Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp23502rwd; Tue, 6 Jun 2023 17:55:05 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5Qclu05mebTEbjCMeAn4HpZXcA7Hb3kHO1uuROYHizlvVKo7PYNNlVZVP+4zflmXkrQU89 X-Received: by 2002:a17:902:c403:b0:1ae:89a:a4 with SMTP id k3-20020a170902c40300b001ae089a00a4mr4722255plk.8.1686099305253; Tue, 06 Jun 2023 17:55:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686099305; cv=none; d=google.com; s=arc-20160816; b=G+gNNQHcuQPiajG6HdrhiUFn/LfkwmjVoVSnszHOgsVmEpZNkX7P2jypnenslFs+ZL gD+gUPdILn8TGIwZSk3nNB9yJSybUJ/+0AytOURTkTGafByMkrK42Rq+35TtHScakb8U wcKcIR+lqSAhalXLaMGylIOX1Iv0HoutLWM5jrkcqgd6cBzjFv6R4s1r6H2JbZyaOJlk ppp8H5jbvFsOON77zY5bDKf42pFhOKlV/a3PYz6HqoSaJelzx2gXB+sFmkThmJ9fkkj/ Nkf5OKqipI85/V2soPuVkT7BGrRzCvsFv9G7Fi63jyVSSVl4Yxig2Aanng0kyVdBd9Iu 0Xiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=G3xWHxIDzZm/Cm/VNd/bMge2IkR3+FmhKrhLM2E3LiE=; b=dT+ptEDmwGJ26vnhIfmUlQI7NpKhkis9o9p+XMw5MKPRG3sfXmnaA2koSSvzFDBvXf sClwNVeLk0Xkw6VitD9+YjsRlHemAqG5oyX7U3qPzkxl9RtxWRt4hVLJdnkDTLQsvRsq A2u6zcUheg5Kdr3SVl+5A0HUCbjkNAYWX+FzOEWhlgle9i0iM9ZhIOZ424niDIuqpawr HgKxxgDAnaMkSf572ZSfbaPjnlFYJptgl3MGR4tlNIj2ZGoaqB19yogdB1ExFSRORJCx OwXVQSsXEl6+aBVeakkcZv/UFuy1KHaOuh7GP9/WV1HHIchcc8hJn9TMUJJLkUK338TA pzvg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=zdBMHXa8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d16-20020a170903231000b001ae3b512697si8352782plh.113.2023.06.06.17.54.53; Tue, 06 Jun 2023 17:55:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=zdBMHXa8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240309AbjFGAYV (ORCPT + 99 others); Tue, 6 Jun 2023 20:24:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43004 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234458AbjFGAYU (ORCPT ); Tue, 6 Jun 2023 20:24:20 -0400 Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 089781989 for ; Tue, 6 Jun 2023 17:24:19 -0700 (PDT) Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-9745baf7c13so853781666b.1 for ; Tue, 06 Jun 2023 17:24:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1686097457; x=1688689457; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=G3xWHxIDzZm/Cm/VNd/bMge2IkR3+FmhKrhLM2E3LiE=; b=zdBMHXa8hCib0O1mDaTw+TKuQ2tSGkAaoZsZcfxJhOlxFwTGROtc2h/xbUIj21rtcY ipfg4x3LfzhbN4qFNGapg+EG5NrWIDwDTEFMs4SEyZtMwsAY7kMuu7b/mQn2nf/xzGas HRqx0E0BSzdudq5rceDf4Qo9JUdlK4BDALOhCUY3tEicHrIKn5eowX9FHbChyoLG8w6P lNj3D30z/cpvI1ykxrYsU34uvRh4WwSwQNAmJRxAaGnVQburQiM9nja5N+x3vzLa6HsA pCzXKNsCnpjtv4ctcUQCKuMbUb7Wk1TH8ITJHV+uvrrGVLYsc6m0O20zDkeY2QL+WJzi gUmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686097457; x=1688689457; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=G3xWHxIDzZm/Cm/VNd/bMge2IkR3+FmhKrhLM2E3LiE=; b=QYBTBXaYwuXYr9yMq8y8ybO4EgDk5XDwOvppxUNMfgriqHKXGGKrMMABZT8mmE49D0 n8AA64KpMMlwBjetpmZ5db5HN3Qxg3ohXlFluL5bVteWyCbaPrNf1g78GxOP2tu6IbXH OI3v0T1I0L3sYgZ/lqvVbIBDh2ES5GcLw3NY92sDZSQWQFnSXhYKVHdaHe0VQhjYXZAR