From: "Wang, Zhi A" <zhi.a.wang@intel.com>
To: "Christopherson,, Sean" <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Zhenyu Wang <zhenyuw@linux.intel.com>
Cc: "Zhao, Yan Y" <yan.y.zhao@intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Ben Gardon <bgardon@google.com>,
"intel-gvt-dev@lists.freedesktop.org"
<intel-gvt-dev@lists.freedesktop.org>
Subject: Re: [Intel-gfx] [PATCH v3 02/28] drm/i915/gvt: remove interface intel_gvt_is_valid_gfn
Date: Mon, 15 May 2023 11:07:20 +0000 [thread overview]
Message-ID: <ef5d75eb-cdc7-e91d-85fb-922ca3bdab3a@intel.com> (raw)
In-Reply-To: <20230513003600.818142-3-seanjc@google.com>
On 5/13/2023 8:35 AM, Sean Christopherson wrote:
> From: Yan Zhao <yan.y.zhao@intel.com>
>
Acked-by: Zhi Wang <zhi.a.wang@intel.com>
This was previously to avoid stepping down to the lower level ASAP
when a guest page is not used but still stays in the GPU page table.
(mostly in windows VM, as this is a behavior of WDDM GPU MM). But
it doesn't totally solve the the trapping flood in practice. I am
totally fine that it is removed. Post shadow in the trapping
path might be extended to handle this problem.
> Currently intel_gvt_is_valid_gfn() is called in two places:
> (1) shadowing guest GGTT entry
> (2) shadowing guest PPGTT leaf entry,
> which was introduced in commit cc753fbe1ac4
> ("drm/i915/gvt: validate gfn before set shadow page entry").
>
> However, now it's not necessary to call this interface any more, because
> a. GGTT partial write issue has been fixed by
> commit bc0686ff5fad
> ("drm/i915/gvt: support inconsecutive partial gtt entry write")
> commit 510fe10b6180
> ("drm/i915/gvt: fix a bug of partially write ggtt enties")
> b. PPGTT resides in normal guest RAM and we only treat 8-byte writes
> as valid page table writes. Any invalid GPA found is regarded as
> an error, either due to guest misbehavior/attack or bug in host
> shadow code.
> So,rather than do GFN pre-checking and replace invalid GFNs with
> scratch GFN and continue silently, just remove the pre-checking and
> abort PPGTT shadowing on error detected.
> c. GFN validity check is still performed in
> intel_gvt_dma_map_guest_page() --> gvt_pin_guest_page().
> It's more desirable to call VFIO interface to do both validity check
> and mapping.
> Calling intel_gvt_is_valid_gfn() to do GFN validity check from KVM side
> while later mapping the GFN through VFIO interface is unnecessarily
> fragile and confusing for unaware readers.
>
> Signed-off-by: Yan Zhao <yan.y.zhao@intel.com>
> [sean: remove now-unused local variables]
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
> drivers/gpu/drm/i915/gvt/gtt.c | 36 +---------------------------------
> 1 file changed, 1 insertion(+), 35 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c
> index 58b9b316ae46..f30922c55a0c 100644
> --- a/drivers/gpu/drm/i915/gvt/gtt.c
> +++ b/drivers/gpu/drm/i915/gvt/gtt.c
> @@ -49,22 +49,6 @@
> static bool enable_out_of_sync = false;
> static int preallocated_oos_pages = 8192;
>
> -static bool intel_gvt_is_valid_gfn(struct intel_vgpu *vgpu, unsigned long gfn)
> -{
> - struct kvm *kvm = vgpu->vfio_device.kvm;
> - int idx;
> - bool ret;
> -
> - if (!test_bit(INTEL_VGPU_STATUS_ATTACHED, vgpu->status))
> - return false;
> -
> - idx = srcu_read_lock(&kvm->srcu);
> - ret = kvm_is_visible_gfn(kvm, gfn);
> - srcu_read_unlock(&kvm->srcu, idx);
> -
> - return ret;
> -}
> -
> /*
> * validate a gm address and related range size,
> * translate it to host gm address
> @@ -1333,11 +1317,9 @@ static int ppgtt_populate_shadow_entry(struct intel_vgpu *vgpu,
> static int ppgtt_populate_spt(struct intel_vgpu_ppgtt_spt *spt)
> {
> struct intel_vgpu *vgpu = spt->vgpu;
> - struct intel_gvt *gvt = vgpu->gvt;
> - const struct intel_gvt_gtt_pte_ops *ops = gvt->gtt.pte_ops;
> struct intel_vgpu_ppgtt_spt *s;
