From: Oliver Upton <oliver.upton@linux.dev>
To: Ankit Agrawal <ankita@nvidia.com>
Cc: Sean Christopherson <seanjc@google.com>,
Jason Gunthorpe <jgg@nvidia.com>, Marc Zyngier <maz@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
"joey.gouly@arm.com" <joey.gouly@arm.com>,
"suzuki.poulose@arm.com" <suzuki.poulose@arm.com>,
"yuzenghui@huawei.com" <yuzenghui@huawei.com>,
"will@kernel.org" <will@kernel.org>,
"ryan.roberts@arm.com" <ryan.roberts@arm.com>,
"shahuang@redhat.com" <shahuang@redhat.com>,
"lpieralisi@kernel.org" <lpieralisi@kernel.org>,
"david@redhat.com" <david@redhat.com>,
Aniket Agashe <aniketa@nvidia.com>, Neo Jia <cjia@nvidia.com>,
Kirti Wankhede <kwankhede@nvidia.com>,
"Tarun Gupta (SW-GPU)" <targupta@nvidia.com>,
Vikram Sethi <vsethi@nvidia.com>,
Andy Currid <acurrid@nvidia.com>,
Alistair Popple <apopple@nvidia.com>,
John Hubbard <jhubbard@nvidia.com>,
Dan Williams <danw@nvidia.com>, Zhi Wang <zhiw@nvidia.com>,
Matt Ochs <mochs@nvidia.com>, Uday Dhoke <udhoke@nvidia.com>,
Dheeraj Nigam <dnigam@nvidia.com>,
Krishnakant Jaju <kjaju@nvidia.com>,
"alex.williamson@redhat.com" <alex.williamson@redhat.com>,
"sebastianene@google.com" <sebastianene@google.com>,
"coltonlewis@google.com" <coltonlewis@google.com>,
"kevin.tian@intel.com" <kevin.tian@intel.com>,
"yi.l.liu@intel.com" <yi.l.liu@intel.com>,
"ardb@kernel.org" <ardb@kernel.org>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"gshan@redhat.com" <gshan@redhat.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"ddutile@redhat.com" <ddutile@redhat.com>,
"tabba@google.com" <tabba@google.com>,
"qperret@google.com" <qperret@google.com>,
"kvmarm@lists.linux.dev" <kvmarm@lists.linux.dev>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>
Subject: Re: [PATCH v3 1/1] KVM: arm64: Allow cacheable stage 2 mapping using VMA flags
Date: Tue, 22 Apr 2025 00:49:28 -0700 [thread overview]
Message-ID: <aAdKCGCuwlUeUXKY@linux.dev> (raw)
In-Reply-To: <SA1PR12MB719976799AD7F9FC4407A5A9B0BD2@SA1PR12MB7199.namprd12.prod.outlook.com>
Hi,
On Wed, Apr 16, 2025 at 08:51:05AM +0000, Ankit Agrawal wrote:
> Hi, summarizing the discussion so far and outlining the next steps. The key points
> are as follows:
> 1. KVM cap to expose whether the kernel supports mapping cacheable PFNMAP:
> If the host doesn't have FWB, then the capability doesn't exist. Jason, Oliver, Caitlin
> and Sean points that this may not be required as userspace do not have
> much choice anyways. KVM has to follow the PTEs and userspace cannot ask
> for something different. However, Marc points that enumerating FWB support
> would allow userspace to discover the support and prevent live-migration
> across FWB and non-FWB hosts. Jason suggested that this may still be fine as
> we have already built in VFIO side protection where a live migration can be
> attempted and then fail because of late-detected HW incompatibilities.
>
> 2. New memslot flag that VMM passes at memslot registration:
> Discussion point that this is not necessary and KVM should just follow the
> VMA pgprot.
>
> 3. Fallback path handling for PFNMAP when the FWB is not set:
> Discussion points that there shouldn't be any fallback path and the memslot
> should just fail. i.e. KVM should not allow degrading cachable to non-cachable
> when it can't do flushing. This is to prevent the potential security issue
> pointed by Jason (S1 cacheable, S2 noncacheable).
>
>
> So AIU, the next step is to send out the updated series with the following patches:
> 1. Block cacheable PFN map in memslot creation (kvm_arch_prepare_memory_region)
> and during fault handling (user_mem_abort()).
Yes, we need to prevent the creation of stage-2 mappings to PFNMAP memory
that uses cacheable attributes in the host stage-1. I believe we have alignment
that this is a bugfix.
> 2. Enable support for cacheable PFN maps if S2FWB is enabled by following
> the vma pgprot (this patch).
>
> 3. Add and expose the new KVM cap to expose cacheable PFNMAP (set to false
> for !FWB), pending maintainers' feedback on the necessity of this capability.
Regarding UAPI: I'm still convinced that we need the VMM to buy in to this
behavior. And no, it doesn't matter if this is some VFIO-based mapping
or kernel-managed memory.
The reality is that userspace is an equal participant in remaining coherent with
the guest. Whether or not FWB is employed for a particular region of IPA
space is useful information for userspace deciding what it needs to do to access guest
memory. Ignoring the Nvidia widget for a second, userspace also needs to know this for
'normal', kernel-managed memory so it understands what CMOs may be necessary when (for
example) doing live migration of the VM.
So this KVM CAP needs to be paired with a memslot flag.
- The capability says KVM is able to enforce Write-Back at stage-2
- The memslot flag says userspace expects a particular GFN range to guarantee
Write-Back semantics. This can be applied to 'normal', kernel-managed memory
and PFNMAP thingies that have cacheable attributes at host stage-1.
