From: Oliver Upton <oliver.upton@linux.dev>
To: Anish Moorthy <amoorthy@google.com>
Cc: Sean Christopherson <seanjc@google.com>,
kvm@vger.kernel.org, kvmarm@lists.linux.dev, pbonzini@redhat.com,
maz@kernel.org, robert.hoo.linux@gmail.com,
jthoughton@google.com, dmatlack@google.com,
axelrasmussen@google.com, peterx@redhat.com,
nadav.amit@gmail.com, isaku.yamahata@gmail.com,
kconsul@linux.vnet.ibm.com
Subject: Re: [PATCH v6 08/14] KVM: arm64: Enable KVM_CAP_MEMORY_FAULT_INFO
Date: Wed, 7 Feb 2024 22:07:32 +0000 [thread overview]
Message-ID: <ZcP_JHsMJUlvjAs1@linux.dev> (raw)
In-Reply-To: <CAF7b7mqOCP2NiMsvzfpYaEaKWm4AzrRAHSGgQT9BWhRD1mcBcg@mail.gmail.com>
On Wed, Feb 07, 2024 at 01:21:05PM -0800, Anish Moorthy wrote:
> On Wed, Feb 7, 2024 at 8:41 AM Oliver Upton <oliver.upton@linux.dev> wrote:
> >
> > On Wed, Feb 07, 2024 at 07:39:50AM -0800, Sean Christopherson wrote:
> >
> > Having said that...
> >
> > > be part of this patch. Because otherwise, advertising KVM_CAP_MEMORY_FAULT_INFO
> > > is a lie. Userspace can't catch KVM in the lie, but that doesn't make it right.
> > >
> > > That should in turn make it easier to write a useful changelog.
> >
> > The feedback still stands. The capability needs to be squashed into the
> > patch that actually introduces the functionality.
> >
> > --
> > Thanks,
> > Oliver
>
> Hold on, I think there may be confusion here.
No, there isn't.
> KVM_CAP_MEMORY_FAULT_INFO is the mechanism for reporting annotated
> EFAULTs. These are generic in that other things (such as the guest
> memfd stuff) may also report information to userspace using annotated
> EFAULTs.
>
> KVM_CAP_EXIT_ON_MISSING is the thing that says "do an annotated EFAULT
> when a stage-2 violation would require faulting in host mapping" On
> both x86 and arm64, the relevant functionality is added and the cap is
> advertised in a single patch.
>
> I think it makes sense to enable/advertise the two caps separately (as
> I've done here). The former, after all, just says that userspace "may
> get annotated EFAULTs for whatever reason" (as opposed to the latter
> cap, which says that userspace *will* get annotated EFAULTs when the
> stage-2 handler is failed). So even if arm64 userspaces never get
> annotated EFAULTs as of this patch, I don't think we're "lying" to
> them.
I don't know about you, but I find describing UAPI in terms of "may" and
"whatever reason" quite unsettling. I like to keep my interactions with
userspace deterministic.
Overall, I find the informational capability to be quite superfluous as
it pertains to this feature. Userspace has *explicitly* opted in to a
specific behavior, and the side band capability provides no useful
information. You can easily document KVM_CAP_MEMORY_FAULT_INFO in
such a way that userspace expects to take this sort of exit.
Nobody has presented a use case for annotated EFAULTs on arm64 beyond this
opt-in and there is zero interest in predefining UAPI for anything else.
x86 may've done this a different way, but that's their business.
We're not making UAPI out of any of our other EFAULT returns right now.
> Consider a related problem: suppose that code is added in core KVM
> which also generates annotated EFAULTs, and that later the arm64
> "Enable KVM_CAP_EXIT_ON_MISSING" patch [1] ends up needing to be
> reverted for some reason.
The single rule we try to uphold in the kernel is to *never break
userspace*, so I don't see this being in the realm of possibility. The
moment we expose a feature to userspace we're on the hook for it in
perpetuity, and if we break that then you're welcome to send a nastygram
to Marc or I.
