From: Sean Christopherson <seanjc@google.com>
To: Yan Zhao <yan.y.zhao@intel.com>
Cc: Marc Zyngier <maz@kernel.org>,
Oliver Upton <oliver.upton@linux.dev>,
Tianrui Zhao <zhaotianrui@loongson.cn>,
Bibo Mao <maobibo@loongson.cn>,
Huacai Chen <chenhuacai@kernel.org>,
Madhavan Srinivasan <maddy@linux.ibm.com>,
Anup Patel <anup@brainfault.org>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Janosch Frank <frankja@linux.ibm.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
Paolo Bonzini <pbonzini@redhat.com>,
linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev,
kvm@vger.kernel.org, loongarch@lists.linux.dev,
linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org,
linux-kernel@vger.kernel.org,
Aaron Lewis <aaronlewis@google.com>,
Jim Mattson <jmattson@google.com>,
Rick P Edgecombe <rick.p.edgecombe@intel.com>,
Kai Huang <kai.huang@intel.com>,
Isaku Yamahata <isaku.yamahata@intel.com>
Subject: Re: [PATCH 1/7] KVM: x86: Free vCPUs before freeing VM state
Date: Tue, 25 Feb 2025 07:04:55 -0800 [thread overview]
Message-ID: <Z73cF_pWIFMreOf5@google.com> (raw)
In-Reply-To: <Z71072F7FMz5aq/Q@yzhao56-desk.sh.intel.com>
On Tue, Feb 25, 2025, Yan Zhao wrote:
> > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> > index 58b82d6fd77c..045c61cc7e54 100644
> > --- a/arch/x86/kvm/x86.c
> > +++ b/arch/x86/kvm/x86.c
> > @@ -12890,11 +12890,11 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
> > mutex_unlock(&kvm->slots_lock);
> > }
> > kvm_unload_vcpu_mmus(kvm);
> > + kvm_destroy_vcpus(kvm);
> > kvm_x86_call(vm_destroy)(kvm);
> > kvm_free_msr_filter(srcu_dereference_check(kvm->arch.msr_filter, &kvm->srcu, 1));
> > kvm_pic_destroy(kvm);
> > kvm_ioapic_destroy(kvm);
> > - kvm_destroy_vcpus(kvm);
> > kvfree(rcu_dereference_check(kvm->arch.apic_map, 1));
> > kfree(srcu_dereference_check(kvm->arch.pmu_event_filter, &kvm->srcu, 1));
> > kvm_mmu_uninit_vm(kvm);
> After this change, now the sequence is that
>
> 1. kvm_arch_pre_destroy_vm()
> 2. kvm_arch_destroy_vm()
> 2.1 kvm_destroy_vcpus()
> 2.2 .vm_destroy hook
> 2.3 kvm_mmu_uninit_vm() --> mirror root ref is 1 upon here. Zap the mirror
> root and reclaim SETP page table pages.
> 2.4 .vm_free hook
>
> Since TDX needs to reclaim the TDR page after reclaiming all other pages, we
> currently added a vm_free hook at 2.4, after 2.3.
>
> Could we move kvm_mmu_uninit_vm() before the .vm_destroy hook and after
> kvm_destroy_vcpus()?
>
> Or move the .vm_destroy hook after kvm_mmu_uninit_vm(), e.g. after
> kvm_page_track_cleanup()?
I would go for the first option. I'll tack on a patch since I need to test all
of these flows anyways, and I would much prefer to change course sooner rather
than later if it doesn't work for whatever reason.
Is this comment accurate?
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 1e5f6f820c0b..f5685f153e08 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -12874,13 +12874,19 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
mutex_unlock(&kvm->slots_lock);
}
kvm_destroy_vcpus(kvm);
+
+ /*
+ * Do final MMU teardown prior to calling into vendor code. All pages
+ * that were donated to the TDX module, e.g. for S-EPT tables, need to
+ * be reclaimed before the VM metadata page can be freed.
