Received: by 2002:a05:7412:1e0b:b0:fc:a2b0:25d7 with SMTP id kr11csp60407rdb; Wed, 14 Feb 2024 12:41:19 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCV0GqLlKOU3oOeTcYcP2DPaajRwDC8sWAUrWDoxMA1WZBBLw6SXYBGU+Xgx7cOSaZ8OcnH4y41BsCids8OR8EcMC/Hyxo2Wzbl1qMPYVA== X-Google-Smtp-Source: AGHT+IH7dDO6Pv26vBCvIZqPV2g/ZULI1sAg4agnpgIM6Lt0ZReUonybBylf8mj/8UfjjdsmuF/U X-Received: by 2002:a05:6a00:1395:b0:6e1:1e1d:bd9b with SMTP id t21-20020a056a00139500b006e11e1dbd9bmr217900pfg.27.1707943279074; Wed, 14 Feb 2024 12:41:19 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707943279; cv=pass; d=google.com; s=arc-20160816; b=uiGg5ZYzE23W+aYXqCgRAWlrt8fJIlHZqjg0azecMri3Yrp7rva0hlUrMFPWD1YPy4 zAXBk52HPew0yaTBwlulBTswQ6cU4JM1EM7qNPvY1NOiXoc2QgpwTOazah3uR7ibf7NG vE6OcnLQtfvIHu3NdCJqyyC5ne2Gr4RbXBJgoeJ4ac5A0PGuY3/ICGUOFGNCoZ5wSRP2 RR57VgrECjVYy6LaCVvNvGvIS/hUVLSoXmL1IjHZLdYsyf5TV6NvIZ5g3El+FYADOnvU 8C1tK2AyEE3cSvbngr63n1puWUPNFAhXk84w6iSaxZrDtce3pH78TpnRuf5IrLbmthrD gW8Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence :user-agent:references:in-reply-to:subject:cc:to:from:message-id :date:dkim-signature; bh=9p8Q7sWjqdRJM2lV8I9OqeGpyYOPxb6k0exoM1wL9fk=; fh=xCTwnqABJxLxqk9bp9WHSXfYoNaBFKqIoVfp2nYw1dA=; b=HajOm4k3/o6HFrpbk4tk2v3Ms9QYKwgl4SQbcINjC5vX37WwXRtjgCbMm0kAH1H+ex oEwqToubEpiFDg/P7t0NDRZesCppPfpzmq260u/W5GkjdWsiwmB/D0rbTrH9hdQrZos/ jUY5+n6IhFrPDYF9rY/mzWNTPgWUJAp3ORqg/uMWtzE3XwkF1l8MRcLWbOF1nNF+o+UC fn1spnG22H2tipQzeq4qPXkbgwrAg2HOaSe6xsUw3G60r9/UA3T5SNQsYi4AqGzN5+uD I9j23Y1uJX4Uc1/31J1SO7+OX58roLCxhRREuhVAIqYtljgfuXRZDtmdIgT0QypaxBtw kVPA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=NwRLB3iD; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-65916-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65916-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org X-Forwarded-Encrypted: i=2; AJvYcCUTD0u6g3txupdLzLTepsRibUyFRLPud1ITF2sjgWG2MoqIuP2EHOYc3hH7g/PD1HW6qmPdeWn8iy/YWSu6aRcTvCOsQg+7Ar4oEsOHew== Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id y35-20020a056a00182300b006e116bcae18si766941pfa.9.2024.02.14.12.41.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Feb 2024 12:41:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-65916-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=NwRLB3iD; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-65916-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65916-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id DE730B26A2F for ; Wed, 14 Feb 2024 20:10:06 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9B87F13DBAE; Wed, 14 Feb 2024 20:09:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="NwRLB3iD" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B1EF613DB9F; Wed, 14 Feb 2024 20:09:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707941395; cv=none; b=O7FQAxmGTshPVkyHMkFbLBCQkZ1aeB37Upqy12eYbsYc+arHhpKG+2n0XXzxVVN/QkdE2tpWvUlYzY9r/hZ7aQYlbxkhsK6F+oWUvV53fzYN2BaH9PvhvXIztgi1lJb4+ih2AsoAVbE21NMIdjYimGckBppEOfKmF60L6DmTsrw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707941395; c=relaxed/simple; bh=4azwoIdbG/L/6RFnx1ncMgHMgVCWQZsgXPP6KuYxyxM=; h=Date:Message-ID:From:To:Cc:Subject:In-Reply-To:References: MIME-Version:Content-Type; b=cs3UaD6cjgKpqz5vwgdeU+LZqXTiyaJXyFjLu/BvlveXhruq07rAxltmGlaImgbzyeSwdYFI2ZOhzLvfJqtJXro3ytyCw24KBvpkBquB3UsEI7flQEbLV+iiB70H3SOXEa8llkmGy8R2dWaTX8cwSyl7tNysLrzNOxe3HNOIqs0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=NwRLB3iD; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 39CE9C433C7; Wed, 14 Feb 2024 20:09:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1707941395; bh=4azwoIdbG/L/6RFnx1ncMgHMgVCWQZsgXPP6KuYxyxM=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=NwRLB3iDFB91KJiT18wZmerQ+hDWKgGjk1X4ykBWIzKrrUnLS2zbOeE/en64tqWvT axQWgz9jfEAhZpnVWUA8ssURc1jKUHZ/bZeRz3J8OoriEjDCkP9IOqk9OsXonLc/7w x7BzyIqIAazjivTJTVocrBP5zJ8mnatvXnN0IHF+4GQEC+ay4YEcJAjMbu3iwp9T6j 1ew4dU0T1M9zB7omd6WFLZbIkqN3eV0RxmUEMktHcwuMOFRVXFW70OZcQTK2mujN3q d8FU+D5dLG+iPg293XSEszOaYZ63gCeTMIH2TsxmvhJlqP2BleTbfKv8DZP585JNaD z7NzcLFP2A5lA== Received: from sofa.misterjones.org ([185.219.108.64] helo=goblin-girl.