Message ID | 20230513003600.818142-4-seanjc@google.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp5480709vqo; Fri, 12 May 2023 17:38:33 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6W92qIZiYKXe34Gu1pIjxwCpfBw0iTc8XArG8nkyX5w+CKVs7VP4h6476kd5kfZkHK+s70 X-Received: by 2002:a17:903:230d:b0:1ad:164:74fc with SMTP id d13-20020a170903230d00b001ad016474fcmr12672918plh.20.1683938312949; Fri, 12 May 2023 17:38:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683938312; cv=none; d=google.com; s=arc-20160816; b=f0g/Wc50vRT7yjOXCs7gcSkbiUHoNg9Y7pUwhLDuvrJNKpam8Fs7wqq42PL2g8pckP fsCEHlry+SA7iPNRptRdac+XgbVPY1JZXjJte0I2hNVYK1icTW7pYLnE7BcTAPEEwHL7 0RtOFjvJ38HBbUUKN3SbEqNJJnZ6v+G6PRTomXrzoCh9lbf+N9v86IzXSikS31e+JfxJ MSBv76fqYjM9rG8FeevcXhSOh1nl3YFdvLBJkwBu6Dd7u4aHHA1H26rmN/+PD5KpgJcH D1n4HHD8+BbcQ7y3+AVMWn14QgdHlWAYugQBC13M9MoN5c+x0y3aEr8HKjYfLabgpUl6 Y9qQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=XwIKHmmTJOUjvBBd2bP49EQ+CK24vBc6gAU6yUFfBBk=; b=GWdkZBr6nrSSzXONI/uBOhc95ZOvPbD3sdUtdrWYpVk2JQtwcWbj089ce6RvjTT5JS t389HLdJfQcDFxa+dsxjoiDsQNmrvTDQAywm5mdW5sflOXeVGVT5XhionXtvC4MVN1z+ dZO7oyteKf7J3F1HXnni5bC1CQNFhg+gV/Jmcy3I/cEzLCoHHbcsogDxwkoLpIlcUvRh fXwDjworGNOKvYeDpEWQM9ARGtyIg0jgfRhBXPaFlXBY8Yz2Yw0G9NuQJotRlNj+qtbf eNjgmMlbDqX0omXiG4xYVKmnNq/bCO8eXu7Pu25xpv7BqzlLa9ZwCOjB2NT3ccczZ6Jg 5Scw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=ohttiLZp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h15-20020a17090a604f00b0024e01bbc607si29017730pjm.50.2023.05.12.17.38.19; Fri, 12 May 2023 17:38:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=ohttiLZp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241243AbjEMAgY (ORCPT <rfc822;peekingduck44@gmail.com> + 99 others); Fri, 12 May 2023 20:36:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43560 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241030AbjEMAgO (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Fri, 12 May 2023 20:36:14 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9771455B7 for <linux-kernel@vger.kernel.org>; Fri, 12 May 2023 17:36:12 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-55d9a9d19c9so154145457b3.1 for <linux-kernel@vger.kernel.org>; Fri, 12 May 2023 17:36:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1683938172; x=1686530172; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=XwIKHmmTJOUjvBBd2bP49EQ+CK24vBc6gAU6yUFfBBk=; b=ohttiLZpsPQ1r/sX8xxAl1twyVbCEqfRJ26GYnVK8hVZm7MK2GYEdF7ZA6KfDLoze0 VbYx6XFNk1SS/fEqkJkTP+VVyjK0YnME2kR0EdngMXsub3zdq12IiUR9ARdG/yRIws37 LfEjvabKiZQTFXLjNUKqSrTbDAINtLC0ylCNPiTI8bFwrLHzCB6gZm71eFcafVgYHQrh