+ */
+ kvm_mmu_uninit_vm(kvm);
kvm_x86_call(vm_destroy)(kvm);
kvm_free_msr_filter(srcu_dereference_check(kvm->arch.msr_filter, &kvm->srcu, 1));
kvm_pic_destroy(kvm);
kvm_ioapic_destroy(kvm);
kvfree(rcu_dereference_check(kvm->arch.apic_map, 1));
kfree(srcu_dereference_check(kvm->arch.pmu_event_filter, &kvm->srcu, 1));
- kvm_mmu_uninit_vm(kvm);
kvm_page_track_cleanup(kvm);
kvm_xen_destroy_vm(kvm);
kvm_hv_destroy_vm(kvm);
--
kvm-riscv mailing list
kvm-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kvm-riscv
WARNING: multiple messages have this Message-ID (diff)
From: Sean Christopherson <seanjc@google.com>
To: Yan Zhao <yan.y.zhao@intel.com>
Cc: Marc Zyngier <maz@kernel.org>,
Oliver Upton <oliver.upton@linux.dev>,
Tianrui Zhao <zhaotianrui@loongson.cn>,
Bibo Mao <maobibo@loongson.cn>,
Huacai Chen <chenhuacai@kernel.org>,
Madhavan Srinivasan <maddy@linux.ibm.com>,
Anup Patel <anup@brainfault.org>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Janosch Frank <frankja@linux.ibm.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
Paolo Bonzini <pbonzini@redhat.com>,
linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev,
kvm@vger.kernel.org, loongarch@lists.linux.dev,
linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org,
linux-kernel@vger.kernel.org,
Aaron Lewis <aaronlewis@google.com>,
Jim Mattson <jmattson@google.com>,
Rick P Edgecombe <rick.p.edgecombe@intel.com>,
Kai Huang <kai.huang@intel.com>,
Isaku Yamahata <isaku.yamahata@intel.com>
Subject: Re: [PATCH 1/7] KVM: x86: Free vCPUs before freeing VM state
Date: Tue, 25 Feb 2025 07:04:55 -0800 [thread overview]
Message-ID: <Z73cF_pWIFMreOf5@google.com> (raw)
In-Reply-To: <Z71072F7FMz5aq/Q@yzhao56-desk.sh.intel.com>
On Tue, Feb 25, 2025, Yan Zhao wrote:
> > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> > index 58b82d6fd77c..045c61cc7e54 100644
> > --- a/arch/x86/kvm/x86.c
> > +++ b/arch/x86/kvm/x86.c
> > @@ -12890,11 +12890,11 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
> > mutex_unlock(&kvm->slots_lock);
> > }
> > kvm_unload_vcpu_mmus(kvm);
> > + kvm_destroy_vcpus(kvm);
> > kvm_x86_call(vm_destroy)(kvm);
> > kvm_free_msr_filter(srcu_dereference_check(kvm->arch.msr_filter, &kvm->srcu, 1));
> > kvm_pic_destroy(kvm);
> > kvm_ioapic_destroy(kvm);
> > - kvm_destroy_vcpus(kvm);
> > kvfree(rcu_dereference_check(kvm->arch.apic_map, 1));
> > kfree(srcu_dereference_check(kvm->arch.pmu_event_filter, &kvm->srcu, 1));
> > kvm_mmu_uninit_vm(kvm);
> After this change, now the sequence is that
>
> 1. kvm_arch_pre_destroy_vm()
> 2. kvm_arch_destroy_vm()
> 2.1 kvm_destroy_vcpus()
> 2.2 .vm_destroy hook
> 2.3 kvm_mmu_uninit_vm() --> mirror root ref is 1 upon here. Zap the mirror
> root and reclaim SETP page table pages.
> 2.4 .vm_free hook
>
> Since TDX needs to reclaim the TDR page after reclaiming all other pages, we
> currently added a vm_free hook at 2.4, after 2.3.
