Re: [PATCH v3 05/10] KVM: arm64: Support stolen time reporting via shared structure
From: Steven Price
Date: Fri Aug 23 2019 - 09:23:13 EST
On 23/08/2019 13:07, Zenghui Yu wrote:
> Hi Steven,
>
> Only one comment, at the bottom.
>
> On 2019/8/21 23:36, Steven Price wrote:
>> Implement the service call for configuring a shared structure between a
>> VCPU and the hypervisor in which the hypervisor can write the time
>> stolen from the VCPU's execution time by other tasks on the host.
>>
>> The hypervisor allocates memory which is placed at an IPA chosen by user
>> space. The hypervisor then updates the shared structure using
>> kvm_put_guest() to ensure single copy atomicity of the 64-bit value
>> reporting the stolen time in nanoseconds.
>>
>> Whenever stolen time is enabled by the guest, the stolen time counter is
>> reset.
>>
>> The stolen time itself is retrieved from the sched_info structure
>> maintained by the Linux scheduler code. We enable SCHEDSTATS when
>> selecting KVM Kconfig to ensure this value is meaningful.
>>
>> Signed-off-by: Steven Price <steven.price@xxxxxxx>
>> ---
>> Â arch/arm/include/asm/kvm_host.hÂÂ | 20 +++++++++
>> Â arch/arm64/include/asm/kvm_host.h | 25 +++++++++++-
>> Â arch/arm64/kvm/KconfigÂÂÂÂÂÂÂÂÂÂÂ |Â 1 +
>> Â include/linux/kvm_types.hÂÂÂÂÂÂÂÂ |Â 2 +
>> Â virt/kvm/arm/arm.cÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ | 10 +++++
>> Â virt/kvm/arm/hypercalls.cÂÂÂÂÂÂÂÂ |Â 3 ++
>> Â virt/kvm/arm/pvtime.cÂÂÂÂÂÂÂÂÂÂÂÂ | 67 +++++++++++++++++++++++++++++++
>> Â 7 files changed, 127 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/arm/include/asm/kvm_host.h
>> b/arch/arm/include/asm/kvm_host.h
>> index 369b5d2d54bf..47d2ced99421 100644
>> --- a/arch/arm/include/asm/kvm_host.h
>> +++ b/arch/arm/include/asm/kvm_host.h
>> @@ -39,6 +39,7 @@
>> ÂÂÂÂÂ KVM_ARCH_REQ_FLAGS(0, KVM_REQUEST_WAIT | KVM_REQUEST_NO_WAKEUP)
>> Â #define KVM_REQ_IRQ_PENDINGÂÂÂ KVM_ARCH_REQ(1)
>> Â #define KVM_REQ_VCPU_RESETÂÂÂ KVM_ARCH_REQ(2)
>> +#define KVM_REQ_RECORD_STEALÂÂÂ KVM_ARCH_REQ(3)
>> Â Â DECLARE_STATIC_KEY_FALSE(userspace_irqchip_in_use);
>> Â @@ -329,6 +330,25 @@ static inline int
>> kvm_hypercall_pv_features(struct kvm_vcpu *vcpu)
>> ÂÂÂÂÂ return SMCCC_RET_NOT_SUPPORTED;
>> Â }
>> Â +static inline int kvm_hypercall_stolen_time(struct kvm_vcpu *vcpu)
>> +{
>> +ÂÂÂ return SMCCC_RET_NOT_SUPPORTED;
>> +}
>> +
>> +static inline int kvm_update_stolen_time(struct kvm_vcpu *vcpu, bool
>> init)
>> +{
>> +ÂÂÂ return -ENOTSUPP;
>> +}
>> +
>> +static inline void kvm_pvtime_init_vm(struct kvm_arch *kvm_arch)
>> +{
>> +}
>> +
>> +static inline bool kvm_is_pvtime_enabled(struct kvm_arch *kvm_arch)
