[PATCH 0/1] KVM: arm64: nv: Implement nested stage-2 reverse map

[Wei-Lin Chang]

Hi,

This is v2 of optimizing the shadow s2 mmu unmapping during MMU
notifiers. Thanks to Sashiko, who helped point out the many problems [1]
in v1.

* Changes from v1 [2]:

  - Rebased on to a newer kvmarm/next, where user_mem_abort() underwent
    a significant refactor.

  - Added a flag VALID_ENTRY (bit 63) to each non-polluted reverse map
    entry, so that if nested IPA == 0, we still insert a non-zero entry
    to the maple tree.

  - Added usage of the maple tree lock while using the tree. Previously
    I though I could piggyback on kvm->mmu_lock, but this doesn't work
    for 2 reasons:
      1. The maple tree advanced API (mas_*) expects the maple tree lock
         to be held.
      2. At stage-2 fault time, kvm->mmu_lock is only taken for read.
         Therefore even if 1. does not matter, parallel accesses to the
         maple tree could still happen.

  - Changed from using GFP_KERNEL_ACCOUNT to (GFP_NOWAIT | __GFP_ACCOUNT)
    in maple tree operations. This is done because GFP_KERNEL_ACCOUNT
    can sleep, and we are holding kvm->mmu_lock while doing the
    operations.

  - Made the code able to tolerate reverse map creation failure. In v1
    if a maple tree operation fails, the error is reported back to the
    caller which in the end fails the vCPU run. It shouldn't be this way
    as the reverse map is an optimization and it shouldn't fail the
    normal operation as we can fallback to a full unmap.

  - Added a boolean nested_revmap_broken in struct kvm_s2_mmu. If
    reverse map creation fails, the reverse map becomes unreliable. Keep
    this failure information with nested_revmap_broken so that we can
    fallback when we need to unmap.

  - Removed patch 2,3,4 for now. After we start using the maple tree
    lock, and keeping track of the reverse map failure state in
    nested_revmap_broken, the s2 mmu look up acceleration in v1 patch 2
    becomes very complicated, as the canonical maple tree used to speed
    up s2 mmu look up can also encounter allocation failures which we
    also need to keep track of and fallback. In the mean time the
    consistency between the trees is not easy to reason about when
    errors happen. Additionally, the extra lock of the canonical maple
    tree also needs to be considered and care must be taken to not
    introduce lock order inversion.
    Given the above I believe it is best to leave the reverse map
    improvements out for now, so as to not use too much time thinking
    about optimization before the initial version of the reverse map is
    even good.

Thanks!

[1]: https://sashiko.dev/#/patchset/20260330100633.2817076-1-weilin.chang%40arm.com
[2]: https://lore.kernel.org/kvmarm/20260330100633.2817076-1-weilin.chang@xxxxxxx/

Wei-Lin Chang (1):
  KVM: arm64: nv: Avoid full shadow s2 unmap

 arch/arm64/include/asm/kvm_host.h   |   4 +
 arch/arm64/include/asm/kvm_nested.h |   4 +
 arch/arm64/kvm/mmu.c                |  30 ++++--
 arch/arm64/kvm/nested.c             | 147 +++++++++++++++++++++++++++-
 4 files changed, 177 insertions(+), 8 deletions(-)

-- 
2.43.0