Re: [PATCH v7 0/4] kvm: arm64: allow the VM to select DEVICE_* and NORMAL_NC for IO memory

From: David Hildenbrand
Date: Mon Feb 12 2024 - 08:06:54 EST

Next message: Jagadeesh Kona: "Re: [PATCH 2/5] clk: qcom: videocc-sm8550: Add support for SM8650 videocc"
Previous message: Ryan Roberts: "Re: [PATCH v5 18/25] arm64/mm: Split __flush_tlb_range() to elide trailing DSB"
In reply to: Jason Gunthorpe: "Re: [PATCH v7 0/4] kvm: arm64: allow the VM to select DEVICE_* and NORMAL_NC for IO memory"
Next in thread: Oliver Upton: "Re: [PATCH v7 0/4] kvm: arm64: allow the VM to select DEVICE_* and NORMAL_NC for IO memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Jason,

Thanks for all the details (some might be valuable to document in more detail, but I'm not that experienced with all of the mapping types on arm64, so it might "just be me").

It is worse that some hand wavey "side effect". If you map memory with
NORMAL_NC (ie for write combining) then writel() doesn't work
correctly at all.

The memory must be mapped according to which kernel APIs the actual
driver in the VM will use. writel() vs __iowrite64_copy().

We can trigger both cases right now inside VMs, where we want the device
driver to actually make the decision.

Yes

(2) For a VM, that device driver lives inside the VM, for DPDK and friends,
it lives in user space. They have this information.

Yes

We only focus here on optimizing (fixing?) the mapping for VMs, DPDK is out
of the picture.

DPDK will be solved through some VFIO ioctl, we know how to do it,
just nobody has cared enough to do it.

Good!

So we want to allow the VM to achieve a WC/NC mapping by using a
relaxed (NC) mapping in stage-1. Whatever is set in stage-2 wins.

Yes

(3) vfio knows whether using WC (and NC?) could be problematic, and must
forbid it, if that is the case. There are cases where we could otherwise
cause harm (bring down the host?). We must keep mapping the memory as
DEVICE_nGnRE when in doubt.

Yes, there is an unspecific fear that on ARM platforms using NORMAL_NC
in the wrong way can trigger a catastrophic error and kill the
host. There is no way to know if the platform has this bug, so the
agreement was to be conservative and only allow it for vfio-pci, based
on some specific details of how PCI has to be implemented and ARM
guidance on PCI integration..

Now, what the new mmap() flag does is tell the world "using the wrong
mapping type cannot bring down the host", and KVM uses that to use a
different mapping type (NC) in stage-1 as setup by vfio in the user space
page tables.

The inverse meaning, we assume VMAs with the flag can bring down the
host, but yes.

Got it, will have a closer look at the patch soon.

I was trying to find ways of avoiding a mmap() flag and was hoping that we
could just use a PTE bit that does not have semantics in VM_PFNMAP mappings.
Unfortunately, arm64 does not support uffd-wp, which I had in mind, so it's
not that easy.

Seems like a waste of a valuable PTE bit to me.

It would rather have been "it's already unused there, so let's reuse it". But there was no such low-hanging gruit.

Further, I was wondering if there would be a way to let DPDK similarly
benefit, because it looks like we are happily ignoring that (I was told they
apply some hacks to work around that).

dpdk doesn't need the VMA bit, we know how to solve it with vfio
ioctls, it is very straightforward. dpdk just does a ioctl & mmap and
VFIO will create a vma with pgprote_writecombine(). Completely
trivial, the only nasty bit is fitting this into the VFIO uAPI.

That's what I thought.

(a) User space tells VFIO which parts of a BAR it would like to have mapped
differently. For QEMU, this would mean, requesting a NC mapping for the
whole BAR. For DPDK, it could mean requesting different types for parts of a
BAR.

We don't want to have have the memory mapped as NC in qemu. As I said
above if it is mapped NC then writel() doesn't work. We can't have
conflicting mappings that go toward NC when the right answer is
DEVICE.

I was wondering who would trigger that, but as I read below it could be MMIO emulation.

writel() on NC will malfunction.

__iowrite64_copy() on DEVICE will be functionally correct but slower.

The S2 mapping that KVM creates is special because it doesn't actually
map it once the VM kernel gets started. The VM kernel always supplies
a S1 table that sets the correct type.

So if qemu has DEVICE, the S2 has NC and the VM's S1 has DEVICE then
the mapping is realiably made to be DEVICE. The hidden S2 doesn't
cause a problem.

That would mean, that we would map NC already in QEMU. I wonder if that
could be a problem with read speculation, even if QEMU never really accesses
that mmap'ed region.

Also correct.

Further, qemu may need to do emulation for MMIO in various cases and
the qemu logic for this requires a DEVICE mapping or the emulation
will malfunction.

Using NC in qemu is off the table.

Good, thanks for the details, all makes sense to me.

--
Cheers,

David / dhildenb

Next message: Jagadeesh Kona: "Re: [PATCH 2/5] clk: qcom: videocc-sm8550: Add support for SM8650 videocc"
Previous message: Ryan Roberts: "Re: [PATCH v5 18/25] arm64/mm: Split __flush_tlb_range() to elide trailing DSB"
In reply to: Jason Gunthorpe: "Re: [PATCH v7 0/4] kvm: arm64: allow the VM to select DEVICE_* and NORMAL_NC for IO memory"
Next in thread: Oliver Upton: "Re: [PATCH v7 0/4] kvm: arm64: allow the VM to select DEVICE_* and NORMAL_NC for IO memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]