Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp20888rdd; Mon, 8 Jan 2024 16:07:20 -0800 (PST) X-Google-Smtp-Source: AGHT+IEQsAKKp2Kwiq6XcjgLvWcq7EzbsQ35IQzWIi5T/ufSlKLRXBWnd/mUD5qw4Y/gc1aD2xBq X-Received: by 2002:a05:620a:13fb:b0:77e:fbba:6457 with SMTP id h27-20020a05620a13fb00b0077efbba6457mr762744qkl.54.1704758839935; Mon, 08 Jan 2024 16:07:19 -0800 (PST) Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id o21-20020a05620a111500b00781a8c5d2c0si850928qkk.140.2024.01.08.16.07.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 16:07:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-20206-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Se8zTy1j; arc=fail (signature failed); spf=pass (google.com: domain of linux-kernel+bounces-20206-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20206-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id A265A1C2319D for ; Tue, 9 Jan 2024 00:07:19 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 14B3B7F7; Tue, 9 Jan 2024 00:07:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Se8zTy1j" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ED26618E; Tue, 9 Jan 2024 00:07:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1704758827; x=1736294827; h=date:from:to:cc:subject:message-id:reply-to:references: in-reply-to:mime-version; bh=4vloqaXs+FPJLHQb0fKNm42pAlYqbiADqUG+BtXTRT4=; b=Se8zTy1jZihaE8+l7Tob9P/rxLeaDhlOxmOLlyaXdgSCQ0DAntHJM6Jt TCl92oVe0M6O2y8usmn4wvbt5oSsgWlzwkDsobCJh95AD8Yt0Nw73lkAX OvG8sw4xyaZzOV2dobktMw6CvpyCdPO8jJcTnITy7u4tj68Cuj0Kby8Me SQjKlF0FOJeXMqn1y+xkCQgYBxGI76ZKQ46cIm7wB6aFwmWco7nJIuPyQ sJGELrxdgG2dpLWg6GyrzYxyRhTSKFQlKwxnoEAOqFefikade0/HyOF2E POcANF+n5mMuyhhTKWa6301I2VsfJJUjroO98tkx1BYxMd1c66RnwbtId g==; X-IronPort-AV: E=McAfee;i="6600,9927,10947"; a="5404497" X-IronPort-AV: E=Sophos;i="6.04,181,1695711600"; d="scan'208";a="5404497" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmvoesa104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Jan 2024 16:07:06 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10947"; a="1028554999" X-IronPort-AV: E=Sophos;i="6.04,181,1695711600"; d="scan'208";a="1028554999" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by fmsmga006.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 08 Jan 2024 16:06:58 -0800 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 8 Jan 2024 16:06:58 -0800 Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 8 Jan 2024 16:06:18 -0800 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Mon, 8 Jan 2024 16:06:18 -0800 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.100) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Mon, 8 Jan 2024 16:05:49 