From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: Avi Kivity <avi@redhat.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>,
kvm@vger.kernel.org, Gleb Natapov <gleb@redhat.com>
Subject: Re: [RFC] KVM: x86: conditionally acquire/release slots_lock on entry/exit
Date: Sun, 13 Sep 2009 09:26:52 -0700 [thread overview]
Message-ID: <20090913162652.GF6867@linux.vnet.ibm.com> (raw)
In-Reply-To: <4AAD12F9.5020601@redhat.com>
On Sun, Sep 13, 2009 at 06:42:49PM +0300, Avi Kivity wrote:
> On 09/11/2009 01:30 AM, Marcelo Tosatti wrote:
>>
>>> We don't need to stop vcpus, just kick them out of guest mode to let
>>> them notice the new data. SRCU does that well.
>>>
>> Two problems:
>>
>> 1. The removal of memslots/aliases and zapping of mmu (to remove any
>> shadow pages with stale sp->gfn) must be atomic from the POV of the
>> pagefault path. Otherwise something like this can happen:
>>
>> fault path set_memory_region
>>
>
> srcu_read_lock()
>
>> walk_addr fetches and validates
>> table_gfns
>> delete memslot
>> synchronize_srcu
>>
>> fetch creates shadow
>>
>
> srcu_read_unlock()
>
>> page with nonexistant sp->gfn
>>
>
> I think synchronize_srcu() will be deferred until the fault path is
> complete (and srcu_read_unlock() runs). Copying someone who knows for
> sure.
Yes, synchronize_srcu() will block until srcu_read_unlock() in this
scenario, assuming that the same srcu_struct is used by both.
>> OR
>>
>> mmu_alloc_roots path set_memory_region
>>
>
> srcu_read_lock()
>
>>
>> delete memslot
>> root_gfn = vcpu->arch.cr3<< PAGE_SHIFT
>> mmu_check_root(root_gfn) synchronize_rcu
>> kvm_mmu_get_page()
>>
>
> srcu_read_unlock()
>
>> kvm_mmu_zap_all
>>
>
> Ditto, srcu_read_lock() protects us.
Yep!
>> Accesses between kvm_mmu_get_page and kvm_mmu_zap_all window can see
>> shadow pages with stale gfn.
>>
>> But, if you still think its worthwhile to use RCU, at least handling
>> gfn_to_memslot / unalias_gfn errors _and_ adding mmu_notifier_retry
>> invalidation to set_memory_region path will be necessary (so that
>> gfn_to_pfn validation, in the fault path, is discarded in case
>> of memslot/alias update).
>
> It really is worthwhile to reuse complex infrastructure instead of writing
> new infrastructure.
Marcelo, in your first example, is your concern that the fault path
needs to detect the memslot deletion? Or that the use of sp->gfn "leaks"
out of the SRCU read-side critical section?
Thanx, Paul
>> 2. Another complication is that memslot creation and kvm_iommu_map_pages
>> are not atomic.
>>
>> create memslot
>> synchronize_srcu
>> <----- vcpu grabs gfn reference without
>> iommu mapping.
>> kvm_iommu_map_pages
>>
>> Which can be solved by changing kvm_iommu_map_pages (and new gfn_to_pfn
>> helper) to use base_gfn,npages,hva information from somewhere else other
>> than visible kvm->memslots (so that when the slot becomes visible its
>> already iommu mapped).
>
> Yes. It can accept a memslots structure instead of deriving it from
> kvm->memslots. Then we do a rcu_assign_pointer() to switch the tables.
>
>> So it appears to me using RCU introduces more complications / subtle
>> details than mutual exclusion here. The new request bit which the
>> original patch introduces is limited to enabling/disabling conditional
>> acquision of slots_lock (calling it a "new locking protocol" is unfair)
>> to improve write acquision latency.
>>
>
> It's true that it is not a new locking protocol. But I feel it is
> worthwhile to try to use rcu for this; at least it will make it easier for
> newcomers (provided they understand rcu).
>
>
> --
> error compiling committee.c: too many arguments to function
>
next prev parent reply other threads:[~2009-09-13 16:26 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-27 1:20 [patch 0/5] unify remote request and kvm_vcpu_kick IPI mechanism Marcelo Tosatti
2009-08-27 1:20 ` [patch 1/5] KVM: move kvm_vcpu_kick to virt/kvm/kvm_main.c Marcelo Tosatti
2009-08-27 1:20 ` [patch 2/5] KVM: reintroduce guest mode bit and unify remote request code Marcelo Tosatti
2009-08-27 8:15 ` Avi Kivity
2009-08-27 12:45 ` Marcelo Tosatti
2009-08-27 13:24 ` Avi Kivity
2009-08-27 14:07 ` Marcelo Tosatti
2009-08-28 7:06 ` Avi Kivity
2009-08-28 7:22 ` Avi Kivity
2009-08-27 8:25 ` Avi Kivity
2009-08-27 12:58 ` Marcelo Tosatti
2009-08-27 1:20 ` [patch 3/5] KVM: switch REQ_TLB_FLUSH/REQ_MMU_RELOAD to kvm_vcpus_request Marcelo Tosatti
2009-08-27 1:20 ` [patch 4/5] KVM: remove make_all_cpus_request Marcelo Tosatti
2009-08-27 1:20 ` [patch 5/5] KVM: x86: drop duplicat kvm_flush_remote_tlbs Marcelo Tosatti
2009-08-27 15:54 ` [RFC] KVM: x86: conditionally acquire/release slots_lock on entry/exit Marcelo Tosatti
2009-08-27 16:27 ` Avi Kivity
2009-08-27 22:59 ` Marcelo Tosatti
2009-08-28 6:50 ` Avi Kivity
2009-09-10 22:30 ` Marcelo Tosatti
2009-09-13 15:42 ` Avi Kivity
2009-09-13 16:26 ` Paul E. McKenney [this message]
2009-09-13 22:49 ` Marcelo Tosatti
2009-09-14 5:03 ` Avi Kivity
2009-09-14 7:17 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090913162652.GF6867@linux.vnet.ibm.com \
--to=paulmck@linux.vnet.ibm.com \
--cc=avi@redhat.com \
--cc=gleb@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).