Received: by 10.192.165.148 with SMTP id m20csp1700205imm; Thu, 26 Apr 2018 00:34:26 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqCRIeyxL3uiJlqqVVA+Ou7IkIKjeGLb1ibNjzNqLtNjVAaPLwRu1BU6D0Y02Os6zDJeWPa X-Received: by 2002:a17:902:680c:: with SMTP id h12-v6mr1432710plk.113.1524728066452; Thu, 26 Apr 2018 00:34:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524728066; cv=none; d=google.com; s=arc-20160816; b=NdY8nuU4yy1zj0IgzvKJ9txoBbv4q8qXl5zgSMJdsdnbzerA5xzCUE+KK3l5O7N/bl xfibclPNBPq6qvmMCXHkFhvPWnDFtehmVAtDqkAzWgq1Oz6MHvczC3XH6eiIc6fbH6Dj Z/iGdmpHtkz6dueuocFvFSY8yZnikR71hMIGBKARJEx/K5GyT9z8n/zjiOtm4aBevQWB iOp040gG4iStsu+0ZVRsanUTI8hwOOgtAl7UCIFCiN2V5ZWAbJt5b0zRGqmE+bE7GNq8 RZp5eMwujcRMIJ94ejA51tgA9cZnrwZ6JET10a1tqel6s9Caqvnk7CgedEJjr00JCc6g 66VQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:cc:references:to :subject:arc-authentication-results; bh=/WEVfkGiqqmAIfYWgwe2aFHw0uM36FklJwgpxeRgz8g=; b=j34vpoFZkXItaeP+meNuAL3Fn3zidC2vPfVLWVNhphMOgsFrEIplv8ZHQDQBveD4yN ItHkHCHorvoYxrF1rU57sYqj/RWauz9Dv6ZYzgoCD1GI2WtIDMpp//Dx/udDwqeBtvrW rkizClFo2LSVuFKctjuQLVZFwjhrNxppXwRn+RPGsjCtMKTWWNcvHmoCsjX8CamCLINT 3TCxkR66Ie9og29soQaxILKpgvaLBwHK8pEZ9vs+QCMXJDv95ntan7I42yR9q+Tp/eVS OMnwZj7b/yFS6QR2Kp0bGDcJQndQ/Pp/eJ5sqQW/oTgphjfMX1gl3zckblIc2MExi9S5 7Pug== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z131si15018569pgz.184.2018.04.26.00.34.12; Thu, 26 Apr 2018 00:34:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753886AbeDZHc5 (ORCPT + 99 others); Thu, 26 Apr 2018 03:32:57 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:40292 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751626AbeDZHc4 (ORCPT ); Thu, 26 Apr 2018 03:32:56 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5AA944022414; Thu, 26 Apr 2018 07:32:55 +0000 (UTC) Received: from localhost.localdomain (ovpn-116-141.ams2.redhat.com [10.36.116.141]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2666B84433; Thu, 26 Apr 2018 07:32:50 +0000 (UTC) Subject: Re: [PATCH v3 06/12] KVM: arm/arm64: Helper to register a new redistributor region To: Christoffer Dall References: <1523607658-9166-1-git-send-email-eric.auger@redhat.com> <1523607658-9166-7-git-send-email-eric.auger@redhat.com> <20180424164712.GB4533@C02W217FHV2R.local> Cc: eric.auger.pro@gmail.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu, marc.zyngier@arm.com, cdall@kernel.org, peter.maydell@linaro.org, andre.przywara@arm.com, drjones@redhat.com, wei@redhat.com From: Auger Eric Message-ID: <8ad17ccb-9880-ca67-8ed8-25fb9557942c@redhat.com> Date: Thu, 26 Apr 2018 09:32:49 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <20180424164712.GB4533@C02W217FHV2R.local> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Thu, 26 Apr 2018 07:32:55 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Thu, 26 Apr 2018 07:32:55 +0000 (UTC) for IP:'10.11.54.5' DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'eric.auger@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Christoffer, On 04/24/2018 06:47 PM, Christoffer Dall wrote: > On Fri, Apr 13, 2018 at 10:20:52AM +0200, Eric Auger wrote: >> We introduce a new helper that creates and inserts a new redistributor >> region into the rdist region list. This helper both handles the case >> where the redistributor region size is known at registration time >> and the legacy case where it is not (eventually depending on the number >> of online vcpus). Depending on pfns, we perform all the possible checks >> that we can do: >> >> - end of memory crossing >> - incorrect alignment of the base address >> - collision with distributor region if already defined >> - collision with already registered rdist regions >> - check of the new index >> >> Rdist regions must be inserted by increasing order of indices. Indices >> must be contiguous. >> >> We also introduce vgic_v3_rdist_region_from_index() which will be used >> from the vgic kvm-device, later on. >> >> Signed-off-by: Eric Auger >> --- >> | 95 +++++++++++++++++++++++++++++++++------- >> virt/kvm/arm/vgic/vgic-v3.c | 29 ++++++++++++ >> virt/kvm/arm/vgic/vgic.h | 14 ++++++ >> 3 files changed, 122 insertions(+), 16 deletions(-) >> >> diff --git a/virt/kvm/arm/vgic/vgic-mmio-v3.c b/virt/kvm/arm/vgic/vgic-mmio-v3.c >> index ce5c927..5273fb8 100644 >> --- a/virt/kvm/arm/vgic/vgic-mmio-v3.c >> +++ b/virt/kvm/arm/vgic/vgic-mmio-v3.c >> @@ -680,14 +680,66 @@ static int vgic_register_all_redist_iodevs(struct kvm *kvm) >> return ret; >> } >> >> -int vgic_v3_set_redist_base(struct kvm *kvm, u64 addr) >> +/** >> + * vgic_v3_insert_redist_region - Insert a new redistributor region >> + * >> + * Performs various checks before inserting the rdist region in the list. >> + * Those tests depend on whether the size of the rdist region is known >> + * (ie. count != 0). The list is sorted by rdist region index. >> + * >> + * @kvm: kvm handle >> + * @index: redist region index >> + * @base: base of the new rdist region >> + * @count: number of redistributors the region is made of (of 0 in the old style >> + * single region, whose size is induced from the number of vcpus) >> + * >> + * Return 0 on success, < 0 otherwise >> + */ >> +static int vgic_v3_insert_redist_region(struct kvm *kvm, uint32_t index, >> + gpa_t base, uint32_t count) >> { >> - struct vgic_dist *vgic = &kvm->arch.vgic; >> + struct vgic_dist *d = &kvm->arch.vgic; >> struct vgic_redist_region *rdreg; >> + struct list_head *rd_regions = &d->rd_regions; >> + struct list_head *last = rd_regions->prev; >> + > > nit: extra blank line? > >> + gpa_t new_start, new_end; >> + size_t size = count * KVM_VGIC_V3_REDIST_SIZE; >> int ret; >> >> - /* vgic_check_ioaddr makes sure we don't do this twice */ >> - if (!list_empty(&vgic->rd_regions)) >> + /* single rdist region already set ?*/ >> + if (!count && !list_empty(rd_regions)) >> + return -EINVAL; >> + >> + /* cross the end of memory ? */ >> + if (base + size < base) >> + return -EINVAL; > > what is the size of memory? This seems to check for a gpa_t overflow, > but not againt the IPA space of the VM... Yes it checks for a gpa_t overflow. This check is currently done in vgic_v3_check_base() for dist and redist region and I replicated it. > >> + >> + if (list_empty(rd_regions)) { >> + if (index != 0) >> + return -EINVAL; > > note, I think this can be simplified if we can rid of the index. So I eventually keep the index. > >> + } else { >> + rdreg = list_entry(last, struct vgic_redist_region, list); > > you can use list_last_entry here and get rid of the 'last' temporary > variable above. definitively, thank you for the nit. > >> + if (index != rdreg->index + 1) >> + return -EINVAL; >> + >> + /* Cannot add an explicitly sized regions after legacy region */ >> + if (!rdreg->count) >> + return -EINVAL; >> + } >> + >> + /* >> + * collision with already set dist region ? >> + * this assumes we know the size of the new rdist region (pfns != 0) >> + * otherwise we can only test this when all vcpus are registered >> + */ > > I don't really understand this commentary... :( I meant we cannot perform the check below if we are inserting a unique legacy rdist region (old API), whose size is not explicitly set but induced from the number of online vcpus. > >> + if (!count && !IS_VGIC_ADDR_UNDEF(d->vgic_dist_base) && >> + (!(d->vgic_dist_base + KVM_VGIC_V3_DIST_SIZE <= base)) && >> + (!(base + size <= d->vgic_dist_base))) >> + return -EINVAL; > > Can't you call vgic_v3_check_base() here instead? no I can't because vgic_v3_check_base() currently only works with the unique legacy rdist region. There, redist_size is atomic_read(&kvm->online_vcpus) * KVM_VGIC_V3_REDIST_SIZE. > >> + >> + /* collision with any other rdist region? */ >> + if (vgic_v3_rdist_overlap(kvm, base, size)) >> return -EINVAL; >> >> rdreg = kzalloc(sizeof(*rdreg), GFP_KERNEL); >> @@ -696,17 +748,32 @@ int vgic_v3_set_redist_base(struct kvm *kvm, u64 addr) >> >> rdreg->base = VGIC_ADDR_UNDEF; >> >> - ret = vgic_check_ioaddr(kvm, &rdreg->base, addr, SZ_64K); >> + ret = vgic_check_ioaddr(kvm, &rdreg->base, base, SZ_64K); >> if (ret) >> - goto out; >> + goto free; >> >> - rdreg->base = addr; >> - if (!vgic_v3_check_base(kvm)) { >> - ret = -EINVAL; >> - goto out; >> - } >> + rdreg->base = base; >> + rdreg->count = count; >> + rdreg->free_index = 0; >> + rdreg->index = index; >> >> - list_add(&rdreg->list, &vgic->rd_regions); >> + new_start = base; >> + new_end = base + size - 1; > > What are these variables used for? Hum reminder from an old version :-( > >> + >> + list_add_tail(&rdreg->list, rd_regions); >> + return 0; >> +free: >> + kfree(rdreg); >> + return ret; >> +} >> + >> +int vgic_v3_set_redist_base(struct kvm *kvm, u64 addr) >> +{ >> + int ret; >> + >> + ret = vgic_v3_insert_redist_region(kvm, 0, addr, 0); >> + if (ret) >> + return ret; >> >> /* >> * Register iodevs for each existing VCPU. Adding more VCPUs >> @@ -717,10 +784,6 @@ int vgic_v3_set_redist_base(struct kvm *kvm, u64 addr) >> return ret; >> >> return 0; >> - >> -out: >> - kfree(rdreg); >> - return ret; >> } >> >> int vgic_v3_has_attr_regs(struct kvm_device *dev, struct kvm_device_attr *attr) >> diff --git a/virt/kvm/arm/vgic/vgic-v3.c b/virt/kvm/arm/vgic/vgic-v3.c >> index 820012a..dbcba5f 100644 >> --- a/virt/kvm/arm/vgic/vgic-v3.c >> +++ b/virt/kvm/arm/vgic/vgic-v3.c >> @@ -410,6 +410,21 @@ int vgic_v3_save_pending_tables(struct kvm *kvm) >> return 0; >> } >> >> +/* return true if there is an overlap between any rdist */ > > Checks if base+size overlaps with any existing redistributor. > >> +bool vgic_v3_rdist_overlap(struct kvm *kvm, gpa_t base, size_t size) >> +{ >> + struct vgic_dist *d = &kvm->arch.vgic; >> + struct vgic_redist_region *rdreg; >> + >> + list_for_each_entry(rdreg, &d->rd_regions, list) { >> + if ((base + size <= rdreg->base) || >> + (rdreg->base + vgic_v3_rd_region_size(kvm, rdreg) <= base)) >> + continue; >> + return true; > > can you invert the check above and return false instead of the continue? > > (DeMorgan's law should be handy here.) sure > >> + } >> + return false; >> +} >> + >> /* >> * Check for overlapping regions and for regions crossing the end of memory >> * for base addresses which have already been set. >> @@ -461,6 +476,20 @@ struct vgic_redist_region *vgic_v3_rdist_free_slot(struct list_head *rd_regions) >> return NULL; >> } >> >> +struct vgic_redist_region *vgic_v3_rdist_region_from_index(struct kvm *kvm, >> + uint32_t index) >> +{ >> + struct list_head *rd_regions = &kvm->arch.vgic.rd_regions; >> + struct vgic_redist_region *rdreg; >> + >> + list_for_each_entry(rdreg, rd_regions, list) { >> + if (rdreg->index == index) >> + return rdreg; >> + } > > if this ends up being a common operation, we could allocate an array of > pointers for constant-time lookup instead. Let's hope it's not too > common. This is only used when reading the characteristics of a redist region from userspace so I don't think we care. Thanks Eric > >> + return NULL; >> +} >> + >> + >> int vgic_v3_map_resources(struct kvm *kvm) >> { >> int ret = 0; >> diff --git a/virt/kvm/arm/vgic/vgic.h b/virt/kvm/arm/vgic/vgic.h >> index fea32cb..95b8345 100644 >> --- a/virt/kvm/arm/vgic/vgic.h >> +++ b/virt/kvm/arm/vgic/vgic.h >> @@ -262,6 +262,20 @@ vgic_v3_redist_region_full(struct vgic_redist_region *region) >> >> struct vgic_redist_region *vgic_v3_rdist_free_slot(struct list_head *rdregs); >> >> +static inline size_t >> +vgic_v3_rd_region_size(struct kvm *kvm, struct vgic_redist_region *rdreg) >> +{ >> + if (!rdreg->count) >> + return atomic_read(&kvm->online_vcpus) * KVM_VGIC_V3_REDIST_SIZE; >> + else >> + return rdreg->count * KVM_VGIC_V3_REDIST_SIZE; >> +} >> + >> +struct vgic_redist_region *vgic_v3_rdist_region_from_index(struct kvm *kvm, >> + uint32_t index); >> + >> +bool vgic_v3_rdist_overlap(struct kvm *kvm, gpa_t base, size_t size); >> + >> int vgic_its_resolve_lpi(struct kvm *kvm, struct vgic_its *its, >> u32 devid, u32 eventid, struct vgic_irq **irq); >> struct vgic_its *vgic_msi_to_its(struct kvm *kvm, struct kvm_msi *msi); >> -- >> 2.5.5 >> > > Thanks, > -Christoffer >