From: Ricardo Koller <ricarkol@google.com> To: Sean Christopherson <seanjc@google.com> Cc: kvm@vger.kernel.org, maz@kernel.org, bgardon@google.com, andrew.jones@linux.dev, dmatlack@google.com, pbonzini@redhat.com, axelrasmussen@google.com, kvmarm@lists.cs.columbia.edu Subject: Re: [PATCH v8 10/14] KVM: selftests: aarch64: Add aarch64/page_fault_test Date: Mon, 26 Sep 2022 10:22:10 -0700 [thread overview] Message-ID: <YzHfwmZqMQ9xXaNa@google.com> (raw) In-Reply-To: <Yyy4WjEmuSH1tSZb@google.com> On Thu, Sep 22, 2022 at 07:32:42PM +0000, Sean Christopherson wrote: > On Thu, Sep 22, 2022, Ricardo Koller wrote: > > +/* Returns true to continue the test, and false if it should be skipped. */ > > +static bool punch_hole_in_memslot(struct kvm_vm *vm, > > This is a very misleading name, and IMO is flat out wrong. The helper isn't > punching a hole in the memslot, it's punching a hole in the backing store, and > those are two very different things. Encountering a hole in a _memslot_ yields > emualted MMIO semantics, not CoW zero page semantics. Interestingly, we used to refer those as "gaps", as in "gaps between memslots". But I get the point. > > Ideally, if we can come up with a not awful name, I'd also prefer to avoid "punch > hole" in the function name. I can't think of a better alternative, so it's not > the end of the world if we're stuck with e.g punch_hole_in_backing_store(), but I Ack. > think the "punch_hole" name will be confusing for readers that are unfamiliar with > PUNCH_HOLE, especially for anonymous memory as "punching a hole" in anonymous > memory is more likely to be interpreted as "munmap()". > > > + struct userspace_mem_region *region) > > +{ > > + void *hva = (void *)region->region.userspace_addr; > > + uint64_t paging_size = region->region.memory_size; > > + int ret, fd = region->fd; > > + > > + if (fd != -1) { > > + ret = fallocate(fd, FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE, > > + 0, paging_size); > > + TEST_ASSERT(ret == 0, "fallocate failed, errno: %d\n", errno); > > + } else { > > + if (is_backing_src_hugetlb(region->backing_src_type)) > > + return false; > > Why is hugetlb disallowed? I thought anon hugetlb supports MADV_DONTNEED? > It fails with EINVAL (only tried on arm) for both the PAGE_SIZE and the huge page size. And note that the address is aligned as well. madvise(0xffffb7c00000, 2097152, MADV_DONTNEED) = -1 EINVAL (Invalid argument) ^^^^^^^^^^^^^^ ^^^^^^^ 2M aligned 2M (hugepage size) madvise(0xffff9e800000, 4096, MADV_DONTNEED) = -1 EINVAL (Invalid argument) ^^^^ PAGE_SIZE > > + > > + ret = madvise(hva, paging_size, MADV_DONTNEED); > > + TEST_ASSERT(ret == 0, "madvise failed, errno: %d\n", errno); > > + } > > + > > + return true; > > +} > > ... > > > + /* > > + * Accessing a hole in the data memslot (punched with fallocate or > > s/memslot/backing store > > > + * madvise) shouldn't fault (more sanity checks). > > > Naming aside, please provide more detail as to why this is the correct KVM > behavior. This is quite subtle and relies on gory implementation details that a > lot of KVM developers will be unaware of. Ack. > > Specifically, from an accessibility perspective, PUNCH_HOLE doesn't actually create > a hole in the file. The "hole" can still be read and written; the "expect '0'" > checks are correct specifically because those are the semantics of PUNCH_HOLE. > > In other words, it's not just that the accesses shouldn't fault, reads _must_ > return zeros and writes _must_ re-populate the page. Moreover, the behavior from the guest POV should be the same as userspace reading/writing on a hole (with PUNCH_HOLE). Will describe this as well. > > Compare that with e.g. ftruncate() that makes the size of the file smaller, in > which case an access should result in KVM exiting to userspace with -EFAULT. > > > + */ > > + TEST_ACCESS(guest_read64, no_af, CMD_HOLE_DATA), > > + TEST_ACCESS(guest_cas, no_af, CMD_HOLE_DATA), > > + TEST_ACCESS(guest_ld_preidx, no_af, CMD_HOLE_DATA), > > + TEST_ACCESS(guest_write64, no_af, CMD_HOLE_DATA), > > + TEST_ACCESS(guest_st_preidx, no_af, CMD_HOLE_DATA), > > + TEST_ACCESS(guest_at, no_af, CMD_HOLE_DATA), > > + TEST_ACCESS(guest_dc_zva, no_af, CMD_HOLE_DATA), > > + > > + { 0 } > > +}; _______________________________________________ kvmarm mailing list kvmarm@lists.cs.columbia.edu https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Ricardo Koller <ricarkol@google.com> To: Sean Christopherson <seanjc@google.com> Cc: kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu, andrew.jones@linux.dev, pbonzini@redhat.com, maz@kernel.org, alexandru.elisei@arm.com, eric.auger@redhat.com, oupton@google.com, reijiw@google.com, rananta@google.com, bgardon@google.com, dmatlack@google.com, axelrasmussen@google.com Subject: Re: [PATCH v8 10/14] KVM: selftests: aarch64: Add aarch64/page_fault_test Date: Mon, 26 Sep 2022 10:22:10 -0700 [thread overview] Message-ID: <YzHfwmZqMQ9xXaNa@google.com> (raw) In-Reply-To: <Yyy4WjEmuSH1tSZb@google.com> On Thu, Sep 22, 2022 at 07:32:42PM +0000, Sean Christopherson wrote: > On Thu, Sep 22, 2022, Ricardo Koller wrote: > > +/* Returns true to continue the test, and false if it should be skipped. */ > > +static bool punch_hole_in_memslot(struct kvm_vm *vm, > > This is a very misleading name, and IMO is flat out wrong. The helper isn't > punching a hole in the memslot, it's punching a hole in the backing store, and > those are two very different things. Encountering a hole in a _memslot_ yields > emualted MMIO semantics, not CoW zero page semantics. Interestingly, we used to refer those as "gaps", as in "gaps between memslots". But I get the point. > > Ideally, if we can come up with a not awful name, I'd also prefer to avoid "punch > hole" in the function name. I can't think of a better alternative, so it's not > the end of the world if we're stuck with e.g punch_hole_in_backing_store(), but I Ack. > think the "punch_hole" name will be confusing for readers that are unfamiliar with > PUNCH_HOLE, especially for anonymous memory as "punching a hole" in anonymous > memory is more likely to be interpreted as "munmap()". > > > + struct userspace_mem_region *region) > > +{ > > + void *hva = (void *)region->region.userspace_addr; > > + uint64_t paging_size = region->region.memory_size; > > + int ret, fd = region->fd; > > + > > + if (fd != -1) { > > + ret = fallocate(fd, FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE, > > + 0, paging_size); > > + TEST_ASSERT(ret == 0, "fallocate failed, errno: %d\n", errno); > > + } else { > > + if (is_backing_src_hugetlb(region->backing_src_type)) > > + return false; > > Why is hugetlb disallowed? I thought anon hugetlb supports MADV_DONTNEED? > It fails with EINVAL (only tried on arm) for both the PAGE_SIZE and the huge page size. And note that the address is aligned as well. madvise(0xffffb7c00000, 2097152, MADV_DONTNEED) = -1 EINVAL (Invalid argument) ^^^^^^^^^^^^^^ ^^^^^^^ 2M aligned 2M (hugepage size) madvise(0xffff9e800000, 4096, MADV_DONTNEED) = -1 EINVAL (Invalid argument) ^^^^ PAGE_SIZE > > + > > + ret = madvise(hva, paging_size, MADV_DONTNEED); > > + TEST_ASSERT(ret == 0, "madvise failed, errno: %d\n", errno); > > + } > > + > > + return true; > > +} > > ... > > > + /* > > + * Accessing a hole in the data memslot (punched with fallocate or > > s/memslot/backing store > > > + * madvise) shouldn't fault (more sanity checks). > > > Naming aside, please provide more detail as to why this is the correct KVM > behavior. This is quite subtle and relies on gory implementation details that a > lot of KVM developers will be unaware of. Ack. > > Specifically, from an accessibility perspective, PUNCH_HOLE doesn't actually create > a hole in the file. The "hole" can still be read and written; the "expect '0'" > checks are correct specifically because those are the semantics of PUNCH_HOLE. > > In other words, it's not just that the accesses shouldn't fault, reads _must_ > return zeros and writes _must_ re-populate the