On Tue, 20 Feb 2024 07:29:22 +0000, <ankita@xxxxxxxxxx> wrote: > > From: Ankit Agrawal <ankita@xxxxxxxxxx> > > Currently, KVM for ARM64 maps at stage 2 memory that is considered device > with DEVICE_nGnRE memory attributes; this setting overrides (per > ARM architecture [1]) any device MMIO mapping present at stage 1, > resulting in a set-up whereby a guest operating system cannot > determine device MMIO mapping memory attributes on its own but > it is always overridden by the KVM stage 2 default. > > This set-up does not allow guest operating systems to select device > memory attributes independently from KVM stage-2 mappings > (refer to [1], "Combining stage 1 and stage 2 memory type attributes"), > which turns out to be an issue in that guest operating systems > (e.g. Linux) may request to map devices MMIO regions with memory > attributes that guarantee better performance (e.g. gathering > attribute - that for some devices can generate larger PCIe memory > writes TLPs) and specific operations (e.g. unaligned transactions) > such as the NormalNC memory type. > > The default device stage 2 mapping was chosen in KVM for ARM64 since > it was considered safer (i.e. it would not allow guests to trigger > uncontained failures ultimately crashing the machine) but this > turned out to be asynchronous (SError) defeating the purpose. > > For these reasons, relax the KVM stage 2 device memory attributes > from DEVICE_nGnRE to Normal-NC. > > Generalizing to other devices may be problematic, however. E.g. > GICv2 VCPU interface, which is effectively a shared peripheral, can > allow a guest to affect another guest's interrupt distribution. Hence > limit the change to VFIO PCI as caution. This is achieved by > making the VFIO PCI core module set a flag that is tested by KVM > to activate the code. This could be extended to other devices in > the future once that is deemed safe. > > [1] section D8.5 - DDI0487J_a_a-profile_architecture_reference_manual.pdf > > Applied over v6.8-rc5. For the series, Reviewed-by: Marc Zyngier <maz@xxxxxxxxxx> M. -- Without deviation from the norm, progress is not possible.
