Re: [PATCH v8 4/4] vfio: convey kvm that the vfio-pci device is wc safe

From: Alex Williamson
Date: Thu Feb 22 2024 - 15:53:01 EST


On Tue, 20 Feb 2024 12:59:26 +0530
<ankita@xxxxxxxxxx> wrote:

> From: Ankit Agrawal <ankita@xxxxxxxxxx>
>
> The VM_ALLOW_ANY_UNCACHED flag is implemented for ARM64,
> allowing KVM stage 2 device mapping attributes to use Normal-NC
> rather than DEVICE_nGnRE, which allows guest mappings
> supporting combining attributes (WC). ARM does not architecturally
> guarantee this is safe, and indeed some MMIO regions like the GICv2
> VCPU interface can trigger uncontained faults if Normal-NC is used.
>
> To safely use VFIO in KVM the platform must guarantee full safety
> in the guest where no action taken against a MMIO mapping can
> trigger an uncontained failure. We belive that most VFIO PCI
> platforms support this for both mapping types, at least in common
> flows, based on some expectations of how PCI IP is integrated. So
> make vfio-pci set the VM_ALLOW_ANY_UNCACHED flag.
>
> Suggested-by: Catalin Marinas <catalin.marinas@xxxxxxx>
> Acked-by: Jason Gunthorpe <jgg@xxxxxxxxxx>
> Acked-by: Catalin Marinas <catalin.marinas@xxxxxxx>
> Reviewed-by: David Hildenbrand <david@xxxxxxxxxx>
> Signed-off-by: Ankit Agrawal <ankita@xxxxxxxxxx>
> ---
> drivers/vfio/pci/vfio_pci_core.c | 18 +++++++++++++++++-
> 1 file changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/vfio/pci/vfio_pci_core.c b/drivers/vfio/pci/vfio_pci_core.c
> index 1cbc990d42e0..c93bea18fc4b 100644
> --- a/drivers/vfio/pci/vfio_pci_core.c
> +++ b/drivers/vfio/pci/vfio_pci_core.c
> @@ -1862,8 +1862,24 @@ int vfio_pci_core_mmap(struct vfio_device *core_vdev, struct vm_area_struct *vma
> /*
> * See remap_pfn_range(), called from vfio_pci_fault() but we can't
> * change vm_flags within the fault handler. Set them now.
> + *
> + * VM_ALLOW_ANY_UNCACHED: The VMA flag is implemented for ARM64,
> + * allowing KVM stage 2 device mapping attributes to use Normal-NC
> + * rather than DEVICE_nGnRE, which allows guest mappings
> + * supporting combining attributes (WC). ARM does not
> + * architecturally guarantee this is safe, and indeed some MMIO
> + * regions like the GICv2 VCPU interface can trigger uncontained
> + * faults if Normal-NC is used.
> + *
> + * To safely use VFIO in KVM the platform must guarantee full
> + * safety in the guest where no action taken against a MMIO
> + * mapping can trigger an uncontained failure. We belive that
> + * most VFIO PCI platforms support this for both mapping types,
> + * at least in common flows, based on some expectations of how
> + * PCI IP is integrated. So set VM_ALLOW_ANY_UNCACHED in VMA flags.
> */
> - vm_flags_set(vma, VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP);
> + vm_flags_set(vma, VM_ALLOW_ANY_UNCACHED | VM_IO | VM_PFNMAP |
> + VM_DONTEXPAND | VM_DONTDUMP);
> vma->vm_ops = &vfio_pci_mmap_ops;
>
> return 0;

Acked-by: Alex Williamson <alex.williamson@xxxxxxxxxx>