Re: [PATCH v3 3/3] KVM: arm64: top up stage 2 memcache for dirty logging faults

From: Bradley Morgan

Date: Wed Jun 24 2026 - 13:39:47 EST

On June 24, 2026 5:00:28 PM GMT+01:00, Bradley Morgan <include@xxxxxxxxx>
wrote:
>Dirty logging forces new stage 2 mappings down to page size, but
>it does not always remove an existing block mapping before the next
>fault. Eager splitting is best effort and is disabled by default.
>
>A permission fault on such a block can still need a page table page
>to install the smaller mapping. Top up the memcache for any permission
>fault while dirty logging is active, not only for write faults.
>
>The issue was discovered [1] by Sashiko.
>
>Link: https://lore.kernel.org/all/59984F6D-06F2-4302-BDD7-92DF334E8FA0@xxxxxxxxx/T/#t [1]
>
>Fixes: 6f745f1bb5bf ("KVM: arm64: Convert user_mem_abort() to generic page-table API")
>Cc: stable@xxxxxxxxxxxxxxx
>Signed-off-by: Bradley Morgan <include@xxxxxxxxx>
>---
> arch/arm64/kvm/mmu.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
>diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c
>index 3f57f6825a33..8911e319e6fa 100644
>--- a/arch/arm64/kvm/mmu.c
>+++ b/arch/arm64/kvm/mmu.c
>@@ -2122,13 +2122,12 @@ static int user_mem_abort(const struct kvm_s2_fault_desc *s2fd)
> * Permission faults just need to update the existing leaf entry,
> * and so normally don't require allocations from the memcache. The
> * only exception to this is when dirty logging is enabled at runtime
>- * and a write fault needs to collapse a block entry into a table. With
>- * pKVM, they may still need a fresh mapping object if the fault turns
>- * page entries into a block entry.
>+ * and a fault needs to collapse a block entry into a table. With pKVM,
>+ * they may still need a fresh mapping object if the fault turns page
>+ * entries into a block entry.
> */
> memcache = get_mmu_memcache(s2fd->vcpu);
>- if (!perm_fault || (memslot_is_logging(s2fd->memslot) &&
>- kvm_is_write_fault(s2fd->vcpu))) {
>+ if (!perm_fault || memslot_is_logging(s2fd->memslot)) {
> ret = topup_mmu_memcache(s2fd->vcpu, memcache);
> if (ret)
> return ret;
>

Note: Patch 3 seems to conflict because of patch 2 (the comments)


Oops! :(

V4 (after people have their review go), will contain one commit (patch
3) with the updated comments.

Patch 1 and 2 applies as usual.

Apologies for my messup.

Thanks!