Re: [PATCH v2 07/15] KVM: arm64: Use an opaque type for pteps

Thu, 27 Oct 2022 15:31:32 -0700 

On Thu, Oct 20, 2022 at 11:32:28AM +0300, Oliver Upton wrote:
> On Wed, Oct 19, 2022 at 11:17:43PM +0000, Sean Christopherson wrote:
> > On Fri, Oct 07, 2022, Oliver Upton wrote:

[...]

> > > diff --git a/arch/arm64/kvm/hyp/pgtable.c b/arch/arm64/kvm/hyp/pgtable.c
> > > index 02c33fccb178..6b6e1ed7ee2f 100644
> > > --- a/arch/arm64/kvm/hyp/pgtable.c
> > > +++ b/arch/arm64/kvm/hyp/pgtable.c
> > > @@ -175,13 +175,14 @@ static int kvm_pgtable_visitor_cb(struct 
> > > kvm_pgtable_walk_data *data,
> > >  }
> > >  
> > >  static int __kvm_pgtable_walk(struct kvm_pgtable_walk_data *data,
> > > -                       struct kvm_pgtable_mm_ops *mm_ops, kvm_pte_t 
> > > *pgtable, u32 level);
> > > +                       struct kvm_pgtable_mm_ops *mm_ops, kvm_pteref_t 
> > > pgtable, u32 level);
> > >  
> > >  static inline int __kvm_pgtable_visit(struct kvm_pgtable_walk_data *data,
> > >                                 struct kvm_pgtable_mm_ops *mm_ops,
> > > -                               kvm_pte_t *ptep, u32 level)
> > > +                               kvm_pteref_t pteref, u32 level)
> > >  {
> > >   enum kvm_pgtable_walk_flags flags = data->walker->flags;
> > > + kvm_pte_t *ptep = kvm_dereference_pteref(pteref, false);
> > >   struct kvm_pgtable_visit_ctx ctx = {
> > >           .ptep   = ptep,
> > >           .old    = READ_ONCE(*ptep),
> > 
> > This is where you want the protection to kick in, e.g. 
> > 
> >   typedef kvm_pte_t __rcu *kvm_ptep_t;
> > 
> >   static inline kvm_pte_t kvm_read_pte(kvm_ptep_t ptep)
> >   {
> >     return READ_ONCE(*rcu_dereference(ptep));
> >   }
> > 
> >             .old    = kvm_read_pte(ptep),
> > 
> > In other words, the pointer itself isn't that's protected, it's PTE that the
> > pointer points at that's protected.
> 
> Right, but practically speaking it is the boundary at which we assert
> that protection.
> 
> Anyhow, I'll look at abstracting the actual memory accesses in the
> visitors without too much mess.

Took this in a slightly different direction after playing with it for a
while. Abstracting all PTE accesses adds a lot of churn to the series.
Adding in an assertion before invoking a visitor callback (i.e. when the
raw pointer is about to be used) provides a similar degree of assurance
that we are indeed RCU-safe.

--
Thanks,
Oliver
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm

Reply via email to