Received: by 2002:a05:6358:4e97:b0:b3:742d:4702 with SMTP id ce23csp3155560rwb; Mon, 15 Aug 2022 19:35:40 -0700 (PDT) X-Google-Smtp-Source: AA6agR55WsJAOAE4UgisLTqw8wVbAt2KOGbkhWfJOwW+VuWmMU7uakiR+hK+TC5s3Dos25/guvls X-Received: by 2002:a05:6402:13d6:b0:43c:b98f:5f74 with SMTP id a22-20020a05640213d600b0043cb98f5f74mr16608350edx.392.1660617340801; Mon, 15 Aug 2022 19:35:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660617340; cv=none; d=google.com; s=arc-20160816; b=DcJyMQPSWAAsxdVF9kXFiTs8SMW1wmav5DegLmU4ROClF6GqmI56ra/HmFDTJaDhsz JrzAs/yMogEfvxfxXMknEo0dYJu970FRzM7uCNJhiTBBdhM3Ea5cQuBZjutfgYIrySc4 KwaP5u+g8GHDxfI1NnQJR2r/jwTK8qCbCzsZ0J3NlU9VTSCzE8dpZlKxb+81TkrjH67K Ae5n7myGe2RH04mqIWbY2T6dgChrv01VwFV88US955eZ8uPhw0391KSA1PB9QVFVgati /m0SoGPbU4Su3sZlMvx9UpiOnxhMmQ57nBaqw0ScTTOs2gJ/8rNZPZufjW9wAAuh78lJ 3b+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=n4WnupM8vXXXNjy7VnOnuld2R32X9LJBT/HWc0crthI=; b=BEWo8DcIHm701FvlL8faW+LAHUwfQssouOHF9cCCxpGDL1W/93qacVa1PnlFa/5wND tNEr3+p7IKqtp237tfJJ5R20de5Uv8OQN1de5zM8Fr5+6Mj+l24qCgcFwZwIfuZt1wrl r6aWnbmBEoH5k4YqyihbzkUiYmtjmNWC8Dd/PgK3p8cX1ViuSNXCQ2fXmzg9t24DuKwt FWgdhU1JCISafaU9B92KlS3cQEzi1XfJ+BdT+H1TM7Pifsk8E7vk5j0AABB18WyiIST3 8OoN3IeY9Yayppn5lpLs2/29RkLnEzBh4cXbol+VhmOEKhXpDk7yZfmRXpjOTI9QWQjo xAfA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=pmXHI13y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s2-20020a1709062ec200b00734bc147380si7885732eji.52.2022.08.15.19.35.15; Mon, 15 Aug 2022 19:35:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=pmXHI13y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234109AbiHPCW2 (ORCPT + 99 others); Mon, 15 Aug 2022 22:22:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44726 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234056AbiHPCWM (ORCPT ); Mon, 15 Aug 2022 22:22:12 -0400 Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D088712ECCF for ; Mon, 15 Aug 2022 15:35:10 -0700 (PDT) Received: by mail-pf1-x430.google.com with SMTP id 130so7766672pfv.13 for ; Mon, 15 Aug 2022 15:35:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc; bh=n4WnupM8vXXXNjy7VnOnuld2R32X9LJBT/HWc0crthI=; b=pmXHI13ylFiN4yx1jiY6trK0HTh22WXq1w7jnMHScIQiaCbP/mvraIUGFnirRzTobr ZFhb0j+GkvK0SXAMSX9j7RJ5ufpzCBCzryxBC1XSsLCqjrucYl2e+Fn0zmLm7F0zcCDq ue+8trNipL2MLtTMyk8H8XfuFfIglbRflYh2Yi9/t28iUlCThUhNavgDtojTVFfH2q5L NYM/FkgkpXsDy4xcywGq+zhTBa9zIZyzadV2mp4I0eCUC9V20e7zvEuhM4UYZOtqURsE 8WlN19MfQa+rkTWXEr7ABvKgI0K17vwiUQTTKqbZ97TgdE1r3lkn2GE4mn53AotipJ6V FkxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc; bh=n4WnupM8vXXXNjy7VnOnuld2R32X9LJBT/HWc0crthI=; b=HTjZKwkALAFYcLqDVkLuJEsz/NToGYnrEALtlnpTwH76XTFU7co7FzEoVBG8va/oJs mz1Lld29mC31WxjHsV9LwBCmxUlWD76kPVPSJ/sa1A0o9hTWbQCo9zjDWbgt/WxKTcZU S4936widN3EnORluZXW2ASyg2hDHzzqC+DVhf+sw9upaYYdbzlqE/dOUm05riKYoDmte iCleglhJ6nSBKGC9wbS2Qwz+r6BLhSn5cV9A8IikB2E0dyyOb1u5GUpujGE+MnWY7B41 R2/aRT+VwWhMTI4/VmtioqWZUXd9Z/Lr5xPrWrJ+itPbhXGBlb3018jits81ESgMxP25 73kg== X-Gm-Message-State: ACgBeo3FUi++0MvBbDuU+oxS/0SNIDQAaX4c/W4ClLlg87cyN9HvznV3 UezVnz1H44ZNNn1ODcmm/r5JHw== X-Received: by 2002:a05:6a00:234f:b0:525:1f7c:f2bf with SMTP id j15-20020a056a00234f00b005251f7cf2bfmr18562534pfj.14.1660602909639; Mon, 15 Aug 2022 15:35:09 -0700 (PDT) Received: from google.com (7.104.168.34.bc.googleusercontent.com. [34.168.104.7]) by smtp.gmail.com with ESMTPSA id w62-20020a623041000000b005350ea966c7sm1097210pfw.154.2022.08.15.15.35.