From: Andre Przywara <andre.przywara@arm.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>
Cc: James Hogan <james.hogan@imgtec.com>,
Marc Zyngier <marc.zyngier@arm.com>,
Jan Glauber <jan.glauber@caviumnetworks.com>,
Paul Mackerras <paulus@ozlabs.org>,
"kvmarm@lists.cs.columbia.edu" <kvmarm@lists.cs.columbia.edu>,
David Gibson <david@gibson.dropbear.id.au>
Subject: Re: kvm_read_guest_page() missing kvm->srcu read lock?
Date: Fri, 11 May 2018 17:59:49 +0100 [thread overview]
Message-ID: <69edef2b-01f6-4aa0-84b9-da25b54edae1@arm.com> (raw)
In-Reply-To: <b70a483f-d68e-05f8-0664-f9f6e80eeadd@redhat.com>
Hi,
On 11/05/18 17:44, Paolo Bonzini wrote:
> On 11/05/2018 15:25, Andre Przywara wrote:
>> - I couldn't find any protection for the usage in
>> arch/powerpc/kvm/powerpc.c, but the call chain is quite convoluted
>> there, so I might have missed something. It would be good if someone
>> more familiar with this code would take a look.
>
> I also didn't find anything, I got up to kvmppc_handle_exit_pr in
> book3s_pr.c and kvmppc_handle_exit in booke.c, then the callers are
> assembly and I decided it's buggy. :)
>
>>> Adding the srcu_read_lock/unlock directly in kvm_arch_vcpu_ioctl_run and
>>> any other ioctls that need it is best, but in any case adding more pairs
>>> is safe because they can be nested.
>>
>> So I added a small wrapper around kvm_read_guest(), which takes and
>> drops the lock. Will send out the patch shortly. If powerpc needs it, I
>> am happy to provide this wrapper in kvm_main.c instead of some arm
>> header file instead.
>
> I think that risks having some performance impact, though perhaps
> mitigated by ARM having many virtual devices in the core. Moving it
> above would be better, to the equivalent of POWER's kvmppc_handle_exit*
> functions.
Well, I am not sure the performance is super important here, since doing
kvm_read_guest() in the first place is probably not very cheap anyway.
Also some instances of kvm_read_guest() are called from the save/restore
code, which originates from userland, so we wouldn't be covered by doing
in handle_exit.
But we can somewhat optimize by taking some locks outside of loops, for
instance. Not sure that is premature optimization, though. I would
prefer doing that later. I think in the past I had some idea how to
avoid accessing guest memory in some cases, not sure those still apply.
Cheers,
Andre.
prev parent reply other threads:[~2018-05-11 16:59 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-10 17:41 kvm_read_guest_page() missing kvm->srcu read lock? Andre Przywara
2018-05-10 17:43 ` Paolo Bonzini
2018-05-11 11:02 ` Andre Przywara
2018-05-11 11:43 ` Paolo Bonzini
2018-05-11 13:25 ` Andre Przywara
2018-05-11 16:44 ` Paolo Bonzini
2018-05-11 16:59 ` Andre Przywara [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69edef2b-01f6-4aa0-84b9-da25b54edae1@arm.com \
--to=andre.przywara@arm.com \
--cc=david@gibson.dropbear.id.au \
--cc=james.hogan@imgtec.com \
--cc=jan.glauber@caviumnetworks.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=marc.zyngier@arm.com \
--cc=paulus@ozlabs.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.