From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05129C433F5 for ; Mon, 23 May 2022 18:43:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242913AbiEWSm4 (ORCPT ); Mon, 23 May 2022 14:42:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49110 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242928AbiEWSmk (ORCPT ); Mon, 23 May 2022 14:42:40 -0400 Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5EE9819C74F for ; Mon, 23 May 2022 11:23:26 -0700 (PDT) Received: by mail-lj1-x231.google.com with SMTP id i23so18218655ljb.4 for ; Mon, 23 May 2022 11:23:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JBE+c6B6mu+AU/hAc8TEq+k0wWV4teBbrl8ksLPajFc=; b=cWHVnC7SjbQmMEiVyXfCzVIwsV3Lh2RylQXtUjn75DQ9ceQTENt+WSdC1+qQPWw8yy SpilqZe8fjKZ2i4ZcQNVW/Xq0QMQ/FwJiZMkeGDFUTu5YZHSdHeRx8ieJzECO8muh3Bt krUpWLStrKeGzqo0aLvY1wu7oGH4X5EtBrO1MG9y4N5YbR+JT8IUm7O8vcYLqskmy1SI SCIaY6VoNwevl9WnTh6ITh4or1ZmLLZEXDOsmRxsiZdaqklvLnhpa5Uni3T3Rc7oytnp 7WnKbUaItrZqB9NYSo6Dt90ETwk9rrSVO6HZU2Zkx4UZkTjinD/QFxrX+oYCwgEAlqZF moLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JBE+c6B6mu+AU/hAc8TEq+k0wWV4teBbrl8ksLPajFc=; b=qvXC7jW+TU/tVyLoF+Dhj/DPMp46JUfn7yNQqPZzDNff3EN9TBvhjFrM1p8pFCunXU t0PtvB9SgMnFrxObA8mHT2M0ShXaff9vlKaR1IOiny7ASBHroqpMGacYCTBtjqX2OMGv udcjXcy6Jc2PJsvjCfsLmc8V58OfjtXgk6lTbdBCS2yCRCpTPL9wp3M+WlM4vhG/a6DN VgJe6+UeGxVtAyPFYFfqW648AyaVyf+rwHds0xyoU5qcqT8SpFWCepaqCh4dFD48rNER EVamMvj8pFzlVlWsXGXLyqNtxj5HOL+Lq6VAjmMQtx3i811OMnHI6BsYhqjFeZ+AmOmo 2OQA== X-Gm-Message-State: AOAM5316PJ1NHzsnzaGcPCVStFNs+Piftq1dBRkx8D4gtMC3Du9AKRun MIinQX85npI2K2jaWwDRr7VqoN3ZO3cslHPJxLetyg== X-Google-Smtp-Source: ABdhPJyNsj6lIr9f0L/th/WhKwBNwG+T8hd6N7+QYW7amPHZGMNM9aG5b3qM5eH0DKS98CKLvqIisTXtpNcpRY+gaWM= X-Received: by 2002:a2e:9d93:0:b0:253:c9bd:288 with SMTP id c19-20020a2e9d93000000b00253c9bd0288mr13678056ljj.223.1653330204606; Mon, 23 May 2022 11:23:24 -0700 (PDT) MIME-Version: 1.0 References: <20220516232138.1783324-1-dmatlack@google.com> <20220516232138.1783324-22-dmatlack@google.com> In-Reply-To: From: David Matlack Date: Mon, 23 May 2022 11:22:57 -0700 Message-ID: Subject: Re: [PATCH v6 21/22] KVM: Allow for different capacities in kvm_mmu_memory_cache structs To: Mingwei Zhang Cc: Sean Christopherson , Paolo Bonzini , Marc Zyngier , Huacai Chen , Aleksandar Markovic , Anup Patel , Paul Walmsley , Palmer Dabbelt , Albert Ou , Andrew Jones , Ben Gardon , Peter Xu , "Maciej S. Szmigiero" , "moderated list:KERNEL VIRTUAL MACHINE FOR ARM64 (KVM/arm64)" , "open list:KERNEL VIRTUAL MACHINE FOR MIPS (KVM/mips)" , "open list:KERNEL VIRTUAL MACHINE FOR MIPS (KVM/mips)" , "open list:KERNEL VIRTUAL MACHINE FOR RISC-V (KVM/riscv)" , Peter Feiner , Lai Jiangshan Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-mips@vger.kernel.org On Mon, May 23, 2022 at 11:13 AM Mingwei Zhang wrote: > > On Mon, May 23, 2022 at 10:44 AM David Matlack wrote: > > > > On Mon, May 23, 2022 at 10:37 AM Sean Christopherson wrote: > > > > > > On Fri, May 20, 2022, Mingwei Zhang wrote: > > > > On Mon, May 16, 2022 at 4:24 PM David Matlack wrote: > > > > > diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c > > > > > index e089db822c12..5e2e75014256 100644 > > > > > --- a/virt/kvm/kvm_main.c > > > > > +++ b/virt/kvm/kvm_main.c > > > > > @@ -369,14 +369,31 @@ static inline void *mmu_memory_cache_alloc_obj(struct kvm_mmu_memory_cache *mc, > > > > > return (void *)__get_free_page(gfp_flags); > > > > > } > > > > > > > > > > -int