- Under no situation do we allow userspace to create non-cacheable mapping at
stage-2 for something PFNMAP cacheable at stage-1.
No matter what, my understanding is that we all agree the driver which provided the
host stage-1 mapping is the authoritative source for memory attributes compatible
with a given device. The accompanying UAPI is necessary for the VMM to understand how
to handle arbitrary cacheable mappings provided to the VM.
Thanks,
Oliver
next prev parent reply other threads:[~2025-04-22 7:49 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-10 10:30 [PATCH v3 0/1] KVM: arm64: Map GPU device memory as cacheable ankita
2025-03-10 10:30 ` [PATCH v3 1/1] KVM: arm64: Allow cacheable stage 2 mapping using VMA flags ankita
2025-03-10 11:54 ` Marc Zyngier
2025-03-11 3:42 ` Ankit Agrawal
2025-03-11 11:18 ` Marc Zyngier
2025-03-11 12:07 ` Ankit Agrawal
2025-03-12 8:21 ` Marc Zyngier
2025-03-17 5:55 ` Ankit Agrawal
2025-03-17 9:27 ` Marc Zyngier
2025-03-17 19:54 ` Catalin Marinas
2025-03-18 9:39 ` Marc Zyngier
2025-03-18 12:55 ` Jason Gunthorpe
2025-03-18 19:27 ` Catalin Marinas
2025-03-18 19:35 ` David Hildenbrand
2025-03-18 19:40 ` Oliver Upton
2025-03-20 3:30 ` bibo mao
2025-03-20 7:24 ` bibo mao
2025-03-18 23:17 ` Jason Gunthorpe
2025-03-19 18:03 ` Catalin Marinas
2025-03-18 19:30 ` Oliver Upton
2025-03-18 23:09 ` Jason Gunthorpe
2025-03-19 7:01 ` Oliver Upton
2025-03-19 17:04 ` Jason Gunthorpe
2025-03-19 18:11 ` Catalin Marinas
2025-03-19 19:22 ` Jason Gunthorpe
2025-03-19 21:48 ` Catalin Marinas
2025-03-26 8:31 ` Ankit Agrawal
2025-03-26 14:53 ` Sean Christopherson
2025-03-26 15:42 ` Marc Zyngier
2025-03-26 16:10 ` Sean Christopherson
2025-03-26 18:02 ` Marc Zyngier
2025-03-26 18:24 ` Sean Christopherson
2025-03-26 18:51 ` Oliver Upton
2025-03-31 14:44 ` Jason Gunthorpe
2025-03-31 14:56 ` Jason Gunthorpe
2025-04-07 15:20 ` Sean Christopherson
2025-04-07 16:15 ` Jason Gunthorpe
2025-04-07 16:43 ` Sean Christopherson
2025-04-16 8:51 ` Ankit Agrawal
2025-04-21 16:03 ` Ankit Agrawal
2025-04-22 7:49 ` Oliver Upton [this message]
2025-04-22 13:54 ` Jason Gunthorpe
2025-04-22 16:50 ` Catalin Marinas
2025-04-22 17:03 ` Jason Gunthorpe
2025-04-22 21:28 ` Oliver Upton
2025-04-22 23:35 ` Jason Gunthorpe
2025-04-23 10:45 ` Catalin Marinas
2025-04-23 12:02 ` Jason Gunthorpe
2025-04-23 12:26 ` Catalin Marinas
2025-04-23 13:03 ` Jason Gunthorpe
2025-04-29 10:47 ` Ankit Agrawal
2025-04-29 13:27 ` Catalin Marinas
2025-04-29 14:14 ` Jason Gunthorpe
2025-04-29 16:03 ` Catalin Marinas
2025-04-29 16:44 ` Jason Gunthorpe
2025-04-29 18:09 ` Catalin Marinas
2025-04-29 18:19 ` Jason Gunthorpe
2025-05-07 15:26 ` Ankit Agrawal
2025-05-09 12:47 ` Catalin Marinas
2025-04-22 14:53 ` Sean Christopherson
2025-03-18 12:57 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aAdKCGCuwlUeUXKY@linux.dev \
--to=oliver.upton@linux.dev \
--cc=acurrid@nvidia.com \
--cc=akpm@linux-foundation.org \
--cc=alex.williamson@redhat.com \
--cc=aniketa@nvidia.com \
--cc=ankita@nvidia.com \
--cc=apopple@nvidia.com \
--cc=ardb@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=cjia@nvidia.com \
--cc=coltonlewis@google.com \
--cc=danw@nvidia.com \
--cc=david@redhat.com \
--cc=ddutile@redhat.com \
--cc=dnigam@nvidia.com \
--cc=gshan@redhat.com \
--cc=jgg@nvidia.com \
--cc=jhubbard@nvidia.com \
--cc=joey.gouly@arm.com \
--cc=kevin.tian@intel.com \
--cc=kjaju@nvidia.com \
--cc=kvmarm@lists.linux.dev \
--cc=kwankhede@nvidia.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lpieralisi@kernel.org \
--cc=maz@kernel.org \
--cc=mochs@nvidia.com \
--cc=qperret@google.com \
--cc=ryan.roberts@arm.com \
--cc=seanjc@google.com \
--cc=sebastianene@google.com \
--cc=shahuang@redhat.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=targupta@nvidia.com \
--cc=udhoke@nvidia.com \
--cc=vsethi@nvidia.com \
--cc=will@kernel.org \
--cc=yi.l.liu@intel.com \
--cc=yuzenghui@huawei.com \
--cc=zhiw@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.