From: Sean Christopherson <seanjc@google.com>
To: Anish Moorthy <amoorthy@google.com>
Cc: Oliver Upton <oliver.upton@linux.dev>,
Marc Zyngier <maz@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
James Houghton <jthoughton@google.com>,
Ben Gardon <bgardon@google.com>,
David Matlack <dmatlack@google.com>,
Ricardo Koller <ricarkol@google.com>,
Chao Peng <chao.p.peng@linux.intel.com>,
Axel Rasmussen <axelrasmussen@google.com>,
kvm@vger.kernel.org, kvmarm@lists.linux.dev, peterx@redhat.com
Subject: Re: [PATCH 5/8] kvm: Add cap/kvm_run field for memory fault exits
Date: Fri, 17 Feb 2023 12:33:04 -0800 [thread overview]
Message-ID: <Y+/kgMxQPOswAz/2@google.com> (raw)
In-Reply-To: <CAF7b7mqeXcHdFHewX3enn-vxf6y7CUWjXjB3TXithZ_PnzVLQQ@mail.gmail.com>
On Fri, Feb 17, 2023, Anish Moorthy wrote:
> On Thu, Feb 16, 2023 at 10:53 AM Anish Moorthy <amoorthy@google.com> wrote:
> >
> > On Wed, Feb 15, 2023 at 12:59 AM Oliver Upton <oliver.upton@linux.dev> wrote:
> > >
> > > How is userspace expected to differentiate the gup_fast() failed exit
> > > from the guest-private memory exit?
Sorry, missed this comment first time around. I don't see any reason why userspace
needs to uniquely identify the gup_fast() case. Similar to page faults from
hardware, KVM should describe the access in sufficient detail so that userspace
can resolve the issue, whatever that may be, but KVM should make any assumptions
about _why_ the failure occurred.
gup_fast() failing in itself isn't interesting. The _intended_ behavior is that
KVM will exit if and only if the guest accesses a valid page that hasn't yet been
transfered from the source, but the _actual_ behavior is that KVM will exit if
the page isn't faulted in for _any_ reason. Even tagging the access NOWAIT is
speculative to some degree, as that suggests the access may have succeeded if
KVM "waited", which may or may not be true.
E.g. see the virtiofs trunctionation use case that planted the original seed for
this approach: https://lore.kernel.org/kvm/20201005161620.GC11938@linux.intel.com.
> > > I don't think flags are a good idea for this, as it comes with the
> > > illusion that both events can happen on a single exit. In reality, these
> > > are mutually exclusive.
They aren't mutually exclusive. Obviously KVM will only detect one other the
other, but it's entirely possible that a guest could be accessing the "wrong"
flavor of a page _and_ for that flavor to not be faulted in. A smart userspace
should see that (a) it needs to change the memory attributes and (b) that it
needs to demand the to-be-installed page from the source.
> > > A fault type/code would be better here, with the option to add flags at
> > > a later date that could be used to further describe the exit (if
> > > needed).
> >
> > Agreed.
Not agreed :-)
> > + struct {
> > + __u32 fault_code;
> > + __u64 reserved;
> > + __u64 gpa;
> > + __u64 size;
> > + } memory_fault;
> >
> > The "reserved" field is meant to be the placeholder for a future "flags" field.
> > Let me know if there's a better/more conventional way to achieve this.
>
> On Thu, Feb 16, 2023 at 10:53 AM Anish Moorthy <amoorthy@google.com> wrote:
> >
> > 1. As Oliver touches on earlier, we'll probably want to use this same field for
> > different classes of memory fault in the future (such as the ones which Chao
> > is introducing in [1]): so it does make sense to add "code" and "flags"
> > fields which can be used to communicate more information to the user (and
> > which can just be set to MEM_FAULT_NOWAIT/0 in this series).
>
> Let me walk back my responses here: I took a closer look at Chao's series, and
> it doesn't seem that I should be trying to share KVM_EXIT_MEMORY_FAULT with it
> in the first place. As far as I can understand (not that much, to be clear :)
> we're signaling unrelated things, so it makes more sense to use different exits
> (ie, rename mine to KVM_EXIT_MEMORY_FAULT_NOWAIT). That would prevent any
> potential confusion about mutual exclusivity.
Hard "no" on a separate exit reason unless someone comes up with a very compelling
argument.
Chao's UPM series is not yet merged, i.e. is not set in stone. If the proposed
functionality in Chao's series is lacking and/or will conflict with this UFFD,
then we can and should address those issues _before_ it gets merged.
next prev parent reply other threads:[~2023-02-17 20:33 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-15 1:16 [PATCH 0/8] Add memory fault exits to avoid slow GUP Anish Moorthy
2023-02-15 1:16 ` [PATCH 1/8] selftests/kvm: Fix bug in how demand_paging_test calculates paging rate Anish Moorthy
2023-02-15 7:27 ` Oliver Upton
2023-02-15 16:44 ` Sean Christopherson
2023-02-15 18:05 ` Anish Moorthy
2023-02-15 1:16 ` [PATCH 2/8] selftests/kvm: Allow many vcpus per UFFD in demand paging test Anish Moorthy
2023-02-15 1:16 ` [PATCH 3/8] selftests/kvm: Switch demand paging uffd readers to epoll Anish Moorthy
2023-02-15 1:16 ` [PATCH 4/8] kvm: Allow hva_pfn_fast to resolve read-only faults Anish Moorthy
2023-02-15 9:01 ` Oliver Upton
2023-02-15 17:03 ` Sean Christopherson
2023-02-15 18:19 ` Anish Moorthy
2023-02-15 1:16 ` [PATCH 5/8] kvm: Add cap/kvm_run field for memory fault exits Anish Moorthy
2023-02-15 8:41 ` Marc Zyngier
2023-02-15 17:07 ` Sean Christopherson
2023-02-16 18:53 ` Anish Moorthy
2023-02-16 21:38 ` Sean Christopherson
2023-02-17 19:14 ` Anish Moorthy
2023-02-17 20:33 ` Sean Christopherson [this message]
2023-02-23 1:16 ` Anish Moorthy
2023-02-23 20:55 ` Sean Christopherson
2023-02-23 23:03 ` Anish Moorthy
2023-02-24 0:01 ` Sean Christopherson
2023-02-17 20:47 ` Sean Christopherson
2023-02-15 8:59 ` Oliver Upton
2023-02-15 1:16 ` [PATCH 6/8] kvm/x86: Add mem fault exit on EPT violations Anish Moorthy
2023-02-15 17:23 ` Sean Christopherson
2023-02-16 22:55 ` Peter Xu
2023-02-23 0:35 ` Anish Moorthy
2023-02-23 20:11 ` Sean Christopherson
2023-02-15 1:16 ` [PATCH 7/8] kvm/arm64: Implement KVM_CAP_MEM_FAULT_NOWAIT for arm64 Anish Moorthy
2023-02-15 18:24 ` Oliver Upton
2023-02-15 23:28 ` Anish Moorthy
2023-02-15 23:37 ` Oliver Upton
2023-02-15 1:16 ` [PATCH 8/8] selftests/kvm: Handle mem fault exits in demand paging test Anish Moorthy
2023-02-15 1:46 ` [PATCH 0/8] Add memory fault exits to avoid slow GUP James Houghton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y+/kgMxQPOswAz/2@google.com \
--to=seanjc@google.com \
--cc=amoorthy@google.com \
--cc=axelrasmussen@google.com \
--cc=bgardon@google.com \
--cc=chao.p.peng@linux.intel.com \
--cc=dmatlack@google.com \
--cc=jthoughton@google.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=ricarkol@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.