Re: WARNING trace at kvm_nx_huge_page_recovery_worker on 6.3.4

Sean Christopherson <seanjc@xxxxxxxxxx> · Tue, 30 May 2023 18:27:45 -0700

On Tue, May 30, 2023, Sean Christopherson wrote:
> On Tue, May 30, 2023, Fabio Coatti wrote:
> > Il giorno dom 28 mag 2023 alle ore 14:44 Bagas Sanjaya
> > <bagasdotme@xxxxxxxxx> ha scritto:
> > > #regzbot ^introduced: v6.3.1..v6.3.2
> > > #regzbot title: WARNING trace at kvm_nx_huge_page_recovery_worker when opening a new tab in Chrome
> > 
> > Out of curiosity, I recompiled 6.3.4 after reverting the following
> > commit mentioned in 6.3.2 changelog:
> > 
> > commit 2ec1fe292d6edb3bd112f900692d9ef292b1fa8b
> > Author: Sean Christopherson <seanjc@xxxxxxxxxx>
> > Date:   Wed Apr 26 15:03:23 2023 -0700
> > KVM: x86: Preserve TDP MMU roots until they are explicitly invalidated
> > commit edbdb43fc96b11b3bfa531be306a1993d9fe89ec upstream.
> > 
> > And the WARN message no longer appears on my host kernel logs, at
> > least so far :)
> 
> Hmm, more than likely an NX shadow page is outliving a memslot update.  I'll take
> another look at those flows to see if I can spot a race or leak.

I didn't spot anything, and I couldn't reproduce the WARN even when dropping the
dirty logging requirement and hacking KVM to periodically delete memslots.

printk debugging it is...  Can you run with this and report back?

---
 arch/x86/kvm/mmu/mmu.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
index d3812de54b02..89c2e5ee7d36 100644
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -855,6 +855,8 @@ void track_possible_nx_huge_page(struct kvm *kvm, struct kvm_mmu_page *sp)
 	if (!list_empty(&sp->possible_nx_huge_page_link))
 		return;
 
+	sp->mmu_valid_gen = kvm->arch.mmu_valid_gen;
+
 	++kvm->stat.nx_lpage_splits;
 	list_add_tail(&sp->possible_nx_huge_page_link,
 		      &kvm->arch.possible_nx_huge_pages);
@@ -7012,7 +7014,9 @@ static void kvm_recover_nx_huge_pages(struct kvm *kvm)
 		slot = NULL;
 		if (atomic_read(&kvm->nr_memslots_dirty_logging)) {
 			slot = gfn_to_memslot(kvm, sp->gfn);
-			WARN_ON_ONCE(!slot);
+			if (!WARN_ON_ONCE(!slot))
+				pr_warn_ratelimited("No slot for gfn = %llx, role = %x, TDP MMU = %u, root count = %u, gen = %u vs %u\n",
+						    sp->gfn, sp->role.word, sp->tdp_mmu_page, sp->root_count, sp->mmu_valid_gen, kvm->arch.mmu_valid_gen);
 		}
 
 		if (slot && kvm_slot_dirty_track_enabled(slot))

base-commit: 17f2d782f18c9a49943ea723d7628da1837c9204
-- 






