From: Andrew Jones <drjones@redhat.com>
To: Peter Xu <peterx@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Paolo Bonzini <pbonzini@redhat.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Sean Christopherson <seanjc@google.com>
Subject: Re: [PATCH v2] kvm/selftests: Fix race condition with dirty_log_test
Date: Wed, 14 Apr 2021 11:18:39 +0200 [thread overview]
Message-ID: <20210414091839.mvm6ffmfdoy44e3l@kamzik.brq.redhat.com> (raw)
In-Reply-To: <20210413213641.23742-1-peterx@redhat.com>
On Tue, Apr 13, 2021 at 05:36:41PM -0400, Peter Xu wrote:
> This fixes a bug that can trigger with e.g. "taskset -c 0 ./dirty_log_test" or
> when the testing host is very busy.
>
> The issue is when the vcpu thread got the dirty bit set but got preempted by
> other threads _before_ the data is written, we won't be able to see the latest
> data only until the vcpu threads do VMENTER. IOW, the guest write operation and
> dirty bit set cannot guarantee atomicity. The race could look like:
>
> main thread vcpu thread
> =========== ===========
> iteration=X
> *addr = X
> (so latest data is X)
> iteration=X+1
> ...
> iteration=X+N
> guest executes "*addr = X+N"
> reg=READ_ONCE(iteration)=X+N
> host page fault
> set dirty bit for page "addr"
> (_before_ VMENTER happens...
> so *addr is still X!)
> vcpu thread got preempted
> get dirty log
> verify data
> detected dirty bit set, data is X
> not X+N nor X+N-1, data too old!
>
> This patch closes this race by allowing the main thread to give the vcpu thread
> chance to do a VMENTER to complete that write operation. It's done by adding a
> vcpu loop counter (must be defined as volatile as main thread will do read
> loop), then the main thread can guarantee the vcpu got at least another VMENTER
> by making sure the guest_vcpu_loops increases by 2.
>
> Dirty ring does not need this since dirty_ring_last_page would already help
> avoid this specific race condition.
>
> Cc: Andrew Jones <drjones@redhat.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
> Cc: Sean Christopherson <seanjc@google.com>
> Signed-off-by: Peter Xu <peterx@redhat.com>
> ---
> v2:
> - drop one unnecessary check on "!matched"
> ---
> tools/testing/selftests/kvm/dirty_log_test.c | 53 +++++++++++++++++++-
> 1 file changed, 52 insertions(+), 1 deletion(-)
>
Reviewed-by: Andrew Jones <drjones@redhat.com>
next prev parent reply other threads:[~2021-04-14 9:19 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-13 21:36 [PATCH v2] kvm/selftests: Fix race condition with dirty_log_test Peter Xu
2021-04-14 9:18 ` Andrew Jones [this message]
2021-04-17 12:59 ` Paolo Bonzini
2021-04-17 14:09 ` Peter Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210414091839.mvm6ffmfdoy44e3l@kamzik.brq.redhat.com \
--to=drjones@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=seanjc@google.com \
--cc=vkuznets@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.