From: Sean Christopherson <seanjc@google.com>
To: David Matlack <dmatlack@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>,
Ben Gardon <bgardon@google.com>
Subject: Re: [PATCH v2] KVM: x86: Preserve TDP MMU roots until they are explicitly invalidated
Date: Tue, 25 Apr 2023 18:54:05 -0700 [thread overview]
Message-ID: <ZEiEPVR7d+fwQ75y@google.com> (raw)
In-Reply-To: <ZEhN0D1zZyRDeyYz@google.com>
On Tue, Apr 25, 2023, David Matlack wrote:
> On Mon, Apr 24, 2023 at 05:36:37PM -0700, Sean Christopherson wrote:
> > On Mon, Apr 24, 2023, David Matlack wrote:
> > > It'd be nice to keep around the lockdep assertion though for the other (and
> > > future) callers. The cleanest options I can think of are:
> > >
> > > 1. Pass in a bool "vm_teardown" kvm_tdp_mmu_invalidate_all_roots() and
> > > use that to gate the lockdep assertion.
> > > 2. Take the mmu_lock for read in kvm_mmu_uninit_tdp_mmu() and pass
> > > down bool shared to kvm_tdp_mmu_invalidate_all_roots().
> > >
> > > Both would satisfy your concern of not blocking teardown on the async
> > > worker and my concern of keeping the lockdep check. I think I prefer
> > > (1) since, as you point out, taking the mmu_lock at all is
> > > unnecessary.
> >
> > Hmm, another option:
> >
> > 3. Refactor the code so that kvm_arch_init_vm() doesn't call
> > kvm_tdp_mmu_invalidate_all_roots() when VM creation fails, and then lockdep
> > can ignore on users_count==0 without hitting the false positive.
> >
> > I like (2) the least. Not sure I prefer (1) versus (3). I dislike passing bools
> > just to ignore lockdep, but reworking code for a "never hit in practice" edge case
> > is arguably worse :-/
>
> Agree (2) is the worst option. (3) seems potentially brittle (likely to
> trigger a false-positive lockdep warning if the code ever gets
> refactored back).
>
> How about throwing some underscores at the problem?
LOL, now we're speaking my language.
I think I have a better option though. The false positives on users_count can be
suppressed by gating the assert on kvm->created_vcpus. If KVM_CREATE_VM fails then
it's impossible for the VM to have created vCPUs. I like this option in particular
because it captures why it's safe for the KVM_CREATE_VM error path to run without
mmu_lock (no vCPUs == no roots).
I'll manually test this against the error path tomorrow:
if (IS_ENABLED(CONFIG_PROVE_LOCKING) &&
refcount_read(&kvm->users_count) && kvm->created_vcpus)
lockdep_assert_held_write(&kvm->mmu_lock);
prev parent reply other threads:[~2023-04-26 1:54 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-21 21:49 [PATCH v2] KVM: x86: Preserve TDP MMU roots until they are explicitly invalidated Sean Christopherson
2023-04-21 21:56 ` Sean Christopherson
2023-04-21 23:12 ` David Matlack
2023-04-22 1:56 ` Sean Christopherson
2023-04-24 23:54 ` David Matlack
2023-04-25 0:36 ` Sean Christopherson
2023-04-25 22:01 ` David Matlack
2023-04-26 1:54 ` Sean Christopherson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZEiEPVR7d+fwQ75y@google.com \
--to=seanjc@google.com \
--cc=bgardon@google.com \
--cc=dmatlack@google.com \
--cc=jpiotrowski@linux.microsoft.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.