| Message ID | 2a4ceee16546deeab7090efea2ee9c0db5444b84.1632171479.git.maciej.szmigiero@oracle.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM: Scalable memslots implementation | expand |
On Mon, Sep 20, 2021, Maciej S. Szmigiero wrote: > From: "Maciej S. Szmigiero" <maciej.szmigiero@oracle.com> > > This allows us to return a proper error code in case we spot an underflow. > > Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com> > --- > arch/x86/kvm/x86.c | 49 ++++++++++++++++++++++++++-------------------- > 1 file changed, 28 insertions(+), 21 deletions(-) > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 97d86223427d..0fffb8414009 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -11511,9 +11511,23 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, > const struct kvm_userspace_memory_region *mem, > enum kvm_mr_change change) > { > - if (change == KVM_MR_CREATE || change == KVM_MR_MOVE) > - return kvm_alloc_memslot_metadata(kvm, new, > - mem->memory_size >> PAGE_SHIFT); > + if (change == KVM_MR_CREATE || change == KVM_MR_MOVE) { > + int ret; > + > + ret = kvm_alloc_memslot_metadata(kvm, new, > + mem->memory_size >> PAGE_SHIFT); > + if (ret) > + return ret; > + > + if (change == KVM_MR_CREATE) > + kvm->arch.n_memslots_pages += new->npages; > + } else if (change == KVM_MR_DELETE) { > + if (WARN_ON(kvm->arch.n_memslots_pages < old->npages)) > + return -EIO; This is not worth the churn. In a way, it's worse because userspace can spam the living snot out of the kernel log by retrying the ioctl(). Since underflow can happen if and only if there's a KVM bug, and a pretty bad one at that, just make the original WARN_ON a KVM_BUG_ON. That will kill the VM and also provide the WARN_ON_ONCE behavior that we probably want. > + > + kvm->arch.n_memslots_pages -= old->npages; > + } > + > return 0; > } >
On 20.10.2021 00:38, Sean Christopherson wrote: > On Mon, Sep 20, 2021, Maciej S. Szmigiero wrote: >> From: "Maciej S. Szmigiero" <maciej.szmigiero@oracle.com> >> >> This allows us to return a proper error code in case we spot an underflow. >> >> Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com> >> --- >> arch/x86/kvm/x86.c | 49 ++++++++++++++++++++++++++-------------------- >> 1 file changed, 28 insertions(+), 21 deletions(-) >> >> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c >> index 97d86223427d..0fffb8414009 100644 >> --- a/arch/x86/kvm/x86.c >> +++ b/arch/x86/kvm/x86.c >> @@ -11511,9 +11511,23 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, >> const struct kvm_userspace_memory_region *mem, >> enum kvm_mr_change change) >> { >> - if (change == KVM_MR_CREATE || change == KVM_MR_MOVE) >> - return kvm_alloc_memslot_metadata(kvm, new, >> - mem->memory_size >> PAGE_SHIFT); >> + if (change == KVM_MR_CREATE || change == KVM_MR_MOVE) { >> + int ret; >> + >> + ret = kvm_alloc_memslot_metadata(kvm, new, >> + mem->memory_size >> PAGE_SHIFT); >> + if (ret) >> + return ret; >> + >> + if (change == KVM_MR_CREATE) >> + kvm->arch.n_memslots_pages += new->npages; >> + } else if (change == KVM_MR_DELETE) { >> + if (WARN_ON(kvm->arch.n_memslots_pages < old->npages)) >> + return -EIO; > > This is not worth the churn. In a way, it's worse because userspace can spam > the living snot out of the kernel log by retrying the ioctl(). > > Since underflow can happen if and only if there's a KVM bug, and a pretty bad one > at that, just make the original WARN_ON a KVM_BUG_ON. That will kill the VM and > also provide the WARN_ON_ONCE behavior that we probably want. Will do. Thanks, Maciej
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 97d86223427d..0fffb8414009 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11511,9 +11511,23 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, const struct kvm_userspace_memory_region *mem, enum kvm_mr_change change) { - if (change == KVM_MR_CREATE || change == KVM_MR_MOVE) - return kvm_alloc_memslot_metadata(kvm, new, - mem->memory_size >> PAGE_SHIFT); + if (change == KVM_MR_CREATE || change == KVM_MR_MOVE) { + int ret; + + ret = kvm_alloc_memslot_metadata(kvm, new, + mem->memory_size >> PAGE_SHIFT); + if (ret) + return ret; + + if (change == KVM_MR_CREATE) + kvm->arch.n_memslots_pages += new->npages; + } else if (change == KVM_MR_DELETE) { + if (WARN_ON(kvm->arch.n_memslots_pages < old->npages)) + return -EIO; + + kvm->arch.n_memslots_pages -= old->npages; + } + return 0; } @@ -11610,24 +11624,17 @@ void kvm_arch_commit_memory_region(struct kvm *kvm, const struct kvm_memory_slot *new, enum kvm_mr_change change) { - if (change == KVM_MR_CREATE || change == KVM_MR_DELETE) { - if (change == KVM_MR_CREATE) - kvm->arch.n_memslots_pages += new->npages; - else { - WARN_ON(kvm->arch.n_memslots_pages < old->npages); - kvm->arch.n_memslots_pages -= old->npages; - } - - if (!kvm->arch.n_requested_mmu_pages) { - u64 memslots_pages; - unsigned long nr_mmu_pages; - - memslots_pages = kvm->arch.n_memslots_pages * KVM_PERMILLE_MMU_PAGES; - do_div(memslots_pages, 1000); - nr_mmu_pages = max_t(typeof(nr_mmu_pages), - memslots_pages, KVM_MIN_ALLOC_MMU_PAGES); - kvm_mmu_change_mmu_pages(kvm, nr_mmu_pages); - } + /* Only CREATE or DELETE affects n_memslots_pages */ + if ((change == KVM_MR_CREATE || change == KVM_MR_DELETE) && + !kvm->arch.n_requested_mmu_pages) { + u64 memslots_pages; + unsigned long nr_mmu_pages; + + memslots_pages = kvm->arch.n_memslots_pages * KVM_PERMILLE_MMU_PAGES; + do_div(memslots_pages, 1000); + nr_mmu_pages = max_t(typeof(nr_mmu_pages), + memslots_pages, KVM_MIN_ALLOC_MMU_PAGES); + kvm_mmu_change_mmu_pages(kvm, nr_mmu_pages); } kvm_mmu_slot_apply_flags(kvm, old, new, change);