| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1b955b6b9b49a7f03fae12d9b13b027822749527.camel@infradead.org>
Date: Tue, 29 Jul 2025 11:28:18 +0100
From: David Woodhouse <dwmw2@...radead.org>
To: Sean Christopherson <seanjc@...gle.com>
Cc: Carsten Stollmaier <stollmc@...zon.com>, Paolo Bonzini
<pbonzini@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar
<mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen
<dave.hansen@...ux.intel.com>, x86@...nel.org, "H. Peter Anvin"
<hpa@...or.com>, nh-open-source@...zon.com, Peter Xu <peterx@...hat.com>,
Sebastian Biemueller <sbiemue@...zon.de>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, Matthew Wilcox <willy@...radead.org>, Andrew
Morton <akpm@...ux-foundation.org>, "linux-mm@...ck.org"
<linux-mm@...ck.org>
Subject: Re: [PATCH] KVM: x86: Use gfn_to_pfn_cache for steal_time
On Tue, 2024-08-20 at 11:11 +0100, David Woodhouse wrote:
> On Fri, 2024-08-16 at 17:22 -0700, Sean Christopherson wrote:
> > On Fri, Aug 02, 2024, David Woodhouse wrote:
> > > On Fri, 2024-08-02 at 11:44 +0000, Carsten Stollmaier wrote:
> > > > On vcpu_run, before entering the guest, the update of the steal time
> > > > information causes a page-fault if the page is not present. In our
> > > > scenario, this gets handled by do_user_addr_fault and successively
> > > > handle_userfault since we have the region registered to that.
> > > >
> > > > handle_userfault uses TASK_INTERRUPTIBLE, so it is interruptible by
> > > > signals. do_user_addr_fault then busy-retries it if the pending signal
> > > > is non-fatal. This leads to contention of the mmap_lock.
> > >
> > > The busy-loop causes so much contention on mmap_lock that post-copy
> > > live migration fails to make progress, and is leading to failures. Yes?
> > >
> > > > This patch replaces the use of gfn_to_hva_cache with gfn_to_pfn_cache,
> > > > as gfn_to_pfn_cache ensures page presence for the memory access,
> > > > preventing the contention of the mmap_lock.
> > > >
> > > > Signed-off-by: Carsten Stollmaier <stollmc@...zon.com>
> > >
> > > Reviewed-by: David Woodhouse <dwmw@...zon.co.uk>
> > >
> > > I think this makes sense on its own, as it addresses the specific case
> > > where KVM is *likely* to be touching a userfaulted (guest) page. And it
> > > allows us to ditch yet another explicit asm exception handler.
> >
> > At the cost of using a gpc, which has its own complexities.
> >
> > But I don't understand why steal_time is special. If the issue is essentially
> > with handle_userfault(), can't this happen on any KVM uaccess?
>
> Theoretically, yes. The steal time is only special in that it happens
> so *often*, every time the vCPU is scheduled in.
>
> We should *also* address the general case, perhaps making by
> interruptible user access functions as discussed. But this solves the
> immediate issue which is being observed, *and* lets us ditch the last
> explicit asm exception handling in kvm/x86.c which is why I think it's
> worth doing anyway, even if there's an upcoming fix for the general
> case.
Gentle reader, there was *not* an upcoming fix for the general case,
and this is still an issue in real-world use cases... or would be, if
we hadn't been using Carsten's patch ever since he came up with it.
I still quite like the idea of interruptible user access, but nobody
seemed that excited by it, and as noted I think we should move steal
time to a GPC *anyway*.
Download attachment "smime.p7s" of type "application/pkcs7-signature" (5069 bytes)
Powered by blists - more mailing lists