On Wed, Nov 30, 2022 at 02:33:51PM +0800, Jason Wang wrote: > On Tue, Nov 29, 2022 at 11:57 PM Peter Xu <pet...@redhat.com> wrote: > > > > On Tue, Nov 29, 2022 at 04:10:37PM +0800, Jason Wang wrote: > > > The IOVA tree is only built during page walk this breaks the device > > > that tries to use UNMAP notifier only. One example is vhost-net, it > > > tries to use UNMAP notifier when vIOMMU doesn't support DEVIOTLB_UNMAP > > > notifier (e.g when dt mode is not enabled). The interesting part is > > > that it doesn't use MAP since it can query the IOMMU translation by > > > itself upon a IOTLB miss. > > > > > > This doesn't work since Qemu doesn't build IOVA tree in IOMMU > > > translation which means the UNMAP notifier won't be triggered during > > > the page walk since Qemu think it is never mapped. This could be > > > noticed when vIOMMU is used with vhost_net but dt is disabled. > > > > > > Fixing this by build the iova tree during IOMMU translation, this > > > makes sure the UNMAP notifier event could be identified during page > > > walk. And we need to walk page table not only for UNMAP notifier but > > > for MAP notifier during PSI. > > > > > > Signed-off-by: Jason Wang <jasow...@redhat.com> > > > --- > > > hw/i386/intel_iommu.c | 43 ++++++++++++++++++------------------------- > > > 1 file changed, 18 insertions(+), 25 deletions(-) > > > > > > diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c > > > index d025ef2873..edeb62f4b2 100644 > > > --- a/hw/i386/intel_iommu.c > > > +++ b/hw/i386/intel_iommu.c > > > @@ -1834,6 +1834,8 @@ static bool vtd_do_iommu_translate(VTDAddressSpace > > > *vtd_as, PCIBus *bus, > > > uint8_t access_flags; > > > bool rid2pasid = (pasid == PCI_NO_PASID) && s->root_scalable; > > > VTDIOTLBEntry *iotlb_entry; > > > + const DMAMap *mapped; > > > + DMAMap target; > > > > > > /* > > > * We have standalone memory region for interrupt addresses, we > > > @@ -1954,6 +1956,21 @@ out: > > > entry->translated_addr = vtd_get_slpte_addr(slpte, s->aw_bits) & > > > page_mask; > > > entry->addr_mask = ~page_mask; > > > entry->perm = access_flags; > > > + > > > + target.iova = entry->iova; > > > + target.size = entry->addr_mask; > > > + target.translated_addr = entry->translated_addr; > > > + target.perm = entry->perm; > > > + > > > + mapped = iova_tree_find(vtd_as->iova_tree, &target); > > > + if (!mapped) { > > > + /* To make UNMAP notifier work, we need build iova tree here > > > + * in order to have the UNMAP iommu notifier to be triggered > > > + * during the page walk. > > > + */ > > > + iova_tree_insert(vtd_as->iova_tree, &target); > > > + } > > > + > > > return true; > > > > > > error: > > > @@ -2161,31 +2178,7 @@ static void > > > vtd_iotlb_page_invalidate_notify(IntelIOMMUState *s, > > > ret = vtd_dev_to_context_entry(s, pci_bus_num(vtd_as->bus), > > > vtd_as->devfn, &ce); > > > if (!ret && domain_id == vtd_get_domain_id(s, &ce, > > > vtd_as->pasid)) { > > > - if (vtd_as_has_map_notifier(vtd_as)) { > > > - /* > > > - * As long as we have MAP notifications registered in > > > - * any of our IOMMU notifiers, we need to sync the > > > - * shadow page table. > > > - */ > > > - vtd_sync_shadow_page_table_range(vtd_as, &ce, addr, > > > size); > > > - } else { > > > - /* > > > - * For UNMAP-only notifiers, we don't need to walk the > > > - * page tables. We just deliver the PSI down to > > > - * invalidate caches. > > > - */ > > > - IOMMUTLBEvent event = { > > > - .type = IOMMU_NOTIFIER_UNMAP, > > > - .entry = { > > > - .target_as = &address_space_memory, > > > - .iova = addr, > > > - .translated_addr = 0, > > > - .addr_mask = size - 1, > > > - .perm = IOMMU_NONE, > > > - }, > > > - }; > > > - memory_region_notify_iommu(&vtd_as->iommu, 0, event); > > > > Isn't this path the one that will be responsible for pass-through the UNMAP > > events from guest to vhost when there's no MAP notifier requested? > > Yes, but it doesn't do the iova tree removing. More below. > > > > > At least that's what I expected when introducing the iova tree, because for > > unmap-only device hierachy I thought we didn't need the tree at all. > > Then the problem is the UNMAP notifier won't be trigger at all during > DSI page walk in vtd_page_walk_one() because there's no DMAMap stored > in the iova tree.: > > if (!mapped) { > /* Skip since we didn't map this range at all */ > trace_vtd_page_walk_one_skip_unmap(entry->iova, entry->addr_mask); > return 0; > } > > So I choose to build the iova tree in translate then we won't go > within the above condition.
That's also why it's weird because IIUC we should never walk a page table at all if there's no MAP notifier regiestered. When I'm looking at the walk callers I found that indeed there's one path missing where can cause it to actually walk the pgtables without !MAP, then I also noticed commit f7701e2c7983b6, and I'm wondering what we really want is something like this: diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c index a08ee85edf..c46f3db992 100644 --- a/hw/i386/intel_iommu.c +++ b/hw/i386/intel_iommu.c @@ -1536,7 +1536,7 @@ static int vtd_sync_shadow_page_table(VTDAddressSpace *vtd_as) VTDContextEntry ce; IOMMUNotifier *n; - if (!(vtd_as->iommu.iommu_notify_flags & IOMMU_NOTIFIER_IOTLB_EVENTS)) { + if (!vtd_as_has_map_notifier(vtd_as)) { return 0; } So I'm not sure whether this patch is the problem resolver; so far I feel like it's patch 2 who does the real fix. Then we can have the above oneliner so we stop any walks when there's no map notifiers. Thanks, -- Peter Xu