From: Marc Zyngier <maz@kernel.org>
To: Oliver Upton <oliver.upton@linux.dev>
Cc: kvmarm@lists.linux.dev, kvm@vger.kernel.org,
James Morse <james.morse@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Zenghui Yu <yuzenghui@huawei.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 19/23] KVM: selftests: Add a minimal library for interacting with an ITS
Date: Wed, 14 Feb 2024 20:09:52 +0000 [thread overview]
Message-ID: <86v86q4xkf.wl-maz@kernel.org> (raw)
In-Reply-To: <Zc0NsFm40nIqTmRf@linux.dev>
On Wed, 14 Feb 2024 19:00:00 +0000,
Oliver Upton <oliver.upton@linux.dev> wrote:
>
> On Wed, Feb 14, 2024 at 05:32:25PM +0000, Marc Zyngier wrote:
> > On Tue, 13 Feb 2024 09:41:14 +0000,
> > Oliver Upton <oliver.upton@linux.dev> wrote:
> > >
> > > A prerequisite of testing LPI injection performance is of course
> > > instantiating an ITS for the guest. Add a small library for creating an
> > > ITS and interacting with it *from userspace*.
> > >
> > > Yep, you read that right. KVM unintentionally allows userspace to send
> > > commands to the virtual ITS via the command queue. Besides adding test
> > > coverage for an elusive UAPI, interacting with the ITS in userspace
> > > simplifies the handling of commands that need to allocate memory, like a
> > > MAPD command with an ITT.
> >
> > I don't mean to derail the party, but I really think we should plug
> > this hole. Either that, or we make it an official interface for state
> > restore. And don't we all love to have multiple interfaces to do the
> > same thing?
>
> Ok, I've thought about it a bit more and I'm fully convinced we need to
> shut the door on this stupidity.
>
> We expect CREADR == CWRITER at the time userspace saves the ITS
> registers, but we have a *hideous* ordering issue on the restore path.
>
> If the order of restore from userspace is CBASER, CWRITER, CREADR then
> we **wind up replaying the entire command queue**. While insane, I'm
> pretty sure it is legal for the guest to write garbage after the read
> pointer has moved past a particular command index.
>
> Fsck!!!
This is documented Documentation/virt/kvm/devices/arm-vgic-its.rst to
some extent, and it is allowed for the guest to crap itself on behalf
of userspace if the ordering isn't respected.
> So, how about we do this:
>
> - Provide a uaccess hook for CWRITER that changes the write-pointer
> without processing any commands
>
> - Assert an invariant that at any time CWRITER or CREADR are read from
> userspace that CREADR == CWRITER. Fail the ioctl and scream if that
> isn't the case, so that way we never need to worry about processing
> 'in-flight' commands at the destination.
Are we guaranteed that we cannot ever see CWRITER != CREADR at VM
dumping time? I'm not convinced that we cannot preempt the vcpu thread
at the right spot, specially given that you can have an arbitrary
large batch of commands to execute.
Just add a page-fault to the mix, and a signal pending. Pronto, you
see a guest exit and you should be able to start dumping things
without the ITS having processed much. I haven't tried, but that
doesn't seem totally unlikely.
M.
--
Without deviation from the norm, progress is not possible.
