On Thu, Dec 14, 2023 at 04:48:15PM +0100, Lorenzo Pieralisi wrote: [...] > > AFAICT, the only reason PCI devices can get the blanket treatment of > > Normal-NC at stage-2 is because userspace has a Device-* mapping and can't > > speculatively load from the alias. This feels a bit hacky, and maybe we > > should prioritize an interface for mapping a device into a VM w/o a > > valid userspace mapping. > > FWIW - I have tried to summarize the reasoning behind PCIe devices > Normal-NC default stage-2 safety in a document that I have just realized > now it has become this series cover letter, I don't think the PCI blanket > treatment is related *only* to the current user space mappings (ie > BTW, AFAICS it is also *possible* at present to map a prefetchable BAR through > sysfs with Normal-NC memory attributes in the host at the same time a PCI > device is passed-through to a guest with VFIO - and therefore we have a > dev-nGnRnE stage-1 mapping for it. Don't think anyone does that - what for - > but it is possible and KVM would not know about it). > > Again, FWIW, we were told (source Arm ARM) mismatched aliases concerning > device-XXX vs Normal-NC are not problematic as long as the transactions > issued for the related mappings are independent (and none of the > mappings is cacheable). > > I appreciate this is not enough to give everyone full confidence on > this solution robustness - that's why I wrote that up so that we know > what we are up against and write KVM interfaces accordingly. Apologies, I didn't mean to question what's going on here from the hardware POV. My concern was more from the kernel + user interfaces POV, this all seems to work (specifically for PCI) by maintaining an intentional mismatch between the VFIO stage-1 and KVM stage-2 mappings. If we add more behind-the-scenes tricks to get other MMIO mappings working in the future then this whole interaction will get even hairier. At least if we follow the stage-1 attributes (where possible) then we can document some sort of expected behavior in KVM. The VMM would need know if the device has read side-effects, as the only way to get a Normal-NC mapping in the guest would be to have one at stage-1. Kinda stinks to make the VMM aware of the device, but IMO it is a fundamental limitation of the way we back memslots right now. -- Thanks, Oliver
