From: Oliver Upton <oliver.upton@linux.dev>
To: Anish Moorthy <amoorthy@google.com>
Cc: pbonzini@redhat.com, maz@kernel.org, seanjc@google.com,
jthoughton@google.com, bgardon@google.com, dmatlack@google.com,
ricarkol@google.com, axelrasmussen@google.com, peterx@redhat.com,
kvm@vger.kernel.org, kvmarm@lists.linux.dev
Subject: Re: [PATCH v3 05/22] KVM: Add KVM_CAP_MEMORY_FAULT_INFO
Date: Thu, 1 Jun 2023 19:52:04 +0000 [thread overview]
Message-ID: <ZHj25HsCExz/uCo/@linux.dev> (raw)
In-Reply-To: <20230412213510.1220557-6-amoorthy@google.com>
On Wed, Apr 12, 2023 at 09:34:53PM +0000, Anish Moorthy wrote:
[...]
> +7.34 KVM_CAP_MEMORY_FAULT_INFO
> +------------------------------
> +
> +:Architectures: x86, arm64
> +:Parameters: args[0] - KVM_MEMORY_FAULT_INFO_ENABLE|DISABLE to enable/disable
> + the capability.
> +:Returns: 0 on success, or -EINVAL if unsupported or invalid args[0].
> +
> +When enabled, EFAULTs "returned" by KVM_RUN in response to failed vCPU guest
> +memory accesses may be annotated with additional information. When KVM_RUN
> +returns an error with errno=EFAULT, userspace may check the exit reason: if it
> +is KVM_EXIT_MEMORY_FAULT, userspace is then permitted to read the 'memory_fault'
> +member of the run struct.
So the other angle of my concern w.r.t. NOWAIT exits is the fact that
userspace gets to decide whether or not we annotate such an exit. We all
agree that a NOWAIT exit w/o context isn't actionable, right?
Sean is suggesting that we abuse the fact that kvm_run already contains
junk for EFAULT exits and populate kvm_run::memory_fault unconditionally
[*]. I agree with him, and it eliminates the odd quirk of 'bare' NOWAIT
exits too. Old userspace will still see 'garbage' in kvm_run struct,
but one man's trash is another man's treasure after all :)
So, based on that, could you:
- Unconditionally prepare MEMORY_FAULT exits everywhere you're
converting here
- Redefine KVM_CAP_MEMORY_FAULT_INFO as an informational cap, and do
not accept an attempt to enable it. Instead, have calls to
KVM_CHECK_EXTENSION return a set of flags describing the supported
feature set.
Eventually, you can stuff a bit in there to advertise that all
EFAULTs are reliable.
[*] https://lore.kernel.org/kvmarm/ZHjqkdEOVUiazj5d@google.com/
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index cf7d3de6f3689..f3effc93cbef3 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -1142,6 +1142,7 @@ static struct kvm *kvm_create_vm(unsigned long type, const char *fdname)
> spin_lock_init(&kvm->mn_invalidate_lock);
> rcuwait_init(&kvm->mn_memslots_update_rcuwait);
> xa_init(&kvm->vcpu_array);
> + kvm->fill_efault_info = false;
>
> INIT_LIST_HEAD(&kvm->gpc_list);
> spin_lock_init(&kvm->gpc_lock);
> @@ -4096,6 +4097,8 @@ static long kvm_vcpu_ioctl(struct file *filp,
> put_pid(oldpid);
> }
> r = kvm_arch_vcpu_ioctl_run(vcpu);
> + WARN_ON_ONCE(r == -EFAULT &&
> + vcpu->run->exit_reason != KVM_EXIT_MEMORY_FAULT);
This might be a bit overkill, as it will definitely fire on unsupported
architectures. Instead you may want to condition this on an architecture
actually selecting support for MEMORY_FAULT_INFO.
> trace_kvm_userspace_exit(vcpu->run->exit_reason, r);
> break;
> }
> @@ -4672,6 +4675,15 @@ static int kvm_vm_ioctl_enable_cap_generic(struct kvm *kvm,
>
> return r;
> }
> + case KVM_CAP_MEMORY_FAULT_INFO: {
> + if (!kvm_vm_ioctl_check_extension_generic(kvm, cap->cap)
> + || (cap->args[0] != KVM_MEMORY_FAULT_INFO_ENABLE
> + && cap->args[0] != KVM_MEMORY_FAULT_INFO_DISABLE)) {
> + return -EINVAL;
> + }
> + kvm->fill_efault_info = cap->args[0] == KVM_MEMORY_FAULT_INFO_ENABLE;
> + return 0;
> + }
> default:
> return kvm_vm_ioctl_enable_cap(kvm, cap);
> }
> @@ -6173,3 +6185,35 @@ int kvm_vm_create_worker_thread(struct kvm *kvm, kvm_vm_thread_fn_t thread_fn,
>
> return init_context.err;
> }
> +
> +inline void kvm_populate_efault_info(struct kvm_vcpu *vcpu,
> + uint64_t gpa, uint64_t len)
> +{
> + if (!vcpu->kvm->fill_efault_info)
> + return;
> +
> + preempt_disable();
> + /*
> + * Ensure the this vCPU isn't modifying another vCPU's run struct, which
> + * would open the door for races between concurrent calls to this
> + * function.
