Re: [RFC 1/2] vfio/pci: keep the prefetchable attribute of a BAR region in VMA

[Marc Zyngier]

On Tue, 04 May 2021 19:03:48 +0100,
Alex Williamson <alex.williamson@xxxxxxxxxx> wrote:
> 
> On Mon, 3 May 2021 22:03:59 +0000
> Vikram Sethi <vsethi@xxxxxxxxxx> wrote:
> 
> > Hi Alex,
> > > From: Alex Williamson <alex.williamson@xxxxxxxxxx>
> > > On Mon, 3 May 2021 13:59:43 +0000
> > > Vikram Sethi <vsethi@xxxxxxxxxx> wrote:  
> > > > > From: Mark Kettenis <mark.kettenis@xxxxxxxxx>  
> > > > > > From: Marc Zyngier <maz@xxxxxxxxxx>  
> > > >
> > > > snip  
> > > > > > If, by enumerating the properties of Prefetchable, you can show
> > > > > > that they are a strict superset of Normal_NC, I'm on board. I
> > > > > > haven't seen such an enumeration so far.
> > > > > >  
> > > > snip  
> > > > > > Right, so we have made a small step in the direction of mapping
> > > > > > "prefetchable" onto "Normal_NC", thanks for that. What about all
> > > > > > the other properties (unaligned accesses, ordering, gathering)?  
> > > > >  
> > > > Regarding gathering/write combining, that is also allowed to
> > > > prefetchable per PCI spec  
> > > 
> > > As others have stated, gather/write combining itself is not well defined.
> > >   
> > > > From 1.3.2.2 of 5/0 base spec:
> > > > A PCI Express Endpoint requesting memory resources through a BAR must
> > > > set the BAR's Prefetchable bit unless the range contains locations
> > > > with read side-effects or locations in which the Function does not tolerate  
> > > write merging.
> > > 
> > > "write merging"  This is a very specific thing, per PCI 3.0, 3.2.6:
> > > 
> > >   Byte Merging – occurs when a sequence of individual memory writes
> > >   (bytes or words) are merged into a single DWORD.
> > > 
> > > The semantics suggest quadword support in addition to dword, but
> > > don't require it.  Writes to bytes within a dword can be merged,
> > > but duplicate writes cannot.
> > > 
> > > It seems like an extremely liberal application to suggest that
> > > this one write semantic encompasses full write combining
> > > semantics, which itself is not clearly defined.
> > >  
> > Talking to our PCIe SIG representative, PCIe switches are not
> > allowed do any of the byte Merging/combining etc as defined in the
> > PCI spec, and per a rather poorly worded Implementation note in
> > the spec says that no known PCIe Host Briddges/Root ports do it
> > either.  So for PCIe we don't think believe there is any byte
> > merging that happens in the PCIe fabric so it's really a matter of
> > what happens in the CPU core and interconnect before it gets to
> > the PCIe hierarchy.
> 
> Yes, but merged writes, no matter where they happen, are still the only
> type of write combining that a prefetchable BAR on an endpoint is
> required to support.
> 
> > Stepping back from this patchset, do you agree that it is
> > desirable to support Write combining as understood by ioremap_wc
> > to work in all ISA guests including ARMv8?
> 
> Yes, a userspace vfio driver should be able to take advantage of the
> hardware capabilities.  I think where we disagree is whether it's
> universally safe to assume write combining based on the PCI
> prefetchable capability of a BAR.  If that's something that can be
> assumed universally for ARMv8 based on the architecture specification
> compatibility with the PCI definition of a prefetchable BAR, then I
> would expect a helper somewhere in arch code that returns the right
> page protection flags, so that arch maintainers don't need to scour
> device drivers for architecture hacks.  Otherwise, it needs to be
> exposed through the vfio uAPI to allow the userspace device driver
> itself to select these semantics.
> 
> > You note that x86 virtualization doesn't have this issue, but
> > KVM-ARM does because KVM maps all device BARs as Device Memory
> > type nGnRE which doesn't allow ioremap_wc from within the guest to
> > get the actual semantics desired.
> > 
> > Marc and others have suggested that userspace should provide the
> > hints. But the question is how would qemu vfio do this either? We
> > would be stuck in the same arguments as here, as to what is the
> > correct way to determine the desired attributes for a given BAR
> > such that eventually when a driver in the guest asks for
> > ioremap_wc it actually has a chance of working in the guest, in
> > all ISAs.  Do you have any suggestions on how to make progress
> > here?
> 
> We do need some way for userspace drivers to also make use of WC
> semantics, there were some discussions in the past, I think others have
> referenced them as well, but nothing has been proposed for a vfio API.
> 
> If we had that API, QEMU deciding to universally enable WC for all
> vfio prefetchable BARs seems only marginally better than this approach.
> Ultimately the mapping should be based on the guest driver semantics,
> and if you don't have any visibility to that on KVM/arm like we have on
> KVM/x86, then it seems like there's nothing to trigger a vfio API here
> anyway.

There isn't much KVM/arm64 can do here unless it is being told what to
do. We don't have visibility on the guest's page tables in a reliable
way, and trusting them is not something I want to entertain anyway.

> If that's the case, I'd probably go back to letting the arch/arm64 folks
> declare that WC is compatible with the definition of PCI prefetchable
> and export some sort of pgprot_pci_prefetchable() helper where the
> default would be to #define it as pgproc_noncached() #ifndef by the
> arch.
> 
> > A device specific list of which BARs are OK to allow ioremap_wc
> > for seems terrible and I'm not sure if a commandline qemu option
> > is any better. Is the user of device assignment/sysadmin supposed
> > to know which BAR of which device is OK to allow ioremap_wc for?
> 
> No, a device specific userspace driver should know such device
> semantics, but QEMU is not such a driver.  Burdening the hypervisor
> user/admin is not a good solution either.  I'd lean on KVM/arm64 folks
> to know how the guest driver semantics can be exposed to the
> hypervisor.  Thanks,

I don't see a good way for that, unless we make it a per-guest buy-in
where all PCI prefetchable mappings get the same treatment. I'm
prepared to bet that this will break when two devices will have
different requirements. It would also require userspace to buy into
this scheme though, which is crap.

Exposing the guest's preference on a per-device basis seems difficult
(KVM knows nothing about the PCI devices) and would require some PV
interface that will quickly become unmaintainable.

	M.

-- 
Without deviation from the norm, progress is not possible.