kvm_mmu_topup_memory_cache(struct kvm_mmu_memory_cache *mc, int min) > > > > > +static int __kvm_mmu_topup_memory_cache(struct kvm_mmu_memory_cache *mc, int capacity, int min) > > > > > { > > > > > + gfp_t gfp = GFP_KERNEL_ACCOUNT; > > > > > void *obj; > > > > > > > > > > if (mc->nobjs >= min) > > > > > return 0; > > > > > - while (mc->nobjs < ARRAY_SIZE(mc->objects)) { > > > > > - obj = mmu_memory_cache_alloc_obj(mc, GFP_KERNEL_ACCOUNT); > > > > > + > > > > > + if (unlikely(!mc->objects)) { > > > > > + if (WARN_ON_ONCE(!capacity)) > > > > > + return -EIO; > > > > > + > > > > > + mc->objects = kvmalloc_array(sizeof(void *), capacity, gfp); > > > > > + if (!mc->objects) > > > > > + return -ENOMEM; > > > > > + > > > > > + mc->capacity = capacity; > > > > > > > > Do we want to ensure the minimum value of the capacity? I think > > > > otherwise, we may more likely start using memory from GFP_ATOMIC if > > > > the capacity is less than, say 5? But the minimum value seems related > > > > to each cache type. > > > > > > Eh, if we specify a minimum, just make the arch default the minimum. That way we > > > avoid adding even more magic/arbitrary numbers. E.g. for whatever reason, MIPS's > > > default is '4'. > > > > I'm not exactly sure what you had in mind Mingwei. But there is a bug > > in this code if min > capacity. This function will happily return 0 > > after filling up the cache, even though it did not allocate min > > objects. The same bug existed before this patch if min > > > ARRAY_SIZE(mc->objects). I can include a separate patch to fix this > > bug (e.g. WARN and return -ENOMEM if min > capacity). > > oh, what I am saying is this one: > https://elixir.bootlin.com/linux/latest/source/virt/kvm/kvm_main.c#L417 > > If we are running out of kmem cache, then we start to use > __GFP_ATOMIC, which should be avoided as much as we can? Since this > patch parameterized the 'capacity', then to avoid the future usage > where caller provides a too small value, maybe we could add a warning > if the 'capacity' is too small, say, smaller than 40 (the default > value)? I'm not too worried about that. Callers of kvm_mmu_topup_memory_cache() are responsible for passing in a min value. It doesn't matter if capacity is a number lower than 40, as long as kvm_mmu_topup_memory_cache() is able to allocate min objects, the call is a success (and the GFP_ATOMIC fallback should never trigger, and if it does, we'll get a WARN splat). The only actual loophole I can spot is if capacity is less than min. In that case topup will return 0 despite allocating less than min objects. Again we'll still hit the GFP_ATOMIC and get a WARN splat, but we can detect the problem in kvm_mmu_topup_memory_cache() which will include the buggy callsite in the backtrace. > > The case of 'capacity' < min would be a more serious issue, that > situation probably should never be allowed. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mm01.cs.columbia.edu (mm01.cs.columbia.edu [128.59.11.253]) by smtp.lore.kernel.org (Postfix) with ESMTP id B14A5C433FE for ; Tue, 24 May 2022 16:58:21 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 2D9DE4B242; Tue, 24 May 2022 12:58:21 -0400 (EDT) X-Virus-Scanned: at lists.cs.columbia.edu Authentication-Results: mm01.cs.columbia.edu (amavisd-new); dkim=softfail (fail, message has been altered) header.i=@google.com Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EsiPgjzj0NKD; Tue, 24 May 2022 12:58:19 -0400 (EDT) Received: from mm01.cs.columbia.edu (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 7F7854B226; Tue, 24 May 2022 12:58:18 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by mm01.cs.columbia.edu (Postfix) with ESMTP id 8F4624B1F4 for ; Mon, 23 May 2022 14:23:27 -0400 (EDT) X-Virus-Scanned: at lists.cs.columbia.edu Received: from mm01.cs.columbia.edu ([127.0.0.1]) by localhost (mm01.cs.columbia.