> + */
> + if (WARN_ON_ONCE(vcpu != __this_cpu_read(kvm_running_vcpu)))
> + goto out;
> + /*
> + * Try not to overwrite an already-populated run struct.
> + * This isn't a perfect solution, as there's no guarantee that the exit
> + * reason is set before the run struct is populated, but it should prevent
> + * at least some bugs.
> + */
> + else if (WARN_ON_ONCE(vcpu->run->exit_reason != KVM_EXIT_UNKNOWN))
> + goto out;
> +
> + vcpu->run->exit_reason = KVM_EXIT_MEMORY_FAULT;
> + vcpu->run->memory_fault.gpa = gpa;
> + vcpu->run->memory_fault.len = len;
> + vcpu->run->memory_fault.flags = 0;
> +
> +out:
> + preempt_enable();
> +}
> --
> 2.40.0.577.gac1e443424-goog
>
--
Thanks,
Oliver
next prev parent reply other threads:[~2023-06-01 19:52 UTC|newest]
Thread overview: 103+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-12 21:34 [PATCH v3 00/22] Improve scalability of KVM + userfaultfd live migration via annotated memory faults Anish Moorthy
2023-04-12 21:34 ` [PATCH v3 01/22] KVM: selftests: Allow many vCPUs and reader threads per UFFD in demand paging test Anish Moorthy
2023-04-19 13:51 ` Hoo Robert
2023-04-20 17:55 ` Anish Moorthy
2023-04-21 12:15 ` Robert Hoo
2023-04-21 16:21 ` Anish Moorthy
2023-04-12 21:34 ` [PATCH v3 02/22] KVM: selftests: Use EPOLL in userfaultfd_util reader threads and signal errors via TEST_ASSERT Anish Moorthy
2023-04-19 13:36 ` Hoo Robert
2023-04-19 23:26 ` Anish Moorthy
2023-04-12 21:34 ` [PATCH v3 03/22] KVM: Allow hva_pfn_fast() to resolve read-only faults Anish Moorthy
2023-04-12 21:34 ` [PATCH v3 04/22] KVM: x86: Set vCPU exit reason to KVM_EXIT_UNKNOWN at the start of KVM_RUN Anish Moorthy
2023-05-02 17:17 ` Anish Moorthy
2023-05-02 18:51 ` Sean Christopherson
2023-05-02 19:49 ` Anish Moorthy
2023-05-02 20:41 ` Sean Christopherson
2023-05-02 21:46 ` Anish Moorthy
2023-05-02 22:31 ` Sean Christopherson
2023-04-12 21:34 ` [PATCH v3 05/22] KVM: Add KVM_CAP_MEMORY_FAULT_INFO Anish Moorthy
2023-04-19 13:57 ` Hoo Robert
2023-04-20 18:09 ` Anish Moorthy
2023-04-21 12:28 ` Robert Hoo
2023-06-01 19:52 ` Oliver Upton [this message]
2023-06-01 20:30 ` Anish Moorthy
2023-06-01 21:29 ` Oliver Upton
2023-07-04 10:10 ` Kautuk Consul
2023-04-12 21:34 ` [PATCH v3 06/22] KVM: Add docstrings to __kvm_write_guest_page() and __kvm_read_guest_page() Anish Moorthy
2023-04-12 21:34 ` [PATCH v3 07/22] KVM: Annotate -EFAULTs from kvm_vcpu_write_guest_page() Anish Moorthy
2023-04-20 20:52 ` Peter Xu
2023-04-20 23:29 ` Anish Moorthy
2023-04-21 15:00 ` Peter Xu
2023-04-12 21:34 ` [PATCH v3 08/22] KVM: Annotate -EFAULTs from kvm_vcpu_read_guest_page() Anish Moorthy
2023-04-12 21:34 ` [PATCH v3 09/22] KVM: Annotate -EFAULTs from kvm_vcpu_map() Anish Moorthy
2023-04-20 20:53 ` Peter Xu
2023-04-20 23:34 ` Anish Moorthy
2023-04-21 14:58 ` Peter Xu
2023-04-12 21:34 ` [PATCH v3 10/22] KVM: x86: Annotate -EFAULTs from kvm_mmu_page_fault() Anish Moorthy
2023-04-12 21:34 ` [PATCH v3 11/22] KVM: x86: Annotate -EFAULTs from setup_vmgexit_scratch() Anish Moorthy
2023-04-12 21:35 ` [PATCH v3 12/22] KVM: x86: Annotate -EFAULTs from kvm_handle_page_fault() Anish Moorthy
2023-04-12 21:35 ` [PATCH v3 13/22] KVM: x86: Annotate -EFAULTs from kvm_hv_get_assist_page() Anish Moorthy
2023-04-12 21:35 ` [PATCH v3 14/22] KVM: x86: Annotate -EFAULTs from kvm_pv_clock_pairing() Anish Moorthy