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=H6IHROeMcyiFjObnXOOGTN4v1EB+XPGDPIBV3m/wL9x0p7e7JZ64YBy6OVG4vb8Z5ul4v+wuJmCIeqKpaNoxKmGuPGAFq4ITkCPGSz3rIOK/LMitf4llEKGtmHb/31w5ZSkkyvopbwP+B/btfcbAKAICRVGJyRmKMiAdH39Da4Q79f1QlFNqR7kQyPrzeTYHgaxjYqnv5e32Ezk/tiCFiMdIREq54rYyfJBnpblPDCGq7MZpWAa+VY9sB6TRulYCuaJqS0ytYjaA/dN1EzzjH3siIfPT0kiwxAakZApO0dbNBMdWYu5EPd7uEXNHNil2ZjqHHOY4dHxB2kVDcuz4hQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FjNv/Mx2B7aAHl8tldlnzBwXl6u+4m12lZFBWq7OnkQ=; b=FWXEq48lRsGhQAmtMZ1NvDEKw1GJ7JmIqBzIynuj+YTFpnA1hHgoAQdaO2uoqxZb/ZtfUJK5kywnpbCoyaYu5J8wWl1KPmJEoFqcq+PrjeWgNfgLjDjU5FyYgjiU0rtWIULpzvv+LKzD4ArEszx3UwHGejdQ1jTcS6vNZzCX+1PBC0KD8oqGeApx9n2+QO5cQnHwjUPDADY+ysbuS7coeDi24UNy75nzTjCueypQVSLDSKNQeXod0JYMNPMbMBeVXlrJ9Bl/Bo72pjwCRg5Tu0eWflv64cOwrW3G01HFUbSoToUhiYo42zg8g7e192Wm5D3Nyiql8kfT3SE20ope4Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; Received: from DS7PR11MB5966.namprd11.prod.outlook.com (2603:10b6:8:71::6) by SJ0PR11MB5005.namprd11.prod.outlook.com (2603:10b6:a03:2d3::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.23; Tue, 9 Jan 2024 00:05:47 +0000 Received: from DS7PR11MB5966.namprd11.prod.outlook.com ([fe80::32a9:54b8:4253:31d4]) by DS7PR11MB5966.namprd11.prod.outlook.com ([fe80::32a9:54b8:4253:31d4%4]) with mapi id 15.20.7159.020; Tue, 9 Jan 2024 00:05:45 +0000 Date: Tue, 9 Jan 2024 07:36:22 +0800 From: Yan Zhao To: Jason Gunthorpe CC: , , , , , , , , , , , , , , , , , , , , , , , Subject: Re: [PATCH 0/4] KVM: Honor guest memory types for virtio GPU devices Message-ID: Reply-To: Yan Zhao References: <20240105091237.24577-1-yan.y.zhao@intel.com> <20240105195551.GE50406@nvidia.com> <20240108140250.GJ50406@nvidia.com> Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <20240108140250.GJ50406@nvidia.com> X-ClientProxiedBy: SG2PR03CA0105.apcprd03.prod.outlook.com (2603:1096:4:7c::33) To DS7PR11MB5966.namprd11.prod.outlook.com (2603:10b6:8:71::6) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS7PR11MB5966:EE_|SJ0PR11MB5005:EE_ X-MS-Office365-Filtering-Correlation-Id: 04712176-8e25-4ecc-99f4-08dc10a6ba37 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ddlkNxDyhExQxVqCfCSCmNwBXwpAm7ZA2mnVn+77E1zsGXrYy+V0RPftRrYK/8QIRWi7Axd6u7Q7agWnGOqI7kVNDVYJK9KKnifOJaZ000C/4AwFRrH+vBupggZnUt9PlvZRl/u9+O95eMNAZm9bBVc82s+/pjw8ubfnEXjKrJr4dv7ojmXTasnuG5Vyw0wCRLxnfEsY/soTfKll9sfDzA1wu+U9YT24hHTWgvIWsSg8Hph/ogWVQBEwBO+7OvW4qOxOsAnejPSVHmQ02FWYuPCTy5AfkrcOglVWc47uMAG3Ih04fCyvaOGjGlCm5ViWo8oPRkJaUByFlI7y4pajti8+02J6spC2LQzcIU+xTKo3aCbHxJfyeiCqf84SEmRID3tZ/KvSWfDgRY2d0tSB3lihbYDu0ii/b47mM4UVYR1K6WIQ+3jsM/ua4qjkdbx1PJZ+xJhQ2FO46CV/fe9wj9yNTLNqN0tLWjb+jTbVNFC9KD02+l/dtEdrnls9kyouup07i8Hd/5B9hUUXXRX3EzEPYhi9UKLsJhkrBlRE0oAQWRNHysVKQSl3grW4U15M X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS7PR11MB5966.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(39860400002)(136003)(376002)(396003)(366004)(346002)(230922051799003)(64100799003)(1800799012)(186009)(451199024)(38100700002)(7416002)(82960400001)(4326008)(41300700001)(3450700001)(6916009)(2906002)(5660300002)(54906003)(6486002)(86362001)(6666004)(6512007)(6506007)(316002)(8676002)(8936002)(66556008)(66946007)(66476007)(83380400001)(26005)(478600001);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?tMWWZQ/9cgMYQZP+dixDdkrkN9jjXKl7D3w3BUh2odfcaGnf42wxInpwKn8m?= =?us-ascii?Q?KQINpPKATuXTuT12fwcMtnwiNeurtc43nTVQXredzPii2y9hnV/+TJrbrfaL?= =?us-ascii?Q?9g0dAKe9/qCDTnXqM7C5yoPkD4UE/s+oQiTLu/bEDS/O0NAK+G8y3262AZqq?= =?us-ascii?Q?iqbEPyKSaVQjSdZBil28QaH3MQX45KnCPXcTb18sVSfNoeI/q2xeP8fK62Rj?