From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6D24C352A2 for ; Thu, 6 Feb 2020 16:28:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 96404217BA for ; Thu, 6 Feb 2020 16:28:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727847AbgBFQ2U (ORCPT ); Thu, 6 Feb 2020 11:28:20 -0500 Received: from mga04.intel.com ([192.55.52.120]:30727 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727358AbgBFQ2T (ORCPT ); Thu, 6 Feb 2020 11:28:19 -0500 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Feb 2020 08:28:19 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,410,1574150400"; d="scan'208";a="344968003" Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.202]) by fmsmga001.fm.intel.com with ESMTP; 06 Feb 2020 08:28:18 -0800 Date: Thu, 6 Feb 2020 08:28:18 -0800 From: Sean Christopherson To: Peter Xu Cc: Paolo Bonzini , Paul Mackerras , Christian Borntraeger , Janosch Frank , David Hildenbrand , Cornelia Huck , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Marc Zyngier , James Morse , Julien Thierry , Suzuki K Poulose , linux-mips@vger.kernel.org, kvm@vger.kernel.org, kvm-ppc@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, Christoffer Dall , Philippe =?iso-8859-1?Q?Mathieu-Daud=E9?= Subject: Re: [PATCH v5 12/19] KVM: Move memslot deletion to helper function Message-ID: <20200206162818.GD13067@linux.intel.com> References: <20200121223157.15263-1-sean.j.christopherson@intel.com> <20200121223157.15263-13-sean.j.christopherson@intel.com> <20200206161415.GA695333@xz-x1> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200206161415.GA695333@xz-x1> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 06, 2020 at 11:14:15AM -0500, Peter Xu wrote: > On Tue, Jan 21, 2020 at 02:31:50PM -0800, Sean Christopherson wrote: > > Move memslot deletion into its own routine so that the success path for > > other memslot updates does not need to use kvm_free_memslot(), i.e. can > > explicitly destroy the dirty bitmap when necessary. This paves the way > > for dropping @dont from kvm_free_memslot(), i.e. all callers now pass > > NULL for @dont. > > > > Add a comment above the code to make a copy of the existing memslot > > prior to deletion, it is not at all obvious that the pointer will become > > stale during sorting and/or installation of new memslots. > > Could you help explain a bit on this explicit comment? I can follow > up with the patch itself which looks all correct to me, but I failed > to catch what this extra comment wants to emphasize... It's tempting to write the code like this (I know, because I did it): if (!mem->memory_size) return kvm_delete_memslot(kvm, mem, slot, as_id); new = *slot; Where @slot is a pointer to the memslot to be deleted. At first, second, and third glances, this seems perfectly sane. The issue is that slot was pulled from struct kvm_memslots.memslots, e.g. slot = &slots->memslots[index]; Note that slots->memslots holds actual "struct kvm_memory_slot" objects, not pointers to slots. When update_memslots() sorts the slots, it swaps the actual slot objects, not pointers. I.e. after update_memslots(), even though @slot points at the same address, it's could be pointing at a different slot. As a result kvm_free_memslot() in kvm_delete_memslot() will free the dirty page info and arch-specific points for some random slot, not the intended slot, and will set npages=0 for that random slot. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 009E3C33CAC for ; Thu, 6 Feb 2020 16:28:26 +0000 (UTC) Received: from mm01.cs.columbia.edu (mm01.cs.columbia.edu [128.59.11.253]) by mail.kernel.org (Postfix) with ESMTP id 88FDA214AF for ; Thu, 6 Feb 2020 16:28:25 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 88FDA214AF Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvmarm-bounces@lists.cs.columbia.edu Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 1CD3B4A4A9; Thu, 6 Feb 2020 11:28:25 -0500 (EST) X-Virus-Scanned: at lists.cs.columbia.edu Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Je3G7GYt7W27; Thu, 6 Feb 2020 11:28:24 -0500 (EST) Received: from mm01.cs.columbia.edu (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 159164A4E1; Thu, 6 Feb 2020 11:28:24 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 91C2E4A4A9 for ; Thu, 6 Feb 2020 11:28:22 -0500 (EST) X-Virus-Scanned: at lists.cs.columbia.edu Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LdeRjF4z2tj0 for ; Thu, 6 Feb 2020 11:28:21 -0500 (EST) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mm01.cs.columbia.edu (Postfix) with ESMTPS id 1698E4A3A3 for ; Thu, 6 Feb 2020 11:28:20 -0500 (EST) X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Feb 2020 08:28:19 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,410,1574150400"; d="scan'208";a="344968003" Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.202]) by fmsmga001.fm.intel.com with ESMTP; 06 Feb 2020 08:28:18 -0800 Date: Thu, 6 Feb 2020 08:28:18 -0800 From: Sean Christopherson To: