On Tue, Aug 03, 2021, Paolo Bonzini wrote: > On 02/08/21 20:33, Maxim Levitsky wrote: > > From: Sean Christopherson <seanjc@xxxxxxxxxx> > > > > This together with the next patch will fix a future race between > > kvm_zap_gfn_range and the page fault handler, which will happen > > when AVIC memslot is going to be only partially disabled. > > > > This is based on a patch suggested by Sean Christopherson: > > https://lkml.org/lkml/2021/7/22/1025 > > I'll also add a small note from the original message: > > The performance impact is minimal since kvm_zap_gfn_range is only called by > users, update_mtrr() and kvm_post_set_cr0(). Both only use it if the guest > has non-coherent DMA, in order to honor the guest's UC memtype. MTRR and CD > setup only happens at boot, and generally in an area where the page tables > should be small (for CD) or should not include the affected GFNs at all > (for MTRRs). > > On top of this, I think the CD case (kvm_post_set_cr0) can be changed to use > kvm_mmu_zap_all_fast. No, because fast zap requires kvm->slots_lock be held. That could be relaxed by reverting ca333add6933 ("KVM: x86/mmu: Explicitly track only a single invalid mmu generation") and converting mmu_valid_gen to a u64 (to prevent wrap on 32-bit KVM). IMO the extra memory cost, even though it's meager savings when using TDP without nested, isn't worth relaxing the rules for fast zap. Non-coherent DMA isn't very common these days, and toggling CR0.CD is a rare guest operation (it'd probably never happen if the darn architcture didn't set it on RESET).
