From mboxrd@z Thu Jan 1 00:00:00 1970 From: Avi Kivity Subject: Re: [PATCH 8/24] Hold a vmcs02 for each vmcs12 Date: Mon, 14 Jun 2010 11:57:04 +0300 Message-ID: <4C15EEE0.4050702@redhat.com> References: <1276431753-nyh@il.ibm.com> <201006131226.o5DCQebV012952@rice.haifa.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: kvm@vger.kernel.org To: "Nadav Har'El" Return-path: Received: from mx1.redhat.com ([209.132.183.28]:6938 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755257Ab0FNJ0E (ORCPT ); Mon, 14 Jun 2010 05:26:04 -0400 In-Reply-To: <201006131226.o5DCQebV012952@rice.haifa.ibm.com> Sender: kvm-owner@vger.kernel.org List-ID: On 06/13/2010 03:26 PM, Nadav Har'El wrote: > In this patch we add a list of L0 (hardware) VMCSs, which we'll use to hold a > hardware VMCS for each active L1 VMCS (i.e., for each L2 guest). > > We call each of these L0 VMCSs a "vmcs02", as it is the VMCS that L0 uses > to run its nested guest L2. > > > + > +/* Allocate an L0 VMCS (vmcs02) for the current L1 VMCS (vmcs12), if one > + * does not already exist. The allocation is done in L0 memory, so to avoid > + * denial-of-service attack by guests, we limit the number of concurrently- > + * allocated vmcss. A well-behaving L1 will VMCLEAR unused vmcs12s and not > + * trigger this limit. > + */ > +static const int NESTED_MAX_VMCS = 256; > This is much too high, it allows the guest to pin a large amount of host memory. Also, the limit is not real; if the guest exceeds the limit we should drop some LRU vmcs and instantiate a new one. I suggest starting with a much lower limit (say, 4) which will exercise the drop/reload code. Later, we can increase the limit and add a shrinker callback so the host can reduce the number of cached vmcses if memory gets tight. > +static int nested_create_current_vmcs(struct kvm_vcpu *vcpu) > +{ > + struct vmcs_list *new_l2_guest; > + struct vmcs *l2_vmcs; > + > + if (nested_get_current_vmcs(vcpu)) > + return 0; /* nothing to do - we already have a VMCS */ > + > + if (to_vmx(vcpu)->nested.l2_vmcs_num>= NESTED_MAX_VMCS) > + return -ENOMEM; > As mentioned above, recycle an old vmcs here. > + > +/* Free the current L2 VMCS, and remove it from l2_vmcs_list */ > +static void nested_free_current_vmcs(struct kvm_vcpu *vcpu) > +{ > + struct vcpu_vmx *vmx = to_vmx(vcpu); > + struct vmcs_list *list_item, *n; > + > + list_for_each_entry_safe(list_item, n,&vmx->nested.l2_vmcs_list, list) > + if (list_item->vmcs_addr == vmx->nested.current_vmptr) { > + free_vmcs(list_item->l2_vmcs); > + list_del(&(list_item->list)); > + kfree(list_item); > + vmx->nested.l2_vmcs_num--; > + return; > + } > +} > Since you return, no need to be _safe. But we do need to vmclear that vmcs to avoid the processor writing back to those pages after we've freed them. > + > +static void free_l1_state(struct kvm_vcpu *vcpu) > +{ > + struct vcpu_vmx *vmx = to_vmx(vcpu); > + struct vmcs_list *list_item, *n; > + > + list_for_each_entry_safe(list_item, n, > + &vmx->nested.l2_vmcs_list, list) { > vmclear needed. > + free_vmcs(list_item->l2_vmcs); > + list_del(&(list_item->list)); > + kfree(list_item); > + } > > + vmx->nested.l2_vmcs_num = 0; > +} > Can share code for dealing with one vmcs with the function above. -- error compiling committee.c: too many arguments to function