Re: [PATCH rc v1 0/4] iommufd: Fix veventq_depth boundary

Next message: Lisa Wang: "[PATCH v13 11/22] KVM: selftests: Set up TDX boot parameters region"
Previous message: Lisa Wang: "[PATCH v13 08/22] KVM: selftests: Add TDX boot code"
In reply to: Nicolin Chen: "Re: [PATCH rc v1 0/4] iommufd: Fix veventq_depth boundary"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jason Gunthorpe

Date: Thu May 21 2026 - 19:27:25 EST

On Thu, May 21, 2026 at 11:01:48AM -0700, Nicolin Chen wrote:

> FWIW, it was added to address a Sashiko review also:
>
> By moving the allocation outside the spinlock, the precondition check that
> skipped the allocation when the queue was full is bypassed.
>
> When the queue is full, which can be common during a hardware fault storm
> if userspace cannot keep up, the code now unconditionally allocates memory,
> copies data, acquires the lock, and then immediately frees the memory and
> drops the event.
>
> Can this tight loop of wasteful slab allocations, memory copies, and
> deallocations exacerbate IOMMU fault storms by adding unnecessary CPU
> overhead?
>
> Would it be possible to add an optimistic lockless check, such as
> READ_ONCE(veventq->num_events) < veventq->depth, to bypass the allocation
> when the queue appears full?

That seems like nonsense to me.

> > 6) What do you think about the "but done has
> > already been incremented by sizeof(*hdr)" ? unrelated issue? If it
> > is simple lets add a patch here to fix it
>
> I added a patch but didn't include in the series -- Sashiko would
> raise more questions against that patch...
>
> I think it's a separate bug; Sashiko pointed out another in fault
> queue as well. Both bugs are at failure (corner cases?) path.
>
> I'd like to address them separately.

Ok

Jason