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1raLZo-003GHt-SZ; Wed, 14 Feb 2024 20:09:52 +0000 Date: Wed, 14 Feb 2024 20:09:52 +0000 Message-ID: <86v86q4xkf.wl-maz@kernel.org> From: Marc Zyngier To: Oliver Upton Cc: kvmarm@lists.linux.dev, kvm@vger.kernel.org, James Morse , Suzuki K Poulose , Zenghui Yu , linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 19/23] KVM: selftests: Add a minimal library for interacting with an ITS In-Reply-To: References: <20240213093250.3960069-1-oliver.upton@linux.dev> <20240213094114.3961683-1-oliver.upton@linux.dev> <86zfw33qae.wl-maz@kernel.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/29.1 (aarch64-unknown-linux-gnu) MULE/6.0 (HANACHIRUSATO) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: oliver.upton@linux.dev, kvmarm@lists.linux.dev, kvm@vger.kernel.org, james.morse@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, linux-kernel@vger.kernel.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false On Wed, 14 Feb 2024 19:00:00 +0000, Oliver Upton wrote: > > On Wed, Feb 14, 2024 at 05:32:25PM +0000, Marc Zyngier wrote: > > On Tue, 13 Feb 2024 09:41:14 +0000, > > Oliver Upton wrote: > > > > > > A prerequisite of testing LPI injection performance is of course > > > instantiating an ITS for the guest. Add a small library for creating an > > > ITS and interacting with it *from userspace*. > > > > > > Yep, you read that right. KVM unintentionally allows userspace to send > > > commands to the virtual ITS via the command queue. Besides adding test > > > coverage for an elusive UAPI, interacting with the ITS in userspace > > > simplifies the handling of commands that need to allocate memory, like a > > > MAPD command with an ITT. > > > > I don't mean to derail the party, but I really think we should plug > > this hole. Either that, or we make it an official interface for state > > restore. And don't we all love to have multiple interfaces to do the > > same thing? > > Ok, I've thought about it a bit more and I'm fully convinced we need to > shut the door on this stupidity. > > We expect CREADR == CWRITER at the time userspace saves the ITS > registers, but we have a *hideous* ordering issue on the restore path. > > If the order of restore from userspace is CBASER, CWRITER, CREADR then > we **wind up replaying the entire command queue**. While insane, I'm > pretty sure it is legal for the guest to write garbage after the read > pointer has moved past a particular command index. > > Fsck!!! This is documented Documentation/virt/kvm/devices/arm-vgic-its.rst to some extent, and it is allowed for the guest to crap itself on behalf of userspace if the ordering isn't respected. > So, how about we do this: > > - Provide a uaccess hook for CWRITER that changes the write-pointer > without processing any commands > > - Assert an invariant that at any time CWRITER or CREADR are read from > userspace that CREADR == CWRITER. Fail the ioctl and scream if that > isn't the case, so that way we never need to worry about processing > 'in-flight' commands at the destination. Are we guaranteed that we cannot ever see CWRITER != CREADR at VM dumping time? I'm not convinced that we cannot preempt the vcpu thread at the right spot, specially given that you can have an arbitrary large batch of commands to execute. Just add a page-fault to the mix, and a signal pending. Pronto, you see a guest exit and you should be able to start dumping things without the ITS having processed much. I haven't tried, but that doesn't seem totally unlikely. M. -- Without deviation from the norm, progress is not possible.