Peter Xu Subject: Re: [PATCH v5 12/19] KVM: Move memslot deletion to helper function Message-ID: <20200206162818.GD13067@linux.intel.com> References: <20200121223157.15263-1-sean.j.christopherson@intel.com> <20200121223157.15263-13-sean.j.christopherson@intel.com> <20200206161415.GA695333@xz-x1> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20200206161415.GA695333@xz-x1> User-Agent: Mutt/1.5.24 (2015-08-30) Cc: Wanpeng Li , kvm@vger.kernel.org, David Hildenbrand , linux-mips@vger.kernel.org, Paul Mackerras , kvmarm@lists.cs.columbia.edu, Janosch Frank , Marc Zyngier , Joerg Roedel , Christian Borntraeger , kvm-ppc@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Jim Mattson , Cornelia Huck , linux-kernel@vger.kernel.org, Paolo Bonzini , Vitaly Kuznetsov , Philippe =?iso-8859-1?Q?Mathieu-Daud=E9?= X-BeenThere: kvmarm@lists.cs.columbia.edu X-Mailman-Version: 2.1.14 Precedence: list List-Id: Where KVM/ARM decisions are made List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kvmarm-bounces@lists.cs.columbia.edu Sender: kvmarm-bounces@lists.cs.columbia.edu On Thu, Feb 06, 2020 at 11:14:15AM -0500, Peter Xu wrote: > On Tue, Jan 21, 2020 at 02:31:50PM -0800, Sean Christopherson wrote: > > Move memslot deletion into its own routine so that the success path for > > other memslot updates does not need to use kvm_free_memslot(), i.e. can > > explicitly destroy the dirty bitmap when necessary. This paves the way > > for dropping @dont from kvm_free_memslot(), i.e. all callers now pass > > NULL for @dont. > > > > Add a comment above the code to make a copy of the existing memslot > > prior to deletion, it is not at all obvious that the pointer will become > > stale during sorting and/or installation of new memslots. > > Could you help explain a bit on this explicit comment? I can follow > up with the patch itself which looks all correct to me, but I failed > to catch what this extra comment wants to emphasize... It's tempting to write the code like this (I know, because I did it): if (!mem->memory_size) return kvm_delete_memslot(kvm, mem, slot, as_id); new = *slot; Where @slot is a pointer to the memslot to be deleted. At first, second, and third glances, this seems perfectly sane. The issue is that slot was pulled from struct kvm_memslots.memslots, e.g. slot = &slots->memslots[index]; Note that slots->memslots holds actual "struct kvm_memory_slot" objects, not pointers to slots. When update_memslots() sorts the slots, it swaps the actual slot objects, not pointers. I.e. after update_memslots(), even though @slot points at the same address, it's could be pointing at a different slot. As a result kvm_free_memslot() in kvm_delete_memslot() will free the dirty page info and arch-specific points for some random slot, not the intended slot, and will set npages=0 for that random slot. _______________________________________________ kvmarm mailing list kvmarm@lists.cs.columbia.edu https://lists.cs.columbia.edu/mailman/listinfo/kvmarm From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05705C33CAC for ; Thu, 6 Feb 2020 16:28:28 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D0CB7214AF for ; Thu, 6 Feb 2020 16:28:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="KDwnBlw1" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D0CB7214AF Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=0rmkzm3GzZRUVkJH2B8yKqzJzQTUlaYvzvbdWmYLbh0=; b=KDwnBlw1ah7K+X 63M7GNI4rVIk+T18+rqzaULoRmh8Kx02mgJsMNkHEWFGnubHIcpFdvQZGFI+21FGoZx4fO/lD6wXY ROPupMdmcE0GNXlLaJ1jB/f8g/0o9jUc34e59zrJk33hbH1JlC3kLT9KHJu9El8CMopvciR7a5+f1 9qGoXoL3yORmUno7v3iOmQe11zPLnlEnu35U217UngrNR4d08Qk3+pq0INpHNLFaBxXqF7tgdINP+ mvCHc6Zy9rZwN4Cf6zz6aeVgCpXIsTrVkFQaAudCJpU7a68l2mDi2wJWdEAn0KquzH1kg/mi1Pc6w XoYWm7Vu+p5RYkkxThWA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1izk0t-0007HG-1L; Thu, 06 Feb 2020 16:28:23 +0000 Received: from mga12.intel.com ([192.55.52.136]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1izk0q-0007Gn-JN for linux-arm-kernel@lists.infradead.org; Thu, 06 Feb 2020 16:28:21 +0000 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Feb 2020 08:28:19 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,410,1574150400"; d="scan'208";a="344968003" Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.202]) by fmsmga001.fm.intel.com with ESMTP; 06 Feb 2020 08:28:18 -0800 Date: Thu, 6 Feb 2020 08:28:18 -0800 From: Sean Christopherson To: Peter Xu Subject: Re: [PATCH v5 12/19] KVM: Move memslot deletion to helper function Message-ID: <20200206162818.GD13067@linux.intel.com> References: <20200121223157.15263-1-sean.j.christopherson@intel.com> <20200121223157.15263-13-sean.j.christopherson@intel.com> <20200206161415.GA695333@xz-x1> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20200206161415.GA695333@xz-x1> User-Agent: Mutt/1.5.24 (2015-08-30) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200206_082820_648858_4B9D3FC2 X-CRM114-Status: GOOD ( 16.67 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Wanpeng Li , kvm@vger.kernel.org, David Hildenbrand , linux-mips@vger.kernel.org, Paul Mackerras , kvmarm@lists.cs.columbia.edu, Janosch Frank , Marc Zyngier , Joerg Roedel , Christian Borntraeger , Julien Thierry , Suzuki K Poulose , kvm-ppc@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Jim Mattson , Cornelia Huck , Christoffer Dall , linux-kernel@vger.kernel.org, James Morse , Paolo Bonzini , Vitaly Kuznetsov , Philippe =?iso-8859-1?Q?Mathieu-Daud=E9?