> struct intel_gvt_gtt_entry se, ge;
> - unsigned long gfn, i;
> + unsigned long i;
> int ret;
>
> trace_spt_change(spt->vgpu->id, "born", spt,
> @@ -1354,13 +1336,6 @@ static int ppgtt_populate_spt(struct intel_vgpu_ppgtt_spt *spt)
> ppgtt_generate_shadow_entry(&se, s, &ge);
> ppgtt_set_shadow_entry(spt, &se, i);
> } else {
> - gfn = ops->get_pfn(&ge);
> - if (!intel_gvt_is_valid_gfn(vgpu, gfn)) {
> - ops->set_pfn(&se, gvt->gtt.scratch_mfn);
> - ppgtt_set_shadow_entry(spt, &se, i);
> - continue;
> - }
> -
> ret = ppgtt_populate_shadow_entry(vgpu, spt, i, &ge);
> if (ret)
> goto fail;
> @@ -2335,14 +2310,6 @@ static int emulate_ggtt_mmio_write(struct intel_vgpu *vgpu, unsigned int off,
> m.val64 = e.val64;
> m.type = e.type;
>
> - /* one PTE update may be issued in multiple writes and the
> - * first write may not construct a valid gfn
> - */
> - if (!intel_gvt_is_valid_gfn(vgpu, gfn)) {
> - ops->set_pfn(&m, gvt->gtt.scratch_mfn);
> - goto out;
> - }
> -
> ret = intel_gvt_dma_map_guest_page(vgpu, gfn, PAGE_SIZE,
> &dma_addr);
> if (ret) {
> @@ -2359,7 +2326,6 @@ static int emulate_ggtt_mmio_write(struct intel_vgpu *vgpu, unsigned int off,
> ops->clear_present(&m);
> }
>
> -out:
> ggtt_set_guest_entry(ggtt_mm, &e, g_gtt_index);
>
> ggtt_get_host_entry(ggtt_mm, &e, g_gtt_index);
WARNING: multiple messages have this Message-ID (diff)
From: "Wang, Zhi A" <zhi.a.wang@intel.com>
To: "Christopherson,, Sean" <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Zhenyu Wang <zhenyuw@linux.intel.com>
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"intel-gvt-dev@lists.freedesktop.org"
<intel-gvt-dev@lists.freedesktop.org>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Zhao, Yan Y" <yan.y.zhao@intel.com>,
Ben Gardon <bgardon@google.com>
Subject: Re: [PATCH v3 02/28] drm/i915/gvt: remove interface intel_gvt_is_valid_gfn
Date: Mon, 15 May 2023 11:07:20 +0000 [thread overview]
Message-ID: <ef5d75eb-cdc7-e91d-85fb-922ca3bdab3a@intel.com> (raw)
In-Reply-To: <20230513003600.818142-3-seanjc@google.com>
On 5/13/2023 8:35 AM, Sean Christopherson wrote:
> From: Yan Zhao <yan.y.zhao@intel.com>
>
Acked-by: Zhi Wang <zhi.a.wang@intel.com>
This was previously to avoid stepping down to the lower level ASAP
when a guest page is not used but still stays in the GPU page table.
(mostly in windows VM, as this is a behavior of WDDM GPU MM). But
it doesn't totally solve the the trapping flood in practice. I am
totally fine that it is removed. Post shadow in the trapping
path might be extended to handle this problem.
> Currently intel_gvt_is_valid_gfn() is called in two places:
> (1) shadowing guest GGTT entry
> (2) shadowing guest PPGTT leaf entry,
> which was introduced in commit cc753fbe1ac4
> ("drm/i915/gvt: validate gfn before set shadow page entry").
>
> However, now it's not necessary to call this interface any more, because
> a. GGTT partial write issue has been fixed by
> commit bc0686ff5fad
> ("drm/i915/gvt: support inconsecutive partial gtt entry write")
> commit 510fe10b6180
> ("drm/i915/gvt: fix a bug of partially write ggtt enties")
> b. PPGTT resides in normal guest RAM and we only treat 8-byte writes
> as valid page table writes. Any invalid GPA found is regarded as
> an error, either due to guest misbehavior/attack or bug in host
> shadow code.
> So,rather than do GFN pre-checking and replace invalid GFNs with
> scratch GFN and continue silently, just remove the pre-checking and
> abort PPGTT shadowing on error detected.
> c. GFN validity check is still performed in
> intel_gvt_dma_map_guest_page() --> gvt_pin_guest_page().
> It's more desirable to call VFIO interface to do both validity check
> and mapping.
> Calling intel_gvt_is_valid_gfn() to do GFN validity check from KVM side
> while later mapping the GFN through VFIO interface is unnecessarily
> fragile and confusing for unaware readers.