>> +{
>> +ÂÂÂ return false;
>> +}
>> +
>> Â void kvm_mmu_wp_memory_region(struct kvm *kvm, int slot);
>> Â Â struct kvm_vcpu *kvm_mpidr_to_vcpu(struct kvm *kvm, unsigned long
>> mpidr);
>> diff --git a/arch/arm64/include/asm/kvm_host.h
>> b/arch/arm64/include/asm/kvm_host.h
>> index 583b3639062a..b6fa7beffd8a 100644
>> --- a/arch/arm64/include/asm/kvm_host.h
>> +++ b/arch/arm64/include/asm/kvm_host.h
>> @@ -44,6 +44,7 @@
>> ÂÂÂÂÂ KVM_ARCH_REQ_FLAGS(0, KVM_REQUEST_WAIT | KVM_REQUEST_NO_WAKEUP)
>> Â #define KVM_REQ_IRQ_PENDINGÂÂÂ KVM_ARCH_REQ(1)
>> Â #define KVM_REQ_VCPU_RESETÂÂÂ KVM_ARCH_REQ(2)
>> +#define KVM_REQ_RECORD_STEALÂÂÂ KVM_ARCH_REQ(3)
>> Â Â DECLARE_STATIC_KEY_FALSE(userspace_irqchip_in_use);
>> Â @@ -83,6 +84,11 @@ struct kvm_arch {
>> Â ÂÂÂÂÂ /* Mandated version of PSCI */
>> ÂÂÂÂÂ u32 psci_version;
>> +
>> +ÂÂÂ struct kvm_arch_pvtime {
>> +ÂÂÂÂÂÂÂ gpa_t st_base;
>> +ÂÂÂÂÂÂÂ u64 st_size;
>> +ÂÂÂ } pvtime;
>> Â };
>> Â Â #define KVM_NR_MEM_OBJSÂÂÂÂ 40
>> @@ -338,8 +344,13 @@ struct kvm_vcpu_arch {
>> ÂÂÂÂÂ /* True when deferrable sysregs are loaded on the physical CPU,
>> ÂÂÂÂÂÂ * see kvm_vcpu_load_sysregs and kvm_vcpu_put_sysregs. */
>> ÂÂÂÂÂ bool sysregs_loaded_on_cpu;
>> -};
>> Â +ÂÂÂ /* Guest PV state */
>> +ÂÂÂ struct {
>> +ÂÂÂÂÂÂÂ u64 steal;
>> +ÂÂÂÂÂÂÂ u64 last_steal;
>> +ÂÂÂ } steal;
>> +};
>> Â /* Pointer to the vcpu's SVE FFR for sve_{save,load}_state() */
>> Â #define vcpu_sve_pffr(vcpu) ((void *)((char
>> *)((vcpu)->arch.sve_state) + \
>> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ sve_ffr_offset((vcpu)->arch.sve_max_vl)))
>> @@ -479,6 +490,18 @@ int kvm_perf_init(void);
>> Â int kvm_perf_teardown(void);
>> Â Â int kvm_hypercall_pv_features(struct kvm_vcpu *vcpu);
>> +int kvm_hypercall_stolen_time(struct kvm_vcpu *vcpu);
>> +int kvm_update_stolen_time(struct kvm_vcpu *vcpu, bool init);
>> +
>> +static inline void kvm_pvtime_init_vm(struct kvm_arch *kvm_arch)
>> +{
>> +ÂÂÂ kvm_arch->pvtime.st_base = GPA_INVALID;
>> +}
>> +
>> +static inline bool kvm_is_pvtime_enabled(struct kvm_arch *kvm_arch)
>> +{
>> +ÂÂÂ return (kvm_arch->pvtime.st_base != GPA_INVALID);
>> +}
>> Â Â void kvm_set_sei_esr(struct kvm_vcpu *vcpu, u64 syndrome);
>> Â diff --git a/arch/arm64/kvm/Kconfig b/arch/arm64/kvm/Kconfig
>> index a67121d419a2..d8b88e40d223 100644
>> --- a/arch/arm64/kvm/Kconfig
>> +++ b/arch/arm64/kvm/Kconfig
>> @@ -39,6 +39,7 @@ config KVM
>> ÂÂÂÂÂ select IRQ_BYPASS_MANAGER
>> ÂÂÂÂÂ select HAVE_KVM_IRQ_BYPASS
>> ÂÂÂÂÂ select HAVE_KVM_VCPU_RUN_PID_CHANGE
>> +ÂÂÂ select SCHEDSTATS
>> ÂÂÂÂÂ ---help---
>> ÂÂÂÂÂÂÂ Support hosting virtualized guest machines.