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y0S9j5NGR8IP for ; Mon, 23 May 2022 14:23:26 -0400 (EDT) Received: from mail-lj1-f170.google.com (mail-lj1-f170.google.com [209.85.208.170]) by mm01.cs.columbia.edu (Postfix) with ESMTPS id 3BFE64B12E for ; Mon, 23 May 2022 14:23:26 -0400 (EDT) Received: by mail-lj1-f170.google.com with SMTP id 27so13267222ljw.0 for ; Mon, 23 May 2022 11:23:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JBE+c6B6mu+AU/hAc8TEq+k0wWV4teBbrl8ksLPajFc=; b=cWHVnC7SjbQmMEiVyXfCzVIwsV3Lh2RylQXtUjn75DQ9ceQTENt+WSdC1+qQPWw8yy SpilqZe8fjKZ2i4ZcQNVW/Xq0QMQ/FwJiZMkeGDFUTu5YZHSdHeRx8ieJzECO8muh3Bt krUpWLStrKeGzqo0aLvY1wu7oGH4X5EtBrO1MG9y4N5YbR+JT8IUm7O8vcYLqskmy1SI SCIaY6VoNwevl9WnTh6ITh4or1ZmLLZEXDOsmRxsiZdaqklvLnhpa5Uni3T3Rc7oytnp 7WnKbUaItrZqB9NYSo6Dt90ETwk9rrSVO6HZU2Zkx4UZkTjinD/QFxrX+oYCwgEAlqZF moLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JBE+c6B6mu+AU/hAc8TEq+k0wWV4teBbrl8ksLPajFc=; b=NRmcHO6i1V6awcW9BKt2qpakisMefP3mZaAaYfqTSQg8cPN0LR5gw5u/zjFmwA+kY+ ugrFSnG7BGEXR2a47fLEegRhP0VcIYVfPy9opWs4GZ8z9tho18t0cs5JOQARQMo2O+nh ZIGuTXTxW7hTpLeb3fgJiEpltUwVF8FyGkty6ngMcK+5X/mYPXPo5SCb9BW+JBvXsVGW w5Tt2i60loSpuekCuy6ozaQjQvhIsOcOXk28FkN9EPlQoAvL95wcBN493ohJEDu5oqoy dBD+JsCLbYWM4ksrSqiGI0yvh+OR/kid4kC7E3pHKImhSV+DeTyIfngWrv2hw39aR9Tr 6SNQ== X-Gm-Message-State: AOAM533pN8cuYN0Ds8IGTz3wkKupEShRqu/iVDOOZDX85eSFGVUoV5T6 lkCfHoqz6rX6mI/VFWcGvfBrAxsgXirf2AxgAffArg== X-Google-Smtp-Source: ABdhPJyNsj6lIr9f0L/th/WhKwBNwG+T8hd6N7+QYW7amPHZGMNM9aG5b3qM5eH0DKS98CKLvqIisTXtpNcpRY+gaWM= X-Received: by 2002:a2e:9d93:0:b0:253:c9bd:288 with SMTP id c19-20020a2e9d93000000b00253c9bd0288mr13678056ljj.223.1653330204606; Mon, 23 May 2022 11:23:24 -0700 (PDT) MIME-Version: 1.0 References: <20220516232138.1783324-1-dmatlack@google.com> <20220516232138.1783324-22-dmatlack@google.com> In-Reply-To: From: David Matlack Date: Mon, 23 May 2022 11:22:57 -0700 Message-ID: Subject: Re: [PATCH v6 21/22] KVM: Allow for different capacities in kvm_mmu_memory_cache structs To: Mingwei Zhang X-Mailman-Approved-At: Tue, 24 May 2022 12:58:17 -0400 Cc: Albert Ou , "open list:KERNEL VIRTUAL MACHINE FOR RISC-V \(KVM/riscv\)" , "open list:KERNEL VIRTUAL MACHINE FOR MIPS \(KVM/mips\)" , Huacai Chen , Lai Jiangshan , "open list:KERNEL VIRTUAL MACHINE FOR MIPS \(KVM/mips\)" , Aleksandar Markovic , Palmer Dabbelt , Paul Walmsley , Marc Zyngier , Ben Gardon , Paolo Bonzini , "Maciej S. Szmigiero" , "moderated list:KERNEL VIRTUAL MACHINE FOR ARM64 \(KVM/arm64\)" , Peter Feiner X-BeenThere: kvmarm@lists.cs.columbia.edu X-Mailman-Version: 2.1.14 Precedence: list List-Id: Where KVM/ARM decisions are made List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kvmarm-bounces@lists.cs.columbia.edu Sender: kvmarm-bounces@lists.cs.columbia.edu On Mon, May 23, 2022 at 11:13 AM Mingwei Zhang wrote: > > On Mon, May 23, 2022 at 10:44 AM David Matlack wrote: > > > > On Mon, May 23, 2022 at 10:37 AM Sean Christopherson wrote: > > > > > > On Fri, May 20, 2022, Mingwei Zhang wrote: > > > > On Mon, May 16, 2022 at 4:24 