2023-04-12 21:35 ` [PATCH v3 15/22] KVM: x86: Annotate -EFAULTs from direct_map() Anish Moorthy
2023-04-12 21:35 ` [PATCH v3 16/22] KVM: x86: Annotate -EFAULTs from kvm_handle_error_pfn() Anish Moorthy
2023-04-12 21:35 ` [PATCH v3 17/22] KVM: Introduce KVM_CAP_ABSENT_MAPPING_FAULT without implementation Anish Moorthy
2023-04-19 14:00 ` Hoo Robert
2023-04-20 18:23 ` Anish Moorthy
2023-04-24 21:02 ` Sean Christopherson
2023-06-01 16:04 ` Oliver Upton
2023-06-01 18:19 ` Oliver Upton
2023-06-01 18:59 ` Sean Christopherson
2023-06-01 19:29 ` Oliver Upton
2023-06-01 19:34 ` Sean Christopherson
2023-04-12 21:35 ` [PATCH v3 18/22] KVM: x86: Implement KVM_CAP_ABSENT_MAPPING_FAULT Anish Moorthy
2023-04-12 21:35 ` [PATCH v3 19/22] KVM: arm64: Annotate (some) -EFAULTs from user_mem_abort() Anish Moorthy
2023-04-12 21:35 ` [PATCH v3 20/22] KVM: arm64: Implement KVM_CAP_ABSENT_MAPPING_FAULT Anish Moorthy
2023-04-12 21:35 ` [PATCH v3 21/22] KVM: selftests: Add memslot_flags parameter to memstress_create_vm() Anish Moorthy
2023-04-12 21:35 ` [PATCH v3 22/22] KVM: selftests: Handle memory fault exits in demand_paging_test Anish Moorthy
2023-04-19 14:09 ` Hoo Robert
2023-04-19 16:40 ` Anish Moorthy
2023-04-20 22:47 ` Anish Moorthy
2023-04-27 15:48 ` James Houghton
2023-05-01 18:01 ` Anish Moorthy
2023-04-19 19:55 ` [PATCH v3 00/22] Improve scalability of KVM + userfaultfd live migration via annotated memory faults Peter Xu
2023-04-19 20:15 ` Axel Rasmussen
2023-04-19 21:05 ` Peter Xu
[not found] ` <CAF7b7mo68VLNp=QynfT7QKgdq=d1YYGv1SEVEDxF9UwHzF6YDw@mail.gmail.com>
2023-04-20 21:29 ` Peter Xu
2023-04-21 16:58 ` Anish Moorthy
2023-04-21 17:39 ` Nadav Amit
2023-04-24 17:54 ` Anish Moorthy
2023-04-24 19:44 ` Nadav Amit
2023-04-24 20:35 ` Sean Christopherson
2023-04-24 23:47 ` Nadav Amit
2023-04-25 0:26 ` Sean Christopherson
2023-04-25 0:37 ` Nadav Amit
2023-04-25 0:15 ` Anish Moorthy
2023-04-25 0:54 ` Nadav Amit
2023-04-27 16:38 ` James Houghton
2023-04-27 20:26 ` Peter Xu
2023-05-03 19:45 ` Anish Moorthy
2023-05-03 20:09 ` Sean Christopherson
[not found] ` <ZFLPlRReglM/Vgfu@x1n>
2023-05-03 21:27 ` Peter Xu
2023-05-03 21:42 ` Sean Christopherson
2023-05-03 23:45 ` Peter Xu
2023-05-04 19:09 ` Peter Xu
2023-05-05 18:32 ` Anish Moorthy
2023-05-08 1:23 ` Peter Xu
2023-05-09 20:52 ` Anish Moorthy
2023-05-10 21:50 ` Peter Xu
2023-05-11 17:17 ` David Matlack
2023-05-11 17:33 ` Axel Rasmussen
2023-05-11 19:05 ` David Matlack
2023-05-11 19:45 ` Axel Rasmussen
2023-05-15 15:16 ` Peter Xu
2023-05-15 15:05 ` Peter Xu
2023-05-15 17:16 ` Anish Moorthy
2023-05-05 20:05 ` Nadav Amit
2023-05-08 1:12 ` Peter Xu
2023-04-20 23:42 ` Anish Moorthy
2023-05-09 22:19 ` David Matlack
2023-05-10 16:35 ` Anish Moorthy
2023-05-10 22:35 ` Sean Christopherson
2023-05-10 23:44 ` Anish Moorthy
2023-05-23 17:49 ` Anish Moorthy
2023-06-01 22:43 ` Oliver Upton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZHj25HsCExz/uCo/@linux.dev \
--to=oliver.upton@linux.dev \
--cc=amoorthy@google.com \
--cc=axelrasmussen@google.com \
--cc=bgardon@google.com \
--cc=dmatlack@google.com \
--cc=jthoughton@google.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=maz@kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=ricarkol@google.com \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox