Message ID | 1561365559-10235-1-git-send-email-yan.y.zhao@intel.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [v3] memory: warning on out of scope notification | expand |
Hi Yan, On 6/24/19 10:39 AM, Yan Zhao wrote: > if an entry has parts out of scope of notifier's range, print warning > message. > > Out of scope mapping/unmapping would cause problem, as in below case: > > 1. initially there are two notifiers with ranges > 0-0xfedfffff, 0xfef00000-0xffffffffffffffff, > IOVAs from 0x3c000000 - 0x3c1fffff is in shadow page table. > > 2. in vfio, memory_region_register_iommu_notifier() is followed by > memory_region_iommu_replay(), which will first call address space > unmap, > and walk and add back all entries in vtd shadow page table. e.g. > (1) for notifier 0-0xfedfffff, > IOVAs from 0 - 0xffffffff get unmapped, > and IOVAs from 0x3c000000 - 0x3c1fffff get mapped > (2) for notifier 0xfef00000-0xffffffffffffffff > IOVAs from 0 - 0x7fffffffff get unmapped, > but IOVAs from 0x3c000000 - 0x3c1fffff cannot get mapped back. > > Cc: Auger Eric <eric.auger@redhat.com> > Signed-off-by: Yan Zhao <yan.y.zhao@intel.com> > > --- > v3: > refined code style and message format > > v2: > 1. added a local variable entry_end (Auger Eric) > 2. using PRIx64 as format for address range in warning message > (Auger Eric) > --- > memory.c | 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) > > diff --git a/memory.c b/memory.c > index 0a089a7..c7154ab 100644 > --- a/memory.c > +++ b/memory.c > @@ -1937,13 +1937,13 @@ void memory_region_notify_one(IOMMUNotifier *notifier, > IOMMUTLBEntry *entry) > { > IOMMUNotifierFlag request_flags; > + hwaddr entry_end = entry->iova + entry->addr_mask; > > /* > * Skip the notification if the notification does not overlap > * with registered range. > */ > - if (notifier->start > entry->iova + entry->addr_mask || > - notifier->end < entry->iova) { > + if (notifier->start > entry_end || notifier->end < entry->iova) { > return; > } > > @@ -1953,6 +1953,15 @@ void memory_region_notify_one(IOMMUNotifier *notifier, > request_flags = IOMMU_NOTIFIER_UNMAP; > } > > + if (entry->iova < notifier->start || entry_end > notifier->end) { > + warn_report("%s IOMMUTLBEntry 0x%" PRIx64 " - 0x%" PRIx64 > + " outside of notifier scope 0x%" PRIx64 " - 0x%" PRIx64, > + (request_flags == IOMMU_NOTIFIER_MAP) ? > + "Mapping" : "Unmapping", > + entry->iova, entry->iova + entry->addr_mask, entry_end as well. Then shouldn't we assert in that case? Thanks Eric > + notifier->start, notifier->end); > + } > + > if (notifier->notifier_flags & request_flags) { > notifier->notify(notifier, entry); > } >
On Mon, Jun 24, 2019 at 06:11:11PM +0800, Auger Eric wrote: > Hi Yan, > > On 6/24/19 10:39 AM, Yan Zhao wrote: > > if an entry has parts out of scope of notifier's range, print warning > > message. > > > > Out of scope mapping/unmapping would cause problem, as in below case: > > > > 1. initially there are two notifiers with ranges > > 0-0xfedfffff, 0xfef00000-0xffffffffffffffff, > > IOVAs from 0x3c000000 - 0x3c1fffff is in shadow page table. > > > > 2. in vfio, memory_region_register_iommu_notifier() is followed by > > memory_region_iommu_replay(), which will first call address space > > unmap, > > and walk and add back all entries in vtd shadow page table. e.g. > > (1) for notifier 0-0xfedfffff, > > IOVAs from 0 - 0xffffffff get unmapped, > > and IOVAs from 0x3c000000 - 0x3c1fffff get mapped > > (2) for notifier 0xfef00000-0xffffffffffffffff > > IOVAs from 0 - 0x7fffffffff get unmapped, > > but IOVAs from 0x3c000000 - 0x3c1fffff cannot get mapped back. > > > > Cc: Auger Eric <eric.auger@redhat.com> > > Signed-off-by: Yan Zhao <yan.y.zhao@intel.com> > > > > --- > > v3: > > refined code style and message format > > > > v2: > > 1. added a local