From: Sean Christopherson <seanjc@google.com>
To: Peter Xu <peterx@redhat.com>
Cc: Shivam Kumar <shivam.kumar1@nutanix.com>,
Marc Zyngier <maz@kernel.org>,
pbonzini@redhat.com, james.morse@arm.com,
borntraeger@linux.ibm.com, david@redhat.com, kvm@vger.kernel.org,
Shaju Abraham <shaju.abraham@nutanix.com>,
Manish Mishra <manish.mishra@nutanix.com>,
Anurag Madnawat <anurag.madnawat@nutanix.com>
Subject: Re: [PATCH v4 1/4] KVM: Implement dirty quota-based throttling of vcpus
Date: Thu, 14 Jul 2022 20:48:04 +0000 [thread overview]
Message-ID: <YtCBBI+rU+UQNm4p@google.com> (raw)
In-Reply-To: <YtBanRozLuP9qoWs@xz-m1.local>
On Thu, Jul 14, 2022, Peter Xu wrote:
> Hi, Shivam,
>
> On Tue, Jul 05, 2022 at 12:51:01PM +0530, Shivam Kumar wrote:
> > Hi, here's a summary of what needs to be changed and what should be kept as
> > it is (purely my opinion based on the discussions we have had so far):
> >
> > i) Moving the dirty quota check to mark_page_dirty_in_slot. Use kvm requests
> > in dirty quota check. I hope that the ceiling-based approach, with proper
> > documentation and an ioctl exposed for resetting 'dirty_quota' and
> > 'pages_dirtied', is good enough. Please post your suggestions if you think
> > otherwise.
>
> An ioctl just for this could be an overkill to me.
>
> Currently you exposes only "quota" to kvm_run, then when vmexit you have
> exit fields contain both "quota" and "count". I always think it's a bit
> redundant.
>
> What I'm thinking is:
>
> (1) Expose both "quota" and "count" in kvm_run, then:
>
> "quota" should only be written by userspace and read by kernel.
> "count" should only be written by kernel and read by the userspace. [*]
>
> [*] One special case is when the userspace found that there's risk of
> quota & count overflow, then the userspace:
>
> - Kick the vcpu out (so the kernel won't write to "count" anymore)
> - Update both "quota" and "count" to safe values
> - Resume the KVM_RUN
>
> (2) When quota reached, we don't need to copy quota/count in vmexit
> fields, since the userspace can read the realtime values in kvm_run.
>
> Would this work?
Technically, yes, practically speaking, no. If KVM doesn't provide the quota
that _KVM_ saw at the time of exit, then there's no sane way to audit KVM exits
due to KVM_EXIT_DIRTY_QUOTA_EXHAUSTED. Providing the quota ensure userspace sees
sane, coherent data if there's a race between KVM checking the quota and userspace
updating the quota. If KVM doesn't provide the quota, then userspace can see an
exit with "count < quota".
Even if userspace is ok with such races, it will be extremely difficult to detect
KVM issues if we mess something up because such behavior would have to be allowed
by KVM's ABI.
> > ii) The change in VMX's handle_invalid_guest_state() remains as it is.
> > iii) For now, we are lazily updating dirty quota, i.e. we are updating it
> > only when the vcpu exits to userspace with the exit reason
> > KVM_EXIT_DIRTY_QUOTA_EXHAUSTED.
>
> At least with above design, IMHO we can update kvm_run.quota in real time
> without kicking vcpu threads (the quota only increases except the reset
> phase for overflow). Or is there any other reason you need to kick vcpu
> out when updating quota?
I'm not convinced overflow is actually possible. IMO the current (v4) patch but
with a REQUEST instead of an in-line check is sufficient.
next prev parent reply other threads:[~2022-07-14 20:48 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-21 20:29 [PATCH v4 0/4] KVM: Dirty quota-based throttling Shivam Kumar
2022-05-21 20:29 ` [PATCH v4 1/4] KVM: Implement dirty quota-based throttling of vcpus Shivam Kumar
2022-05-24 7:11 ` Marc Zyngier
2022-05-26 9:33 ` Shivam Kumar
2022-05-26 13:30 ` Marc Zyngier
2022-05-26 15:44 ` Sean Christopherson
2022-05-26 16:16 ` Marc Zyngier
2022-05-26 17:46 ` Sean Christopherson
2022-05-30 11:05 ` Shivam Kumar
2022-07-05 7:21 ` Shivam Kumar
2022-07-14 18:04 ` Peter Xu
2022-07-14 20:48 ` Sean Christopherson [this message]
2022-07-14 22:19 ` Peter Xu
2022-07-15 16:23 ` Sean Christopherson
2022-07-15 16:56 ` Peter Xu
2022-07-15 17:07 ` Sean Christopherson
2022-07-15 17:26 ` Peter Xu
2022-07-15 22:38 ` Sean Christopherson
2022-05-21 20:29 ` [PATCH v4 2/4] KVM: arm64: Dirty " Shivam Kumar
2022-05-24 7:14 ` Marc Zyngier
2022-05-26 9:16 ` Shivam Kumar
2022-05-26 17:58 ` Sean Christopherson
2022-05-21 20:29 ` [PATCH v4 3/4] KVM: s390x: " Shivam Kumar
2022-05-21 20:29 ` [PATCH v4 4/4] KVM: selftests: Add selftests for dirty quota throttling Shivam Kumar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YtCBBI+rU+UQNm4p@google.com \
--to=seanjc@google.com \
--cc=anurag.madnawat@nutanix.com \
--cc=borntraeger@linux.ibm.com \
--cc=david@redhat.com \
--cc=james.morse@arm.com \
--cc=kvm@vger.kernel.org \
--cc=manish.mishra@nutanix.com \
--cc=maz@kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=shaju.abraham@nutanix.com \
--cc=shivam.kumar1@nutanix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox