Re: [PATCH v2 3/5] KVM: guest_memfd: Handle errors from xa_store_range() when binding

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sean Christopherson <seanjc@google.com>
To: Ackerley Tng <ackerleytng@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	Thomas Gleixner <tglx@kernel.org>, Ingo Molnar <mingo@redhat.com>,
	 Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	x86@kernel.org,  "H. Peter Anvin" <hpa@zytor.com>,
	Kiryl Shutsemau <kas@kernel.org>,
	 Rick Edgecombe <rick.p.edgecombe@intel.com>,
	Vishal Annapurve <vannapurve@google.com>,
	 Yan Zhao <yan.y.zhao@intel.com>,
	Michael Roth <michael.roth@amd.com>,
	 Isaku Yamahata <isaku.yamahata@intel.com>,
	Chao Peng <chao.p.peng@linux.intel.com>,
	 Xiaoyao Li <xiaoyao.li@intel.com>,
	Zongyao Chen <ZongYao.Chen@linux.alibaba.com>,
	 kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-coco@lists.linux.dev,
	 Yu Zhang <yu.c.zhang@linux.intel.com>,
	Fuad Tabba <tabba@google.com>
Subject: Re: [PATCH v2 3/5] KVM: guest_memfd: Handle errors from xa_store_range() when binding
Date: Wed, 27 May 2026 15:43:19 -0700	[thread overview]
Message-ID: <ahdzh8yzbpX7OKwn@google.com> (raw)
In-Reply-To: <CAEvNRgHnxEO+jXqEKuewiDgFBDQDSr68A8MnJJSyf9K5AgbwWg@mail.gmail.com>

On Wed, May 27, 2026, Ackerley Tng wrote:
> Sean Christopherson <seanjc@google.com> writes:
> > On Fri, May 22, 2026, Ackerley Tng wrote:
> > If @entry is non-NULL, xa_store_range() pre-creates the entire range, before
> > storing anything into the range:
> >
> > 		if (entry) {
> > 			unsigned int order = BITS_PER_LONG;
> > 			if (last + 1)
> > 				order = __ffs(last + 1);
> > 			xas_set_order(&xas, last, order);
> > 			xas_create(&xas, true);
> > 			if (xas_error(&xas))
> > 				goto unlock;
> > 		}
> >
> 
> xa_store_range() doesn't actually always iterate: if last + 1 is some
> clean power of 2, it'll create a higher order xarray node.
> 
> Otherwise, it falls back to creating and storing 1 index/node at a time:

Ugh, _that's_ what the code is doing?  Argh, I missed that "first" is incremented
by whatever the batch size happened to be.

			first += xas_size(&xas);  <====
		} while (first <= last);

> if the above did manage to create an xarray node, xas_error() returns
> false, it goes on to the store below.
> 
> > Yes, the API handles failure on the subsequent xas_store(), but I can't imagine
> > that failure is actually, barring garbage input from KVM:
> >
> > 		do {
> > 			xas_set_range(&xas, first, last);
> > 			xas_store(&xas, entry);
> > 			if (xas_error(&xas))
> > 				goto unlock;
> > 			first += xas_size(&xas);
> > 		} while (first <= last);
> >
> 
> So if a later xas_create() fails because it runs out of memory, the
> earlier stores would have already been committed.
> 
> This ignores -EEXIST being returned since earlier in kvm_gmem_bind()
> conflicts were already checked.
> 
> > Purely from a design perspective, providing an API that can fail partway through
> > under normal operation, with no indication of where failure occured (AFAICT),
> > would be awful.
> >
> 
> Do you mean the API of xas_store_range()? 

No, I mean xa_store_range().  AFAICT, on failure, it doesn't actually communicate
"where" failure occurred.  That's quite nasty.

> xas is updated by xas_set_range() so that should track the last store. Since
> the cleanup is storing NULLs and won't allocate, I thought it would be fine
> to just store NULL on the entire range on error.

Yeah, it's totally fine, and AFAICT the only remotely sane approach.

next prev parent reply	other threads:[~2026-05-27 22:43 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-22 22:46 [PATCH v2 0/5] guest_memfd fixes for bind and populate Ackerley Tng via B4 Relay
2026-05-22 22:46 ` Ackerley Tng
2026-05-22 22:46 ` [PATCH v2 1/5] KVM: guest_memfd: Use write permissions when GUP-ing source pages Ackerley Tng via B4 Relay
2026-05-22 22:46   ` Ackerley Tng
2026-05-22 23:47   ` sashiko-bot
2026-05-26 16:13   ` Sean Christopherson
2026-05-22 22:46 ` [PATCH v2 2/5] KVM: guest_memfd: Fix possible signed integer overflow Ackerley Tng via B4 Relay
2026-05-22 22:46   ` Ackerley Tng
2026-05-26 15:53   ` Sean Christopherson
2026-05-27 18:26     ` Ackerley Tng
2026-05-27 19:26       ` Sean Christopherson
2026-05-27 20:17         ` Ackerley Tng
2026-05-27 22:08           ` Sean Christopherson
2026-05-22 22:46 ` [PATCH v2 3/5] KVM: guest_memfd: Handle errors from xa_store_range() when binding Ackerley Tng via B4 Relay
2026-05-22 22:46   ` Ackerley Tng
2026-05-26 16:39   ` Sean Christopherson
2026-05-27 19:11     ` Ackerley Tng
2026-05-27 22:43       ` Sean Christopherson [this message]
2026-05-22 22:46 ` [PATCH v2 4/5] KVM: SNP: Fix kunmap_local() unmapping order Ackerley Tng via B4 Relay
2026-05-22 22:46   ` Ackerley Tng
2026-05-26 15:55   ` Sean Christopherson
2026-05-22 22:46 ` [PATCH v2 5/5] KVM: SNP: Mark source page dirty in sev_gmem_post_populate Ackerley Tng via B4 Relay
2026-05-22 22:46   ` Ackerley Tng
2026-05-26 16:47   ` Sean Christopherson
2026-05-27 19:14     ` Ackerley Tng
2026-05-26 16:55 ` [PATCH v2 0/5] guest_memfd fixes for bind and populate Sean Christopherson
2026-05-27 18:19 ` Sean Christopherson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ahdzh8yzbpX7OKwn@google.com \
    --to=seanjc@google.com \
    --cc=ZongYao.Chen@linux.alibaba.com \
    --cc=ackerleytng@google.com \
    --cc=bp@alien8.de \
    --cc=chao.p.peng@linux.intel.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=isaku.yamahata@intel.com \
    --cc=kas@kernel.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-coco@lists.linux.dev \
    --cc=linux-kernel@vger.kernel.org \
    --cc=michael.roth@amd.com \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=rick.p.edgecombe@intel.com \
    --cc=tabba@google.com \
    --cc=tglx@kernel.org \
    --cc=vannapurve@google.com \
    --cc=x86@kernel.org \
    --cc=xiaoyao.li@intel.com \
    --cc=yan.y.zhao@intel.com \
    --cc=yu.c.zhang@linux.intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.