= =?us-ascii?Q?e2x2+VKDMsIeuWXu77CRumdoU6Qb7u3Bn/yS5EhLQWPvITCQ/x2dt3zmQTbR?= =?us-ascii?Q?TBHBaEiOlORglxS+1XbFfZLAt351QdByzDkJjQFXnI6lvVuqoL/u2j7aDPwD?= =?us-ascii?Q?cq4bfeVqQk51lTrTmxaRqVbBMdigjtwaxpAE66ZazAAhghO9sZaftPdu13Qp?= =?us-ascii?Q?R2N1bqSPo1sh8db3p0o5TgBbm0eqvWOALyiFSZ0m/sc3paeidtYU1sO5dBIR?= =?us-ascii?Q?LOADrgQKXmV6GyOMebnxraY+1N7ISDjIa+Bbswgw1oCdv5VtNSA3Wwlznl3q?= =?us-ascii?Q?V2A7Qe4zWyCjjpkq9c585a7BdPwftWtD8Z/SXAB01R5YXWrBc8LuVZHlkm+Y?= =?us-ascii?Q?fFeBYRxhA2QJ+ufCTwN6ymGFpBJcIvCYTjx7j/rr2787+i6n+YNLiiVLTg3n?= =?us-ascii?Q?Eo7feGS5qOm31VLFjlvOKgm7eloqyLf91DvUsZOHRMZOlV5u6We6Y1ppuRju?= =?us-ascii?Q?X6N4hnOYl5OPLebl1dyS5qGdwP2Q7F4TMYOnikv0n4Uq7x9y/nbZ7lneJNKt?= =?us-ascii?Q?ssh7mrOYxqfePY4SaT8jO9VYDlYqhXecOnEg8GrhL1k9mefPo8uunbYva1wd?= =?us-ascii?Q?WLdjAxKyOUzIMTBfcpfc46MS8H6DLo5DaOYnqSVJ1ce3hWpQVCsA9ESEuNdR?= =?us-ascii?Q?KrIBRq1qfHnaLc7D4GHH1/4M6DEB9fZLW7L7dGBQGcrPvau5sEae5TsA7CO7?= =?us-ascii?Q?zHvCz5cGI4WWNMIX+e+qzb3ASnOdr10jNxHFqh2Vq5uYmcEqsTYTM5yfAJJB?= =?us-ascii?Q?4biK6zxudP5WiIyoC+/l9F1MhugFFaKsDdYAPw+PT33eM7ZnxqHYrf1eFF6p?= =?us-ascii?Q?2SPpNEm03icdoHGMzLYrd6dm+nvhuo7123bRz3VtLq1Md3tcic7RjXympu3g?= =?us-ascii?Q?ZMvaSGtYTOHA3rFk6Hp78nsz+oBhmy1Z84rkzYdj3+ssHIS0Nu5nIVPMqaM/?= =?us-ascii?Q?6c/26nxzEWKcqiXcoDa4bi9uBlF50DQjD2dBcjLy8mhpZi5rDa+vTW3+KWDJ?= =?us-ascii?Q?apS6aF9hi5E8Lcopl9YAJIeFGpGNJLGDYojkKEDdKXphABM3J8C5mEU9nchw?= =?us-ascii?Q?jCYOxsARi5AO0beuuvXqWrpvY33f0bhK3J8IcxWCqXToodDEm4eVmN3OTBto?= =?us-ascii?Q?KRecZN/gesGQmB2VdZheWL51oH7ksxr8aSgeMgoqRTc+NV3yRCEh1mW2Fqg5?= =?us-ascii?Q?RyvqPpGAG//3e2iO7WBwGiMR54oPCYp+Uj/k7SXlfWqb6yABhAWXox4btDI3?= =?us-ascii?Q?j3HyP/K1C5cl/4CqAE9pV73wQENLaxrnBm8bQKo2AJ3JgByas2E6L9TNyenp?= =?us-ascii?Q?2+qsqcYHG6IHrFdRHmADopFJ9754MWHK3xYlHgvn?= X-MS-Exchange-CrossTenant-Network-Message-Id: 04712176-8e25-4ecc-99f4-08dc10a6ba37 X-MS-Exchange-CrossTenant-AuthSource: DS7PR11MB5966.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jan 2024 00:05:45.7184 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: uc5IoAkvdNXW0EIgdh6hVmh+tY0uNks9dQmZ6arcsOJ3EIE2lOAGfturXaP9KLD5j3Lkwkgl8atg8niL/c8PMQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB5005 X-OriginatorOrg: intel.com On Mon, Jan 08, 2024 at 10:02:50AM -0400, Jason Gunthorpe wrote: > On Mon, Jan 08, 2024 at 02:02:57PM +0800, Yan Zhao wrote: > > On Fri, Jan 05, 2024 at 03:55:51PM -0400, Jason Gunthorpe wrote: > > > On Fri, Jan 05, 2024 at 05:12:37PM +0800, Yan Zhao wrote: > > > > This series allow user space to notify KVM of noncoherent DMA status so as > > > > to let KVM honor guest memory types in specified memory slot ranges. > > > > > > > > Motivation > > > > === > > > > A virtio GPU device may want to configure GPU hardware to work in > > > > noncoherent mode, i.e. some of its DMAs do not snoop CPU caches. > > > > > > Does this mean some DMA reads do not snoop the caches or does it > > > include DMA writes not synchronizing the caches too? > > Both DMA reads and writes are not snooped. > > Oh that sounds really dangerous. > But the IOMMU for Intel GPU does not do force-snoop, no matter KVM