Re: [PATCH] RISC-V: KVM: Using user-mode pte within kvm_riscv_gstage_ioremap

From: fangyu . yu
Date: Fri Aug 08 2025 - 23:51:47 EST

Next message: Vivian Wang: "Re: [PATCH v2] riscv: Add sysctl to control discard of vstate during syscall"
Previous message: syzbot: "Re: [syzbot] [net?] WARNING: ODEBUG bug in __sk_destruct (3)"
In reply to: Radim Krčmář: "Re: [PATCH] RISC-V: KVM: Using user-mode pte within kvm_riscv_gstage_ioremap"
Next in thread: Radim Krčmář: "Re: [PATCH] RISC-V: KVM: Using user-mode pte within kvm_riscv_gstage_ioremap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> From: Fangyu Yu <fangyu.yu@xxxxxxxxxxxxxxxxx>
>>
>> Currently we use kvm_riscv_gstage_ioremap to map IMSIC gpa to the spa of
> ^^^
> hpa?
>

Yes, I think they mean the same thing, RISC-V IOMMU Spec defines spa
(Supervisor Physical Address).

>> guest interrupt file within IMSIC.
>>
>> The PAGE_KERNEL_IO property does not include user mode settings, so when
>> accessing the IMSIC address in the virtual machine, a guest page fault
>> will occur, this is not expected.
>
>PAGE_KERNEL_IO also set the reserved G bit, so you're fixing two issues
>with a single change. :)
>

Right, The G bit in all G-stage PTEs is reserved for future standard use.

>> According to the RISC-V Privileged Architecture Spec, for G-stage address
>> translation, all memory accesses are considered to be user-level accesses
>> as though executed in Umode.
>
>What implementation are you using? I would have assume that the
>original code was tested on QEMU, so we might have a bug there.
>

This issue can be reproduced using QEMU.
Since kvm has registered the MMIO Bus for IMSIC gpa, when a guest
page fault occurs, it will call the imsic_mmio_write function,the
guest irq will be written to the guest interrupt file by kvm.

>> Signed-off-by: Fangyu Yu <fangyu.yu@xxxxxxxxxxxxxxxxx>
>> ---
>> diff --git a/arch/riscv/kvm/mmu.c b/arch/riscv/kvm/mmu.c
>> @@ -359,8 +360,11 @@ int kvm_riscv_gstage_ioremap(struct kvm *kvm, gpa_t gpa,
>> end = (gpa + size + PAGE_SIZE - 1) & PAGE_MASK;
>> pfn = __phys_to_pfn(hpa);
>>
>> + prot = pgprot_noncached(PAGE_WRITE);
>> +
>> for (addr = gpa; addr < end; addr += PAGE_SIZE) {
>> - pte = pfn_pte(pfn, PAGE_KERNEL_IO);
>> + pte = pfn_pte(pfn, prot);
>> + pte = pte_mkdirty(pte);
>
>Is it necessary to dirty the pte?
>
>It was dirtied before, so it definitely doesn't hurt,
>

Make pte dirty is necessary(for hardware without Svadu), and here is
the first time to make this pte dirty.

>Reviewed-by: Radim Krčmář <rkrcmar@xxxxxxxxxxxxxxxx>
>
>Thanks.

Thanks,
fangyu

Next message: Vivian Wang: "Re: [PATCH v2] riscv: Add sysctl to control discard of vstate during syscall"
Previous message: syzbot: "Re: [syzbot] [net?] WARNING: ODEBUG bug in __sk_destruct (3)"
In reply to: Radim Krčmář: "Re: [PATCH] RISC-V: KVM: Using user-mode pte within kvm_riscv_gstage_ioremap"
Next in thread: Radim Krčmář: "Re: [PATCH] RISC-V: KVM: Using user-mode pte within kvm_riscv_gstage_ioremap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]