gV7/XUuGvowhA85sxAVxosReNVhIX1TZgTfGH7u3CwEH1CkV9y/ZgfeKuskmtH8catj9 MbQiDX9sRdYTt+vys8ERmAvfiTqwtP41K4yYSq9PzQudo1zgo6YZnCt+7el6TsF8Goe2 UUGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683938172; x=1686530172; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XwIKHmmTJOUjvBBd2bP49EQ+CK24vBc6gAU6yUFfBBk=; b=TjLjq9kPRqknbS1lwyFBIdYs4tYxVk0uCWEKh1ek5U+rVUeJ2FXPMMAr167W09vShC 9WPx+BcWT3vKdigNr+2Ln4BQUMgkn/V3LLBOZ/RGHdLR2y9md6LaNMgwU+PWmQri2DQN 1sYOxJlfYsZap/iYx+lI5zv7tWUoYzt/MHjxdpyYy9sczwnER3Y1OW6CgZThroQaF5gY VdzvOp3C0YyQ9R56Ad77qMsN7GSfn0BliQW9DJ8wi7ZYC9vfzfYZbdoNSA2D0UuvVstG ra3Kp1j4xSIaz/uJhdtLwCESw9bKbBbmjZiwo2lSdtbTOmslPyIF7vzWyOSwbYHC96Lx Nrng== X-Gm-Message-State: AC+VfDw/RfdQp3sjR5qCJ7+77YEJBvnBJsa3unHiH/YnKkDy948DZUXU SLKCpGjgliaEJRUO+l4PDbvTfSm+05s= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a81:af0e:0:b0:55a:5641:54be with SMTP id n14-20020a81af0e000000b0055a564154bemr16292331ywh.6.1683938171803; Fri, 12 May 2023 17:36:11 -0700 (PDT) Reply-To: Sean Christopherson <seanjc@google.com> Date: Fri, 12 May 2023 17:35:35 -0700 In-Reply-To: <20230513003600.818142-1-seanjc@google.com> Mime-Version: 1.0 References: <20230513003600.818142-1-seanjc@google.com> X-Mailer: git-send-email 2.40.1.606.ga4b1b128d6-goog Message-ID: <20230513003600.818142-4-seanjc@google.com> Subject: [PATCH v3 03/28] drm/i915/gvt: Verify hugepages are contiguous in physical address space From: Sean Christopherson <seanjc@google.com> To: Sean Christopherson <seanjc@google.com>, Paolo Bonzini <pbonzini@redhat.com>, Zhenyu Wang <zhenyuw@linux.intel.com>, Zhi Wang <zhi.a.wang@intel.com> Cc: kvm@vger.kernel.org, intel-gvt-dev@lists.freedesktop.org, intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org, Yan Zhao <yan.y.zhao@intel.com>, Ben Gardon <bgardon@google.com> Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1765737300412369940?= X-GMAIL-MSGID: =?utf-8?q?1765737300412369940?= |
Series |
drm/i915/gvt: KVM: KVMGT fixes and page-track cleanups
|
|
Commit Message
Sean Christopherson
May 13, 2023, 12:35 a.m. UTC
When shadowing a GTT entry with a 2M page, verify that the pfns are
contiguous, not just that the struct page pointers are contiguous. The
memory map is virtual contiguous if "CONFIG_FLATMEM=y ||
CONFIG_SPARSEMEM_VMEMMAP=y", but not for "CONFIG_SPARSEMEM=y &&
CONFIG_SPARSEMEM_VMEMMAP=n", so theoretically KVMGT could encounter struct
pages that are virtually contiguous, but not physically contiguous.
In practice, this flaw is likely a non-issue as it would cause functional
problems iff a section isn't 2M aligned _and_ is directly adjacent to
another section with discontiguous pfns.