>> ÂÂÂÂÂÂÂ We don't support KVM with 16K page tables yet, due to the
>> multiple
>> diff --git a/include/linux/kvm_types.h b/include/linux/kvm_types.h
>> index bde5374ae021..1c88e69db3d9 100644
>> --- a/include/linux/kvm_types.h
>> +++ b/include/linux/kvm_types.h
>> @@ -35,6 +35,8 @@ typedef unsigned long gva_t;
>> Â typedef u64ÂÂÂÂÂÂÂÂÂÂÂ gpa_t;
>> Â typedef u64ÂÂÂÂÂÂÂÂÂÂÂ gfn_t;
>> Â +#define GPA_INVALIDÂÂÂ (~(gpa_t)0)
>> +
>>  typedef unsigned long hva_t;
>> Â typedef u64ÂÂÂÂÂÂÂÂÂÂÂ hpa_t;
>> Â typedef u64ÂÂÂÂÂÂÂÂÂÂÂ hfn_t;
>> diff --git a/virt/kvm/arm/arm.c b/virt/kvm/arm/arm.c
>> index 35a069815baf..5e8343e2dd62 100644
>> --- a/virt/kvm/arm/arm.c
>> +++ b/virt/kvm/arm/arm.c
>> @@ -40,6 +40,10 @@
>> Â #include <asm/kvm_coproc.h>
>> Â #include <asm/sections.h>
>> Â +#include <kvm/arm_hypercalls.h>
>> +#include <kvm/arm_pmu.h>
>> +#include <kvm/arm_psci.h>
>> +
>> Â #ifdef REQUIRES_VIRT
>> Â __asm__(".arch_extensionÂÂÂ virt");
>> Â #endif
>> @@ -135,6 +139,7 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned
>> long type)
>> ÂÂÂÂÂ kvm->arch.max_vcpus = vgic_present ?
>> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ kvm_vgic_get_max_vcpus() : KVM_MAX_VCPUS;
>> Â +ÂÂÂ kvm_pvtime_init_vm(&kvm->arch);
>> ÂÂÂÂÂ return ret;
>> Â out_free_stage2_pgd:
>> ÂÂÂÂÂ kvm_free_stage2_pgd(kvm);
>> @@ -379,6 +384,8 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int
>> cpu)
>> ÂÂÂÂÂ kvm_vcpu_load_sysregs(vcpu);
>> ÂÂÂÂÂ kvm_arch_vcpu_load_fp(vcpu);
>> ÂÂÂÂÂ kvm_vcpu_pmu_restore_guest(vcpu);
>> +ÂÂÂ if (kvm_is_pvtime_enabled(&vcpu->kvm->arch))
>> +ÂÂÂÂÂÂÂ kvm_make_request(KVM_REQ_RECORD_STEAL, vcpu);
>> Â ÂÂÂÂÂ if (single_task_running())
>> ÂÂÂÂÂÂÂÂÂ vcpu_clear_wfe_traps(vcpu);
>> @@ -644,6 +651,9 @@ static void check_vcpu_requests(struct kvm_vcpu
>> *vcpu)
>> ÂÂÂÂÂÂÂÂÂÂ * that a VCPU sees new virtual interrupts.
