Re: [PATCH] vfio/pci: Static Resizable BAR capability

[Alex Williamson <alex.williamson@redhat.com>]

On Fri, 5 May 2023 10:29:36 +0200
Cédric Le Goater <clg@redhat.com> wrote:

> On 5/4/23 22:42, Alex Williamson wrote:
> > The PCI Resizable BAR (ReBAR) capability is currently hidden from the
> > VM because the protocol for interacting with the capability does not
> > support a mechanism for the device to reject an advertised supported
> > BAR size.  However, when assigned to a VM, the act of resizing the
> > BAR requires adjustment of host resources for the device, which
> > absolutely can fail.  Linux does not currently allow us to reserve
> > resources for the device independent of the current usage.
> > 
> > The only writable field within the ReBAR capability is the BAR Size
> > register.  The PCIe spec indicates that when written, the device
> > should immediately begin to operate with the provided BAR size.  The
> > spec however also notes that software must only write values
> > corresponding to supported sizes as indicated in the capability and
> > control registers.  Writing unsupported sizes produces undefined
> > results.  Therefore, if the hypervisor were to virtualize the
> > capability and control registers such that the current size is the
> > only indicated available size, then a write of anything other than
> > the current size falls into the category of undefined behavior,
> > where we can essentially expose the modified ReBAR capability as
> > read-only.
> > 
> > This may seem pointless, but users have reported that virtualizing
> > the capability in this way not only allows guest software to expose
> > related features as available (even if only cosmetic), but in some
> > scenarios can resolve guest driver issues.  Additionally, no
> > regressions in behavior have been reported for this change.
> > 
> > A caveat here is that the PCIe spec requires for compatibility that
> > devices report support for a size in the range of 1MB to 512GB,
> > therefore if the current BAR size falls outside that range we revert
> > to hiding the capability.
> > 
> > Signed-off-by: Alex Williamson <alex.williamson@redhat.com>  
> 
> Reviewed-by: Cédric Le Goater <clg@redhat.com>
> 
> Some more below.
> 
> > ---
> >   hw/vfio/pci.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++++-
> >   1 file changed, 48 insertions(+), 1 deletion(-)
> > 
> > diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
> > index ec9a854361ac..3b4d36ce87bf 100644
> > --- a/hw/vfio/pci.c
> > +++ b/hw/vfio/pci.c
> > @@ -2066,6 +2066,49 @@ static int vfio_add_std_cap(VFIOPCIDevice *vdev, uint8_t pos, Error **errp)
> >       return 0;
> >   }
> >   
> > +static int vfio_setup_rebar_ecap(VFIOPCIDevice *vdev, uint16_t pos)
> > +{
> > +    uint8_t bars = pci_get_byte(vdev->pdev.config + pos + PCI_REBAR_CTRL) >>
> > +                                                    PCI_REBAR_CTRL_NBAR_SHIFT;
> > +    int i;
> > +
> > +    for (i = 0; i < bars; i++) {
> > +        uint32_t cap, ctrl;
> > +        uint8_t size;
> > +
> > +        ctrl = pci_get_long(vdev->pdev.config + pos + PCI_REBAR_CTRL + (i * 8));
> > +        size = (ctrl & PCI_REBAR_CTRL_BAR_SIZE) >> PCI_REBAR_CTRL_BAR_SHIFT;
> > +
> > +        /*
> > +         * PCIe spec requires HW to support at least one size in the range 1MB
> > +         * to 512GB, we intend to mask all sizes except the one currently  
> May be mention "7.8.6 Resizable BAR Extended Capability" of the PCIe specs ?

Sure.  I guess I assumed we're not pulling from minutia elsewhere in
the spec and the capability definition is obviously related, but
referencing specific versions can still be useful for later comparison.

> Because the size encoding is different between the CAP and CTRL registers
> and the '19' and '+ 4' values below are a bit confusing. I don't see how
> to make things better without macros (seems unnecessary as of today)

We're not actually using any size encoding relative to the CTRL
register given our requirement that the current size must fall within
the original definition of Resizable BARs for compatibility, so I don't
feel obligated to address a generalized algorithm to support that.  I'm
not sure how to make the BAR Size + 4 bit shift or size 19 limit more
clear either, it's not as if these can be derived outside of the spec
references.

> 
> > +         * enabled in the size field, therefore if it's outside the range,
> > +         * hide the whole capability.
> > +         */
> > +        if (size > 19) {  
> 
> should we not report a warning ?

We don't warn currently for hiding it and we're getting a request to
tone down the kernel logging for hiding capabilities.  I don't want to
make a 640KB caliber faux pas, but we probably have some time yet
before >512GB BARs become an issue.  If we reevaluate this later, we'd
probably also want a device option to expose the capability regardless
of the spec requirement.  In an ideal world we'd have some ability to
create resource reservations in the host so we might be able to present
a more capable REBAR capability to the VM without risk that resizing
resources aren't available when the VM requests them.  Thanks,

Alex