--
Thanks,
Oliver
next prev parent reply other threads:[~2024-02-07 22:07 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-09 21:03 [PATCH v6 00/14] Improve KVM + userfaultfd performance via KVM_MEMORY_FAULT_EXITs on stage-2 faults Anish Moorthy
2023-11-09 21:03 ` [PATCH v6 01/14] KVM: Documentation: Clarify meaning of hva_to_pfn()'s 'atomic' parameter Anish Moorthy
2024-02-07 15:26 ` Sean Christopherson
2024-02-07 18:44 ` Anish Moorthy
2023-11-09 21:03 ` [PATCH v6 02/14] KVM: Documentation: Add docstrings for __kvm_read/write_guest_page() Anish Moorthy
2024-02-07 15:30 ` Sean Christopherson
2023-11-09 21:03 ` [PATCH v6 03/14] KVM: Simplify error handling in __gfn_to_pfn_memslot() Anish Moorthy
2023-11-09 21:03 ` [PATCH v6 04/14] KVM: Define and communicate KVM_EXIT_MEMORY_FAULT RWX flags to userspace Anish Moorthy
2024-02-07 15:30 ` Sean Christopherson
2024-02-07 18:57 ` Anish Moorthy
2023-11-09 21:03 ` [PATCH v6 05/14] KVM: Try using fast GUP to resolve read faults Anish Moorthy
2024-02-05 21:55 ` Anish Moorthy
2023-11-09 21:03 ` [PATCH v6 06/14] KVM: Add memslot flag to let userspace force an exit on missing hva mappings Anish Moorthy
2024-01-31 0:25 ` James Houghton
2024-01-31 21:59 ` Anish Moorthy
2024-02-01 0:26 ` James Houghton
2024-02-01 1:19 ` Oliver Upton
2024-02-01 16:28 ` Sean Christopherson
2024-02-01 19:24 ` Anish Moorthy
2024-02-02 1:03 ` Oliver Upton
2024-02-02 1:01 ` Oliver Upton
2024-02-01 16:09 ` Sean Christopherson
2024-02-01 19:53 ` Anish Moorthy
2024-02-07 15:35 ` Sean Christopherson
2023-11-09 21:03 ` [PATCH v6 07/14] KVM: x86: Enable KVM_CAP_EXIT_ON_MISSING and annotate EFAULTs from stage-2 fault handler Anish Moorthy
2023-11-09 21:03 ` [PATCH v6 08/14] KVM: arm64: Enable KVM_CAP_MEMORY_FAULT_INFO Anish Moorthy
2023-11-09 21:07 ` Anish Moorthy
2024-02-07 15:39 ` Sean Christopherson
2024-02-07 16:41 ` Oliver Upton
2024-02-07 21:21 ` Anish Moorthy
2024-02-07 21:41 ` Sean Christopherson
2024-02-07 22:07 ` Oliver Upton [this message]
2024-02-09 1:13 ` Anish Moorthy
2023-11-09 21:03 ` [PATCH v6 09/14] KVM: arm64: Enable KVM_CAP_EXIT_ON_MISSING and annotate an EFAULT from stage-2 fault-handler Anish Moorthy
2024-01-30 23:58 ` James Houghton
2024-01-31 22:38 ` Anish Moorthy
2024-02-09 1:21 ` Anish Moorthy
2023-11-09 21:03 ` [PATCH v6 10/14] KVM: selftests: Report per-vcpu demand paging rate from demand paging test Anish Moorthy
2023-11-09 21:03 ` [PATCH v6 11/14] KVM: selftests: Allow many vCPUs and reader threads per UFFD in " Anish Moorthy
2023-11-09 21:03 ` [PATCH v6 12/14] KVM: selftests: Use EPOLL in userfaultfd_util reader threads and signal errors via TEST_ASSERT Anish Moorthy
2023-11-09 21:03 ` [PATCH v6 13/14] KVM: selftests: Add memslot_flags parameter to memstress_create_vm() Anish Moorthy
2023-11-09 21:03 ` [PATCH v6 14/14] KVM: selftests: Handle memory fault exits in demand_paging_test Anish Moorthy
2024-02-07 15:46 ` [PATCH v6 00/14] Improve KVM + userfaultfd performance via KVM_MEMORY_FAULT_EXITs on stage-2 faults Sean Christopherson
2024-02-09 16:00 ` Anish Moorthy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZcP_JHsMJUlvjAs1@linux.dev \
--to=oliver.upton@linux.dev \
--cc=amoorthy@google.com \
--cc=axelrasmussen@google.com \
--cc=dmatlack@google.com \
--cc=isaku.yamahata@gmail.com \
--cc=jthoughton@google.com \
--cc=kconsul@linux.vnet.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=maz@kernel.org \
--cc=nadav.amit@gmail.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=robert.hoo.linux@gmail.com \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.