Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp1898797rdh; Tue, 26 Sep 2023 06:56:17 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH4s62dNAmxdBsy49jLWVWGApUtxc20FKPdnUR2JFrYEMibNkS1xrxVBm6MNMI8uxDgQob6 X-Received: by 2002:a17:903:22c5:b0:1c5:e207:836e with SMTP id y5-20020a17090322c500b001c5e207836emr3846611plg.26.1695736577100; Tue, 26 Sep 2023 06:56:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695736577; cv=none; d=google.com; s=arc-20160816; b=isiEICcqpNDKk8mBfesV9ecRtBghmWp0HcSqMgY7qojy3vsf+302SrxJCo1JOChmzg L9JcNIS8EH07r6aA8iKD6tYlWIL1fBBs1PaoyPnBzBk3gp8CG6UGklUddqW9+hGEJ/I9 OU+GPZDrbq1zbfWzW1NDhz6eRpL5AT0WAy4Eif8nQgFhyxML78VCLrziorM/om7ZohBL 9VsM0n6HbiqTEpG47hmvcf1FYmVlUxdlDSAWPyQ7rAe/VKgZuJsGz8+ZUquKCDMuDMBh Z/xVGwK2iAK2ccEqGjQDRHYTZq+/Sl/DeNCl4YY7/9OPxGTXmKNx9PhZd+hMMmF2Sqqg Jg9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=vZMrdpah6q62u95Nz+luer3YRaEwIQQungaZ6PsbNwY=; fh=hesuo8mp9Am744xlPRHIMUQddb3fRvc+3By9ti0Z6a4=; b=SSWjcme388dAxn4+r/dObxnaKk88qLb18M9kezq/LTmsTu/0DFF5zUTneDR2Xglj6b B9oS0LHFERDzTL/WnMn93BeC+JACCqxdU56+p/g8W4s/n/7fvtxkUvWF3J7ADqdRItI3 LDNAUbNny5B0GlPyfGN7+EfdnPYzNEJCcpDtOl96opW3RvIWvduZ8N2oTEgLQyCHMyDC Z02KP7X4b2rHzyuc2CZJwCiVjSuUpGVZ/phAXsrLLPBWoUjn4Qmp40btAd34VAz426Gj gQEWmjFhymkxtPE3q+T2RSz8mu30VqMWG08UwuuzXBUeN8aWtNoDO5jp72DesFi2AJQp 5e7w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id x15-20020a170902ec8f00b001c5eb1706d3si10953943plg.171.2023.09.26.06.56.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Sep 2023 06:56:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 4650D8028FDA; Tue, 26 Sep 2023 06:52:29 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234887AbjIZNw3 (ORCPT + 99 others); Tue, 26 Sep 2023 09:52:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234828AbjIZNw2 (ORCPT ); Tue, 26 Sep 2023 09:52:28 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0BA80AF for ; Tue, 26 Sep 2023 06:52:22 -0700 (PDT) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 24545C433C7; Tue, 26 Sep 2023 13:52:15 +0000 (UTC) Date: Tue, 26 Sep 2023 14:52:13 +0100 From: Catalin Marinas To: Lorenzo Pieralisi Cc: Jason Gunthorpe , ankita@nvidia.com, maz@kernel.org, oliver.upton@linux.dev, will@kernel.org, aniketa@nvidia.com, cjia@nvidia.com, kwankhede@nvidia.com, targupta@nvidia.com, vsethi@nvidia.com, acurrid@nvidia.com, apopple@nvidia.com, jhubbard@nvidia.com, danw@nvidia.com, linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [PATCH v1 2/2] KVM: arm64: allow the VM to select DEVICE_* and NORMAL_NC for IO memory Message-ID: References: <20230907181459.18145-1-ankita@nvidia.com> <20230907181459.18145-3-ankita@nvidia.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Tue, 26 Sep 2023 06:52:29 -0700 (PDT) On Tue, Sep 26, 2023 at 10:31:38AM +0200, Lorenzo Pieralisi wrote: > Currently, KVM for ARM64 maps at stage 2 memory that is > considered device (ie using pfn_is_map_memory() to discern > between device memory and memory itself) with DEVICE_nGnRE > memory attributes; this setting overrides (as per the ARM > architecture [1]) any device MMIO mapping present at stage > 1, resulting in a set-up whereby a guest operating system > can't determine device MMIO mapping memory attributes on its > own but it is always overriden by the KVM stage 2 default. > > This set-up does not allow guest operating systems to map > device memory on a page by page basis with combined attributes > other than DEVICE_nGnRE, Well, it also has the option of DEVICE_nGnRnE ;). > which turns out to be an issue in that > guest operating systems (eg Linux) may request to map > devices MMIO regions with memory attributes that guarantee > better performance (eg gathering attribute - that for some > devices can generate larger PCIe memory writes TLPs) > and specific operations (eg unaligned transactions) such as > the NormalNC memory type. > > The default device stage 2 mapping was chosen in KVM > for ARM64 since it was considered safer (ie it would > not allow guests to trigger uncontained failures > ultimately crashing the machine) but this turned out > to be imprecise. > > Failures containability is a property of the platform > and is independent from the memory type used for MMIO > device memory mappings (ie DEVICE_nGnRE memory type is > even more problematic than NormalNC in terms of containability > since eg aborts triggered on loads cannot be made synchronous, > which make them harder to contain); this means that, > regardless of the combined stage1+stage2 mappings a > platform is safe if and only if device transactions cannot trigger > uncontained failures; reworded, the default KVM device > stage 2 memory attributes play no role in making device > assignment safer for a given platform and therefore can > be relaxed. > > For all these reasons, relax the KVM stage 2 device > memory attributes from DEVICE_nGnRE to NormalNC. > > This puts guests in control (thanks to stage1+stage2 > combined memory attributes rules [1]) of device MMIO > regions memory mappings, according to the rules > described in [1] and summarized here ([(S1) = Stage1][(S2) = Stage2]): > > �S1���������� |�� S2��������� |� Result > �NORMAL-WB����|� NORMAL-NC����|� NORMAL-NC > �NORMAL-WT����|� NORMAL-NC����|� NORMAL-NC > �NORMAL-NC����|� NORMAL-NC����|� NORMAL-NC > �DEVICE�|� NORMAL-NC����|� DEVICE Not sure what's wrong with my font setup as I can't see the above table but I know it from the Arm ARM. Anyway, the text looks fine to me. Thanks for putting it together Lorenzo. One thing not mentioned here is that pci-vfio still maps such memory as Device-nGnRnE in user space and relaxing this potentially creates an alias. But such alias is only relevant of both the VMM and the VM try to access the same device which I doubt is a realistic scenario. -- Catalin