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Aug 2022 15:35:09 -0700 (PDT) Date: Mon, 15 Aug 2022 22:35:05 +0000 From: Sean Christopherson To: "Huang, Kai" Cc: "Shahar, Sagi" , "isaku.yamahata@gmail.com" , "Aktas, Erdem" , "will@kernel.org" , "kvm@vger.kernel.org" , "pbonzini@redhat.com" , "Yamahata, Isaku" , "linux-kernel@vger.kernel.org" Subject: Re: [PATCH v8 003/103] KVM: Refactor CPU compatibility check on module initialization Message-ID: References: <4092a37d18f377003c6aebd9ced1280b0536c529.1659854790.git.isaku.yamahata@intel.com> <283c3155f6f27229d507e6e0efc5179594a36855.camel@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <283c3155f6f27229d507e6e0efc5179594a36855.camel@intel.com> X-Spam-Status: No, score=-14.4 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,FSL_HELO_FAKE,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Aug 12, 2022, Huang, Kai wrote: > On Thu, 2022-08-11 at 17:39 +0000, Sean Christopherson wrote: > > I've been poking at the "hardware enable" code this week for other reasons, and > > have come to the conclusion that the current implementation is a mess. > > Thanks for the lengthy reply :) > > First of all, to clarify, I guess by "current implementation" you mean the > current upstream KVM code, but not this particular patch? :) Yeah, upstream code. > > Of course, that path is broken for other reasons too, e.g. needs to prevent CPUs > > from going on/off-line when KVM is enabling hardware. > > https://lore.kernel.org/all/20220216031528.92558-7-chao.gao@intel.com > > If I read correctly, the problem described in above link seems only to be true > after we move CPUHP_AP_KVM_STARTING from STARTING section to ONLINE section, but > this hasn't been done yet in the current upstream KVM. Currently, > CPUHP_AP_KVM_STARTING is still in STARTING section so it is guaranteed it has > been executed before start_secondary sets itself to online cpu mask. The lurking issue is that for_each_online_cpu() can against hotplug, i.e. every instance of for_each_online_cpu() in KVM is buggy (at least on the x86 side, I can't tell at a glance whether or not arm pKVM's usage is safe). https://lore.kernel.org/all/87bl20aa72.ffs@tglx > Btw I saw v4 of Chao's patchset was sent Feb this year. It seems that series > indeed improved CPU compatibility check and hotplug handling. Any reason that > series wasn't merged? AFAIK it was just a lack of reviews/acks for the non-KVM patches. > Also agreed that kvm_lock should be used. But I am not sure whether > cpus_read_lock() is needed (whether CPU hotplug should be prevented). In > current KVM, we don't do CPU compatibility check for hotplug CPU anyway, so when > KVM does CPU compatibility check using for_each_online_cpu(), if CPU hotplug > (hot-removal) happens, the worst case is we lose compatibility check on that > CPU. > > Or perhaps I am missing something? On a hot-add of an incompatible CPU, KVM would potentially skip the compatibility check and try to enable hardware on an incompatible/broken CPU. Another possible bug is the checking of hv_get_vp_assist_page(); hot-adding a CPU that failed to allocate the VP assist page while vmx_init() is checking online CPUs could result in a NULL pointer deref due to KVM not rejecting the CPU as it should. > > mutex_lock(&kvm_lock); > > cpus_read_lock(); > > r = kvm_arch_add_vm(kvm, kvm_usage_count); > > Holding cpus_read_lock() here implies CPU hotplug cannot happen during > kvm_arch_add_vm(). This needs a justification/comment to explain why. ? Oh, for sure, the above was only intended to be a rough sketch, definitely not a formal patch. > Also, assuming we have a justification, since (based on your description above) > arch _may_ choose to enable hardware within it, but it is not a _must_. So > maybe remove cpus_read_lock() here and let kvm_arch_add_vm() to decide whether > to use it? My thought is that it makes sense to provide a CPU hotplug friendly arch hook since (a) all architectures except s390 (and maybe PPC) need such a hook (or more likely, multiple hooks) and (b) cpus_read_lock() will almost never be contended. In other words, address the problem that's easy to solve (but also easy to forget) in generic code, but let architectures deal with the hardware enabling problem, which is a mess to solve in generic code (unless I'm missing something). All that said, I haven't tried compiling yet, let alone actually running anything, so it's entirely possible my idea won't pan out.