From: Gleb Natapov <gleb@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, Jan Kiszka <jan.kiszka@siemens.com>
Subject: Re: [PATCH RFC] KVM: Fix race in apic->pending_events processing
Date: Tue, 28 May 2013 15:56:13 +0300 [thread overview]
Message-ID: <20130528125613.GB3326@redhat.com> (raw)
In-Reply-To: <51A48D53.7070204@redhat.com>
On Tue, May 28, 2013 at 12:56:19PM +0200, Paolo Bonzini wrote:
> Il 26/05/2013 15:00, Gleb Natapov ha scritto:
> > apic->pending_events processing has a race that may cause INIT and SIPI
> > processing to be reordered:
> >
> > vpu0: vcpu1:
> > set INIT
> > test_and_clear_bit(KVM_APIC_INIT)
> > process INIT
> > set INIT
> > set SIPI
> > test_and_clear_bit(KVM_APIC_SIPI)
> > process SIPI
> >
> > At the and INIT is left pending in pending_events. The following patch
> > tries to fix this using the fact that if INIT comes after SIPI it drops
> > SIPI from the pending_events, so if pending_events is different after
> > SIPI is processed it means that INIT was issued after SIPI otherwise
> > all pending event are processed and pending_events can be reset to zero.
>
> The patch looks correct, but is there any reason to do the cmpxchg at
> the end?
>
> That is, would this have any problem? It seems a bit simpler:
>
> diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
> index e1adbb4..3fe00fc 100644
> --- a/arch/x86/kvm/lapic.c
> +++ b/arch/x86/kvm/lapic.c
> @@ -1873,7 +1873,11 @@ void kvm_apic_accept_events(struct kvm_vcpu *vcpu)
> else
> vcpu->arch.mp_state = KVM_MP_STATE_INIT_RECEIVED;
> }
> - if (test_and_clear_bit(KVM_APIC_SIPI, &apic->pending_events) &&
> + /*
> + * Note that we may get another INIT+SIPI sequence right here; process
> + * the INIT first. Assumes that there are only KVM_APIC_INIT/SIPI.
> + */
> + if (cmpxchg(&apic->pending_events, KVM_APIC_SIPI, 0) == KVM_APIC_SIPI &&
> vcpu->arch.mp_state == KVM_MP_STATE_INIT_RECEIVED) {
Because pending_events can be INIT/SIPI at this point and it should be
interpreted as: do SIPI and ignore INIT (atomically).
> /* evaluate pending_events before reading the vector */
> smp_rmb();
>
> (Even if we go with your patch, it deserves a comment in the code).
>
We can move explanation from the commit message to a coment.
> Paolo
>
> > Signed-off-by: Gleb Natapov <gleb@redhat.com>
> > diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
> > index 9d75193..67686b8 100644
> > --- a/arch/x86/kvm/lapic.c
> > +++ b/arch/x86/kvm/lapic.c
> > @@ -1850,6 +1850,7 @@ void kvm_apic_accept_events(struct kvm_vcpu *vcpu)
> > {
> > struct kvm_lapic *apic = vcpu->arch.apic;
> > unsigned int sipi_vector;
> > + unsigned long pe;
> >
> > if (!kvm_vcpu_has_lapic(vcpu))
> > return;
> > @@ -1862,7 +1863,8 @@ void kvm_apic_accept_events(struct kvm_vcpu *vcpu)
> > else
> > vcpu->arch.mp_state = KVM_MP_STATE_INIT_RECEIVED;
> > }
> > - if (test_and_clear_bit(KVM_APIC_SIPI, &apic->pending_events) &&
> > + pe = apic->pending_events;
> > + if (test_bit(KVM_APIC_SIPI, &pe) &&
> > vcpu->arch.mp_state == KVM_MP_STATE_INIT_RECEIVED) {
> > /* evaluate pending_events before reading the vector */
> > smp_rmb();
> > @@ -1871,6 +1873,7 @@ void kvm_apic_accept_events(struct kvm_vcpu *vcpu)
> > vcpu->vcpu_id, sipi_vector);
> > kvm_vcpu_deliver_sipi_vector(vcpu, sipi_vector);
> > vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
> > + cmpxchg(&apic->pending_events, pe, 0);
> > }
> > }
> >
> > --
> > Gleb.
> > --
> > To unsubscribe from this list: send the line "unsubscribe kvm" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> >
--
Gleb.
next prev parent reply other threads:[~2013-05-28 12:56 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-26 13:00 [PATCH RFC] KVM: Fix race in apic->pending_events processing Gleb Natapov
2013-05-28 10:56 ` Paolo Bonzini
2013-05-28 12:56 ` Gleb Natapov [this message]
2013-05-28 13:48 ` Paolo Bonzini
2013-05-28 15:00 ` Gleb Natapov
2013-05-28 16:33 ` Paolo Bonzini
2013-05-30 1:20 ` Gleb Natapov
2013-05-30 5:41 ` Paolo Bonzini
2013-05-30 6:01 ` Gleb Natapov
2013-05-30 6:31 ` Paolo Bonzini
2013-05-30 7:09 ` Gleb Natapov
2013-05-30 7:30 ` Paolo Bonzini
2013-05-30 12:34 ` Gleb Natapov
2013-05-30 12:58 ` Paolo Bonzini
2013-05-30 13:10 ` Gleb Natapov
2013-05-30 13:23 ` Paolo Bonzini
2013-05-30 13:35 ` Gleb Natapov
2013-05-30 14:15 ` Paolo Bonzini
2013-05-31 4:36 ` Gleb Natapov
2013-05-31 8:48 ` Paolo Bonzini
2013-05-31 9:18 ` Gleb Natapov
2013-05-31 9:48 ` Paolo Bonzini
2013-06-02 13:14 ` Gleb Natapov
2013-06-02 14:32 ` Paolo Bonzini
2013-06-02 17:33 ` Gleb Natapov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130528125613.GB3326@redhat.com \
--to=gleb@redhat.com \
--cc=jan.kiszka@siemens.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.