On Tue, Aug 11, 2020 at 7:01 PM Eugenio Perez Martin
<epere...@redhat.com> wrote:
>
> On Fri, Jun 26, 2020 at 11:29 PM Peter Xu <pet...@redhat.com> wrote:
> >
> > Hi, Eugenio,
> >
> > (CCing Eric, Yan and Michael too)
> >
> > On Fri, Jun 26, 2020 at 08:41:22AM +0200, Eugenio Pérez wrote:
> > > diff --git a/memory.c b/memory.c
> > > index 2f15a4b250..7f789710d2 100644
> > > --- a/memory.c
> > > +++ b/memory.c
> > > @@ -1915,8 +1915,6 @@ void memory_region_notify_one(IOMMUNotifier
> > > *notifier,
> > > return;
> > > }
> > >
> > > - assert(entry->iova >= notifier->start && entry_end <= notifier->end);
> >
> > I can understand removing the assertion should solve the issue, however imho
> > the major issue is not about this single assertion but the whole addr_mask
> > issue behind with virtio...
> >
> > For normal IOTLB invalidations, we were trying our best to always make
> > IOMMUTLBEntry contain a valid addr_mask to be 2**N-1. E.g., that's what
> > we're
> > doing with the loop in vtd_address_space_unmap().
> >
> > But this is not the first time that we may want to break this assumption for
> > virtio so that we make the IOTLB a tuple of (start, len), then that len can
> > be
> > not a address mask any more. That seems to be more efficient for things
> > like
> > vhost because iotlbs there are not page based, so it'll be inefficient if we
> > always guarantee the addr_mask because it'll be quite a lot more roundtrips
> > of
> > the same range of invalidation. Here we've encountered another issue of
> > triggering the assertion with virtio-net, but only with the old RHEL7 guest.
> >
> > I'm thinking whether we can make the IOTLB invalidation configurable by
> > specifying whether the backend of the notifier can handle arbitary address
> > range in some way. So we still have the guaranteed addr_masks by default
> > (since I still don't think totally break the addr_mask restriction is
> > wise...),
> > however we can allow the special backends to take adavantage of using
> > arbitary
> > (start, len) ranges for reasons like performance.
> >
> > To do that, a quick idea is to introduce a flag
> > IOMMU_NOTIFIER_ARBITRARY_MASK
> > to IOMMUNotifierFlag, to declare that the iommu notifier (and its backend)
> > can
> > take arbitrary address mask, then it can be any value and finally becomes a
> > length rather than an addr_mask. Then for every iommu notify() we can
> > directly
> > deliver whatever we've got from the upper layer to this notifier. With the
> > new
> > flag, vhost can do iommu_notifier_init() with UNMAP|ARBITRARY_MASK so it
> > declares this capability. Then no matter for device iotlb or normal iotlb,
> > we
> > skip the complicated procedure to split a big range into small ranges that
> > are
> > with strict addr_mask, but directly deliver the message to the iommu
> > notifier.
> > E.g., we can skip the loop in vtd_address_space_unmap() if the notifier is
> > with
> > ARBITRARY flag set.
> >
> > Then, the assert() is not accurate either, and may become something like:
> >
> > diff --git a/memory.c b/memory.c
> > index 2f15a4b250..99d0492509 100644
> > --- a/memory.c
> > +++ b/memory.c
> > @@ -1906,6 +1906,7 @@ void memory_region_notify_one(IOMMUNotifier *notifier,
> > {
> > IOMMUNotifierFlag request_flags;
> > hwaddr entry_end = entry->iova + entry->addr_mask;
> > + IOMMUTLBEntry tmp = *entry;
> >
> > /*
> > * Skip the notification if the notification does not overlap
> > @@ -1915,7 +1916,13 @@ void memory_region_notify_one(IOMMUNotifier
> > *notifier,
> > return;
> > }
> >
> > - assert(entry->iova >= notifier->start && entry_end <= notifier->end);
> > + if (notifier->notifier_flags & IOMMU_NOTIFIER_ARBITRARY_MASK) {
> > + tmp.iova = MAX(tmp.iova, notifier->start);
>
> Hi!
>
> If I modify the tmp.iova, the guest will complain (in dmesg):
> [ 154.426828] DMAR: DRHD: handling fault status reg 2
> [ 154.427700] DMAR: [DMA Read] Request device [01:00.0] fault addr
> ffff90d53fada000 [fault reason 04] Access beyond MGAW
>
> And will not forward packets anymore on that interface. Guests are
> totally ok if I only modify addr_mask.
>
> Still investigating the issue.
>
> Thanks!
>
Sorry it seems that I lost the nitpick Yan pointed out :).
Sending RFC v3.
>
> > + tmp.addr_mask = MIN(tmp.addr_mask, notifier->end);
> > + assert(tmp.iova <= tmp.addr_mask);
> > + } else {
> > + assert(entry->iova >= notifier->start && entry_end <=
> > notifier->end);
> > + }
> >
> > if (entry->perm & IOMMU_RW) {
> > request_flags = IOMMU_NOTIFIER_MAP;
> > @@ -1924,7 +1931,7 @@ void memory_region_notify_one(IOMMUNotifier *notifier,
> > }
> >
> > if (notifier->notifier_flags & request_flags) {
> > - notifier->notify(notifier, entry);
> > + notifier->notify(notifier, &tmp);
> > }
> > }
> >
> > Then we can keep the assert() for e.g. vfio, however vhost can skip it and
> > even
> > get some further performance boosts.. Does that make sense?
> >
> > Thanks,
> >
> > --
> > Peter Xu
> >