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, Feb 06, 2020 at 11:14:15AM -0500, Peter Xu wrote: > On Tue, Jan 21, 2020 at 02:31:50PM -0800, Sean Christopherson wrote: > > Move memslot deletion into its own routine so that the success path for > > other memslot updates does not need to use kvm_free_memslot(), i.e. can > > explicitly destroy the dirty bitmap when necessary. This paves the way > > for dropping @dont from kvm_free_memslot(), i.e. all callers now pass > > NULL for @dont. > > > > Add a comment above the code to make a copy of the existing memslot > > prior to deletion, it is not at all obvious that the pointer will become > > stale during sorting and/or installation of new memslots. > > Could you help explain a bit on this explicit comment? I can follow > up with the patch itself which looks all correct to me, but I failed > to catch what this extra comment wants to emphasize... It's tempting to write the code like this (I know, because I did it): if (!mem->memory_size) return kvm_delete_memslot(kvm, mem, slot, as_id); new = *slot; Where @slot is a pointer to the memslot to be deleted. At first, second, and third glances, this seems perfectly sane. The issue is that slot was pulled from struct kvm_memslots.memslots, e.g. slot = &slots->memslots[index]; Note that slots->memslots holds actual "struct kvm_memory_slot" objects, not pointers to slots. When update_memslots() sorts the slots, it swaps the actual slot objects, not pointers. I.e. after update_memslots(), even though @slot points at the same address, it's could be pointing at a different slot. As a result kvm_free_memslot() in kvm_delete_memslot() will free the dirty page info and arch-specific points for some random slot, not the intended slot, and will set npages=0 for that random slot. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sean Christopherson Date: Thu, 06 Feb 2020 16:28:18 +0000 Subject: Re: [PATCH v5 12/19] KVM: Move memslot deletion to helper function Message-Id: <20200206162818.GD13067@linux.intel.com> List-Id: References: <20200121223157.15263-1-sean.j.christopherson@intel.com> <20200121223157.15263-13-sean.j.christopherson@intel.com> <20200206161415.GA695333@xz-x1> In-Reply-To: <20200206161415.GA695333@xz-x1> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Peter Xu Cc: Paolo Bonzini , Paul Mackerras , Christian Borntraeger , Janosch Frank , David Hildenbrand , Cornelia Huck , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Marc Zyngier , James Morse , Julien Thierry , Suzuki K Poulose , linux-mips@vger.kernel.org, kvm@vger.kernel.org, kvm-ppc@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org, Christoffer Dall , Philippe =?iso-8859-1?Q?Mathieu-Daud=E9?= On Thu, Feb 06, 2020 at 11:14:15AM -0500, Peter Xu wrote: > On Tue, Jan 21, 2020 at 02:31:50PM -0800, Sean Christopherson wrote: > > Move memslot deletion into its own routine so that the success path for > > other memslot updates does not need to use kvm_free_memslot(), i.e. can > > explicitly destroy the dirty bitmap when necessary. This paves the way > > for dropping @dont from kvm_free_memslot(), i.e. all callers now pass > > NULL for @dont. > > > > Add a comment above the code to make a copy of the existing memslot > > prior to deletion, it is not at all obvious that the pointer will become > > stale during sorting and/or installation of new memslots. > > Could you help explain a bit on this explicit comment? I can follow > up with the patch itself which looks all correct to me, but I failed > to catch what this extra comment wants to emphasize... It's tempting to write the code like this (I know, because I did it): if (!mem->memory_size) return kvm_delete_memslot(kvm, mem, slot, as_id); new = *slot; Where @slot is a pointer to the memslot to be deleted. At first, second, and third glances, this seems perfectly sane. The issue is that slot was pulled from struct kvm_memslots.memslots, e.g. slot = &slots->memslots[index]; Note that slots->memslots holds actual "struct kvm_memory_slot" objects, not pointers to slots. When update_memslots() sorts the slots, it swaps the actual slot objects, not pointers. I.e. after update_memslots(), even though @slot points at the same address, it's could be pointing at a different slot. As a result kvm_free_memslot() in kvm_delete_memslot() will free the dirty page info and arch-specific points for some random slot, not the intended slot, and will set npages=0 for that random slot.