qemu/accel
David Hildenbrand f39b7d2b96 kvm: Atomic memslot updates
If we update an existing memslot (e.g., resize, split), we temporarily
remove the memslot to re-add it immediately afterwards. These updates
are not atomic, especially not for KVM VCPU threads, such that we can
get spurious faults.

Let's inhibit most KVM ioctls while performing relevant updates, such
that we can perform the update just as if it would happen atomically
without additional kernel support.

We capture the add/del changes and apply them in the notifier commit
stage instead. There, we can check for overlaps and perform the ioctl
inhibiting only if really required (-> overlap).

To keep things simple we don't perform additional checks that wouldn't
actually result in an overlap -- such as !RAM memory regions in some
cases (see kvm_set_phys_mem()).

To minimize cache-line bouncing, use a separate indicator
(in_ioctl_lock) per CPU.  Also, make sure to hold the kvm_slots_lock
while performing both actions (removing+re-adding).

We have to wait until all IOCTLs were exited and block new ones from
getting executed.

This approach cannot result in a deadlock as long as the inhibitor does
not hold any locks that might hinder an IOCTL from getting finished and
exited - something fairly unusual. The inhibitor will always hold the BQL.

AFAIKs, one possible candidate would be userfaultfd. If a page cannot be
placed (e.g., during postcopy), because we're waiting for a lock, or if the
userfaultfd thread cannot process a fault, because it is waiting for a
lock, there could be a deadlock. However, the BQL is not applicable here,
because any other guest memory access while holding the BQL would already
result in a deadlock.

Nothing else in the kernel should block forever and wait for userspace
intervention.

Note: pause_all_vcpus()/resume_all_vcpus() or
start_exclusive()/end_exclusive() cannot be used, as they either drop
the BQL or require to be called without the BQL - something inhibitors
cannot handle. We need a low-level locking mechanism that is
deadlock-free even when not releasing the BQL.

Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Tested-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Message-Id: <20221111154758.1372674-4-eesposit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-01-11 09:59:39 +01:00
..
hvf Fix 'writeable' typos 2022-06-08 19:38:47 +01:00
kvm kvm: Atomic memslot updates 2023-01-11 09:59:39 +01:00
qtest accel/qtest: Support qtest accelerator for Windows 2022-10-28 11:17:12 +02:00
stubs accel/kvm: move kvm_update_guest_debug to inline stub 2022-10-06 11:53:41 +01:00
tcg accel/tcg: Handle false negative lookup in page_check_range 2023-01-05 11:41:29 -08:00
xen sysemu: Let VMChangeStateHandler take boolean 'running' argument 2021-03-09 23:13:57 +01:00
accel-blocker.c accel: introduce accelerator blocker API 2023-01-11 09:59:39 +01:00
accel-common.c gdbstub: move sstep flags probing into AccelClass 2022-10-06 11:53:41 +01:00
accel-softmmu.c accel: abort if we fail to load the accelerator plugin 2022-11-06 09:48:50 +01:00
accel-softmmu.h accel: replace struct CpusAccel with AccelOpsClass 2021-02-05 10:24:15 -10:00
accel-user.c accel: extend AccelState and AccelClass to user-mode 2021-02-05 10:24:15 -10:00
dummy-cpus.c accel/qtest: Support qtest accelerator for Windows 2022-10-28 11:17:12 +02:00
Kconfig Add NVMM accelerator: configure and build logic 2021-05-04 14:15:34 +02:00
meson.build accel: introduce accelerator blocker API 2023-01-11 09:59:39 +01:00