linux/arch/x86/kvm
Sean Christopherson 002c5f73c5 KVM: x86/mmu: Reintroduce fast invalidate/zap for flushing memslot
James Harvey reported a livelock that was introduced by commit
d012a06ab1 ("Revert "KVM: x86/mmu: Zap only the relevant pages when
removing a memslot"").

The livelock occurs because kvm_mmu_zap_all() as it exists today will
voluntarily reschedule and drop KVM's mmu_lock, which allows other vCPUs
to add shadow pages.  With enough vCPUs, kvm_mmu_zap_all() can get stuck
in an infinite loop as it can never zap all pages before observing lock
contention or the need to reschedule.  The equivalent of kvm_mmu_zap_all()
that was in use at the time of the reverted commit (4e103134b8, "KVM:
x86/mmu: Zap only the relevant pages when removing a memslot") employed
a fast invalidate mechanism and was not susceptible to the above livelock.

There are three ways to fix the livelock:

- Reverting the revert (commit d012a06ab1) is not a viable option as
  the revert is needed to fix a regression that occurs when the guest has
  one or more assigned devices.  It's unlikely we'll root cause the device
  assignment regression soon enough to fix the regression timely.

- Remove the conditional reschedule from kvm_mmu_zap_all().  However, although
  removing the reschedule would be a smaller code change, it's less safe
  in the sense that the resulting kvm_mmu_zap_all() hasn't been used in
  the wild for flushing memslots since the fast invalidate mechanism was
  introduced by commit 6ca18b6950 ("KVM: x86: use the fast way to
  invalidate all pages"), back in 2013.

- Reintroduce the fast invalidate mechanism and use it when zapping shadow
  pages in response to a memslot being deleted/moved, which is what this
  patch does.

For all intents and purposes, this is a revert of commit ea145aacf4
("Revert "KVM: MMU: fast invalidate all pages"") and a partial revert of
commit 7390de1e99 ("Revert "KVM: x86: use the fast way to invalidate
all pages""), i.e. restores the behavior of commit 5304b8d37c ("KVM:
MMU: fast invalidate all pages") and commit 6ca18b6950 ("KVM: x86:
use the fast way to invalidate all pages") respectively.

Fixes: d012a06ab1 ("Revert "KVM: x86/mmu: Zap only the relevant pages when removing a memslot"")
Reported-by: James Harvey <jamespharvey20@gmail.com>
Cc: Alex Willamson <alex.williamson@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-09-14 09:25:11 +02:00
..
vmx KVM: nVMX: handle page fault in vmread 2019-09-14 09:25:02 +02:00
cpuid.c KVM: x86: expose AVX512_BF16 feature to guest 2019-07-15 12:49:30 +02:00
cpuid.h x86/cpufeatures: Combine word 11 and 12 into a new scattered features word 2019-06-20 12:38:44 +02:00
debugfs.c KVM: no need to check return value of debugfs_create functions 2019-08-05 12:55:49 +02:00
emulate.c x86/kvm: Fix fastop function ELF metadata 2019-07-18 21:01:03 +02:00
hyperv.c KVM: x86: hyper-v: don't crash on KVM_GET_SUPPORTED_HV_CPUID when kvm_intel.nested is disabled 2019-08-27 20:59:04 +02:00
hyperv.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499 2019-06-19 17:09:53 +02:00
i8254.c kvm: x86: Add memcg accounting to KVM allocations 2019-02-20 22:48:30 +01:00
i8254.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
i8259.c kvm: x86: Add memcg accounting to KVM allocations 2019-02-20 22:48:30 +01:00
ioapic.c kvm: x86: ioapic and apic debug macros cleanup 2019-07-15 20:39:01 +02:00
ioapic.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
irq_comm.c KVM/arm updates for 5.3 2019-07-11 15:14:16 +02:00
irq.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 320 2019-06-05 17:37:05 +02:00
irq.h KVM/arm updates for 5.3 2019-07-11 15:14:16 +02:00
Kconfig kvm: x86: add host poll control msrs 2019-06-18 11:43:46 +02:00
kvm_cache_regs.h KVM: x86: use direct accessors for RIP and RSP 2019-04-30 22:07:26 +02:00
lapic.c kvm: x86: skip populating logical dest map if apic is not sw enabled 2019-08-14 16:28:33 +02:00
lapic.h KVM: LAPIC: Inject timer interrupt via posted interrupt 2019-07-20 09:00:40 +02:00
Makefile KVM: x86: fix TRACE_INCLUDE_PATH and remove -I. header search paths 2019-01-25 19:12:37 +01:00
mmu_audit.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499 2019-06-19 17:09:53 +02:00
mmu.c KVM: x86/mmu: Reintroduce fast invalidate/zap for flushing memslot 2019-09-14 09:25:11 +02:00
mmu.h kvm: mmu: Fix overflow on kvm mmu page limit calculation 2019-04-16 15:37:30 +02:00
mmutrace.h KVM: x86: add tracepoints around __direct_map and FNAME(fetch) 2019-07-05 13:48:48 +02:00
mtrr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499 2019-06-19 17:09:53 +02:00
page_track.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499 2019-06-19 17:09:53 +02:00
paging_tmpl.h KVM/arm updates for 5.3 2019-07-11 15:14:16 +02:00
pmu_amd.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 499 2019-06-19 17:09:53 +02:00
pmu.c KVM: x86: Add fixed counters to PMU filter 2019-07-20 09:00:48 +02:00
pmu.h KVM: x86: PMU Event Filter 2019-07-11 15:08:28 +02:00
svm.c KVM: x86: hyper-v: don't crash on KVM_GET_SUPPORTED_HV_CPUID when kvm_intel.nested is disabled 2019-08-27 20:59:04 +02:00
trace.h KVM: LAPIC: remove the trailing newline used in the fmt parameter of TP_printk 2019-07-03 16:14:39 +02:00
tss.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
x86.c KVM: x86: work around leak of uninitialized stack contents 2019-09-14 09:25:11 +02:00
x86.h KVM: LAPIC: Inject timer interrupt via posted interrupt 2019-07-20 09:00:40 +02:00