>
> Could we move kvm_mmu_uninit_vm() before the .vm_destroy hook and after
> kvm_destroy_vcpus()?
>
> Or move the .vm_destroy hook after kvm_mmu_uninit_vm(), e.g. after
> kvm_page_track_cleanup()?
I would go for the first option. I'll tack on a patch since I need to test all
of these flows anyways, and I would much prefer to change course sooner rather
than later if it doesn't work for whatever reason.
Is this comment accurate?
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 1e5f6f820c0b..f5685f153e08 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -12874,13 +12874,19 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
mutex_unlock(&kvm->slots_lock);
}
kvm_destroy_vcpus(kvm);
+
+ /*
+ * Do final MMU teardown prior to calling into vendor code. All pages
+ * that were donated to the TDX module, e.g. for S-EPT tables, need to
+ * be reclaimed before the VM metadata page can be freed.
+ */
+ kvm_mmu_uninit_vm(kvm);
kvm_x86_call(vm_destroy)(kvm);
kvm_free_msr_filter(srcu_dereference_check(kvm->arch.msr_filter, &kvm->srcu, 1));
kvm_pic_destroy(kvm);
kvm_ioapic_destroy(kvm);
kvfree(rcu_dereference_check(kvm->arch.apic_map, 1));
kfree(srcu_dereference_check(kvm->arch.pmu_event_filter, &kvm->srcu, 1));
- kvm_mmu_uninit_vm(kvm);
kvm_page_track_cleanup(kvm);
kvm_xen_destroy_vm(kvm);
kvm_hv_destroy_vm(kvm);
WARNING: multiple messages have this Message-ID (diff)
From: Sean Christopherson <seanjc@google.com>
To: Yan Zhao <yan.y.zhao@intel.com>
Cc: Marc Zyngier <maz@kernel.org>,
Oliver Upton <oliver.upton@linux.dev>,
Tianrui Zhao <zhaotianrui@loongson.cn>,
Bibo Mao <maobibo@loongson.cn>,
Huacai Chen <chenhuacai@kernel.org>,
Madhavan Srinivasan <maddy@linux.ibm.com>,
Anup Patel <anup@brainfault.org>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Janosch Frank <frankja@linux.ibm.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
Paolo Bonzini <pbonzini@redhat.com>,
linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev,
kvm@vger.kernel.org, loongarch@lists.linux.dev,
linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org,
linux-kernel@vger.kernel.org,
Aaron Lewis <aaronlewis@google.com>,
Jim Mattson <jmattson@google.com>,
Rick P Edgecombe <rick.p.edgecombe@intel.com>,
Kai Huang <kai.huang@intel.com>,
Isaku Yamahata <isaku.yamahata@intel.com>
Subject: Re: [PATCH 1/7] KVM: x86: Free vCPUs before freeing VM state
Date: Tue, 25 Feb 2025 07:04:55 -0800 [thread overview]
Message-ID: <Z73cF_pWIFMreOf5@google.com> (raw)
In-Reply-To: <Z71072F7FMz5aq/Q@yzhao56-desk.sh.intel.com>
On Tue, Feb 25, 2025, Yan Zhao wrote:
> > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> > index 58b82d6fd77c..045c61cc7e54 100644
> > --- a/arch/x86/kvm/x86.c
> > +++ b/arch/x86/kvm/x86.c
> > @@ -12890,11 +12890,11 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
> > mutex_unlock(&kvm->slots_lock);
> > }
> > kvm_unload_vcpu_mmus(kvm);
> > + kvm_destroy_vcpus(kvm);
> > kvm_x86_call(vm_destroy)(kvm);
> > kvm_free_msr_filter(srcu_dereference_check(kvm->arch.msr_filter, &kvm->srcu, 1));
> > kvm_pic_destroy(kvm);
> > kvm_ioapic_destroy(kvm);
> > - kvm_destroy_vcpus(kvm);
> > kvfree(rcu_dereference_check(kvm->arch.apic_map, 1));
> > kfree(srcu_dereference_check(kvm->arch.pmu_event_filter, &kvm->srcu, 1));
> > kvm_mmu_uninit_vm(kvm);
> After this change, now the sequence is that
>
> 1. kvm_arch_pre_destroy_vm()
> 2. kvm_arch_destroy_vm()
> 2.1 kvm_destroy_vcpus()
> 2.2 .vm_destroy hook
> 2.3 kvm_mmu_uninit_vm() --> mirror root ref is 1 upon here. Zap the mirror
> root and reclaim SETP page table pages.
