diff options
| author | Marcelo Tosatti <mtosatti@redhat.com> | 2009-08-05 14:43:58 -0400 |
|---|---|---|
| committer | Avi Kivity <avi@redhat.com> | 2009-08-06 05:06:54 -0400 |
| commit | 53a27b39ff4d2492f84b1fdc2f0047175f0b0b93 (patch) | |
| tree | 7e772fd283bb1e75e54a9ba8ef887ea0e5c2baf2 /arch | |
| parent | e9cbde8c158629cc96a26b2323c4a243536c1951 (diff) | |
KVM: MMU: limit rmap chain length
Otherwise the host can spend too long traversing an rmap chain, which
happens under a spinlock.
Cc: stable@kernel.org
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/x86/kvm/mmu.c | 33 |
1 files changed, 28 insertions, 5 deletions
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index 49a10d008300..0ef5bb2b4043 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c | |||
| @@ -489,16 +489,20 @@ static unsigned long *gfn_to_rmap(struct kvm *kvm, gfn_t gfn, int lpage) | |||
| 489 | * | 489 | * |
| 490 | * If rmapp bit zero is one, (then rmap & ~1) points to a struct kvm_rmap_desc | 490 | * If rmapp bit zero is one, (then rmap & ~1) points to a struct kvm_rmap_desc |
| 491 | * containing more mappings. | 491 | * containing more mappings. |
| 492 | * | ||
| 493 | * Returns the number of rmap entries before the spte was added or zero if | ||
| 494 | * the spte was not added. | ||
| 495 | * | ||
| 492 | */ | 496 | */ |
| 493 | static void rmap_add(struct kvm_vcpu *vcpu, u64 *spte, gfn_t gfn, int lpage) | 497 | static int rmap_add(struct kvm_vcpu *vcpu, u64 *spte, gfn_t gfn, int lpage) |
| 494 | { | 498 | { |
| 495 | struct kvm_mmu_page *sp; | 499 | struct kvm_mmu_page *sp; |
| 496 | struct kvm_rmap_desc *desc; | 500 | struct kvm_rmap_desc *desc; |
| 497 | unsigned long *rmapp; | 501 | unsigned long *rmapp; |
| 498 | int i; | 502 | int i, count = 0; |
| 499 | 503 | ||
| 500 | if (!is_rmap_pte(*spte)) | 504 | if (!is_rmap_pte(*spte)) |
| 501 | return; | 505 | return count; |
| 502 | gfn = unalias_gfn(vcpu->kvm, gfn); | 506 | gfn = unalias_gfn(vcpu->kvm, gfn); |
| 503 | sp = page_header(__pa(spte)); | 507 | sp = page_header(__pa(spte)); |
| 504 | sp->gfns[spte - sp->spt] = gfn; | 508 | sp->gfns[spte - sp->spt] = gfn; |
| @@ -515,8 +519,10 @@ static void rmap_add(struct kvm_vcpu *vcpu, u64 *spte, gfn_t gfn, int lpage) | |||
| 515 | } else { | 519 | } else { |
| 516 | rmap_printk("rmap_add: %p %llx many->many\n", spte, *spte); | 520 | rmap_printk("rmap_add: %p %llx many->many\n", spte, *spte); |
| 517 | desc = (struct kvm_rmap_desc *)(*rmapp & ~1ul); | 521 | desc = (struct kvm_rmap_desc *)(*rmapp & ~1ul); |
| 518 | while (desc->shadow_ptes[RMAP_EXT-1] && desc->more) | 522 | while (desc->shadow_ptes[RMAP_EXT-1] && desc->more) { |
| 519 | desc = desc->more; | 523 | desc = desc->more; |
| 524 | count += RMAP_EXT; | ||
| 525 | } | ||
| 520 | if (desc->shadow_ptes[RMAP_EXT-1]) { | 526 | if (desc->shadow_ptes[RMAP_EXT-1]) { |
