 a.m. UTC
When shadowing a GTT entry with a 2M page, verify that the pfns are
contiguous, not just that the struct page pointers are contiguous. The
memory map is virtual contiguous if "CONFIG_FLATMEM=y ||
CONFIG_SPARSEMEM_VMEMMAP=y", but not for "CONFIG_SPARSEMEM=y &&
CONFIG_SPARSEMEM_VMEMMAP=n", so theoretically KVMGT could encounter struct
pages that are virtually contiguous, but not physically contiguous.
In practice, this flaw is likely a non-issue as it would cause functional
problems iff a section isn't 2M aligned _and_ is directly adjacent to
another section with discontiguous pfns.
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
drivers/gpu/drm/i915/gvt/kvmgt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
hi Sean
Do you think it's necessary to double check that struct page pointers
are also contiguous?
And do you like to also include a fix as below, which is to remove the
warning in vfio_device_container_unpin_pages() when npage is 0?
@ -169,7 +173,8 @@ static int gvt_pin_guest_page(struct intel_vgpu *vgpu, unsigned long gfn,
*page = base_page;
return 0;
err:
- gvt_unpin_guest_page(vgpu, gfn, npage * PAGE_SIZE);
+ if (npage)
+ gvt_unpin_guest_page(vgpu, gfn, npage * PAGE_SIZE);
return ret;
}
BTW, I've sent a separate fix for vfio_iommu_type1_pin_pages() to ensure
struct page is a valid address.
https://lore.kernel.org/lkml/20230516093007.15234-1-yan.y.zhao@intel.com/
On Fri, May 12, 2023 at 05:35:35PM -0700, Sean Christopherson wrote:
> When shadowing a GTT entry with a 2M page, verify that the pfns are
> contiguous, not just that the struct page pointers are contiguous. The
> memory map is virtual contiguous if "CONFIG_FLATMEM=y ||
> CONFIG_SPARSEMEM_VMEMMAP=y", but not for "CONFIG_SPARSEMEM=y &&
> CONFIG_SPARSEMEM_VMEMMAP=n", so theoretically KVMGT could encounter struct
> pages that are virtually contiguous, but not physically contiguous.
>
> In practice, this flaw is likely a non-issue as it would cause functional
> problems iff a section isn't 2M aligned _and_ is directly adjacent to
> another section with discontiguous pfns.
>
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
> drivers/gpu/drm/i915/gvt/kvmgt.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c
> index de675d799c7d..429f0f993a13 100644
> --- a/drivers/gpu/drm/i915/gvt/kvmgt.c
> +++ b/drivers/gpu/drm/i915/gvt/kvmgt.c
> @@ -161,7 +161,7 @@ static int gvt_pin_guest_page(struct intel_vgpu *vgpu, unsigned long gfn,
>
> if (npage == 0)
> base_page = cur_page;
> - else if (base_page + npage != cur_page) {
> + else if (page_to_pfn(base_page) + npage != page_to_pfn(cur_page)) {
> gvt_vgpu_err("The pages are not continuous\n");
> ret = -EINVAL;
> npage++;
> --
> 2.40.1.606.ga4b1b128d6-goog
>
On Tue, May 16, 2023, Yan Zhao wrote: > hi Sean > > Do you think it's necessary to double check that struct page pointers > are also contiguous? No, the virtual address space should be irrelevant. The only way it would be problematic is if something in dma_map_page() expected to be able to access the entire chunk of memory by getting the virtual address of only the first page, but I can't imagine that code is reading or writing memory, let alone doing so across a huge range of memory. > And do you like to also include a fix as below, which is to remove the > warning in vfio_device_container_unpin_pages() when npage is 0? > > @ -169,7 +173,8 @@ static int gvt_pin_guest_page(struct intel_vgpu *vgpu, unsigned long gfn, > *page = base_page; > return 0; > err: > - gvt_unpin_guest_page(vgpu, gfn, npage * PAGE_SIZE); > + if (npage) > + gvt_unpin_guest_page(vgpu, gfn, npage * PAGE_SIZE); > return ret; > } Sure. Want to give your SoB? I'll write a changelog. Thanks again!