>> ÂÂÂÂÂÂÂÂÂÂ */
>> ÂÂÂÂÂÂÂÂÂ kvm_check_request(KVM_REQ_IRQ_PENDING, vcpu);
>> +
>> +ÂÂÂÂÂÂÂ if (kvm_check_request(KVM_REQ_RECORD_STEAL, vcpu))
>> +ÂÂÂÂÂÂÂÂÂÂÂ kvm_update_stolen_time(vcpu, false);
>> ÂÂÂÂÂ }
>> Â }
>> Â diff --git a/virt/kvm/arm/hypercalls.c b/virt/kvm/arm/hypercalls.c
>> index 63ae629c466a..ac678eabf15f 100644
>> --- a/virt/kvm/arm/hypercalls.c
>> +++ b/virt/kvm/arm/hypercalls.c
>> @@ -56,6 +56,9 @@ int kvm_hvc_call_handler(struct kvm_vcpu *vcpu)
>> ÂÂÂÂÂ case ARM_SMCCC_HV_PV_FEATURES:
>> ÂÂÂÂÂÂÂÂÂ val = kvm_hypercall_pv_features(vcpu);
>> ÂÂÂÂÂÂÂÂÂ break;
>> +ÂÂÂ case ARM_SMCCC_HV_PV_TIME_ST:
>> +ÂÂÂÂÂÂÂ val = kvm_hypercall_stolen_time(vcpu);
>> +ÂÂÂÂÂÂÂ break;
>> ÂÂÂÂÂ default:
>> ÂÂÂÂÂÂÂÂÂ return kvm_psci_call(vcpu);
>> ÂÂÂÂÂ }
>> diff --git a/virt/kvm/arm/pvtime.c b/virt/kvm/arm/pvtime.c
>> index 6201d71cb1f8..28603689f6e0 100644
>> --- a/virt/kvm/arm/pvtime.c
>> +++ b/virt/kvm/arm/pvtime.c
>> @@ -3,8 +3,51 @@
>> Â Â #include <linux/arm-smccc.h>
>> Â +#include <asm/pvclock-abi.h>
>> +
>> Â #include <kvm/arm_hypercalls.h>
>> Â +int kvm_update_stolen_time(struct kvm_vcpu *vcpu, bool init)
>> +{
>> +ÂÂÂ struct kvm *kvm = vcpu->kvm;
>> +ÂÂÂ struct kvm_arch_pvtime *pvtime = &kvm->arch.pvtime;
>> +ÂÂÂ u64 steal;
>> +ÂÂÂ u64 steal_le;
>> +ÂÂÂ u64 offset;
>> +ÂÂÂ int idx;
>> +ÂÂÂ const int stride = sizeof(struct pvclock_vcpu_stolen_time);
>> +
>> +ÂÂÂ if (pvtime->st_base == GPA_INVALID)
>> +ÂÂÂÂÂÂÂ return -ENOTSUPP;
>> +
>> +ÂÂÂ /* Let's do the local bookkeeping */
>> +ÂÂÂ steal = vcpu->arch.steal.steal;
>> +ÂÂÂ steal += current->sched_info.run_delay -
>> vcpu->arch.steal.last_steal;
>> +ÂÂÂ vcpu->arch.steal.last_steal = current->sched_info.run_delay;
>> +ÂÂÂ vcpu->arch.steal.steal = steal;
>> +
>> +ÂÂÂ offset = stride * kvm_vcpu_get_idx(vcpu);
>> +
>> +ÂÂÂ if (unlikely(offset + stride > pvtime->st_size))
>> +ÂÂÂÂÂÂÂ return -EINVAL;
>> +
>> +ÂÂÂ steal_le = cpu_to_le64(steal);
>> +ÂÂÂ idx = srcu_read_lock(&kvm->srcu);
>> +ÂÂÂ if (init) {
>> +ÂÂÂÂÂÂÂ struct pvclock_vcpu_stolen_time init_values = {
>> +ÂÂÂÂÂÂÂÂÂÂÂ .revision = 0,
>> +ÂÂÂÂÂÂÂÂÂÂÂ .attributes = 0
>> +ÂÂÂÂÂÂÂ };
>> +ÂÂÂÂÂÂÂ kvm_write_guest(kvm, pvtime->st_base + offset, &init_values,
>> +ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ sizeof(init_values));
>> +ÂÂÂ }
>> +ÂÂÂ offset += offsetof(struct pvclock_vcpu_stolen_time, stolen_time);
