lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <43200b86-aa40-f7a3-d571-dc5fc3ebd421@intel.com>
Date:   Fri, 14 Jan 2022 23:59:54 +0800
From:   Zeng Guang <guang.zeng@...el.com>
To:     Sean Christopherson <seanjc@...gle.com>
Cc:     Paolo Bonzini <pbonzini@...hat.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Wanpeng Li <wanpengli@...cent.com>,
        Jim Mattson <jmattson@...gle.com>,
        Joerg Roedel <joro@...tes.org>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        "Luck, Tony" <tony.luck@...el.com>,
        Kan Liang <kan.liang@...ux.intel.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        "H. Peter Anvin" <hpa@...or.com>,
        Kim Phillips <kim.phillips@....com>,
        Jarkko Sakkinen <jarkko@...nel.org>,
        Jethro Beekman <jethro@...tanix.com>,
        "Huang, Kai" <kai.huang@...el.com>,
        "x86@...nel.org" <x86@...nel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "Hu, Robert" <robert.hu@...el.com>,
        "Gao, Chao" <chao.gao@...el.com>
Subject: Re: [PATCH v5 8/8] KVM: VMX: Resize PID-ponter table on demand for
 IPI virtualization

On 1/14/2022 6:09 AM, Sean Christopherson wrote:
> On Fri, Dec 31, 2021, Zeng Guang wrote:
>> +static int vmx_expand_pid_table(struct kvm_vmx *kvm_vmx, int entry_idx)
>> +{
>> +	u64 *last_pid_table;
>> +	int last_table_size, new_order;
>> +
>> +	if (entry_idx <= kvm_vmx->pid_last_index)
>> +		return 0;
>> +
>> +	last_pid_table = kvm_vmx->pid_table;
>> +	last_table_size = table_index_to_size(kvm_vmx->pid_last_index + 1);
>> +	new_order = get_order(table_index_to_size(entry_idx + 1));
>> +
>> +	if (vmx_alloc_pid_table(kvm_vmx, new_order))
>> +		return -ENOMEM;
>> +
>> +	memcpy(kvm_vmx->pid_table, last_pid_table, last_table_size);
>> +	kvm_make_all_cpus_request(&kvm_vmx->kvm, KVM_REQ_PID_TABLE_UPDATE);
>> +
>> +	/* Now old PID table can be freed safely as no vCPU is using it. */
>> +	free_pages((unsigned long)last_pid_table, get_order(last_table_size));
> This is terrifying.  I think it's safe?  But it's still terrifying.

Free old PID table here is safe as kvm making request 
KVM_REQ_PI_TABLE_UPDATE with
KVM_REQUEST_WAIT flag force all vcpus trigger vm-exit to update vmcs 
field to new allocated
PID table. At this time, it makes sure old PID table not referenced by 
any vcpu.
Do you mean it still has potential problem?

> Rather than dynamically react as vCPUs are created, what about we make max_vcpus
> common[*], extend KVM_CAP_MAX_VCPUS to allow userspace to override max_vcpus,
> and then have the IPIv support allocate the PID table on first vCPU creation
> instead of in vmx_vm_init()?
>
> That will give userspace an opportunity to lower max_vcpus to reduce memory
> consumption without needing to dynamically muck with the table in KVM.  Then
> this entire patch goes away.
IIUC, it's risky if relying on userspace . In this way userspace also 
have chance to assign large max_vcpus
but not use them at all. This cannot approach the goal to save memory as 
much as possible just similar
as using KVM_MAX_VCPU_IDS to allocate PID table.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