On Thu, Jan 19, 2023, Huang, Kai wrote: > On Thu, 2023-01-19 at 21:36 +0000, Sean Christopherson wrote: > > The least invasive idea I have is expand the TDP MMU's concept of "frozen" SPTEs > > and freeze (a.k.a. lock) the SPTE (KVM's mirror) until the corresponding S-EPT > > update completes. > > This will introduce another "having-to-wait while SPTE is frozen" problem I > think, which IIUC means (one way is) you have to do some loop and retry, perhaps > similar to yield_safe. Yes, but because the TDP MMU already freezes SPTEs (just for a shorter duration), I'm 99% sure all of the affected flows already know how to yield/bail when necessary. The problem with the zero-step mitigation is that it could (theoretically) cause a "busy" error on literally any accesses, which makes it infeasible for KVM to have sane behavior. E.g. freezing SPTEs to avoid the ordering issues isn't necessary when holding mmu_lock for write, whereas the zero-step madness brings everything into play.
