From: Sean Christopherson <seanjc@google.com>
To: Zhi Wang <zhi.wang.linux@gmail.com>
Cc: isaku.yamahata@intel.com, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, isaku.yamahata@gmail.com,
Paolo Bonzini <pbonzini@redhat.com>,
erdemaktas@google.com, Sagi Shahar <sagis@google.com>,
David Matlack <dmatlack@google.com>,
Kai Huang <kai.huang@intel.com>,
chen.bo@intel.com, linux-coco@lists.linux.dev,
Chao Peng <chao.p.peng@linux.intel.com>,
Ackerley Tng <ackerleytng@google.com>,
Vishal Annapurve <vannapurve@google.com>,
Michael Roth <michael.roth@amd.com>,
Yuan Yao <yuan.yao@linux.intel.com>
Subject: Re: [RFC PATCH v3 08/11] KVM: Fix set_mem_attr ioctl when error case
Date: Fri, 14 Jul 2023 22:35:51 +0000 [thread overview]
Message-ID: <ZLHNx5jDjla2+4b0@google.com> (raw)
In-Reply-To: <20230714115715.000026fe.zhi.wang.linux@gmail.com>
On Fri, Jul 14, 2023, Zhi Wang wrote:
> On Thu, 13 Jul 2023 15:03:54 -0700
> Sean Christopherson <seanjc@google.com> wrote:
> > + /*
> > + * Reserve memory ahead of time to avoid having to deal with failures
> > + * partway through setting the new attributes.
> > + */
> > + for (i = start; i < end; i++) {
> > + r = xa_reserve(&kvm->mem_attr_array, i, GFP_KERNEL_ACCOUNT);
> > + if (r)
> > + goto out_unlock;
> > + }
> > +
> > KVM_MMU_LOCK(kvm);
> > kvm_mmu_invalidate_begin(kvm);
> > kvm_mmu_invalidate_range_add(kvm, start, end);
> > KVM_MMU_UNLOCK(kvm);
> >
> > for (i = start; i < end; i++) {
> > - if (xa_err(xa_store(&kvm->mem_attr_array, i, entry,
> > - GFP_KERNEL_ACCOUNT)))
> > + r = xa_err(xa_store(&kvm->mem_attr_array, i, entry,
> > + GFP_KERNEL_ACCOUNT));
> > + if (KVM_BUG_ON(r, kvm))
> > break;
> > }
> >
>
> IIUC, If an error happenes here, we should bail out and call xa_release()?
> Or the code below (which is not shown here) still changes the memory attrs
> partially.
I'm pretty sure we want to continue on. The VM is dead (killed by KVM_BUG_ON()),
so the attributes as seen by userspace and/or the VM don't matter. What does
matter is that KVM's internal state is consistent, e.g. that KVM doesn't have
shared SPTEs while the attributes say a GFN is private. That might not matter
for teardown, but I can't think of any reason not to tidy up.
And there can also be other ioctls() in flight. KVM_REQ_VM_DEAD ensures vCPU
can't enter the guest, and vm->vm_dead ensures no new ioctls() cant start, but
neither of those guarantees there aren't other tasks doing KVM things.
Regardless, we definitely don't need to do xa_release(). The VM is dead and all
its memory will be reclaimed soon enough. And there's no guarantee xa_release()
will actually be able to free anything, e.g. already processed entries won't be
freed, nor will any entries that existed _before_ the ioctl() was invoked. Not
to mention that the xarray probably isn't consuming much memory, relatively
speaking. I.e. in the majority of scenarios, it's likely preferable to get out
and destroy the VM asap.
next prev parent reply other threads:[~2023-07-14 22:35 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-28 22:42 [RFC PATCH v3 00/11] KVM: guest memory: Misc enhacnement isaku.yamahata
2023-06-28 22:43 ` [RFC PATCH v3 01/11] KVM: selftests: Fix test_add_overlapping_private_memory_regions() isaku.yamahata
2023-06-28 22:43 ` [RFC PATCH v3 02/11] KVM: selftests: Fix guest_memfd() isaku.yamahata
2023-06-28 22:43 ` [RFC PATCH v3 03/11] KVM: selftests: x86: typo in private_mem_conversions_test.c isaku.yamahata
2023-06-28 22:43 ` [RFC PATCH v3 04/11] KVM: x86: Add is_vm_type_supported callback isaku.yamahata
2023-06-28 22:43 ` [RFC PATCH v3 05/11] KVM: x86/mmu: Pass around full 64-bit error code for the KVM page fault isaku.yamahata
2023-06-28 22:43 ` [RFC PATCH v3 06/11] KVM: x86: Introduce PFERR_GUEST_ENC_MASK to indicate fault is private isaku.yamahata
2023-06-28 22:43 ` [RFC PATCH v3 07/11] KVM: x86: Export the kvm_zap_gfn_range() for the SNP use isaku.yamahata
2023-06-28 22:43 ` [RFC PATCH v3 08/11] KVM: Fix set_mem_attr ioctl when error case isaku.yamahata
2023-07-13 22:03 ` Sean Christopherson
2023-07-14 8:57 ` Zhi Wang
2023-07-14 22:35 ` Sean Christopherson [this message]
2023-06-28 22:43 ` [RFC PATCH v3 09/11] KVM: Add new members to struct kvm_gfn_range to operate on isaku.yamahata
2023-07-13 22:10 ` Sean Christopherson
2023-07-15 4:30 ` Yu Zhao
2023-06-28 22:43 ` [RFC PATCH v3 10/11] KVM: x86: Add gmem hook for initializing private memory isaku.yamahata
2023-06-28 22:43 ` [RFC PATCH v3 11/11] KVM: x86: Add gmem hook for invalidating " isaku.yamahata
2023-07-19 14:20 ` [RFC PATCH v3 00/11] KVM: guest memory: Misc enhacnement Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZLHNx5jDjla2+4b0@google.com \
--to=seanjc@google.com \
--cc=ackerleytng@google.com \
--cc=chao.p.peng@linux.intel.com \
--cc=chen.bo@intel.com \
--cc=dmatlack@google.com \
--cc=erdemaktas@google.com \
--cc=isaku.yamahata@gmail.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=pbonzini@redhat.com \
--cc=sagis@google.com \
--cc=vannapurve@google.com \
--cc=yuan.yao@linux.intel.com \
--cc=zhi.wang.linux@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).