page. Moreover, the behavior from the guest POV should be the same as userspace reading/writing on a hole (with PUNCH_HOLE). Will describe this as well. > > Compare that with e.g. ftruncate() that makes the size of the file smaller, in > which case an access should result in KVM exiting to userspace with -EFAULT. > > > + */ > > + TEST_ACCESS(guest_read64, no_af, CMD_HOLE_DATA), > > + TEST_ACCESS(guest_cas, no_af, CMD_HOLE_DATA), > > + TEST_ACCESS(guest_ld_preidx, no_af, CMD_HOLE_DATA), > > + TEST_ACCESS(guest_write64, no_af, CMD_HOLE_DATA), > > + TEST_ACCESS(guest_st_preidx, no_af, CMD_HOLE_DATA), > > + TEST_ACCESS(guest_at, no_af, CMD_HOLE_DATA), > > + TEST_ACCESS(guest_dc_zva, no_af, CMD_HOLE_DATA), > > + > > + { 0 } > > +};
next prev parent reply other threads:[~2022-09-26 17:22 UTC|newest] Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-09-22 3:18 [PATCH v8 00/14] KVM: selftests: Add aarch64/page_fault_test Ricardo Koller 2022-09-22 3:18 ` Ricardo Koller 2022-09-22 3:18 ` [PATCH v8 01/14] KVM: selftests: Add a userfaultfd library Ricardo Koller 2022-09-22 3:18 ` Ricardo Koller 2022-09-22 3:18 ` [PATCH v8 02/14] KVM: selftests: aarch64: Add virt_get_pte_hva() library function Ricardo Koller 2022-09-22 3:18 ` Ricardo Koller 2022-09-22 3:18 ` [PATCH v8 03/14] KVM: selftests: Add missing close and munmap in __vm_mem_region_delete() Ricardo Koller 2022-09-22 3:18 ` Ricardo Koller 2022-09-22 3:18 ` [PATCH v8 04/14] KVM: selftests: aarch64: Construct DEFAULT_MAIR_EL1 using sysreg.h macros Ricardo Koller 2022-09-22 3:18 ` Ricardo Koller 2022-09-22 3:18 ` [PATCH v8 05/14] tools: Copy bitfield.h from the kernel sources Ricardo Koller 2022-09-22 3:18 ` Ricardo Koller 2022-09-22 3:18 ` [PATCH v8 06/14] KVM: selftests: Stash backing_src_type in struct userspace_mem_region Ricardo Koller 2022-09-22 3:18 ` Ricardo Koller 2022-09-22 3:18 ` [PATCH v8 07/14] KVM: selftests: Add vm->memslots[] and enum kvm_mem_region_type Ricardo Koller 2022-09-22 3:18 ` Ricardo Koller 2022-09-22 18:33 ` Sean Christopherson 2022-09-22 18:33 ` Sean Christopherson 2022-09-22 3:18 ` [PATCH v8 08/14] KVM: selftests: Fix alignment in virt_arch_pgd_alloc() and vm_vaddr_alloc() Ricardo Koller 2022-09-22 3:18 ` Ricardo Koller 2022-09-22 3:18 ` [PATCH v8 09/14] KVM: selftests: Use the right memslot for code, page-tables, and data allocations Ricardo Koller 2022-09-22 3:18 ` Ricardo Koller 2022-09-22 18:36 ` Sean Christopherson 2022-09-22 18:36 ` Sean Christopherson 2022-09-22 3:18 ` [PATCH v8 10/14] KVM: selftests: aarch64: Add aarch64/page_fault_test Ricardo Koller 2022-09-22 3:18 ` Ricardo Koller 2022-09-22 19:32 ` Sean Christopherson 2022-09-22 19:32 ` Sean Christopherson 2022-09-26 17:22 ` Ricardo Koller [this message] 2022-09-26 17:22 ` Ricardo Koller 2022-09-27 22:06 ` Sean Christopherson 2022-09-27 22:06 ` Sean Christopherson 2022-09-28 4:24 ` Ricardo Koller 2022-09-28 4:24 ` Ricardo Koller 2022-09-28 16:58 ` Sean Christopherson 2022-09-28 16:58 ` Sean Christopherson 2022-09-28 18:10 ` Ricardo Koller 2022-09-28 18:10 ` Ricardo Koller 2022-09-22 3:18 ` [PATCH v8 11/14] KVM: selftests: aarch64: Add userfaultfd tests into page_fault_test Ricardo Koller 2022-09-22 3:18 ` Ricardo Koller 2022-09-22 3:18 ` [PATCH v8 12/14] KVM: selftests: aarch64: Add dirty logging " Ricardo Koller 2022-09-22 3:18 ` Ricardo Koller 2022-09-22 3:18 ` [PATCH v8 13/14] KVM: selftests: aarch64: Add readonly memslot " Ricardo Koller 2022-09-22 3:18 ` Ricardo Koller 2022-09-22 3:18 ` [PATCH v8 14/14] KVM: selftests: aarch64: Add mix of " Ricardo Koller 2022-09-22 3:18 ` Ricardo Koller
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=YzHfwmZqMQ9xXaNa@google.com \ --to=ricarkol@google.com \ --cc=andrew.jones@linux.dev \ --cc=axelrasmussen@google.com \ --cc=bgardon@google.com \ --cc=dmatlack@google.com \ --cc=kvm@vger.kernel.org \ --cc=kvmarm@lists.cs.columbia.edu \ --cc=maz@kernel.org \ --cc=pbonzini@redhat.com \ --cc=seanjc@google.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.