From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marcelo Tosatti <mtosatti@redhat.com>
Subject: Re: [PATCH v2] KVM: MMU: Don't use RCU for lockless shadow walking
Date: Fri, 27 Apr 2012 18:49:46 -0300
Message-ID: <20120427214946.GA5762@amt.cnet>
References: <1335260845-16271-1-git-send-email-avi@redhat.com>
 <20120426220000.GA30343@amt.cnet>
 <4F9A37BD.8030700@linux.vnet.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Avi Kivity <avi@redhat.com>, kvm@vger.kernel.org
To: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:1565 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1754460Ab2D0V6e (ORCPT <rfc822;kvm@vger.kernel.org>);
	Fri, 27 Apr 2012 17:58:34 -0400
Content-Disposition: inline
In-Reply-To: <4F9A37BD.8030700@linux.vnet.ibm.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Fri, Apr 27, 2012 at 02:07:57PM +0800, Xiao Guangrong wrote:
> On 04/27/2012 06:00 AM, Marcelo Tosatti wrote:
> 
> 
> >>  static void walk_shadow_page_lockless_end(struct kvm_vcpu *vcpu)
> >>  {
> >> -	/* Decrease the counter after walking shadow page table finished */
> >> -	smp_mb__before_atomic_dec();
> >> -	atomic_dec(&vcpu->kvm->arch.reader_counter);
> >> -	rcu_read_unlock();
> >> +	/*
> >> +	 * Make our reads and writes to shadow page tables globally visible
> >> +	 * before leaving READING_SHADOW_PAGE_TABLES mode.
> >> +	 */
> > 
> > This comment is misleading. Writes to shadow page tables must be
> > performed with locked instructions outside the mmu_lock.
> > 
> 
> 
> You mean that the write should guarantee a correct memory order by itself?

Yes.

> >> +	smp_mb();
> >> +	vcpu->mode = OUTSIDE_GUEST_MODE;
> > 
> > Don't you want 
> > 
> > vcpu->mode = OUTSIDE_GUEST_MODE;
> > smp_mb();
> > 
> 
> 
> It is unsafe i think, it is a problem if spte read / spte update is ordered
> to the behind of vcpu->mode = OUTSIDE_GUEST_MODE, like below:
> 
> VCPU 0                                  VCPU 1
>                                    commit_zapped_page:
> /*
>  * setting vcpu->mode is reordered
>  * to the head of read spte.
>  */
> vcpu->mode = OUTSIDE_GUEST_MODE;
> 
>                                    see VCPU 0 is out-of-guest-mode, IPI is
>                                    not sent, and the sp is free immediately.
> 
> read spte;
>  OOPS!!!
> 
> (It is invalid since spte is freed.)
> 
> smp_mb

Right. In that case a compiler barrier is sufficient (stores are not 
reordered with earlier loads on x86).