From: Sean Christopherson <seanjc@google.com>
To: Vipin Sharma <vipinsh@google.com>
Cc: pbonzini@redhat.com, dmatlack@google.com, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/2] KVM: x86/mmu: Recover NX Huge pages belonging to TDP MMU under MMU read lock
Date: Fri, 16 Aug 2024 16:38:05 -0700 [thread overview]
Message-ID: <Zr_i3caXmIZgQL0t@google.com> (raw)
In-Reply-To: <20240812171341.1763297-3-vipinsh@google.com>
On Mon, Aug 12, 2024, Vipin Sharma wrote:
> @@ -1807,7 +1822,7 @@ ulong kvm_tdp_mmu_recover_nx_huge_pages(struct kvm *kvm, ulong to_zap)
> struct kvm_mmu_page *sp;
> bool flush = false;
>
> - lockdep_assert_held_write(&kvm->mmu_lock);
> + lockdep_assert_held_read(&kvm->mmu_lock);
> /*
> * Zapping TDP MMU shadow pages, including the remote TLB flush, must
> * be done under RCU protection, because the pages are freed via RCU
> @@ -1821,7 +1836,6 @@ ulong kvm_tdp_mmu_recover_nx_huge_pages(struct kvm *kvm, ulong to_zap)
> if (!sp)
> break;
>
> - WARN_ON_ONCE(!sp->nx_huge_page_disallowed);
> WARN_ON_ONCE(!sp->role.direct);
>
> /*
> @@ -1831,12 +1845,17 @@ ulong kvm_tdp_mmu_recover_nx_huge_pages(struct kvm *kvm, ulong to_zap)
> * recovered, along with all the other huge pages in the slot,
> * when dirty logging is disabled.
> */
> - if (kvm_mmu_sp_dirty_logging_enabled(kvm, sp))
> + if (kvm_mmu_sp_dirty_logging_enabled(kvm, sp)) {
> + spin_lock(&kvm->arch.tdp_mmu_pages_lock);
> unaccount_nx_huge_page(kvm, sp);
> - else
> - flush |= kvm_tdp_mmu_zap_sp(kvm, sp);
> -
> - WARN_ON_ONCE(sp->nx_huge_page_disallowed);
> + spin_unlock(&kvm->arch.tdp_mmu_pages_lock);
> + to_zap--;
> + WARN_ON_ONCE(sp->nx_huge_page_disallowed);
> + } else if (tdp_mmu_zap_sp(kvm, sp)) {
> + flush = true;
> + to_zap--;
This is actively dangerous. In the old code, tdp_mmu_zap_sp() could fail only
in a WARN-able scenario, i.e. practice was guaranteed to succeed. And, the
for-loop *always* decremented to_zap, i.e. couldn't get stuck in an infinite
loop.
Neither of those protections exist in this version. Obviously it shouldn't happen,
but it's possible this could flail on the same SP over and over, since nothing
guarnatees forward progress. The cond_resched() would save KVM from true pain,
but it's still a wart in the implementation.
Rather than loop on to_zap, just do
list_for_each_entry(...) {
if (!to_zap)
break;
}
And if we don't use separate lists, that'll be an improvement too, as it KVM
will only have to skip "wrong" shadow pages once, whereas this approach means
every iteration of the loop has to walk past the "wrong" shadow pages.
But I'd still prefer to use separate lists.
next prev parent reply other threads:[~2024-08-16 23:38 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-12 17:13 [PATCH 0/2] KVM: x86/mmu: Run NX huge page recovery under MMU read lock Vipin Sharma
2024-08-12 17:13 ` [PATCH 1/2] KVM: x86/mmu: Split NX hugepage recovery flow into TDP and non-TDP flow Vipin Sharma
2024-08-16 23:29 ` Sean Christopherson
2024-08-19 17:20 ` Vipin Sharma
2024-08-19 17:28 ` David Matlack
2024-08-19 18:31 ` Sean Christopherson
2024-08-19 21:57 ` Vipin Sharma
2024-08-12 17:13 ` [PATCH 2/2] KVM: x86/mmu: Recover NX Huge pages belonging to TDP MMU under MMU read lock Vipin Sharma
2024-08-14 9:33 ` kernel test robot
2024-08-14 18:23 ` Vipin Sharma
2024-08-14 22:50 ` kernel test robot
2024-08-15 16:42 ` Vipin Sharma
2024-08-16 23:38 ` Sean Christopherson [this message]
2024-08-19 17:34 ` Vipin Sharma
2024-08-19 22:12 ` Sean Christopherson
2024-08-23 22:38 ` Vipin Sharma
2024-08-26 14:34 ` Sean Christopherson
2024-08-26 19:24 ` Vipin Sharma
2024-08-26 19:51 ` Sean Christopherson
2024-08-19 22:19 ` Sean Christopherson
2024-08-23 19:27 ` Vipin Sharma
2024-08-23 20:45 ` Sean Christopherson
2024-08-23 21:41 ` Vipin Sharma
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zr_i3caXmIZgQL0t@google.com \
--to=seanjc@google.com \
--cc=dmatlack@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=vipinsh@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).