Re: [PATCH v2] KVM: arm/arm64: Handle hva aging while destroying the vm

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andrea Arcangeli <aarcange@redhat.com>
To: Christoffer Dall <cdall@linaro.org>
Cc: Alexander Graf <agraf@suse.de>,
	Suzuki K Poulose <Suzuki.Poulose@arm.com>,
	kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org,
	linux-kernel@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH v2] KVM: arm/arm64: Handle hva aging while destroying the vm
Date: Thu, 6 Jul 2017 11:31:26 +0200	[thread overview]
Message-ID: <20170706093126.GJ5738@redhat.com> (raw)
In-Reply-To: <20170706074513.GC18106@cbox>

Hello,

On Thu, Jul 06, 2017 at 09:45:13AM +0200, Christoffer Dall wrote:
> Let's look at the callers to stage2_get_pmd, which is the only caller of
> stage2_get_pud, where the problem was observed:
> 
>   user_mem_abort
>    -> stage2_set_pmd_huge
>       -> stage2_get_pmd
>   
>   user_mem_abort
>    -> stage2_set_pte
>       -> stage2_get_pmd
> 
>   handle_access_fault
>    -> stage2_get_pmd
> 
> For the above three functions, pgd cannot ever be NULL, because this is
> running in the context of a VCPU thread, which means the reference on
> the VM fd must not reach zero, so no need to call that here.

Just a minor nitpick: the !pgd bypass is necessary before the KVM fd
technically reaches zero.

exit_mm->mmput->exit_mmap() will invoke the __mmu_notifier_release
even if the KVM fd isn't zero yet.

This is because the secondary MMU page faults must be shutdown before
freeing the guest RAM (nothing can call handle_mm_fault or any
get_user_pages after mm->mm_users == 0), regardless if
mmu_notifier_unregister hasn't been called yet (i.e. if the /dev/kvm
fd is still open).

Usually the fd is closed immediately after exit_mmap, as exit_files is
called shortly after exit_mm() but there's a common window where the
fd is still open but the !pgd check is already necessary (plus the fd
could in theory be passed to other processes).

> using the kvm->mmu_lock() and understanding that this only happens when
> mmu notifiers call into the KVM MMU code outside the context of the VM.

Agreed.

The other arches don't need any special check to serialize against
kvm_mmu_notifier_release, they're just looking up shadow pagetables
through spte rmap (and they'll find nothing if
kvm_mmu_notifier_release already run).

In theory it would make more sense to put the overhead in the slow
path by adding a mutex to the mmu_notifier struct and then using that
to solve the race between mmu_notifier_release and
mmu_notifier_unregister, and then to hlist_del_init to unhash the mmu
notifier and then to call synchronize_srcu, before calling ->release
while holding some mutex. However that's going to be marginally slower
for the other arches.

In practice I doubt this is measurable and getting away with one less
mutex in mmu notifier_release vs mmu_notifier_unregister sounds
simpler but comments welcome...

Thanks,
Andrea

next prev parent reply	other threads:[~2017-07-06  9:31 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-07-05  6:20 [PATCH v2] KVM: arm/arm64: Handle hva aging while destroying the vm Alexander Graf
2017-07-05  6:20 ` Alexander Graf
2017-07-05  6:27 ` Christoffer Dall
2017-07-05  8:57 ` Suzuki K Poulose
2017-07-05  8:57   ` Suzuki K Poulose
2017-07-06  7:07   ` Alexander Graf
2017-07-06  7:45     ` Christoffer Dall
2017-07-06  9:31       ` Andrea Arcangeli [this message]
2017-07-06  9:43         ` Christoffer Dall
2017-07-06  9:34       ` Suzuki K Poulose
2017-07-06  9:34         ` Suzuki K Poulose
2017-07-06  9:42         ` Christoffer Dall
2017-07-14 16:40           ` Suzuki K Poulose
2017-07-16 19:56             ` Christoffer Dall
2017-07-17 13:03               ` Suzuki K Poulose
2017-07-17 14:45                 ` Christoffer Dall
2017-07-17 15:16                   ` Andrea Arcangeli
2017-07-17 15:16                     ` Andrea Arcangeli
2017-07-17 18:23                     ` Christoffer Dall
2017-07-17 20:49                       ` Alexander Graf
2017-07-17 20:49                         ` Alexander Graf
2017-07-06  8:14   ` Christoffer Dall
2017-07-06  8:14     ` Christoffer Dall

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170706093126.GJ5738@redhat.com \
    --to=aarcange@redhat.com \
    --cc=Suzuki.Poulose@arm.com \
    --cc=agraf@suse.de \
    --cc=cdall@linaro.org \
    --cc=kvm@vger.kernel.org \
    --cc=kvmarm@lists.cs.columbia.edu \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.