drm/i915/kvmgt: Check the pfn got from vfio_pin_pages

Submitted by changbin.du@intel.com on March 29, 2018, 6:56 a.m.

Details

Message ID 1522306607-4914-1-git-send-email-changbin.du@intel.com
State New
Headers show
Series "drm/i915/kvmgt: Check the pfn got from vfio_pin_pages" ( rev: 1 ) in Intel GVT devel

Not browsing as part of any series.

Commit Message

changbin.du@intel.com March 29, 2018, 6:56 a.m.
From: Changbin Du <changbin.du@intel.com>

This can fix below oops. The target pfn must be mem backed.

[ 3639.109674] BUG: unable to handle kernel paging request at ffff8c44832a3000
[ 3639.109681] IP: memcpy_erms+0x6/0x10
[ 3639.109682] PGD 0 P4D 0
[ 3639.109685] Oops: 0000 1 SMP PTI
[ 3639.109726] CPU: 2 PID: 1724 Comm: qemu-system-x86 Not tainted 4.16.0-rc5+ #1
[ 3639.109727] Hardware name: /NUC7i7BNB, BIOS BNKBL357.86A.0050.2017.0816.2002 08/16/2017
[ 3639.109729] RIP: 0010:memcpy_erms+0x6/0x10
[ 3639.109730] RSP: 0018:ffffb1b7c3fbbbf0 EFLAGS: 00010246
[ 3639.109731] RAX: ffff8a44b6460000 RBX: 0000000036460000 RCX: 0000000000001000
[ 3639.109732] RDX: 0000000000001000 RSI: ffff8c44832a3000 RDI: ffff8a44b6460000
[ 3639.109733] RBP: 000000000006c8c0 R08: ffff8a44b6460000 R09: 0000000000000000
[ 3639.109734] R10: ffffb1b7c3fbbcd0 R11: ffff8a4d102018c0 R12: 0000000000000000
[ 3639.109734] R13: 0000000000000002 R14: 0000000000200000 R15: 0000000000000000
[ 3639.109736] FS: 00007f37f6d09700(0000) GS:ffff8a4d36d00000(0000) knlGS:0000000000000000
[ 3639.109737] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3639.109738] CR2: ffff8c44832a3000 CR3: 000000088b7b8004 CR4: 00000000003626e0
[ 3639.109739] Call Trace:
[ 3639.109743] swiotlb_tbl_map_single+0x2bb/0x300
[ 3639.109746] map_single+0x30/0x80
[ 3639.109748] swiotlb_map_page+0x87/0x150
[ 3639.109751] kvmgt_dma_map_guest_page+0x329/0x3a0 [kvmgt]
[ 3639.109764] ? kvm_write_guest_offset_cached+0x84/0xe0 [kvm]
[ 3639.109789] intel_vgpu_emulate_ggtt_mmio_write+0x1f4/0x250 [i915]
[ 3639.109808] intel_vgpu_emulate_mmio_write+0x162/0x230 [i915]
[ 3639.109811] intel_vgpu_rw+0x1fc/0x240 [kvmgt]
[ 3639.109813] intel_vgpu_write+0x164/0x1f0 [kvmgt]
[ 3639.109816] __vfs_write+0x33/0x170
[ 3639.109818] ? do_vfs_ioctl+0x9f/0x5f0
[ 3639.109820] vfs_write+0xb3/0x1a0
[ 3639.109822] SyS_pwrite64+0x90/0xb0
[ 3639.109825] do_syscall_64+0x68/0x120
[ 3639.109827] entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 3639.109829] RIP: 0033:0x7f3802b2d873
[ 3639.109830] RSP: 002b:00007f37f6d08670 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[ 3639.109831] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f3802b2d873
[ 3639.109832] RDX: 0000000000000008 RSI: 00007f37f6d086a0 RDI: 000000000000001a
[ 3639.109833] RBP: 00007f37f6d086c0 R08: 0000000000000008 R09: ffffffffffffffff
[ 3639.109834] R10: 00000000008041c8 R11: 0000000000000293 R12: 00007ffd8bbf92ae
[ 3639.109835] R13: 00007ffd8bbf92af R14: 00007f37f6d09700 R15: 00007f37f6d099c0