>
> Signed-off-by: Yan Zhao <yan.y.zhao@intel.com>
> [sean: remove now-unused local variables]
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
> drivers/gpu/drm/i915/gvt/gtt.c | 36 +---------------------------------
> 1 file changed, 1 insertion(+), 35 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c
> index 58b9b316ae46..f30922c55a0c 100644
> --- a/drivers/gpu/drm/i915/gvt/gtt.c
> +++ b/drivers/gpu/drm/i915/gvt/gtt.c
> @@ -49,22 +49,6 @@
> static bool enable_out_of_sync = false;
> static int preallocated_oos_pages = 8192;
>
> -static bool intel_gvt_is_valid_gfn(struct intel_vgpu *vgpu, unsigned long gfn)
> -{
> - struct kvm *kvm = vgpu->vfio_device.kvm;
> - int idx;
> - bool ret;
> -
> - if (!test_bit(INTEL_VGPU_STATUS_ATTACHED, vgpu->status))
> - return false;
> -
> - idx = srcu_read_lock(&kvm->srcu);
> - ret = kvm_is_visible_gfn(kvm, gfn);
> - srcu_read_unlock(&kvm->srcu, idx);
> -
> - return ret;
> -}
> -
> /*
> * validate a gm address and related range size,
> * translate it to host gm address
> @@ -1333,11 +1317,9 @@ static int ppgtt_populate_shadow_entry(struct intel_vgpu *vgpu,
> static int ppgtt_populate_spt(struct intel_vgpu_ppgtt_spt *spt)
> {
> struct intel_vgpu *vgpu = spt->vgpu;
> - struct intel_gvt *gvt = vgpu->gvt;
> - const struct intel_gvt_gtt_pte_ops *ops = gvt->gtt.pte_ops;
> struct intel_vgpu_ppgtt_spt *s;
> struct intel_gvt_gtt_entry se, ge;
> - unsigned long gfn, i;
> + unsigned long i;
> int ret;
>
> trace_spt_change(spt->vgpu->id, "born", spt,
> @@ -1354,13 +1336,6 @@ static int ppgtt_populate_spt(struct intel_vgpu_ppgtt_spt *spt)
> ppgtt_generate_shadow_entry(&se, s, &ge);
> ppgtt_set_shadow_entry(spt, &se, i);
> } else {
> - gfn = ops->get_pfn(&ge);
> - if (!intel_gvt_is_valid_gfn(vgpu, gfn)) {
> - ops->set_pfn(&se, gvt->gtt.scratch_mfn);
> - ppgtt_set_shadow_entry(spt, &se, i);
> - continue;
> - }
> -
> ret = ppgtt_populate_shadow_entry(vgpu, spt, i, &ge);
> if (ret)
> goto fail;
> @@ -2335,14 +2310,6 @@ static int emulate_ggtt_mmio_write(struct intel_vgpu *vgpu, unsigned int off,
> m.val64 = e.val64;
> m.type = e.type;
>
> - /* one PTE update may be issued in multiple writes and the
> - * first write may not construct a valid gfn
> - */
> - if (!intel_gvt_is_valid_gfn(vgpu, gfn)) {
> - ops->set_pfn(&m, gvt->gtt.scratch_mfn);
> - goto out;
> - }
> -
> ret = intel_gvt_dma_map_guest_page(vgpu, gfn, PAGE_SIZE,
> &dma_addr);
> if (ret) {
> @@ -2359,7 +2326,6 @@ static int emulate_ggtt_mmio_write(struct intel_vgpu *vgpu, unsigned int off,
> ops->clear_present(&m);
> }
>
> -out:
> ggtt_set_guest_entry(ggtt_mm, &e, g_gtt_index);
>
> ggtt_get_host_entry(ggtt_mm, &e, g_gtt_index);
next prev parent reply other threads:[~2023-05-15 11:07 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-13 0:35 [Intel-gfx] [PATCH v3 00/28] drm/i915/gvt: KVM: KVMGT fixes and page-track cleanups Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 01/28] drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page" Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 02/28] drm/i915/gvt: remove interface intel_gvt_is_valid_gfn Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-15 11:07 ` Wang, Zhi A [this message]
2023-05-15 11:07 ` Wang, Zhi A
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 03/28] drm/i915/gvt: Verify hugepages are contiguous in physical address space Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-16 9:37 ` [Intel-gfx] " Yan Zhao
2023-05-16 9:37 ` Yan Zhao
2023-05-17 14:50 ` [Intel-gfx] " Sean Christopherson
2023-05-17 14:50 ` Sean Christopherson
2023-05-18 9:06 ` [Intel-gfx] " Yan Zhao
2023-05-18 9:06 ` Yan Zhao
2023-05-18 18:04 ` [Intel-gfx] " Sean Christopherson
2023-05-18 18:04 ` Sean Christopherson
2023-05-19 3:18 ` [Intel-gfx] " Yan Zhao
2023-05-19 3:18 ` Yan Zhao
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 04/28] drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 05/28] drm/i915/gvt: Explicitly check that vGPU is attached before shadowing Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-15 11:24 ` [Intel-gfx] " Wang, Zhi A
2023-05-15 11:24 ` Wang, Zhi A
2023-05-15 17:57 ` [Intel-gfx] " Sean Christopherson