| 521 | desc->more = mmu_alloc_rmap_desc(vcpu); | 527 | desc->more = mmu_alloc_rmap_desc(vcpu); |
| 522 | desc = desc->more; | 528 | desc = desc->more; |
| @@ -525,6 +531,7 @@ static void rmap_add(struct kvm_vcpu *vcpu, u64 *spte, gfn_t gfn, int lpage) | |||
| 525 | ; | 531 | ; |
| 526 | desc->shadow_ptes[i] = spte; | 532 | desc->shadow_ptes[i] = spte; |
| 527 | } | 533 | } |
| 534 | return count; | ||
| 528 | } | 535 | } |
| 529 | 536 | ||
| 530 | static void rmap_desc_remove_entry(unsigned long *rmapp, | 537 | static void rmap_desc_remove_entry(unsigned long *rmapp, |
| @@ -754,6 +761,19 @@ static int kvm_age_rmapp(struct kvm *kvm, unsigned long *rmapp) | |||
| 754 | return young; | 761 | return young; |
| 755 | } | 762 | } |
| 756 | 763 | ||
| 764 | #define RMAP_RECYCLE_THRESHOLD 1000 | ||
| 765 | |||
| 766 | static void rmap_recycle(struct kvm_vcpu *vcpu, gfn_t gfn, int lpage) | ||
| 767 | { | ||
| 768 | unsigned long *rmapp; | ||
| 769 | |||
| 770 | gfn = unalias_gfn(vcpu->kvm, gfn); | ||
| 771 | rmapp = gfn_to_rmap(vcpu->kvm, gfn, lpage); | ||
| 772 | |||
| 773 | kvm_unmap_rmapp(vcpu->kvm, rmapp); | ||
| 774 | kvm_flush_remote_tlbs(vcpu->kvm); | ||
| 775 | } | ||
| 776 | |||
| 757 | int kvm_age_hva(struct kvm *kvm, unsigned long hva) | 777 | int kvm_age_hva(struct kvm *kvm, unsigned long hva) |
| 758 | { | 778 | { |
| 759 | return kvm_handle_hva(kvm, hva, kvm_age_rmapp); | 779 | return kvm_handle_hva(kvm, hva, kvm_age_rmapp); |
| @@ -1741,6 +1761,7 @@ static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte, | |||
| 1741 | { | 1761 | { |
| 1742 | int was_rmapped = 0; | 1762 | int was_rmapped = 0; |
| 1743 | int was_writeble = is_writeble_pte(*shadow_pte); | 1763 | int was_writeble = is_writeble_pte(*shadow_pte); |
| 1764 | int rmap_count; | ||
| 1744 | 1765 | ||
| 1745 | pgprintk("%s: spte %llx access %x write_fault %d" | 1766 | pgprintk("%s: spte %llx access %x write_fault %d" |
| 1746 | " user_fault %d gfn %lx\n", | 1767 | " user_fault %d gfn %lx\n", |
| @@ -1782,9 +1803,11 @@ static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte, | |||
| 1782 | 1803 | ||
| 1783 | page_header_update_slot(vcpu->kvm, shadow_pte, gfn); | 1804 | page_header_update_slot(vcpu->kvm, shadow_pte, gfn); |
| 1784 | if (!was_rmapped) { | 1805 | if (!was_rmapped) { |
| 1785 | rmap_add(vcpu, shadow_pte, gfn, largepage); | 1806 | rmap_count = rmap_add(vcpu, shadow_pte, gfn, largepage); |
| 1786 | if (!is_rmap_pte(*shadow_pte)) | 1807 | if (!is_rmap_pte(*shadow_pte)) |
| 1787 | kvm_release_pfn_clean(pfn); | 1808 | kvm_release_pfn_clean(pfn); |
| 1809 | if (rmap_count > RMAP_RECYCLE_THRESHOLD) | ||
| 1810 | rmap_recycle(vcpu, gfn, largepage); | ||
| 1788 | } else { | 1811 | } else { |
| 1789 | if (was_writeble) | 1812 | if (was_writeble) |
| 1790 | kvm_release_pfn_dirty(pfn); | 1813 | kvm_release_pfn_dirty(pfn); |