ctej9xaYQEk+xJCi7YUu6YML3CwrtoNgIg/VuDVXt7FE+XOq2bntz00XRemBGSLH9wy3 ezkwiSsQaHFL920BK8jY5FMO3wDj5TYbD5DOOnHnWCXxkM6L6/LxtjkrnCNgmIjzm3s4 RVpA== X-Gm-Message-State: AC+VfDwWYxxCZXRxcm0qvPaZcWP1Q1WKYD2IkVsvkOrTnmbGRC+qSecR qlWgqIy6H4nMv5PcwHhLDQnTl7zp/fxwMTpnuZPycA== X-Received: by 2002:a17:907:7d87:b0:969:7739:2eb7 with SMTP id oz7-20020a1709077d8700b0096977392eb7mr3888160ejc.4.1686097457385; Tue, 06 Jun 2023 17:24:17 -0700 (PDT) MIME-Version: 1.0 References: <20230605004334.1930091-1-mizhang@google.com> In-Reply-To: From: Mingwei Zhang Date: Tue, 6 Jun 2023 17:23:40 -0700 Message-ID: Subject: Re: [PATCH] KVM: x86/mmu: Remove KVM MMU write lock when accessing indirect_shadow_pages To: Sean Christopherson Cc: Jim Mattson , Paolo Bonzini , "H. Peter Anvin" , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Ben Gardon Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > Hmm. I agree with both points above, but below, the change seems too > > heavyweight. smp_wb() is a mfence(), i.e., serializing all > > loads/stores before the instruction. Doing that for every shadow page > > creation and destruction seems a lot. > > No, the smp_*b() variants are just compiler barriers on x86. hmm, it is a "lock addl" now for smp_mb(). Check this: 450cbdd0125c ("locking/x86: Use LOCK ADD for smp_mb() instead of MFENCE") So this means smp_mb() is not a free lunch and we need to be a little bit careful. > > > In fact, the case that only matters is '0->1' which may potentially > > confuse kvm_mmu_pte_write() when it reads 'indirect_shadow_count', but > > the majority of the cases are 'X => X + 1' where X != 0. So, those > > cases do not matter. So, if we want to add barriers, we only need it > > for 0->1. Maybe creating a new variable and not blocking > > account_shadow() and unaccount_shadow() is a better idea? > > > > Regardless, the above problem is related to interactions among > > account_shadow(), unaccount_shadow() and kvm_mmu_pte_write(). It has > > nothing to do with the 'reexecute_instruction()', which is what this > > patch is about. So, I think having a READ_ONCE() for > > reexecute_instruction() should be good enough. What do you think. > > The reexecute_instruction() case should be fine without any fanciness, it's > nothing more than a heuristic, i.e. neither a false positive nor a false negative > will impact functional correctness, and nothing changes regardless of how many > times the compiler reads the variable outside of mmu_lock. > > I was thinking that it would be better to have a single helper to locklessly > access indirect_shadow_pages, but I agree that applying the barriers to > reexecute_instruction() introduces a different kind of confusion. > > Want to post a v2 of yours without a READ_ONCE(), and I'll post a separate fix > for the theoretical kvm_mmu_pte_write() race? And then Paolo can tell me that > there's no race and school me on lockless programming once more ;-) yeah, that works for me.