> 2.4 .vm_free hook
>
> Since TDX needs to reclaim the TDR page after reclaiming all other pages, we
> currently added a vm_free hook at 2.4, after 2.3.
>
> Could we move kvm_mmu_uninit_vm() before the .vm_destroy hook and after
> kvm_destroy_vcpus()?
>
> Or move the .vm_destroy hook after kvm_mmu_uninit_vm(), e.g. after
> kvm_page_track_cleanup()?
I would go for the first option. I'll tack on a patch since I need to test all
of these flows anyways, and I would much prefer to change course sooner rather
than later if it doesn't work for whatever reason.
Is this comment accurate?
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 1e5f6f820c0b..f5685f153e08 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -12874,13 +12874,19 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
mutex_unlock(&kvm->slots_lock);
}
kvm_destroy_vcpus(kvm);
+
+ /*
+ * Do final MMU teardown prior to calling into vendor code. All pages
+ * that were donated to the TDX module, e.g. for S-EPT tables, need to
+ * be reclaimed before the VM metadata page can be freed.
+ */
+ kvm_mmu_uninit_vm(kvm);
kvm_x86_call(vm_destroy)(kvm);
kvm_free_msr_filter(srcu_dereference_check(kvm->arch.msr_filter, &kvm->srcu, 1));
kvm_pic_destroy(kvm);
kvm_ioapic_destroy(kvm);
kvfree(rcu_dereference_check(kvm->arch.apic_map, 1));
kfree(srcu_dereference_check(kvm->arch.pmu_event_filter, &kvm->srcu, 1));
- kvm_mmu_uninit_vm(kvm);
kvm_page_track_cleanup(kvm);
kvm_xen_destroy_vm(kvm);
kvm_hv_destroy_vm(kvm);
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2025-02-25 16:42 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-24 23:55 [PATCH 0/7] KVM: x86: nVMX IRQ fix and VM teardown cleanups Sean Christopherson
2025-02-24 23:55 ` Sean Christopherson
2025-02-24 23:55 ` Sean Christopherson
2025-02-24 23:55 ` [PATCH 1/7] KVM: x86: Free vCPUs before freeing VM state Sean Christopherson
2025-02-24 23:55 ` Sean Christopherson
2025-02-24 23:55 ` Sean Christopherson
2025-02-25 7:44 ` Yan Zhao
2025-02-25 7:44 ` Yan Zhao
2025-02-25 7:44 ` Yan Zhao
2025-02-25 15:04 ` Sean Christopherson [this message]
2025-02-25 15:04 ` Sean Christopherson
2025-02-25 15:04 ` Sean Christopherson
2025-02-26 7:34 ` Yan Zhao
2025-02-26 7:34 ` Yan Zhao
2025-02-26 7:34 ` Yan Zhao
2025-02-25 23:47 ` Paolo Bonzini
2025-02-25 23:47 ` Paolo Bonzini
2025-02-25 23:47 ` Paolo Bonzini
2025-02-26 0:27 ` Sean Christopherson
2025-02-26 0:27 ` Sean Christopherson
2025-02-26 0:27 ` Sean Christopherson
2025-02-26 9:18 ` Paolo Bonzini
2025-02-26 9:18 ` Paolo Bonzini
2025-02-26 9:18 ` Paolo Bonzini
2025-02-24 23:55 ` [PATCH 2/7] KVM: nVMX: Process events on nested VM-Exit if injectable IRQ or NMI is pending Sean Christopherson
2025-02-24 23:55 ` Sean Christopherson
2025-02-24 23:55 ` Sean Christopherson
2025-02-24 23:55 ` [PATCH 3/7] KVM: Assert that a destroyed/freed vCPU is no longer visible Sean Christopherson
2025-02-24 23:55 ` Sean Christopherson
2025-02-24 23:55 ` Sean Christopherson
2025-02-25 7:07 ` Yan Zhao
2025-02-25 7:07 ` Yan Zhao
2025-02-25 7:07 ` Yan Zhao
2025-02-25 14:35 ` Sean Christopherson
2025-02-25 14:35 ` Sean Christopherson
2025-02-25 14:35 ` Sean Christopherson
2025-02-24 23:55 ` [PATCH 4/7] KVM: x86: Don't load/put vCPU when unloading its MMU during teardown Sean Christopherson
2025-02-24 23:55 ` Sean Christopherson
2025-02-24 23:55 ` Sean Christopherson
2025-02-25 7:13 ` Yan Zhao
2025-02-25 7:13 ` Yan Zhao
2025-02-25 7:13 ` Yan Zhao
2025-02-25 14:44 ` Sean Christopherson
2025-02-25 14:44 ` Sean Christopherson
2025-02-25 14:44 ` Sean Christopherson
2025-02-24 23:55 ` [PATCH 5/7] KVM: x86: Unload MMUs during vCPU destruction, not before Sean Christopherson
2025-02-24 23:55 ` Sean Christopherson
2025-02-24 23:55 ` Sean Christopherson
2025-02-24 23:55 ` [PATCH 6/7] KVM: x86: Fold guts of kvm_arch_sync_events() into kvm_arch_pre_destroy_vm() Sean Christopherson
2025-02-24 23:55 ` Sean Christopherson
2025-02-24 23:55 ` Sean Christopherson
2025-02-24 23:55 ` [PATCH 7/7] KVM: Drop kvm_arch_sync_events() now that all implementations are nops Sean Christopherson
2025-02-24 23:55 ` Sean Christopherson
2025-02-24 23:55 ` Sean Christopherson
2025-02-25 12:05 ` bibo mao
2025-02-25 12:05 ` bibo mao
2025-02-25 12:05 ` bibo mao
2025-02-25 16:15 ` Claudio Imbrenda
2025-02-25 16:15 ` Claudio Imbrenda
2025-02-25 16:15 ` Claudio Imbrenda
2025-02-26 18:38 ` [PATCH 0/7] KVM: x86: nVMX IRQ fix and VM teardown cleanups Paolo Bonzini
2025-02-26 18:38 ` Paolo Bonzini
2025-02-26 18:38 ` Paolo Bonzini
2025-03-27 3:24 ` patchwork-bot+linux-riscv
2025-03-27 3:24 ` patchwork-bot+linux-riscv
2025-03-27 3:24 ` patchwork-bot+linux-riscv
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z73cF_pWIFMreOf5@google.com \
--to=seanjc@google.com \
--cc=aaronlewis@google.com \
--cc=anup@brainfault.org \
--cc=aou@eecs.berkeley.edu \
--cc=borntraeger@linux.ibm.com \
--cc=chenhuacai@kernel.org \
--cc=frankja@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=isaku.yamahata@intel.com \
--cc=jmattson@google.com \
--cc=kai.huang@intel.com \
--cc=kvm-riscv@lists.infradead.org \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=loongarch@lists.linux.dev \
--cc=maddy@linux.ibm.com \
--cc=maobibo@loongson.cn \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=yan.y.zhao@intel.com \
--cc=zhaotianrui@loongson.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.