next prev parent reply other threads:[~2024-02-14 20:09 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-13 9:32 [PATCH v2 00/23] KVM: arm64: Improvements to LPI injection Oliver Upton
2024-02-13 9:32 ` [PATCH v2 01/23] KVM: arm64: Add tracepoints + stats for LPI cache effectiveness Oliver Upton
2024-02-14 15:55 ` Marc Zyngier
2024-02-13 9:32 ` [PATCH v2 02/23] KVM: arm64: vgic: Store LPIs in an xarray Oliver Upton
2024-02-13 21:52 ` Oliver Upton
2024-02-13 9:32 ` [PATCH v2 03/23] KVM: arm64: vgic: Use xarray to find LPI in vgic_get_lpi() Oliver Upton
2024-02-13 9:32 ` [PATCH v2 04/23] KVM: arm64: vgic-v3: Iterate the xarray to find pending LPIs Oliver Upton
2024-02-13 9:32 ` [PATCH v2 05/23] KVM: arm64: vgic-its: Walk the LPI xarray in vgic_copy_lpi_list() Oliver Upton
2024-02-13 9:32 ` [PATCH v2 06/23] KVM: arm64: vgic: Get rid of the LPI linked-list Oliver Upton
2024-02-13 9:32 ` [PATCH v2 07/23] KVM: arm64: vgic: Use atomics to count LPIs Oliver Upton
2024-02-14 16:47 ` Marc Zyngier
2024-02-14 18:32 ` Oliver Upton
2024-02-14 20:01 ` Marc Zyngier
2024-02-14 23:01 ` Oliver Upton
2024-02-15 9:44 ` Marc Zyngier
2024-02-13 9:32 ` [PATCH v2 08/23] KVM: arm64: vgic: Free LPI vgic_irq structs in an RCU-safe manner Oliver Upton
2024-02-13 9:32 ` [PATCH v2 09/23] KVM: arm64: vgic: Rely on RCU protection in vgic_get_lpi() Oliver Upton
2024-02-13 9:32 ` [PATCH v2 10/23] KVM: arm64: vgic: Ensure the irq refcount is nonzero when taking a ref Oliver Upton
2024-02-13 9:32 ` [PATCH v2 11/23] KVM: arm64: vgic: Don't acquire the lpi_list_lock in vgic_put_irq() Oliver Upton
2024-02-13 9:32 ` [PATCH v2 12/23] KVM: arm64: vgic-its: Lazily allocate LPI translation cache Oliver Upton
2024-02-13 9:32 ` [PATCH v2 13/23] KVM: arm64: vgic-its: Pick cache victim based on usage count Oliver Upton
2024-02-13 9:37 ` [PATCH v2 14/23] KVM: arm64: vgic-its: Protect cached vgic_irq pointers with RCU Oliver Upton
2024-02-13 9:39 ` [PATCH v2 15/23] KVM: arm64: vgic-its: Treat the LPI translation cache as an rculist Oliver Upton
2024-02-13 9:40 ` [PATCH v2 16/23] KVM: arm64: vgic-its: Rely on RCU to protect translation cache reads Oliver Upton
2024-02-13 9:40 ` [PATCH v2 17/23] KVM: selftests: Align with kernel's GIC definitions Oliver Upton
2024-02-13 9:40 ` [PATCH v2 18/23] KVM: selftests: Standardise layout of GIC frames Oliver Upton
2024-02-13 9:41 ` [PATCH v2 19/23] KVM: selftests: Add a minimal library for interacting with an ITS Oliver Upton
2024-02-14 17:32 ` Marc Zyngier
2024-02-14 19:00 ` Oliver Upton
2024-02-14 20:09 ` Marc Zyngier [this message]
2024-02-14 20:55 ` Oliver Upton
2024-02-14 21:06 ` Oliver Upton
2024-02-13 9:41 ` [PATCH v2 20/23] KVM: selftests: Add helper for enabling LPIs on a redistributor Oliver Upton
2024-02-13 9:42 ` [PATCH v2 21/23] KVM: selftests: Use MPIDR_HWID_BITMASK from cputype.h Oliver Upton
2024-02-13 9:43 ` [PATCH v2 22/23] KVM: selftests: Hack in support for aligned page allocations Oliver Upton
2024-02-13 9:43 ` [PATCH v2 23/23] KVM: selftests: Add stress test for LPI injection Oliver Upton
2024-02-13 20:12 ` [PATCH v2 00/23] KVM: arm64: Improvements to " Oliver Upton
2024-02-14 17:43 ` Marc Zyngier
2024-02-14 18:40 ` Oliver Upton
2024-02-15 15:37 ` Marc Zyngier
2024-02-15 20:15 ` Oliver Upton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86v86q4xkf.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=james.morse@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=oliver.upton@linux.dev \
--cc=suzuki.poulose@arm.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox