Re: [PATCH vhost v13 04/12] virtio_ring: support add premapped buf

[Ilya Leoshkevich <iii@xxxxxxxxxxxxx>]

On Thu, 2023-08-10 at 20:30 +0800, Xuan Zhuo wrote:
> If the vq is the premapped mode, use the sg_dma_address() directly.
> 
> Signed-off-by: Xuan Zhuo <xuanzhuo@xxxxxxxxxxxxxxxxx>
> ---
>  drivers/virtio/virtio_ring.c | 19 +++++++++++++++++--
>  1 file changed, 17 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/virtio/virtio_ring.c
> b/drivers/virtio/virtio_ring.c
> index 8e81b01e0735..f9f772e85a38 100644
> --- a/drivers/virtio/virtio_ring.c
> +++ b/drivers/virtio/virtio_ring.c
> @@ -361,6 +361,11 @@ static struct device *vring_dma_dev(const struct
> vring_virtqueue *vq)
>  static int vring_map_one_sg(const struct vring_virtqueue *vq, struct
> scatterlist *sg,
>  			    enum dma_data_direction direction,
> dma_addr_t *addr)
>  {
> +	if (vq->premapped) {
> +		*addr = sg_dma_address(sg);
> +		return 0;
> +	}
> +

I wonder if something needs to be done for KMSAN here, like it's done
by the next block in this function? I'm looking into what seems to be a
KMSAN false positive on s390x:

BUG: KMSAN: uninit-value in receive_buf+0x45ca/0x6990             
 receive_buf+0x45ca/0x6990                                            
 virtnet_poll+0x17e0/0x3130                                           
 net_rx_action+0x832/0x26e0                                           
 handle_softirqs+0x330/0x10f0                                         
 [...]
                                                                                                         
Uninit was created at:                                                
 __alloc_pages_noprof+0x62a/0xe60                                     
 alloc_pages_noprof+0x392/0x830                                       
 skb_page_frag_refill+0x21a/0x5c0                                     
 virtnet_rq_alloc+0x50/0x1500                                         
 try_fill_recv+0x372/0x54c0                                           
 virtnet_open+0x210/0xbe0                                             
 __dev_open+0x56e/0x920                                               
 __dev_change_flags+0x39c/0x2000                                      
 dev_change_flags+0xaa/0x200                                          
 do_setlink+0x197a/0x7420                                             
 rtnl_setlink+0x77c/0x860                                             
 [...]

My understanding is that virtnet_rq_alloc() allocates a page for
receiving data from a virtio device, which is then wrapped in struct
scatterlist by virtnet_rq_init_one_sg(), which is in turn associated
with a virtqueue through the virtqueue_add_inbuf_ctx() ->
virtqueue_add() -> virtqueue_add_split() -> vring_map_one_sg()
call chain.

Someone should unpoison this page (since KMSAN doesn't know that the
hypervisor writes to it), and today for the non-premapped case this is
vring_map_one_sg(). So I tried the following naive fix:

        if (vq->premapped) {
                *addr = sg_dma_address(sg);
+               if (!vq->use_dma_api) {
+                       kmsan_handle_dma(phys_to_page(*addr), sg-
>offset, sg->length, direction);
+               }

but it didn't help. I plan to investigate this further, but any hints
are much appreciated.

>  	if (!vq->use_dma_api) {
>  		/*
>  		 * If DMA is not used, KMSAN doesn't know that the
> scatterlist