On Wed, May 17, 2023 at 07:50:26AM -0700, Sean Christopherson wrote: > On Tue, May 16, 2023, Yan Zhao wrote: > > hi Sean > > > > Do you think it's necessary to double check that struct page pointers > > are also contiguous? > > No, the virtual address space should be irrelevant. The only way it would be > problematic is if something in dma_map_page() expected to be able to access the > entire chunk of memory by getting the virtual address of only the first page, > but I can't imagine that code is reading or writing memory, let alone doing so > across a huge range of memory. Yes, I do find arm_iommu version of dma_map_page() access the memory by getting virtual address of pages passed in, but it's implemented as page by page, not only from the first page. dma_map_page dma_map_page_attrs ops->map_page arm_iommu_map_page __dma_page_cpu_to_dev dma_cache_maint_page Just a little worried about the condition of PFNs are contiguous while they belong to different backends, e.g. one from system memory and one from MMIO. But I don't know how to avoid this without complicated checks. And this condition might not happen in practice. > > > And do you like to also include a fix as below, which is to remove the > > warning in vfio_device_container_unpin_pages() when npage is 0? > > > > @ -169,7 +173,8 @@ static int gvt_pin_guest_page(struct intel_vgpu *vgpu, unsigned long gfn, > > *page = base_page; > > return 0; > > err: > > - gvt_unpin_guest_page(vgpu, gfn, npage * PAGE_SIZE); > > + if (npage) > > + gvt_unpin_guest_page(vgpu, gfn, npage * PAGE_SIZE); > > return ret; > > } > > Sure. Want to give your SoB? I'll write a changelog. > Thanks! It's just a small code piece. Whatever is convenient for you :)
On Thu, May 18, 2023, Yan Zhao wrote: > On Wed, May 17, 2023 at 07:50:26AM -0700, Sean Christopherson wrote: > > On Tue, May 16, 2023, Yan Zhao wrote: > > > hi Sean > > > > > > Do you think it's necessary to double check that struct page pointers > > > are also contiguous? > > > > No, the virtual address space should be irrelevant. The only way it would be > > problematic is if something in dma_map_page() expected to be able to access the > > entire chunk of memory by getting the virtual address of only the first page, > > but I can't imagine that code is reading or writing memory, let alone doing so > > across a huge range of memory. > Yes, I do find arm_iommu version of dma_map_page() access the memory by getting > virtual address of pages passed in, but it's implemented as page by page, not only > from the first page. > > dma_map_page > dma_map_page_attrs > ops->map_page > arm_iommu_map_page Heh, thankfully this is ARM specific, which presumably doesn't collide with KVMGT. > __dma_page_cpu_to_dev > dma_cache_maint_page > > Just a little worried about the condition of PFNs are contiguous > while they belong to different backends, e.g. one from system memory and > one from MMIO. > But I don't know how to avoid this without complicated checks. > And this condition might not happen in practice. IMO, assuming that contiguous pfns are vritually contiguous is wrong, i.e. would be a bug in the other code. The above dma_cache_maint_page() get's this right, and even has a well written comment to boot.
On Thu, May 18, 2023 at 11:04:46AM -0700, Sean Christopherson wrote: > On Thu, May 18, 2023, Yan Zhao wrote: > > On Wed, May 17, 2023 at 07:50:26AM -0700, Sean Christopherson wrote: > > > On Tue, May 16, 2023, Yan Zhao wrote: > > > > hi Sean > > > > > > > > Do you think it's necessary to double check that struct page pointers > > > > are also contiguous? > > > > > > No, the virtual address space should be irrelevant. The only way it would be > > > problematic is if something in dma_map_page() expected to be able to access the > > > entire chunk of memory by getting the virtual address of only the first page, > > > but I can't imagine that code is reading or writing memory, let alone doing so > > > across a huge range of memory. > > Yes, I do find arm_iommu version of dma_map_page() access the memory by getting > > virtual address of pages passed in, but it's implemented as page by page, not only > > from the first page. > > > > dma_map_page > > dma_map_page_attrs > > ops->map_page > > arm_iommu_map_page > > Heh, thankfully this is ARM specific, which presumably doesn't collide with KVMGT. Actually, this is fine with KVMGT (owning to page by page access), isn't it? :) > > > __dma_page_cpu_to_dev > > dma_cache_maint_page > > > > Just a little worried about the condition of PFNs are contiguous > > while they belong to different backends, e.g. one from system memory and > > one from MMIO. > > But I don't know how to avoid this without complicated checks. > > And this condition might not happen in practice. > > IMO, assuming that contiguous pfns are vritually contiguous is wrong, i.e. would > be a bug in the other code. The above dma_cache_maint_page() get's this right, > and even has a well written comment to boot. Right.
diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c index de675d799c7d..429f0f993a13 100644 --- a/drivers/gpu/drm/i915/gvt/kvmgt.c +++ b/drivers/gpu/drm/i915/gvt/kvmgt.c @@ -161,7 +161,7 @@ static int gvt_pin_guest_page(struct intel_vgpu *vgpu, unsigned long gfn, if (npage == 0) base_page = cur_page; - else if (base_page + npage != cur_page) { + else if (page_to_pfn(base_page) + npage != page_to_pfn(cur_page)) { gvt_vgpu_err("The pages are not continuous\n"); ret = -EINVAL; npage++;