All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Maciej S. Szmigiero" <maciej.szmigiero@oracle.com>
To: Ben Gardon <bgardon@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	Sean Christopherson <seanjc@google.com>,
	Peter Shier <pshier@google.com>, Leo Hou <leohou1402@gmail.com>,
	LKML <linux-kernel@vger.kernel.org>, kvm <kvm@vger.kernel.org>
Subject: Re: [PATCH v2 1/2] KVM: x86/mmu: Ensure TDP MMU roots are freed after yield
Date: Wed, 6 Jan 2021 23:13:51 +0100	[thread overview]
Message-ID: <386f6b9e-2590-71b2-196e-1f692460ef80@oracle.com> (raw)
In-Reply-To: <CANgfPd9g3R7Am=EVf+5o0_WFabqQKjmW0t3mtEHe1rOccLFpTg@mail.gmail.com>

On 06.01.2021 20:03, Ben Gardon wrote:
> On Wed, Jan 6, 2021 at 10:59 AM Ben Gardon <bgardon@google.com> wrote:
>>
>> Many TDP MMU functions which need to perform some action on all TDP MMU
>> roots hold a reference on that root so that they can safely drop the MMU
>> lock in order to yield to other threads. However, when releasing the
>> reference on the root, there is a bug: the root will not be freed even
>> if its reference count (root_count) is reduced to 0.
>>
>> To simplify acquiring and releasing references on TDP MMU root pages, and
>> to ensure that these roots are properly freed, move the get/put operations
>> into the TDP MMU root iterator macro. Not all functions which use the macro
>> currently get and put a reference to the root, but adding this behavior is
>> harmless.
>>
>> Moving the get/put operations into the iterator macro also helps
>> simplify control flow when a root does need to be freed. Note that using
>> the list_for_each_entry_unsafe macro would not have been appropriate in
>> this situation because it could keep a reference to the next root across
>> an MMU lock release + reacquire.
>>
>> Reported-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com>
>> Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
>> Fixes: faaf05b00aec ("kvm: x86/mmu: Support zapping SPTEs in the TDP MMU")
>> Fixes: 063afacd8730 ("kvm: x86/mmu: Support invalidate range MMU notifier for TDP MMU")
>> Fixes: a6a0b05da9f3 ("kvm: x86/mmu: Support dirty logging for the TDP MMU")
>> Fixes: 14881998566d ("kvm: x86/mmu: Support disabling dirty logging for the tdp MMU")
>> Signed-off-by: Ben Gardon <bgardon@google.com>
>> ---
(..)
> I tested v2 with Maciej's test
> (https://urldefense.com/v3/__https://gist.github.com/maciejsszmigiero/890218151c242d99f63ea0825334c6c0__;!!GqivPVa7Brio!NUh8Xbu1YkhSf49HvbyhI-svvPmJXWj9KECqaEd7ZJMKPdz-HdND1sKduH2VpwasEN8Gpg$ ,
> near the bottom of the page) on an Intel Skylake Machine and can
> confirm that v1 failed the test but v2 passes. The problem with v1 was
> that roots were being removed from the list before list_next_entry was
> called, resulting in a bad value.
> 

I've tested the fix now and can confirm, too, that I can no longer
observe any crash.

Thanks,
Maciej

  reply	other threads:[~2021-01-06 22:16 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-06 18:59 [PATCH v2 1/2] KVM: x86/mmu: Ensure TDP MMU roots are freed after yield Ben Gardon
2021-01-06 18:59 ` [PATCH v2 2/2] KVM: x86/mmu: Clarify TDP MMU page list invariants Ben Gardon
2021-01-06 19:03 ` [PATCH v2 1/2] KVM: x86/mmu: Ensure TDP MMU roots are freed after yield Ben Gardon
2021-01-06 22:13   ` Maciej S. Szmigiero [this message]
2021-01-06 21:29 ` Sean Christopherson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=386f6b9e-2590-71b2-196e-1f692460ef80@oracle.com \
    --to=maciej.szmigiero@oracle.com \
    --cc=bgardon@google.com \
    --cc=kvm@vger.kernel.org \
    --cc=leohou1402@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    --cc=pshier@google.com \
    --cc=seanjc@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.