From: Sean Christopherson <seanjc@google.com>
To: isaku.yamahata@intel.com
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
isaku.yamahata@gmail.com, Michael Roth <michael.roth@amd.com>,
Paolo Bonzini <pbonzini@redhat.com>,
erdemaktas@google.com, Sagi Shahar <sagis@google.com>,
David Matlack <dmatlack@google.com>,
Kai Huang <kai.huang@intel.com>,
Zhi Wang <zhi.wang.linux@gmail.com>,
chen.bo@intel.com, linux-coco@lists.linux.dev,
Chao Peng <chao.p.peng@linux.intel.com>,
Ackerley Tng <ackerleytng@google.com>,
Vishal Annapurve <vannapurve@google.com>,
Yuan Yao <yuan.yao@linux.intel.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
Xu Yilun <yilun.xu@intel.com>,
Quentin Perret <qperret@google.com>,
wei.w.wang@intel.com, Fuad Tabba <tabba@google.com>
Subject: Re: [RFC PATCH 2/6] KVM: guestmem_fd: Make error_remove_page callback to unmap guest memory
Date: Wed, 13 Sep 2023 09:28:55 -0700 [thread overview]
Message-ID: <ZQHjR8ZAwRUJGDzi@google.com> (raw)
In-Reply-To: <d6601227769ec82eed95270053ef58e13c2c0a09.1694599703.git.isaku.yamahata@intel.com>
On Wed, Sep 13, 2023, isaku.yamahata@intel.com wrote:
> @@ -316,26 +316,43 @@ static int kvm_gmem_error_page(struct address_space *mapping, struct page *page)
> end = start + thp_nr_pages(page);
>
> list_for_each_entry(gmem, gmem_list, entry) {
> + struct kvm *kvm = gmem->kvm;
> +
> + KVM_MMU_LOCK(kvm);
> + kvm_mmu_invalidate_begin(kvm);
> + KVM_MMU_UNLOCK(kvm);
> +
> + flush = false;
> xa_for_each_range(&gmem->bindings, index, slot, start, end - 1) {
> - for (gfn = start; gfn < end; gfn++) {
> - if (WARN_ON_ONCE(gfn < slot->base_gfn ||
> - gfn >= slot->base_gfn + slot->npages))
> - continue;
> -
> - /*
> - * FIXME: Tell userspace that the *private*
> - * memory encountered an error.
> - */
> - send_sig_mceerr(BUS_MCEERR_AR,
> - (void __user *)gfn_to_hva_memslot(slot, gfn),
> - PAGE_SHIFT, current);
> - }
> + pgoff_t pgoff;
> +
> + if (WARN_ON_ONCE(end < slot->base_gfn ||
> + start >= slot->base_gfn + slot->npages))
> + continue;
> +
> + pgoff = slot->gmem.pgoff;
> + struct kvm_gfn_range gfn_range = {
> + .slot = slot,
> + .start = slot->base_gfn + max(pgoff, start) - pgoff,
> + .end = slot->base_gfn + min(pgoff + slot->npages, end) - pgoff,
> + .arg.page = page,
> + .may_block = true,
> + .memory_error = true,
Why pass arg.page and memory_error? There's no usage in this mini-series, and no
explanation of what arch code would do the information. And I can't think of why
arch would need to do anything but zap the SPTEs. If the memory error is directly
related to the current instruction, the vCPU will fault on the zapped SPTE, see
-HWPOISON, and exit to userspace. If the memory is unrelated, then the delayed
notification is less than ideal, but not fundamentally broken, e.g. it's no worse
than TDX's behavior of not signaling #MC until a poisoned cache line is actually
accessed.
I don't get arg.page in particular, because having the gfn should be enough for
arch code to take action beyond zapping SPTEs.
And _if_ we want to communicate the error to arch code, it would be much better
to add a dedicated arch hook instead of piggybacking kvm_mmu_unmap_gfn_range()
with a "memory_error" flag.
If we just zap SPTEs, then can't this simply be?
static int kvm_gmem_error_page(struct address_space *mapping, struct page *page)
{
struct list_head *gmem_list = &mapping->private_list;
struct kvm_gmem *gmem;
pgoff_t start, end;
filemap_invalidate_lock_shared(mapping);
start = page->index;
end = start + thp_nr_pages(page);
list_for_each_entry(gmem, gmem_list, entry)
kvm_gmem_invalidate_begin(gmem, start, end);
/*
* Do not truncate the range, what action is taken in response to the
* error is userspace's decision (assuming the architecture supports
* gracefully handling memory errors). If/when the guest attempts to
* access a poisoned page, kvm_gmem_get_pfn() will return -EHWPOISON,
* at which point KVM can either terminate the VM or propagate the
* error to userspace.
*/
list_for_each_entry(gmem, gmem_list, entry)
kvm_gmem_invalidate_end(gmem, start, end);
filemap_invalidate_unlock_shared(mapping);
return MF_DELAYED;
}
next prev parent reply other threads:[~2023-09-13 16:28 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-13 10:48 [RFC PATCH 0/6] KVM: gmem: Implement error_remove_page isaku.yamahata
2023-09-13 10:48 ` [RFC PATCH 1/6] KVM: guest_memfd: Add config to show the capability to handle error page isaku.yamahata
2023-09-13 16:16 ` Sean Christopherson
2023-09-13 10:48 ` [RFC PATCH 2/6] KVM: guestmem_fd: Make error_remove_page callback to unmap guest memory isaku.yamahata
2023-09-13 16:28 ` Sean Christopherson [this message]
2023-09-13 10:48 ` [RFC PATCH 3/6] KVM: guest_memfd, x86: MEMORY_FAULT exit with hw poisoned page isaku.yamahata
2023-09-13 17:37 ` Sean Christopherson
2023-09-13 10:48 ` [RFC PATCH 4/6] KVM: guest_memfd: Implemnet bmap inode operation isaku.yamahata
2023-09-13 17:46 ` Sean Christopherson
2023-09-13 10:48 ` [RFC PATCH 5/6] KVM: selftests: Add selftest for guest_memfd() fibmap isaku.yamahata
2023-09-13 10:48 ` [RFC PATCH 6/6] KVM: X86: Allow KVM gmem hwpoison test cases isaku.yamahata
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZQHjR8ZAwRUJGDzi@google.com \
--to=seanjc@google.com \
--cc=ackerleytng@google.com \
--cc=chao.p.peng@linux.intel.com \
--cc=chen.bo@intel.com \
--cc=dmatlack@google.com \
--cc=erdemaktas@google.com \
--cc=isaku.yamahata@gmail.com \
--cc=isaku.yamahata@intel.com \
--cc=jarkko@kernel.org \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=pbonzini@redhat.com \
--cc=qperret@google.com \
--cc=sagis@google.com \
--cc=tabba@google.com \
--cc=vannapurve@google.com \
--cc=wei.w.wang@intel.com \
--cc=yilun.xu@intel.com \
--cc=yuan.yao@linux.intel.com \
--cc=zhi.wang.linux@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.