PM David Matlack wrote: > > > > > diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c > > > > > index e089db822c12..5e2e75014256 100644 > > > > > --- a/virt/kvm/kvm_main.c > > > > > +++ b/virt/kvm/kvm_main.c > > > > > @@ -369,14 +369,31 @@ static inline void *mmu_memory_cache_alloc_obj(struct kvm_mmu_memory_cache *mc, > > > > > return (void *)__get_free_page(gfp_flags); > > > > > } > > > > > > > > > > -int kvm_mmu_topup_memory_cache(struct kvm_mmu_memory_cache *mc, int min) > > > > > +static int __kvm_mmu_topup_memory_cache(struct kvm_mmu_memory_cache *mc, int capacity, int min) > > > > > { > > > > > + gfp_t gfp = GFP_KERNEL_ACCOUNT; > > > > > void *obj; > > > > > > > > > > if (mc->nobjs >= min) > > > > > return 0; > > > > > - while (mc->nobjs < ARRAY_SIZE(mc->objects)) { > > > > > - obj = mmu_memory_cache_alloc_obj(mc, GFP_KERNEL_ACCOUNT); > > > > > + > > > > > + if (unlikely(!mc->objects)) { > > > > > + if (WARN_ON_ONCE(!capacity)) > > > > > + return -EIO; > > > > > + > > > > > + mc->objects = kvmalloc_array(sizeof(void *), capacity, gfp); > > > > > + if (!mc->objects) > > > > > + return -ENOMEM; > > > > > + > > > > > + mc->capacity = capacity; > > > > > > > > Do we want to ensure the minimum value of the capacity? I think > > > > otherwise, we may more likely start using memory from GFP_ATOMIC if > > > > the capacity is less than, say 5? But the minimum value seems related > > > > to each cache type. > > > > > > Eh, if we specify a minimum, just make the arch default the minimum. That way we > > > avoid adding even more magic/arbitrary numbers. E.g. for whatever reason, MIPS's > > > default is '4'. > > > > I'm not exactly sure what you had in mind Mingwei. But there is a bug > > in this code if min > capacity. This function will happily return 0 > > after filling up the cache, even though it did not allocate min > > objects. The same bug existed before this patch if min > > > ARRAY_SIZE(mc->objects). I can include a separate patch to fix this > > bug (e.g. WARN and return -ENOMEM if min > capacity). > > oh, what I am saying is this one: > https://elixir.bootlin.com/linux/latest/source/virt/kvm/kvm_main.c#L417 > > If we are running out of kmem cache, then we start to use > __GFP_ATOMIC, which should be avoided as much as we can? Since this > patch parameterized the 'capacity', then to avoid the future usage > where caller provides a too small value, maybe we could add a warning > if the 'capacity' is too small, say, smaller than 40 (the default > value)? I'm not too worried about that. Callers of kvm_mmu_topup_memory_cache() are responsible for passing in a min value. It doesn't matter if capacity is a number lower than 40, as long as kvm_mmu_topup_memory_cache() is able to allocate min objects, the call is a success (and the GFP_ATOMIC fallback should never trigger, and if it does, we'll get a WARN splat). The only actual loophole I can spot is if capacity is less than min. In that case topup will return 0 despite allocating less than min objects. Again we'll still hit the GFP_ATOMIC and get a WARN splat, but we can detect the problem in kvm_mmu_topup_memory_cache() which will include the buggy callsite in the backtrace. > > The case of 'capacity' < min would be a more serious issue, that > situation probably should never be allowed. _______________________________________________ kvmarm mailing list kvmarm@lists.cs.columbia.edu https://lists.cs.columbia.edu/mailman/listinfo/kvmarm