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
drivers/gpu/drm/i915/gvt/kvmgt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
hi Sean Do you think it's necessary to double check that struct page pointers are also contiguous? And do you like to also include a fix as below, which is to remove the warning in vfio_device_container_unpin_pages() when npage is 0? @ -169,7 +173,8 @@ static int gvt_pin_guest_page(struct intel_vgpu *vgpu, unsigned long gfn, *page = base_page; return 0; err: - gvt_unpin_guest_page(vgpu, gfn, npage * PAGE_SIZE); + if (npage) + gvt_unpin_guest_page(vgpu, gfn, npage * PAGE_SIZE); return ret; } BTW, I've sent a separate fix for vfio_iommu_type1_pin_pages() to ensure struct page is a valid address. https://lore.kernel.org/lkml/20230516093007.15234-1-yan.y.zhao@intel.com/ On Fri, May 12, 2023 at 05:35:35PM -0700, Sean Christopherson wrote: > When shadowing a GTT entry with a 2M page, verify that the pfns are > contiguous, not just that the struct page pointers are contiguous. The > memory map is virtual contiguous if "CONFIG_FLATMEM=y || > CONFIG_SPARSEMEM_VMEMMAP=y", but not for "CONFIG_SPARSEMEM=y && > CONFIG_SPARSEMEM_VMEMMAP=n", so theoretically KVMGT could encounter struct > pages that are virtually contiguous, but not physically contiguous. > > In practice, this flaw is likely a non-issue as it would cause functional > problems iff a section isn't 2M aligned _and_ is directly adjacent to > another section with discontiguous pfns. > > Signed-off-by: Sean Christopherson <seanjc@google.com> > --- > drivers/gpu/drm/i915/gvt/kvmgt.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c > index de675d799c7d..429f0f993a13 100644 > --- a/drivers/gpu/drm/i915/gvt/kvmgt.c > +++ b/drivers/gpu/drm/i915/gvt/kvmgt.c > @@ -161,7 +161,7 @@ static int gvt_pin_guest_page(struct intel_vgpu *vgpu, unsigned long gfn, > > if (npage == 0) > base_page = cur_page; > - else if (base_page + npage != cur_page) { > + else if (page_to_pfn(base_page) + npage != page_to_pfn(cur_page)) { > gvt_vgpu_err("The pages are not continuous\n"); > ret = -EINVAL; > npage++; > -- > 2.40.1.606.ga4b1b128d6-goog >
On Tue, May 16, 2023, Yan Zhao wrote: > hi Sean > > Do you think it's necessary to double check that struct page pointers > are also contiguous? No, the virtual address space should be irrelevant. The only way it would be problematic is if something in dma_map_page() expected to be able to access the entire chunk of memory by getting the virtual address of only the first page, but I can't imagine that code is reading or writing memory, let alone doing so across a huge range of memory. > And do you like to also include a fix as below, which is to remove the > warning in vfio_device_container_unpin_pages() when npage is 0? > > @ -169,7 +173,8 @@ static int gvt_pin_guest_page(struct intel_vgpu *vgpu, unsigned long gfn, > *page = base_page; > return 0; > err: > - gvt_unpin_guest_page(vgpu, gfn, npage * PAGE_SIZE); > + if (npage) > + gvt_unpin_guest_page(vgpu, gfn, npage * PAGE_SIZE); > return ret; > } Sure. Want to give your SoB? I'll write a changelog. Thanks again!
On Wed, May 17, 2023 at 07:50:26AM -0700, Sean Christopherson wrote: > On Tue, May 16, 2023, Yan Zhao wrote: > > hi Sean > > > > Do you think it's necessary to double check that struct page pointers > > are also contiguous? > > No, the virtual address space should be irrelevant. The only way it would be > problematic is if something in dma_map_page() expected to be able to access the > entire chunk of memory by getting the virtual address of only the first page, > but I can't imagine that code is reading or writing memory, let alone doing so > across a huge range of memory. Yes, I do find arm_iommu version of dma_map_page() access the memory by getting virtual address of pages passed in, but it's implemented as page by page, not only from the first page. dma_map_page dma_map_page_attrs ops->map_page arm_iommu_map_page __dma_page_cpu_to_dev dma_cache_maint_page Just a little worried about the condition of PFNs are contiguous while they belong to different backends, e.g. one from system memory and one from MMIO. But I don't know how to avoid this without complicated checks. And this condition might not happen in practice. > > > And do you like to also include a fix as below, which is to remove the > > warning in vfio_device_container_unpin_pages() when npage is 0? > > > > @ -169,7 +173,8 @@ static int gvt_pin_guest_page(struct intel_vgpu *vgpu, unsigned long gfn, > > *page = base_page; > > return 0; > > err: > > - gvt_unpin_guest_page(vgpu, gfn, npage * PAGE_SIZE); > > + if (npage) > > + gvt_unpin_guest_page(vgpu, gfn, npage * PAGE_SIZE); > > return ret; > > } > > Sure. Want to give your SoB? I'll write a changelog. > Thanks! It's just a small code piece. Whatever is convenient for you :)
