Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp3030004rwp; Fri, 14 Jul 2023 16:03:12 -0700 (PDT) X-Google-Smtp-Source: APBJJlHz7vbfumF4bIj/K+8HOnhlD+ojHrK8x2s8042ZIdlA1dfVpT50+6st0tThK/jCMmRuCH/M X-Received: by 2002:a17:902:ced2:b0:1b8:76cb:c6a4 with SMTP id d18-20020a170902ced200b001b876cbc6a4mr5555353plg.21.1689375792254; Fri, 14 Jul 2023 16:03:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689375792; cv=none; d=google.com; s=arc-20160816; b=HYG1TYawvyPOLEXyW9QVTb0P2+YC3ilsNVgeOMZGIdTgPT3SudX5gNIdCPG+yEMUD1 CR9LWTYJ7sdyg0ocC81vcOD8xw60AE8dYTIZS2PHHZ8FzIonSlNwMzx1m8RvE6hi98nH UDK/UYSf5SijJ96pGma9CXSfBe2KaZG7jbGeIUx2nmMrXajXY5Kx28fCymQeuf9e2hnh Z43jgCc6VBB4b7DhsTw/dtps801NEuVxdLE1mNhqCIcV6ZHTHg2SqvckLhlFSkAko/Bl EyuHmK0fmMTL9PAw0OVV/2IJR9xxTgaQz8QbMR/uNfXjSm1Z6eSd/Qyu6mxYjeDufm/l LTYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=AqPQXu/AIr+STPlGjrumZEqk7MLinV6fP6qlYwF+Hxk=; fh=y6OzSyN6P5KYBdX5e7N9lNVGKKeJiyUOY6JUhnFCRkM=; b=ky1mxwpltr4D9jgm1LE3a8SpdBwgEjQL1kt7cJx2/S7zMrjdt9+lieP/j5Zo8pwbdd MZKc3833Y3hzJpFgW3D6xGXg88Km2Z/uP+8tlLIlhQ+QXflDwcR79X8sA4AOgrB8V7QU NHmt5BqUYsI5aFCiiSqqL0T7LJGWI2t8ScwizYjMmaVUtgsjKFblIAXIQP1QWg6yi/cE Dcf/sEr+wjoOJERjL98WfLz9Hdqffjz+hSPjxtRXh085JYi9UkJb5BX/4uoJBdYFM2d/ whSfpoas9XgsHwQwjrvNBsY+Y5fMypVd+3fMCUj+OSs/UkwS42UQRCs7RZF8TSdl3XNS PoJA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=Tt0V9A0q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c7-20020a170902d48700b001b8a67f1c10si7944291plg.468.2023.07.14.16.02.59; Fri, 14 Jul 2023 16:03:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=Tt0V9A0q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229764AbjGNWf7 (ORCPT + 99 others); Fri, 14 Jul 2023 18:35:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33302 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229437AbjGNWf6 (ORCPT ); Fri, 14 Jul 2023 18:35:58 -0400 Received: from mail-pl1-x649.google.com (mail-pl1-x649.google.com [IPv6:2607:f8b0:4864:20::649]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 91D432D73 for ; Fri, 14 Jul 2023 15:35:53 -0700 (PDT) Received: by mail-pl1-x649.google.com with SMTP id d9443c01a7336-1b896096287so17458785ad.0 for ; Fri, 14 Jul 2023 15:35:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1689374153; x=1691966153; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=AqPQXu/AIr+STPlGjrumZEqk7MLinV6fP6qlYwF+Hxk=; b=Tt0V9A0qkpbl5zS0LESlEdwvp+4lS8swsnaM5ygU4p8wmWduWJsTsWiMBUrW9Vh2KL aNiclCU+3JOXB1yiqIKXN6QgR9QdqoTo2RC11ivA+QpKq3HQpnI8PiDAYzg63A260iOT /X8Zs4ITCCFalugl0jsN26LMWffPpuzQBP22vn8lpRSG+H4mTHf3+orEXOoeYZYdfyr2 abFsO9FDujBoCuI48/+aMdXB2jBUEMCB+wK+csXPETYbqUkpzTNRqr4u7awtDvgcPp5C u2l7VKka+4qaqK2LwY7H9dgsRxhvzJ+xsqjkh1lzLWjpI9iGg9n1Apbc27ImlTO1X+KO zawA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689374153; x=1691966153; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=AqPQXu/AIr+STPlGjrumZEqk7MLinV6fP6qlYwF+Hxk=; b=NZeb9URwOmCYQqrxeEzdFPwpToZMpB10u+aDbJaJWq37thvw8ydwgXzvO6rBah87gK oy1LXfmU3B3Z4tE7CKCZY47lao29cwANMHjG9t23f/B+sQOa8wiNvv+0J8GmuqHlLows khyNij0MocIb9TxpjLgl4nJ8QFmyM/257lPA8jqYVYvuoS/32CSo2dYxA0YKeZVAYIzH WScZmvv1Prhc5Oz4/simhwhG2GQH2QppwQ5gcLOGVZHsnV5e4zp5a/voz4NqFU39kvVZ pRoyzpdgmOCNK5pgmfiLa3h5d4MaC47Fccisp3fEJVxhK0qFOPwvO31VjNWn2w0uJj8d V9fQ== X-Gm-Message-State: ABy/qLZ0wnm8F6BPqoETa0dPTSE9R4VfEVT573KZN+r1no5P8v1ZCYOC QcJNX4ROfplGudrtMwy7W9Vg5oK9VcU= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:b492:b0:1b9:e338:a90d with SMTP id y18-20020a170902b49200b001b9e338a90dmr17230plr.3.1689374153026; Fri, 14 Jul 2023 15:35:53 -0700 (PDT) Date: Fri, 14 Jul 2023 22:35:51 +0000 In-Reply-To: <20230714115715.000026fe.zhi.wang.linux@gmail.com> Mime-Version: 1.0 References: <358fb191b3690a5cbc2c985d3ffc67224df11cf3.1687991811.git.isaku.yamahata@intel.com> <20230714115715.000026fe.zhi.wang.linux@gmail.com> Message-ID: Subject: Re: [RFC PATCH v3 08/11] KVM: Fix set_mem_attr ioctl when error case From: Sean Christopherson To: Zhi Wang Cc: isaku.yamahata@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sagi Shahar , David Matlack , Kai Huang , chen.bo@intel.com, linux-coco@lists.linux.dev, Chao Peng , Ackerley Tng , Vishal Annapurve , Michael Roth , Yuan Yao Content-Type: text/plain; charset="us-ascii" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 14, 2023, Zhi Wang wrote: > On Thu, 13 Jul 2023 15:03:54 -0700 > Sean Christopherson wrote: > > + /* > > + * Reserve memory ahead of time to avoid having to deal with failures > > + * partway through setting the new attributes. > > + */ > > + for (i = start; i < end; i++) { > > + r = xa_reserve(&kvm->mem_attr_array, i, GFP_KERNEL_ACCOUNT); > > + if (r) > > + goto out_unlock; > > + } > > + > > KVM_MMU_LOCK(kvm); > > kvm_mmu_invalidate_begin(kvm); > > kvm_mmu_invalidate_range_add(kvm, start, end); > > KVM_MMU_UNLOCK(kvm); > > > > for (i = start; i < end; i++) { > > - if (xa_err(xa_store(&kvm->mem_attr_array, i, entry, > > - GFP_KERNEL_ACCOUNT))) > > + r = xa_err(xa_store(&kvm->mem_attr_array, i, entry, > > + GFP_KERNEL_ACCOUNT)); > > + if (KVM_BUG_ON(r, kvm)) > > break; > > } > > > > IIUC, If an error happenes here, we should bail out and call xa_release()? > Or the code below (which is not shown here) still changes the memory attrs > partially. I'm pretty sure we want to continue on. The VM is dead (killed by KVM_BUG_ON()), so the attributes as seen by userspace and/or the VM don't matter. What does matter is that KVM's internal state is consistent, e.g. that KVM doesn't have shared SPTEs while the attributes say a GFN is private. That might not matter for teardown, but I can't think of any reason not to tidy up. And there can also be other ioctls() in flight. KVM_REQ_VM_DEAD ensures vCPU can't enter the guest, and vm->vm_dead ensures no new ioctls() cant start, but neither of those guarantees there aren't other tasks doing KVM things. Regardless, we definitely don't need to do xa_release(). The VM is dead and all its memory will be reclaimed soon enough. And there's no guarantee xa_release() will actually be able to free anything, e.g. already processed entries won't be freed, nor will any entries that existed _before_ the ioctl() was invoked. Not to mention that the xarray probably isn't consuming much memory, relatively speaking. I.e. in the majority of scenarios, it's likely preferable to get out and destroy the VM asap.