Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp325032rdg; Thu, 12 Oct 2023 06:53:33 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGgv+Ox7k1biNXX2ZCoVApbB6nxfVRehYipq9b8FncyI8+vwVbeHu0C2bc1++lJmN9b0Ste X-Received: by 2002:a17:90b:238d:b0:27d:6dd:fb7e with SMTP id mr13-20020a17090b238d00b0027d06ddfb7emr4402845pjb.17.1697118812939; Thu, 12 Oct 2023 06:53:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697118812; cv=none; d=google.com; s=arc-20160816; b=kVRpJ6qVq2TDE198eWzuGKzY1ZUyv+hfuHSYummcxQKgg8F6v/t2aBkUFbqesz1Is1 a/222O4WdBhZmEPM8Zx/831Fvoiftgxd4G4+CqLc1pXP2nrsMIgiKzEGTXpa2JN2On1u xLOCCNIcUwUAt3qQK1c369VKnBVDjKROwULjYUPxBc1h8P5+rN8csx3yFEQolbJmmHxu H6tNbbcV/eJSHHYszNXJMz2UFMkDEK+TZeZFQOikWECzTrCR8lEw2/X0RPv5fuBHlM8G cYlezXpNBTGBIyBgB6keh86HkhJCOz1X3yLTjdddFrV5kEFSNHbVjkkF9xggVCLL2PTp i3WQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=byhQnZtdKbKK2XSmQQRb5jqZGCb9IbBfVyrujoSgAiY=; fh=3jcJIL3+j/4vL3mdWb6qW4zMQlah4YMufGwp4BPpsqo=; b=kPZ/O8PTjZEfoeib5BNhIAOAdDmlM7zo75aY4kvNaiKczjgLGjpPO8ToUBdI6Qd+2t 8/uJJ7/mjpk98SiWyR3XJ1Bs6p2JExRn3HbOGc30dczJgStjYgydUDLPPUnMoOSZqapc nHuIem5+0FHKa9zZt16og2yAwtL5zF0AnRM6u99Qse67H4G4oWjTBykgIxuSjPQuClgh xbABFVlZu8nKYf9rRkO1PWFJdlnO54Oo8XHm3USyWGIP3TAX1WDFODtgj3mOqx38Ueia UNT2bmLvrKJSPdaFxF0+jwRnOhkClAArG3KfI+e4R/ZF/bFN+9j+begCwvx6sXTTtZ/S 5w7g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id go4-20020a17090b03c400b00278f6d616aasi2242897pjb.71.2023.10.12.06.53.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Oct 2023 06:53:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 03EDA822D0AA; Thu, 12 Oct 2023 06:53:32 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233757AbjJLNx3 (ORCPT + 99 others); Thu, 12 Oct 2023 09:53:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54900 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232748AbjJLNx2 (ORCPT ); Thu, 12 Oct 2023 09:53:28 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 81412BA for ; Thu, 12 Oct 2023 06:53:27 -0700 (PDT) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AF4D7C433C9; Thu, 12 Oct 2023 13:53:23 +0000 (UTC) Date: Thu, 12 Oct 2023 14:53:21 +0100 From: Catalin Marinas To: Will Deacon Cc: Lorenzo Pieralisi , Jason Gunthorpe , ankita@nvidia.com, maz@kernel.org, oliver.upton@linux.dev, aniketa@nvidia.com, cjia@nvidia.com, kwankhede@nvidia.com, targupta@nvidia.com, vsethi@nvidia.com, acurrid@nvidia.com, apopple@nvidia.com, jhubbard@nvidia.com, danw@nvidia.com, linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [PATCH v1 2/2] KVM: arm64: allow the VM to select DEVICE_* and NORMAL_NC for IO memory Message-ID: References: <20230907181459.18145-1-ankita@nvidia.com> <20230907181459.18145-3-ankita@nvidia.com> <20231012123541.GB11824@willie-the-truck> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20231012123541.GB11824@willie-the-truck> X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 12 Oct 2023 06:53:32 -0700 (PDT) On Thu, Oct 12, 2023 at 01:35:41PM +0100, Will Deacon wrote: > On Thu, Oct 05, 2023 at 11:56:55AM +0200, Lorenzo Pieralisi wrote: > > For all these reasons, relax the KVM stage 2 device > > memory attributes from DEVICE_nGnRE to NormalNC. > > The reasoning above suggests to me that this should probably just be > Normal cacheable, as that is what actually allows the guest to control > the attributes. So what is the rationale behind stopping at Normal-NC? It's more like we don't have any clue on what may happen. MTE is obviously a case where it can go wrong (we can blame the architecture design here) but I recall years ago where a malicious guest could bring the platform down by mapping the GIC CPU interface as cacheable. Not sure how error containment works with cacheable memory. A cacheable access to a device may stay in the cache a lot longer after the guest has been scheduled out, only evicted at some random time. We may no longer be able to associate it with the guest, especially if the guest exited. Also not sure about claiming back the device after killing the guest, do we need cache maintenance? So, for now I'd only relax this if we know there's RAM(-like) on the other side and won't trigger some potentially uncontainable errors as a result. -- Catalin