On Thu, May 18, 2023, Yan Zhao wrote: > On Wed, May 17, 2023 at 07:50:26AM -0700, Sean Christopherson wrote: > > On Tue, May 16, 2023, Yan Zhao wrote: > > > hi Sean > > > > > > Do you think it's necessary to double check that struct page pointers > > > are also contiguous? > > > > No, the virtual address space should be irrelevant. The only way it would be > > problematic is if something in dma_map_page() expected to be able to access the > > entire chunk of memory by getting the virtual address of only the first page, > > but I can't imagine that code is reading or writing memory, let alone doing so > > across a huge range of memory. > Yes, I do find arm_iommu version of dma_map_page() access the memory by getting > virtual address of pages passed in, but it's implemented as page by page, not only > from the first page. > > dma_map_page > dma_map_page_attrs > ops->map_page > arm_iommu_map_page Heh, thankfully this is ARM specific, which presumably doesn't collide with KVMGT. > __dma_page_cpu_to_dev > dma_cache_maint_page > > Just a little worried about the condition of PFNs are contiguous > while they belong to different backends, e.g. one from system memory and > one from MMIO. > But I don't know how to avoid this without complicated checks. > And this condition might not happen in practice. IMO, assuming that contiguous pfns are vritually contiguous is wrong, i.e. would be a bug in the other code. The above dma_cache_maint_page() get's this right, and even has a well written comment to boot.
On Thu, May 18, 2023 at 11:04:46AM -0700, Sean Christopherson wrote: > On Thu, May 18, 2023, Yan Zhao wrote: > > On Wed, May 17, 2023 at 07:50:26AM -0700, Sean Christopherson wrote: > > > On Tue, May 16, 2023, Yan Zhao wrote: > > > > hi Sean > > > > > > > > Do you think it's necessary to double check that struct page pointers > > > > are also contiguous? > > > > > > No, the virtual address space should be irrelevant. The only way it would be > > > problematic is if something in dma_map_page() expected to be able to access the > > > entire chunk of memory by getting the virtual address of only the first page, > > > but I can't imagine that code is reading or writing memory, let alone doing so > > > across a huge range of memory. > > Yes, I do find arm_iommu version of dma_map_page() access the memory by getting > > virtual address of pages passed in, but it's implemented as page by page, not only > > from the first page. > > > > dma_map_page > > dma_map_page_attrs > > ops->map_page > > arm_iommu_map_page > > Heh, thankfully this is ARM specific, which presumably doesn't collide with KVMGT. Actually, this is fine with KVMGT (owning to page by page access), isn't it? :) > > > __dma_page_cpu_to_dev > > dma_cache_maint_page > > > > Just a little worried about the condition of PFNs are contiguous > > while they belong to different backends, e.g. one from system memory and > > one from MMIO. > > But I don't know how to avoid this without complicated checks. > > And this condition might not happen in practice. > > IMO, assuming that contiguous pfns are vritually contiguous is wrong, i.e. would > be a bug in the other code. The above dma_cache_maint_page() get's this right, > and even has a well written comment to boot. Right.
diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c index de675d799c7d..429f0f993a13 100644 --- a/drivers/gpu/drm/i915/gvt/kvmgt.c +++ b/drivers/gpu/drm/i915/gvt/kvmgt.c @@ -161,7 +161,7 @@ static int gvt_pin_guest_page(struct intel_vgpu *vgpu, unsigned long gfn, if (npage == 0) base_page = cur_page; - else if (base_page + npage != cur_page) { + else if (page_to_pfn(base_page) + npage != page_to_pfn(cur_page)) { gvt_vgpu_err("The pages are not continuous\n"); ret = -EINVAL; npage++;