Re: [RFC PATCH 16/28] kvm: mmu: Add direct MMU page fault handler

From: Peter Xu <peterx@redhat.com>
To: Ben Gardon <bgardon@google.com>
Cc: kvm@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
	Peter Feiner <pfeiner@google.com>,
	Peter Shier <pshier@google.com>,
	Junaid Shahid <junaids@google.com>,
	Jim Mattson <jmattson@google.com>
Subject: Re: [RFC PATCH 16/28] kvm: mmu: Add direct MMU page fault handler
Date: Wed, 8 Jan 2020 12:20:11 -0500	[thread overview]
Message-ID: <20200108172011.GB7096@xz-x1> (raw)
In-Reply-To: <20190926231824.149014-17-bgardon@google.com>

On Thu, Sep 26, 2019 at 04:18:12PM -0700, Ben Gardon wrote:

[...]

> +static int handle_direct_page_fault(struct kvm_vcpu *vcpu,
> +		unsigned long mmu_seq, int write, int map_writable, int level,
> +		gpa_t gpa, gfn_t gfn, kvm_pfn_t pfn, bool prefault)
> +{
> +	struct direct_walk_iterator iter;
> +	struct kvm_mmu_memory_cache *pf_pt_cache = &vcpu->arch.mmu_page_cache;
> +	u64 *child_pt;
> +	u64 new_pte;
> +	int ret = RET_PF_RETRY;
> +
> +	direct_walk_iterator_setup_walk(&iter, vcpu->kvm,
> +			kvm_arch_vcpu_memslots_id(vcpu), gpa >> PAGE_SHIFT,
> +			(gpa >> PAGE_SHIFT) + 1, MMU_READ_LOCK);
> +	while (direct_walk_iterator_next_pte(&iter)) {
> +		if (iter.level == level) {
> +			ret = direct_page_fault_handle_target_level(vcpu,
> +					write, map_writable, &iter, pfn,
> +					prefault);
> +
> +			break;
> +		} else if (!is_present_direct_pte(iter.old_pte) ||
> +			   is_large_pte(iter.old_pte)) {
> +			/*
> +			 * The leaf PTE for this fault must be mapped at a
> +			 * lower level, so a non-leaf PTE must be inserted into
> +			 * the paging structure. If the assignment below
> +			 * succeeds, it will add the non-leaf PTE and a new
> +			 * page of page table memory. Then the iterator can
> +			 * traverse into that new page. If the atomic compare/
> +			 * exchange fails, the iterator will repeat the current
> +			 * PTE, so the only thing this function must do
> +			 * differently is return the page table memory to the
> +			 * vCPU's fault cache.
> +			 */
> +			child_pt = mmu_memory_cache_alloc(pf_pt_cache);
> +			new_pte = generate_nonleaf_pte(child_pt, false);
> +
> +			if (!direct_walk_iterator_set_pte(&iter, new_pte))
> +				mmu_memory_cache_return(pf_pt_cache, child_pt);
> +		}
> +	}

I have a question on how this will guarantee safe concurrency...

As you mentioned previously somewhere, the design somehow mimics how
the core mm works with process page tables, and IIUC here the rwlock
works really like the mmap_sem that we have for the process mm.  So
with the series now we can have multiple page fault happening with
read lock held of the mmu_lock to reach here.

Then I'm imagining a case where both vcpu threads faulted on the same
address range while when they wanted to do different things, like: (1)
vcpu1 thread wanted to map this as a 2M huge page, while (2) vcpu2
thread wanted to map this as a 4K page.  Then is it possible that
vcpu2 is faster so it firstly setup the pmd as a page table page (via
direct_walk_iterator_set_pte above), then vcpu1 quickly overwrite it
as a huge page (via direct_page_fault_handle_target_level, level=2),
then I feel like the previous page table page that setup by vcpu2 can
be lost unnoticed.

I think general process page table does not have this issue is because
it has per pmd lock so anyone who changes the pmd or beneath it will
need to take that.  However here we don't have it, instead we only
depend on the atomic ops, which seems to be not enough for this?

Thanks,

> +	direct_walk_iterator_end_traversal(&iter);
> +
> +	/* If emulating, flush this vcpu's TLB. */
> +	if (ret == RET_PF_EMULATE)
> +		kvm_make_request(KVM_REQ_TLB_FLUSH, vcpu);
> +
> +	return ret;
> +}

-- 
Peter Xu