v3:
- Remove the output struct sizing code that copied out zeroed fields at the end
of the struct. Alex pointed out that new fields (or repurposing a field that
was previously reserved) must be guarded by a flag and this means userspace
won't access those fields when they are absent.
v2:
- Rebased onto https://github.com/awilliam/linux-vfio.git next to get the
vfio_iommu_type1_info pad field [Kevin]
- Fixed min(minsz, sizeof(dmabuf)) -> min(dmabuf.argsz, sizeof(dmabuf)) [Jason, Kevin]
- Squashed Patch 3 (vfio_iommu_type1_info) into Patch 1 since it is trivial now
that the padding field is already there.
Jason Gunthorpe <[email protected]> pointed out that u64 VFIO ioctl struct fields
have architecture-dependent alignment. iommufd already uses __aligned_u64 to
avoid this problem.
See the __aligned_u64 typedef in <uapi/linux/types.h> for details on why it is
a good idea for kernel<->user interfaces.
This series modifies the VFIO ioctl structs to use __aligned_u64. Some of the
changes preserve the existing memory layout on all architectures, so I put them
together into the first patch. The remaining patches are for structs where
explanation is necessary about why changing the memory layout does not break
the uapi.
Stefan Hajnoczi (3):
vfio: trivially use __aligned_u64 for ioctl structs
vfio: use __aligned_u64 in struct vfio_device_gfx_plane_info
vfio: use __aligned_u64 in struct vfio_device_ioeventfd
include/uapi/linux/vfio.h | 26 ++++++++++++++------------
drivers/gpu/drm/i915/gvt/kvmgt.c | 2 +-
samples/vfio-mdev/mbochs.c | 2 +-
samples/vfio-mdev/mdpy.c | 2 +-
4 files changed, 17 insertions(+), 15 deletions(-)
--
2.41.0
u64 alignment behaves differently depending on the architecture and so
<uapi/linux/types.h> offers __aligned_u64 to achieve consistent behavior
in kernel<->userspace ABIs.
There are structs in <uapi/linux/vfio.h> that can trivially be updated
to __aligned_u64 because the struct sizes are multiples of 8 bytes.
There is no change in memory layout on any CPU architecture and
therefore this change is safe.
The commits that follow this one handle the trickier cases where
explanation about ABI breakage is necessary.
Suggested-by: Jason Gunthorpe <[email protected]>
Reviewed-by: Jason Gunthorpe <[email protected]>
Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Kevin Tian <[email protected]>
Signed-off-by: Stefan Hajnoczi <[email protected]>
---
include/uapi/linux/vfio.h | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h
index afc1369216d9..4dc0182c6bcb 100644
--- a/include/uapi/linux/vfio.h
+++ b/include/uapi/linux/vfio.h
@@ -277,8 +277,8 @@ struct vfio_region_info {
#define VFIO_REGION_INFO_FLAG_CAPS (1 << 3) /* Info supports caps */
__u32 index; /* Region index */
__u32 cap_offset; /* Offset within info struct of first cap */
- __u64 size; /* Region size (bytes) */
- __u64 offset; /* Region offset from start of device fd */
+ __aligned_u64 size; /* Region size (bytes) */
+ __aligned_u64 offset; /* Region offset from start of device fd */
};
#define VFIO_DEVICE_GET_REGION_INFO _IO(VFIO_TYPE, VFIO_BASE + 8)
@@ -294,8 +294,8 @@ struct vfio_region_info {
#define VFIO_REGION_INFO_CAP_SPARSE_MMAP 1
struct vfio_region_sparse_mmap_area {
- __u64 offset; /* Offset of mmap'able area within region */
- __u64 size; /* Size of mmap'able area */
+ __aligned_u64 offset; /* Offset of mmap'able area within region */
+ __aligned_u64 size; /* Size of mmap'able area */
};
struct vfio_region_info_cap_sparse_mmap {
@@ -450,9 +450,9 @@ struct vfio_device_migration_info {
VFIO_DEVICE_STATE_V1_RESUMING)
__u32 reserved;
- __u64 pending_bytes;
- __u64 data_offset;
- __u64 data_size;
+ __aligned_u64 pending_bytes;
+ __aligned_u64 data_offset;
+ __aligned_u64 data_size;
};
/*
@@ -476,7 +476,7 @@ struct vfio_device_migration_info {
struct vfio_region_info_cap_nvlink2_ssatgt {
struct vfio_info_cap_header header;
- __u64 tgt;
+ __aligned_u64 tgt;
};
/*
@@ -1449,7 +1449,7 @@ struct vfio_iommu_type1_info {
__u32 flags;
#define VFIO_IOMMU_INFO_PGSIZES (1 << 0) /* supported page sizes info */
#define VFIO_IOMMU_INFO_CAPS (1 << 1) /* Info supports caps */
- __u64 iova_pgsizes; /* Bitmap of supported page sizes */
+ __aligned_u64 iova_pgsizes; /* Bitmap of supported page sizes */
__u32 cap_offset; /* Offset within info struct of first cap */
__u32 pad;
};
--
2.41.0
On Mon, 18 Sep 2023 16:56:14 -0400
Stefan Hajnoczi <[email protected]> wrote:
> v3:
> - Remove the output struct sizing code that copied out zeroed fields at the end
> of the struct. Alex pointed out that new fields (or repurposing a field that
> was previously reserved) must be guarded by a flag and this means userspace
> won't access those fields when they are absent.
> v2:
> - Rebased onto https://github.com/awilliam/linux-vfio.git next to get the
> vfio_iommu_type1_info pad field [Kevin]
> - Fixed min(minsz, sizeof(dmabuf)) -> min(dmabuf.argsz, sizeof(dmabuf)) [Jason, Kevin]
> - Squashed Patch 3 (vfio_iommu_type1_info) into Patch 1 since it is trivial now
> that the padding field is already there.
>
> Jason Gunthorpe <[email protected]> pointed out that u64 VFIO ioctl struct fields
> have architecture-dependent alignment. iommufd already uses __aligned_u64 to
> avoid this problem.
>
> See the __aligned_u64 typedef in <uapi/linux/types.h> for details on why it is
> a good idea for kernel<->user interfaces.
>
> This series modifies the VFIO ioctl structs to use __aligned_u64. Some of the
> changes preserve the existing memory layout on all architectures, so I put them
> together into the first patch. The remaining patches are for structs where
> explanation is necessary about why changing the memory layout does not break
> the uapi.
>
> Stefan Hajnoczi (3):
> vfio: trivially use __aligned_u64 for ioctl structs
> vfio: use __aligned_u64 in struct vfio_device_gfx_plane_info
> vfio: use __aligned_u64 in struct vfio_device_ioeventfd
>
> include/uapi/linux/vfio.h | 26 ++++++++++++++------------
> drivers/gpu/drm/i915/gvt/kvmgt.c | 2 +-
> samples/vfio-mdev/mbochs.c | 2 +-
> samples/vfio-mdev/mdpy.c | 2 +-
> 4 files changed, 17 insertions(+), 15 deletions(-)
>
Applied to vfio next branch for v6.7. Thanks,
Alex