honors guest memory type or not. > > > > This is generally for performance consideration. > > > > In certain platform, GFX performance can improve 20+% with DMAs going to > > > > noncoherent path. > > > > > > > > This noncoherent DMA mode works in below sequence: > > > > 1. Host backend driver programs hardware not to snoop memory of target > > > > DMA buffer. > > > > 2. Host backend driver indicates guest frontend driver to program guest PAT > > > > to WC for target DMA buffer. > > > > 3. Guest frontend driver writes to the DMA buffer without clflush stuffs. > > > > 4. Hardware does noncoherent DMA to the target buffer. > > > > > > > > In this noncoherent DMA mode, both guest and hardware regard a DMA buffer > > > > as not cached. So, if KVM forces the effective memory type of this DMA > > > > buffer to be WB, hardware DMA may read incorrect data and cause misc > > > > failures. > > > > > > I don't know all the details, but a big concern would be that the > > > caches remain fully coherent with the underlying memory at any point > > > where kvm decides to revoke the page from the VM. > > Ah, you mean, for page migration, the content of the page may not be copied > > correctly, right? > > Not just migration. Any point where KVM revokes the page from the > VM. Ie just tearing down the VM still has to make the cache coherent > with physical or there may be problems. Not sure what's the mentioned problem during KVM revoking. In host, - If the memory type is WB, as the case in intel GPU passthrough, the mismatch can only happen when guest memory type is UC/WC/WT/WP, all stronger than WB. So, even after KVM revoking the page, the host will not get delayed data from cache. - If the memory type is WC, as the case in virtio GPU, after KVM revoking the page, the page is still hold in the virtio host side. Even though a incooperative guest can cause wrong data in the page, the guest can achieve the purpose in a more straight-forward way, i.e. writing a wrong data directly to the page. So, I don't see the problem in this case too. > > > Currently in x86, we have 2 ways to let KVM honor guest memory types: > > 1. through KVM memslot flag introduced in this series, for virtio GPUs, in > > memslot granularity. > > 2. through increasing noncoherent dma count, as what's done in VFIO, for > > Intel GPU passthrough, for all guest memory. > > And where does all this fixup the coherency problem? > > > This page migration issue should not be the case for virtio GPU, as both host > > and guest are synced to use the same memory type and actually the pages > > are not anonymous pages. > > The guest isn't required to do this so it can force the cache to > become incoherent. > > > > If you allow an incoherence of cache != physical then it opens a > > > security attack where the observed content of memory can change when > > > it should not. > > > > In this case, will this security attack impact other guests? > > It impacts the hypervisor potentially. It depends.. Could you elaborate more on how it will impact hypervisor? We can try to fix it if it's really a case.