>> +ÂÂÂ kvm_put_guest(kvm, pvtime->st_base + offset, steal_le, u64);
>> +ÂÂÂ srcu_read_unlock(&kvm->srcu, idx);
>> +
>> +ÂÂÂ return 0;
>> +}
>> +
>> Â int kvm_hypercall_pv_features(struct kvm_vcpu *vcpu)
>> Â {
>> ÂÂÂÂÂ u32 feature = smccc_get_arg1(vcpu);
>> @@ -12,6 +55,7 @@ int kvm_hypercall_pv_features(struct kvm_vcpu *vcpu)
>> Â ÂÂÂÂÂ switch (feature) {
>> ÂÂÂÂÂ case ARM_SMCCC_HV_PV_FEATURES:
>> +ÂÂÂ case ARM_SMCCC_HV_PV_TIME_ST:
>> ÂÂÂÂÂÂÂÂÂ val = SMCCC_RET_SUCCESS;
>> ÂÂÂÂÂÂÂÂÂ break;
>> ÂÂÂÂÂ }
>> @@ -19,3 +63,26 @@ int kvm_hypercall_pv_features(struct kvm_vcpu *vcpu)
>> ÂÂÂÂÂ return val;
>> Â }
>> Â +int kvm_hypercall_stolen_time(struct kvm_vcpu *vcpu)
>> +{
>> +ÂÂÂ u64 ret;
>> +ÂÂÂ int err;
>> +
>> +ÂÂÂ /*
>> +ÂÂÂÂ * Start counting stolen time from the time the guest requests
>> +ÂÂÂÂ * the feature enabled.
>> +ÂÂÂÂ */
>> +ÂÂÂ vcpu->arch.steal.steal = 0;
>> +ÂÂÂ vcpu->arch.steal.last_steal = current->sched_info.run_delay;
>> +
>> +ÂÂÂ err = kvm_update_stolen_time(vcpu, true);
>> +
>> +ÂÂÂ if (err)
>> +ÂÂÂÂÂÂÂ ret = SMCCC_RET_NOT_SUPPORTED;
>> +ÂÂÂ else
>> +ÂÂÂÂÂÂÂ ret = vcpu->kvm->arch.pvtime.st_base +
>> +ÂÂÂÂÂÂÂÂÂÂÂ (sizeof(struct pvclock_vcpu_stolen_time) *
>> +ÂÂÂÂÂÂÂÂÂÂÂÂ kvm_vcpu_get_idx(vcpu));
>> +
>> +ÂÂÂ return ret;
>
> The *type* of the 'ret' here looks a bit messy to me:
> (1)u64 -> (2)int -> (3)u32 -> (4)unsigned long
>
> (1)->(2): just inside kvm_hypercall_stolen_time()
> (2)->(3): inside kvm_hvc_call_handler(), assign 'ret' to 'val'
> (3)->(4): through smccc_set_retval()
>
> I really have seen an issue caused by (2)->(3).
>
> When the PV guest running without PV_TIME device supporting, the result
> of the ARM_SMCCC_HV_PV_TIME_ST hypercall is expected to be -1 (which
> means "not supported"), but the actual result I got is 4294967295.
> Guest continues to run blindly, bad things would happen then...
>
> I think this needs a fix?
Yes you are entirely right. I'm afraid this happened because I
refactored the functions and apparently forgot to update the return
type. In a previous version the functions themselves did
smccc_set_retval() themselves and the return value was always "1" (the
same as kvm_hvc_call_handler()).
The function should really return a "long" and "val" in
kvm_hvc_call_handler() should be upgraded to a "long" too - the
SMC64/HVC64 calling convention requires error codes to be 64-bit signed
integers.
Thanks for spotting this!
Steve