Signed-off-by: Changbin Du <changbin.du@intel.com>
---
 drivers/gpu/drm/i915/gvt/kvmgt.c | 6 ++++++
 1 file changed, 6 insertions(+)

Patch hide | download patch | download mbox

diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c
index 9d1c948..d80e817 100644
--- a/drivers/gpu/drm/i915/gvt/kvmgt.c
+++ b/drivers/gpu/drm/i915/gvt/kvmgt.c
@@ -123,6 +123,12 @@  static int gvt_dma_map_page(struct intel_vgpu *vgpu, unsigned long gfn,
 		return -EINVAL;
 	}
 
+	if (!pfn_valid(pfn)) {
+		gvt_vgpu_err("pfn 0x%lx is not mem backed\n", pfn);
+		vfio_unpin_pages(mdev_dev(vgpu->vdev.mdev), &gfn, 1);
+		return -EINVAL;
+	}
+
 	/* Setup DMA mapping. */
 	page = pfn_to_page(pfn);
 	*dma_addr = dma_map_page(dev, page, 0, PAGE_SIZE,

Comments

On 2018.03.29 14:56:47 +0800, changbin.du@intel.com wrote:
> From: Changbin Du <changbin.du@intel.com>
> 
> This can fix below oops. The target pfn must be mem backed.
>

So this will make dma map fail and not be able to resolve ggtt write?
And why after vfio pin pages, pfn is invalid? Do we by some way
wrongly keep pinning or forget to unpin? Feel like a hack but not a fine fix..
Or elaborate more on the problem?