2023-05-15 17:57 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 06/28] drm/i915/gvt: Error out on an attempt to shadowing an unknown GTT entry type Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-15 11:28 ` [Intel-gfx] " Wang, Zhi A
2023-05-15 11:28 ` Wang, Zhi A
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 07/28] drm/i915/gvt: Don't rely on KVM's gfn_to_pfn() to query possible 2M GTT Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-17 0:57 ` [Intel-gfx] " Yan Zhao
2023-05-17 0:57 ` Yan Zhao
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 08/28] drm/i915/gvt: Use an "unsigned long" to iterate over memslot gfns Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 09/28] drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 10/28] drm/i915/gvt: Protect gfn hash table with vgpu_lock Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 11/28] KVM: x86/mmu: Move kvm_arch_flush_shadow_{all, memslot}() to mmu.c Sean Christopherson
2023-05-13 0:35 ` [PATCH v3 11/28] KVM: x86/mmu: Move kvm_arch_flush_shadow_{all,memslot}() " Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 12/28] KVM: x86/mmu: Don't rely on page-track mechanism to flush on memslot change Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-17 2:06 ` [Intel-gfx] " Yan Zhao
2023-05-17 2:06 ` Yan Zhao
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 13/28] KVM: x86/mmu: Don't bounce through page-track mechanism for guest PTEs Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 14/28] KVM: drm/i915/gvt: Drop @vcpu from KVM's ->track_write() hook Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 15/28] KVM: x86: Reject memslot MOVE operations if KVMGT is attached Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 16/28] drm/i915/gvt: Don't bother removing write-protection on to-be-deleted slot Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 17/28] KVM: x86: Add a new page-track hook to handle memslot deletion Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 18/28] drm/i915/gvt: switch from ->track_flush_slot() to ->track_remove_region() Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 19/28] KVM: x86: Remove the unused page-track hook track_flush_slot() Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 20/28] KVM: x86/mmu: Move KVM-only page-track declarations to internal header Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 21/28] KVM: x86/mmu: Use page-track notifiers iff there are external users Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-17 3:27 ` [Intel-gfx] " Yan Zhao
2023-05-17 3:27 ` Yan Zhao
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 22/28] KVM: x86/mmu: Drop infrastructure for multiple page-track modes Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 23/28] KVM: x86/mmu: Rename page-track APIs to reflect the new reality Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 24/28] KVM: x86/mmu: Assert that correct locks are held for page write-tracking Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 25/28] KVM: x86/mmu: Bug the VM if write-tracking is used but not enabled Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 26/28] KVM: x86/mmu: Drop @slot param from exported/external page-track APIs Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:35 ` [Intel-gfx] [PATCH v3 27/28] KVM: x86/mmu: Handle KVM bookkeeping in page-track APIs, not callers Sean Christopherson
2023-05-13 0:35 ` Sean Christopherson
2023-05-13 0:36 ` [Intel-gfx] [PATCH v3 28/28] drm/i915/gvt: Drop final dependencies on KVM internal details Sean Christopherson
2023-05-13 0:36 ` Sean Christopherson
2023-05-13 1:46 ` [Intel-gfx] ✗ Fi.CI.CHECKPATCH: warning for drm/i915/gvt: KVM: KVMGT fixes and page-track cleanups (rev8) Patchwork
2023-05-13 2:00 ` [Intel-gfx] ✗ Fi.CI.BAT: failure " Patchwork
2023-06-14 3:06 ` [Intel-gfx] [PATCH v3 00/28] drm/i915/gvt: KVM: KVMGT fixes and page-track cleanups Ma, Yongwei
2023-06-14 3:06 ` Ma, Yongwei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ef5d75eb-cdc7-e91d-85fb-922ca3bdab3a@intel.com \
--to=zhi.a.wang@intel.com \
--cc=bgardon@google.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=intel-gvt-dev@lists.freedesktop.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=yan.y.zhao@intel.com \
--cc=zhenyuw@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.