Xen project Mailing List

Re: [PATCH v2] x86/svm: do not try to handle recalc NPT faults immediately

To: <paul@xxxxxxx>, 'Jan Beulich' <jbeulich@xxxxxxxx>

From: Igor Druzhinin <igor.druzhinin@xxxxxxxxxx>

Date: Wed, 3 Jun 2020 12:45:26 +0100

Authentication-results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, roger.pau@xxxxxxxxxx, george.dunlap@xxxxxxxxxx, wl@xxxxxxx, andrew.cooper3@xxxxxxxxxx

Delivery-date: Wed, 03 Jun 2020 11:45:34 +0000

Ironport-sdr: T1wGLoubHyylm5a0q8mo2I0DXdp536zzAPMoUI0aj5YpdoDYFwW9wj0bNoNs8AEUhx/NCYXZRG /Fb6K2MgoYL0h375Nq7pPur5+Mv/Vdsm97NkA8FocLPIQh9K9f2ebDwZrdWC8ub9W8Yb168Pqo Edjz24ghYqyrjZQWUeFEX+Rvmb8EAr7Z690+O9nLWFqV8HLFQhxvOagwsAq0yfGlW8l4gSN2wQ migTWuQY5UwNR6f1D2em7rh7b6/GGzqKkYdlvM9KrRZ2PGk/yp7wRGr0kXh0mR2Ngeu5YK5ovD JA8=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 03/06/2020 12:28, Paul Durrant wrote: >> -----Original Message----- >> From: Jan Beulich <jbeulich@xxxxxxxx> >> Sent: 03 June 2020 12:22 >> To: paul@xxxxxxx >> Cc: 'Igor Druzhinin' <igor.druzhinin@xxxxxxxxxx>; >> xen-devel@xxxxxxxxxxxxxxxxxxxx; >> andrew.cooper3@xxxxxxxxxx; wl@xxxxxxx; roger.pau@xxxxxxxxxx; >> george.dunlap@xxxxxxxxxx >> Subject: Re: [PATCH v2] x86/svm: do not try to handle recalc NPT faults >> immediately >> >> On 03.06.2020 12:26, Paul Durrant wrote: >>>> -----Original Message----- >>>> From: Jan Beulich <jbeulich@xxxxxxxx> >>>> Sent: 03 June 2020 11:03 >>>> To: Igor Druzhinin <igor.druzhinin@xxxxxxxxxx> >>>> Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx; andrew.cooper3@xxxxxxxxxx; wl@xxxxxxx; >>>> roger.pau@xxxxxxxxxx; >>>> george.dunlap@xxxxxxxxxx; Paul Durrant <paul@xxxxxxx> >>>> Subject: Re: [PATCH v2] x86/svm: do not try to handle recalc NPT faults >>>> immediately >>>> >>>> On 02.06.2020 18:56, Igor Druzhinin wrote: >>>>> A recalculation NPT fault doesn't always require additional handling >>>>> in hvm_hap_nested_page_fault(), moreover in general case if there is no >>>>> explicit handling done there - the fault is wrongly considered fatal. >>>>> >>>>> This covers a specific case of migration with vGPU assigned on AMD: >>>>> at a moment log-dirty is enabled globally, recalculation is requested >>>>> for the whole guest memory including directly mapped MMIO regions of vGPU >>>>> which causes a page fault being raised at the first access to those; >>>>> but due to MMIO P2M type not having any explicit handling in >>>>> hvm_hap_nested_page_fault() a domain is erroneously crashed with unhandled >>>>> SVM violation. >>>>> >>>>> Instead of trying to be opportunistic - use safer approach and handle >>>>> P2M recalculation in a separate NPT fault by attempting to retry after >>>>> making the necessary adjustments. This is aligned with Intel behavior >>>>> where there are separate VMEXITs for recalculation and EPT violations >>>>> (faults) and only faults are handled in hvm_hap_nested_page_fault(). >>>>> Do it by also unifying do_recalc return code with Intel implementation >>>>> where returning 1 means P2M was actually changed. >>>>> >>>>> Since there was no case previously where p2m_pt_handle_deferred_changes() >>>>> could return a positive value - it's safe to replace ">= 0" with just "== >>>>> 0" >>>>> in VMEXIT_NPF handler. finish_type_change() is also not affected by the >>>>> change as being able to deal with >0 return value of p2m->recalc from >>>>> EPT implementation. >>>>> >>>>> Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> >>>>> Signed-off-by: Igor Druzhinin <igor.druzhinin@xxxxxxxxxx> >>>> >>>> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> >>>> albeit preferably with ... >>>> >>>>> @@ -448,12 +451,14 @@ static int do_recalc(struct p2m_domain *p2m, >>>>> unsigned long gfn) >>>>> clear_recalc(l1, e); >>>>> err = p2m->write_p2m_entry(p2m, gfn, pent, e, level + 1); >>>>> ASSERT(!err); >>>>> + >>>>> + recalc_done = true; >>>>> } >>>>> >>>>> out: >>>>> unmap_domain_page(table); >>>>> >>>>> - return err; >>>>> + return err ?: (recalc_done ? 1 : 0); >>>> >>>> ... this shrunk to >>>> >>>> return err ?: recalc_done; >>>> >>>> (easily doable while committing). >>>> >>>> Also Cc Paul. >>>> >>> >>> paging_log_dirty_enable() still fails global enable if has_arch_pdevs() >>> is true, so presumably there's no desperate need for this to go in 4.14? >> >> The MMIO case is just the particular situation here. Aiui the same issue >> could potentially surface with other p2m types. Also given I'd consider >> this a backporting candidate, while it may not be desperately needed for >> the release, I think it deserves considering beyond the specific aspect >> you mention. >> > > In which case I think the commit message probably ought to be rephrased, > since it appears to focus on a case that cannot currently happen. This can happen without has_arch_pdevs() being true. It's enough to just directly map some physical memory into a guest to get p2m_direct_mmio type present in the page tables. Igor

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.