> [ 3639.109674] BUG: unable to handle kernel paging request at ffff8c44832a3000
> [ 3639.109681] IP: memcpy_erms+0x6/0x10
> [ 3639.109682] PGD 0 P4D 0
> [ 3639.109685] Oops: 0000 1 SMP PTI
> [ 3639.109726] CPU: 2 PID: 1724 Comm: qemu-system-x86 Not tainted 4.16.0-rc5+ #1
> [ 3639.109727] Hardware name: /NUC7i7BNB, BIOS BNKBL357.86A.0050.2017.0816.2002 08/16/2017
> [ 3639.109729] RIP: 0010:memcpy_erms+0x6/0x10
> [ 3639.109730] RSP: 0018:ffffb1b7c3fbbbf0 EFLAGS: 00010246
> [ 3639.109731] RAX: ffff8a44b6460000 RBX: 0000000036460000 RCX: 0000000000001000
> [ 3639.109732] RDX: 0000000000001000 RSI: ffff8c44832a3000 RDI: ffff8a44b6460000
> [ 3639.109733] RBP: 000000000006c8c0 R08: ffff8a44b6460000 R09: 0000000000000000
> [ 3639.109734] R10: ffffb1b7c3fbbcd0 R11: ffff8a4d102018c0 R12: 0000000000000000
> [ 3639.109734] R13: 0000000000000002 R14: 0000000000200000 R15: 0000000000000000
> [ 3639.109736] FS: 00007f37f6d09700(0000) GS:ffff8a4d36d00000(0000) knlGS:0000000000000000
> [ 3639.109737] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 3639.109738] CR2: ffff8c44832a3000 CR3: 000000088b7b8004 CR4: 00000000003626e0
> [ 3639.109739] Call Trace:
> [ 3639.109743] swiotlb_tbl_map_single+0x2bb/0x300
> [ 3639.109746] map_single+0x30/0x80
> [ 3639.109748] swiotlb_map_page+0x87/0x150
> [ 3639.109751] kvmgt_dma_map_guest_page+0x329/0x3a0 [kvmgt]
> [ 3639.109764] ? kvm_write_guest_offset_cached+0x84/0xe0 [kvm]
> [ 3639.109789] intel_vgpu_emulate_ggtt_mmio_write+0x1f4/0x250 [i915]
> [ 3639.109808] intel_vgpu_emulate_mmio_write+0x162/0x230 [i915]
> [ 3639.109811] intel_vgpu_rw+0x1fc/0x240 [kvmgt]
> [ 3639.109813] intel_vgpu_write+0x164/0x1f0 [kvmgt]
> [ 3639.109816] __vfs_write+0x33/0x170
> [ 3639.109818] ? do_vfs_ioctl+0x9f/0x5f0
> [ 3639.109820] vfs_write+0xb3/0x1a0
> [ 3639.109822] SyS_pwrite64+0x90/0xb0
> [ 3639.109825] do_syscall_64+0x68/0x120
> [ 3639.109827] entry_SYSCALL_64_after_hwframe+0x3d/0xa2
> [ 3639.109829] RIP: 0033:0x7f3802b2d873
> [ 3639.109830] RSP: 002b:00007f37f6d08670 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
> [ 3639.109831] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f3802b2d873
> [ 3639.109832] RDX: 0000000000000008 RSI: 00007f37f6d086a0 RDI: 000000000000001a
> [ 3639.109833] RBP: 00007f37f6d086c0 R08: 0000000000000008 R09: ffffffffffffffff
> [ 3639.109834] R10: 00000000008041c8 R11: 0000000000000293 R12: 00007ffd8bbf92ae
> [ 3639.109835] R13: 00007ffd8bbf92af R14: 00007f37f6d09700 R15: 00007f37f6d099c0
> 
> Signed-off-by: Changbin Du <changbin.du@intel.com>
> ---
>  drivers/gpu/drm/i915/gvt/kvmgt.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c
> index 9d1c948..d80e817 100644
> --- a/drivers/gpu/drm/i915/gvt/kvmgt.c
> +++ b/drivers/gpu/drm/i915/gvt/kvmgt.c
> @@ -123,6 +123,12 @@ static int gvt_dma_map_page(struct intel_vgpu *vgpu, unsigned long gfn,
>  		return -EINVAL;
>  	}
>  
> +	if (!pfn_valid(pfn)) {
> +		gvt_vgpu_err("pfn 0x%lx is not mem backed\n", pfn);
> +		vfio_unpin_pages(mdev_dev(vgpu->vdev.mdev), &gfn, 1);
> +		return -EINVAL;
> +	}
> +
>  	/* Setup DMA mapping. */
>  	page = pfn_to_page(pfn);
>  	*dma_addr = dma_map_page(dev, page, 0, PAGE_SIZE,
> -- 
> 2.7.4
> 
> _______________________________________________
> intel-gvt-dev mailing list
> intel-gvt-dev@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/intel-gvt-dev
On Fri, Mar 30, 2018 at 11:55:52AM +0800, Zhenyu Wang wrote:
> On 2018.03.29 14:56:47 +0800, changbin.du@intel.com wrote:
> > From: Changbin Du <changbin.du@intel.com>
> > 
> > This can fix below oops. The target pfn must be mem backed.
> >
> 
> So this will make dma map fail and not be able to resolve ggtt write?
> And why after vfio pin pages, pfn is invalid? Do we by some way
> wrongly keep pinning or forget to unpin? Feel like a hack but not a fine fix..
> Or elaborate more on the problem?
> 
Not mem backed pfn is allowed by vfio pin. This failure just means the guest gtt
entry is not valid and passed kvm_is_visible_gfn check. This check is mandatory, not a hack.

