Re: [PATCH] KVM: x86/mmu: Don't rebuild page when the page is synced and no tlb flushing is required

From: Sean Christopherson <seanjc@google.com>
To: Hou Wenlong <houwenlong.hwl@antgroup.com>
Cc: kvm@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Wanpeng Li <wanpengli@tencent.com>,
	Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
	Lai Jiangshan <laijs@linux.alibaba.com>,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] KVM: x86/mmu: Don't rebuild page when the page is synced and no tlb flushing is required
Date: Thu, 24 Mar 2022 20:17:04 +0000	[thread overview]
Message-ID: <YjzRwDSPQNbpTrZ9@google.com> (raw)
In-Reply-To: <0dabeeb789f57b0d793f85d073893063e692032d.1647336064.git.houwenlong.hwl@antgroup.com>

On Tue, Mar 15, 2022, Hou Wenlong wrote:
> Before Commit c3e5e415bc1e6 ("KVM: X86: Change kvm_sync_page()
> to return true when remote flush is needed"), the return value
> of kvm_sync_page() indicates whether the page is synced, and
> kvm_mmu_get_page() would rebuild page when the sync fails.
> But now, kvm_sync_page() returns false when the page is
> synced and no tlb flushing is required, which leads to
> rebuild page in kvm_mmu_get_page(). So return the return
> value of mmu->sync_page() directly and check it in
> kvm_mmu_get_page(). If the sync fails, the page will be
> zapped and the invalid_list is not empty, so set flush as
> true is accepted in mmu_sync_children().
> 
> Fixes: c3e5e415bc1e6 ("KVM: X86: Change kvm_sync_page() to return true when remote flush is needed")
> Signed-off-by: Hou Wenlong <houwenlong.hwl@antgroup.com>
> ---
>  arch/x86/kvm/mmu/mmu.c | 16 ++++++++--------
>  1 file changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
> index 3b8da8b0745e..8efd165ee27c 100644
> --- a/arch/x86/kvm/mmu/mmu.c
> +++ b/arch/x86/kvm/mmu/mmu.c
> @@ -1866,17 +1866,14 @@ static void kvm_mmu_commit_zap_page(struct kvm *kvm,
>  	  &(_kvm)->arch.mmu_page_hash[kvm_page_table_hashfn(_gfn)])	\
>  		if ((_sp)->gfn != (_gfn) || (_sp)->role.direct) {} else
>  
> -static bool kvm_sync_page(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp,
> +static int kvm_sync_page(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp,
>  			 struct list_head *invalid_list)
>  {
>  	int ret = vcpu->arch.mmu->sync_page(vcpu, sp);
>  
> -	if (ret < 0) {
> +	if (ret < 0)
>  		kvm_mmu_prepare_zap_page(vcpu->kvm, sp, invalid_list);
> -		return false;
> -	}
> -
> -	return !!ret;
> +	return ret;

Hrm, this creates an oddity in mmu_sync_children(), which does a logical-OR of
the result into a boolean.  It doesn't actually change the functionality since
kvm_mmu_remote_flush_or_zap() will prioritize invalid_list, but it's weird.

What about checking invalid_list directly and keeping the boolean return?  Compile
tested only.

From: Sean Christopherson <seanjc@google.com>
Date: Thu, 24 Mar 2022 13:07:32 -0700
Subject: [PATCH] KVM: x86/mmu: Fix shadow reuse when unsync sp doesn't need
 TLB flush

Use invalid_list to detect if synchronizing an unsync shadow page failed
and resulted in the page being zapped.  Since commit c3e5e415bc1e ("KVM:
X86: Change kvm_sync_page() to return true when remote flush is needed"),
kvm_sync_page() returns whether or not a TLB flush is required, it doesn't
provide any indication as to whether or not the sync was successful.  If
the sync is successful but doesn't require a TLB flush, checking the
TLB flush result will cause KVM to unnecessarily rebuild the shadow page.

Fixes: c3e5e415bc1e6 ("KVM: X86: Change kvm_sync_page() to return true when remote flush is needed")
Cc: stable@vger.kernel.org
Reported-by: Hou Wenlong <houwenlong.hwl@antgroup.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/mmu/mmu.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
index 1361eb4599b4..b6350fec1b11 100644
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -2086,16 +2086,19 @@ static struct kvm_mmu_page *kvm_mmu_get_page(struct kvm_vcpu *vcpu,
 			 * This way the validity of the mapping is ensured, but the
 			 * overhead of write protection is not incurred until the
 			 * guest invalidates the TLB mapping.  This allows multiple
-			 * SPs for a single gfn to be unsync.
-			 *
+			 * SPs for a single gfn to be unsync.  kvm_sync_page()
+			 * returns true if a TLB flush is needed to ensure the
+			 * guest sees the synchronized shadow page.
+			 */
+			if (kvm_sync_page(vcpu, sp, &invalid_list))
+				kvm_flush_remote_tlbs(vcpu->kvm);
+
+			/*
 			 * If the sync fails, the page is zapped.  If so, break
 			 * in order to rebuild it.
 			 */
-			if (!kvm_sync_page(vcpu, sp, &invalid_list))
+			if (!list_empty(&invalid_list))
 				break;
-
-			WARN_ON(!list_empty(&invalid_list));
-			kvm_flush_remote_tlbs(vcpu->kvm);
 		}

 		__clear_sp_write_flooding_count(sp);

base-commit: 9b6a3be37eacee49a659232e86019e733597c045
--


