Re: [PATCH 3/3] KVM: arm64: nv: Punt stage-2 recycling to a vCPU request

[Marc Zyngier <maz@kernel.org>]

On Wed, 02 Oct 2024 01:23:41 +0100,
Sean Christopherson <seanjc@google.com> wrote:
> 
> On Tue, Oct 01, 2024, Oliver Upton wrote:
> > On Wed, Oct 02, 2024 at 12:49:27AM +0100, Marc Zyngier wrote:
> > > On Wed, 02 Oct 2024 00:28:18 +0100,
> > > Sean Christopherson <seanjc@google.com> wrote:
> > > > 
> > > > On Tue, Oct 01, 2024, Oliver Upton wrote:
> > > > > Hey,
> > > > > 
> > > > > sidebar: I was a bit confused by the diff for a second, since it looks
> > > > > like your email client lowercased some stuff :)
> > > > 
> > > > Wasn't my mail client, it was PEBKAC.  I copy+pasted a large chunk in Vim because
> > > > I wanted to pull in the changelog (which I had deleted from my response), but then
> > > > I changed my mind, and in doing so I managed to fat-finger something that converted
> > > > everything to lowercase.  And yeah, it confused me too.
> > > > 
> > > > > > >  out:
> > > > > > > +	if (s2_mmu->pending_unmap)
> > > > > > > +		kvm_make_request(kvm_req_nested_s2_unmap, vcpu);
> > > > > > 
> > > > > > If I followed everything correctly, I don't think a request is needed.  the
> > > > > > request will never be cross-vCPU, and each vCPU holds a reference to the MMU, so
> > > > > > the MMU can't be recycled, i.e. pending_unmap is guaranteed to be relevant to the
> > > > > > vCPU's usage of the MMU.  More thoughts below in check_nested_vcpu_requests().
> > > > > 
> > > > > I'm (ab)using the request to prevent the vCPU thread from actually
> > > > > entering the VM without first having done the laundry. We have other
> > > > > examples of strictly per-vCPU tasks that are tracked with a request so
> > > > > this doesn't stick out that much.
> > > > > 
> > > > > Otherwise we'd need an open-coded check in kvm_vcpu_exit_request() to
> > > > > catch a 'dirty' MMU or take a pin on it from the point we check the
> > > > > dirtiness to the point we disable preemption.
> > > > 
> > > > Ewww, because kvm_arch_vcpu_put() puts the nested stage-2 when the vCPU is
> > > > scheduled out.  Mostly out of curiosity, why?  99.9% of the time, the vCPU will
> > > > be scheduled back in.
> > > 
> > > Because s2 MMU structures are a scarce resource. and other vcpus could
> > > have the opportunity to make use of an unused slot.
> 
> But that slot is less unused than other unused slots, in the sense that KVM _knows_
> at least one vCPU intends to use that MMU in the near future, whereas KVM has no
> tracking to know if an MMU with no references whatsoever is likely to be reused.

How do you know that? I'd happily borrow your crystal ball. By the
time that vcpu is restarted, other vcpus could have done a lot of
useful work by using that S2 MMU.

> IIUC, KVM round-robins across 2*nr_vcpus MMUs, and when L1 switches to a different
> VTTBR, it will first drop its reference to the previous MMU.  So at any given time,
> there are nr_vcpus worth of unused MMUs, i.e. a vCPU is guaranteed to be able to
> find an unused slot, even if vCPUs that are scheduled out hold onto their S2 MMU
> reference.

It's not about not finding a slot, but about making sure that vcpus
that context switch rapidly between VTTBRs for their own guests can do
so freely without sacrificing the TLBs they have just produced. Not
reusing the TLBs hogged by a vcpu that cannot run is a waste of
resource.

>
> At that point, choosing an MMU that no vCPU is using seems more likely to recycle
> a cold/dead MMU than a soon-to-be-reused MMU.
> 
> And the round-robin approach makes it all heavily luck-based anyways.  E.g. if
> a vCPU puts VTTBR A and then loads VTTBR B, B could recycle A's S2 MMU if that
> MMU slot is next up for recycling.

Well, we'll have to agree to disagree. It's a terrible hack to add
artificial ties between a vcpu and TLBs. Because that's what the
shadow MMU is, nothing else.

So if you don't like the TLB eviction policy, please come up with a
better one, making sure that a recently preempted vcpu gets its S2 MMU
recycled last. But please don't add the notion of "locked TLBs" to the
mix, because that's a pretty dodgy architectural concept.

	M.

-- 
Without deviation from the norm, progress is not possible.