> > [ 3639.109674] BUG: unable to handle kernel paging request at ffff8c44832a3000
> > [ 3639.109681] IP: memcpy_erms+0x6/0x10
> > [ 3639.109682] PGD 0 P4D 0
> > [ 3639.109685] Oops: 0000 1 SMP PTI
> > [ 3639.109726] CPU: 2 PID: 1724 Comm: qemu-system-x86 Not tainted 4.16.0-rc5+ #1
> > [ 3639.109727] Hardware name: /NUC7i7BNB, BIOS BNKBL357.86A.0050.2017.0816.2002 08/16/2017
> > [ 3639.109729] RIP: 0010:memcpy_erms+0x6/0x10
> > [ 3639.109730] RSP: 0018:ffffb1b7c3fbbbf0 EFLAGS: 00010246
> > [ 3639.109731] RAX: ffff8a44b6460000 RBX: 0000000036460000 RCX: 0000000000001000
> > [ 3639.109732] RDX: 0000000000001000 RSI: ffff8c44832a3000 RDI: ffff8a44b6460000
> > [ 3639.109733] RBP: 000000000006c8c0 R08: ffff8a44b6460000 R09: 0000000000000000
> > [ 3639.109734] R10: ffffb1b7c3fbbcd0 R11: ffff8a4d102018c0 R12: 0000000000000000
> > [ 3639.109734] R13: 0000000000000002 R14: 0000000000200000 R15: 0000000000000000
> > [ 3639.109736] FS: 00007f37f6d09700(0000) GS:ffff8a4d36d00000(0000) knlGS:0000000000000000
> > [ 3639.109737] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 3639.109738] CR2: ffff8c44832a3000 CR3: 000000088b7b8004 CR4: 00000000003626e0
> > [ 3639.109739] Call Trace:
> > [ 3639.109743] swiotlb_tbl_map_single+0x2bb/0x300
> > [ 3639.109746] map_single+0x30/0x80
> > [ 3639.109748] swiotlb_map_page+0x87/0x150
> > [ 3639.109751] kvmgt_dma_map_guest_page+0x329/0x3a0 [kvmgt]
> > [ 3639.109764] ? kvm_write_guest_offset_cached+0x84/0xe0 [kvm]
> > [ 3639.109789] intel_vgpu_emulate_ggtt_mmio_write+0x1f4/0x250 [i915]
> > [ 3639.109808] intel_vgpu_emulate_mmio_write+0x162/0x230 [i915]
> > [ 3639.109811] intel_vgpu_rw+0x1fc/0x240 [kvmgt]
> > [ 3639.109813] intel_vgpu_write+0x164/0x1f0 [kvmgt]
> > [ 3639.109816] __vfs_write+0x33/0x170
> > [ 3639.109818] ? do_vfs_ioctl+0x9f/0x5f0
> > [ 3639.109820] vfs_write+0xb3/0x1a0
> > [ 3639.109822] SyS_pwrite64+0x90/0xb0
> > [ 3639.109825] do_syscall_64+0x68/0x120
> > [ 3639.109827] entry_SYSCALL_64_after_hwframe+0x3d/0xa2
> > [ 3639.109829] RIP: 0033:0x7f3802b2d873
> > [ 3639.109830] RSP: 002b:00007f37f6d08670 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
> > [ 3639.109831] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f3802b2d873
> > [ 3639.109832] RDX: 0000000000000008 RSI: 00007f37f6d086a0 RDI: 000000000000001a
> > [ 3639.109833] RBP: 00007f37f6d086c0 R08: 0000000000000008 R09: ffffffffffffffff
> > [ 3639.109834] R10: 00000000008041c8 R11: 0000000000000293 R12: 00007ffd8bbf92ae
> > [ 3639.109835] R13: 00007ffd8bbf92af R14: 00007f37f6d09700 R15: 00007f37f6d099c0
> > 
> > Signed-off-by: Changbin Du <changbin.du@intel.com>
> > ---
> >  drivers/gpu/drm/i915/gvt/kvmgt.c | 6 ++++++
> >  1 file changed, 6 insertions(+)
> > 
> > diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c
> > index 9d1c948..d80e817 100644
> > --- a/drivers/gpu/drm/i915/gvt/kvmgt.c
> > +++ b/drivers/gpu/drm/i915/gvt/kvmgt.c
> > @@ -123,6 +123,12 @@ static int gvt_dma_map_page(struct intel_vgpu *vgpu, unsigned long gfn,
> >  		return -EINVAL;
> >  	}
> >  
> > +	if (!pfn_valid(pfn)) {
> > +		gvt_vgpu_err("pfn 0x%lx is not mem backed\n", pfn);
> > +		vfio_unpin_pages(mdev_dev(vgpu->vdev.mdev), &gfn, 1);
> > +		return -EINVAL;
> > +	}
> > +
> >  	/* Setup DMA mapping. */
> >  	page = pfn_to_page(pfn);
> >  	*dma_addr = dma_map_page(dev, page, 0, PAGE_SIZE,
> > -- 
> > 2.7.4
> > 
> > _______________________________________________
> > intel-gvt-dev mailing list
> > intel-gvt-dev@lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/intel-gvt-dev
> 
> -- 
> Open Source Technology Center, Intel ltd.
> 
> $gpg --keyserver wwwkeys.pgp.net --recv-keys 4D781827