variable entry_end (Auger Eric) > > 2. using PRIx64 as format for address range in warning message > > (Auger Eric) > > --- > > memory.c | 13 +++++++++++-- > > 1 file changed, 11 insertions(+), 2 deletions(-) > > > > diff --git a/memory.c b/memory.c > > index 0a089a7..c7154ab 100644 > > --- a/memory.c > > +++ b/memory.c > > @@ -1937,13 +1937,13 @@ void memory_region_notify_one(IOMMUNotifier *notifier, > > IOMMUTLBEntry *entry) > > { > > IOMMUNotifierFlag request_flags; > > + hwaddr entry_end = entry->iova + entry->addr_mask; > > > > /* > > * Skip the notification if the notification does not overlap > > * with registered range. > > */ > > - if (notifier->start > entry->iova + entry->addr_mask || > > - notifier->end < entry->iova) { > > + if (notifier->start > entry_end || notifier->end < entry->iova) { > > return; > > } > > > > @@ -1953,6 +1953,15 @@ void memory_region_notify_one(IOMMUNotifier *notifier, > > request_flags = IOMMU_NOTIFIER_UNMAP; > > } > > > > + if (entry->iova < notifier->start || entry_end > notifier->end) { > > + warn_report("%s IOMMUTLBEntry 0x%" PRIx64 " - 0x%" PRIx64 > > + " outside of notifier scope 0x%" PRIx64 " - 0x%" PRIx64, > > + (request_flags == IOMMU_NOTIFIER_MAP) ? > > + "Mapping" : "Unmapping", > > + entry->iova, entry->iova + entry->addr_mask, > entry_end as well. > > Then shouldn't we assert in that case? > Yes, assert is good. I'll change warning to assert then. Thanks Yan > Thanks > > Eric > > + notifier->start, notifier->end); > > + } > > + > > if (notifier->notifier_flags & request_flags) { > > notifier->notify(notifier, entry); > > } > >
diff --git a/memory.c b/memory.c index 0a089a7..c7154ab 100644 --- a/memory.c +++ b/memory.c @@ -1937,13 +1937,13 @@ void memory_region_notify_one(IOMMUNotifier *notifier, IOMMUTLBEntry *entry) { IOMMUNotifierFlag request_flags; + hwaddr entry_end = entry->iova + entry->addr_mask; /* * Skip the notification if the notification does not overlap * with registered range. */ - if (notifier->start > entry->iova + entry->addr_mask || - notifier->end < entry->iova) { + if (notifier->start > entry_end || notifier->end < entry->iova) { return; } @@ -1953,6 +1953,15 @@ void memory_region_notify_one(IOMMUNotifier *notifier, request_flags = IOMMU_NOTIFIER_UNMAP; } + if (entry->iova < notifier->start || entry_end > notifier->end) { + warn_report("%s IOMMUTLBEntry 0x%" PRIx64 " - 0x%" PRIx64 + " outside of notifier scope 0x%" PRIx64 " - 0x%" PRIx64, + (request_flags == IOMMU_NOTIFIER_MAP) ? + "Mapping" : "Unmapping", + entry->iova, entry->iova + entry->addr_mask, + notifier->start, notifier->end); + } + if (notifier->notifier_flags & request_flags) { notifier->notify(notifier, entry); }
if an entry has parts out of scope of notifier's range, print warning message. Out of scope mapping/unmapping would cause problem, as in below case: 1. initially there are two notifiers with ranges 0-0xfedfffff, 0xfef00000-0xffffffffffffffff, IOVAs from 0x3c000000 - 0x3c1fffff is in shadow page table. 2. in vfio, memory_region_register_iommu_notifier() is followed by memory_region_iommu_replay(), which will first call address space unmap, and walk and add back all entries in vtd shadow page table. e.g. (1) for notifier 0-0xfedfffff, IOVAs from 0 - 0xffffffff get unmapped, and IOVAs from 0x3c000000 - 0x3c1fffff get mapped (2) for notifier 0xfef00000-0xffffffffffffffff IOVAs from 0 - 0x7fffffffff get unmapped, but IOVAs from 0x3c000000 - 0x3c1fffff cannot get mapped back. Cc: Auger Eric <eric.auger@redhat.com> Signed-off-by: Yan Zhao <yan.y.zhao@intel.com> --- v3: refined code style and message format v2: 1. added a local variable entry_end (Auger Eric) 2. using PRIx64 as format for address range in warning message (Auger Eric) --- memory.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-)