From: Sean Christopherson <seanjc@google.com>
To: Yury Norov <yury.norov@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, Zheyun Shen <szy0127@sjtu.edu.cn>
Subject: Re: [PATCH 2/2] KVM: SVM: drop useless cpumask_test_cpu() in pre_sev_run()
Date: Mon, 11 Aug 2025 13:45:46 -0700 [thread overview]
Message-ID: <aJpWet3USvXLWYEZ@google.com> (raw)
In-Reply-To: <20250811203041.61622-3-yury.norov@gmail.com>
On Mon, Aug 11, 2025, Yury Norov wrote:
> Testing cpumask for a CPU to be cleared just before setting the exact
> same CPU is useless because the end result is always the same: CPU is
> set.
No, it is not useless. Blindly writing to the variable will unnecessarily bounce
the cacheline, and this is a hot path.
> While there, switch CPU setter to a non-atomic version. Atomicity is
> useless here
No, atomicity isn't useless here either. Dropping atomicity could result in
CPU's bit being lost. I.e. the atomic accesses aren't for the benefit of
smp_call_function_many_cond(), the writes are atomic so that multiple vCPUs can
concurrently update the mask without needing additional protection.
> because sev_writeback_caches() ends up with a plain
> for_each_cpu() loop in smp_call_function_many_cond(), which is not
> atomic by nature.
That's fine. As noted in sev_writeback_caches(), if vCPU could be running, then
the caller is responsible for ensuring that all vCPUs flush caches before the
memory being reclaimed is fully freed. Those guarantees are provided by KVM's
MMU.
sev_writeback_caches() => smp_call_function_many_cond() could hit false positives,
i.e. trigger WBINVD on CPUs that couldn't possibly have accessed the memory being
reclaimed, but such false positives are functionally benign, and are "intended"
in the sense that we chose to prioritize simplicity over precision.
> Fixes: 6f38f8c57464 ("KVM: SVM: Flush cache only on CPUs running SEV guest")
> Signed-off-by: Yury Norov <yury.norov@gmail.com>
> ---
> arch/x86/kvm/svm/sev.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 49d7557de8bc..8170674d39c1 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -3498,8 +3498,7 @@ int pre_sev_run(struct vcpu_svm *svm, int cpu)
> * have encrypted, dirty data in the cache, and flush caches only for
> * CPUs that have entered the guest.
> */
> - if (!cpumask_test_cpu(cpu, to_kvm_sev_info(kvm)->have_run_cpus))
> - cpumask_set_cpu(cpu, to_kvm_sev_info(kvm)->have_run_cpus);
> + __cpumask_set_cpu(cpu, to_kvm_sev_info(kvm)->have_run_cpus);
>
> /* Assign the asid allocated with this SEV guest */
> svm->asid = asid;
> --
> 2.43.0
>
next prev parent reply other threads:[~2025-08-11 20:45 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-11 20:30 [PATCH 0/2] KVM: SVM: fixes for SEV Yury Norov
2025-08-11 20:30 ` [PATCH 1/2] KVM: SVM: don't check have_run_cpus in sev_writeback_caches() Yury Norov
2025-08-11 20:50 ` Sean Christopherson
2025-08-11 21:05 ` Yury Norov
2025-08-11 21:21 ` Sean Christopherson
2025-08-11 21:31 ` Yury Norov
2025-08-11 20:30 ` [PATCH 2/2] KVM: SVM: drop useless cpumask_test_cpu() in pre_sev_run() Yury Norov
2025-08-11 20:45 ` Sean Christopherson [this message]
2025-08-11 21:28 ` Yury Norov
2025-08-11 22:04 ` Sean Christopherson
2025-08-14 0:42 ` Yury Norov
2025-08-19 23:11 ` [PATCH 0/2] KVM: SVM: fixes for SEV Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aJpWet3USvXLWYEZ@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=szy0127@sjtu.edu.cn \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=yury.norov@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).