From: Christoffer Dall <christoffer.dall@linaro.org>
To: Andre Przywara <andre.przywara@arm.com>
Cc: Marc Zyngier <Marc.Zyngier@arm.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"kvmarm@lists.cs.columbia.edu" <kvmarm@lists.cs.columbia.edu>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
Eric Auger <eric.auger@linaro.org>
Subject: Re: [PATCH v4 07/11] KVM: arm/arm64: vgic: Allow HW interrupts to be queued to a guest
Date: Thu, 1 Oct 2015 12:25:04 +0200 [thread overview]
Message-ID: <20151001102504.GA32011@cbox> (raw)
In-Reply-To: <560BEC68.4010400@arm.com>
On Wed, Sep 30, 2015 at 03:06:32PM +0100, Andre Przywara wrote:
> Hi Christoffer,
>
> On 29/09/15 14:44, Christoffer Dall wrote:
> > On Wed, Sep 23, 2015 at 06:55:04PM +0100, Andre Przywara wrote:
> >> Salut Marc,
> >>
> >> I know that this patch is already merged, but ....
> >>
> >> On 07/08/15 16:45, Marc Zyngier wrote:
> >>> diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c
> >>> index 51c9900..9d009d2 100644
> >> ...
> >>> @@ -1364,6 +1397,39 @@ static bool vgic_process_maintenance(struct kvm_vcpu *vcpu)
> >>> return level_pending;
> >>> }
> >>>
> >>> +/*
> >>> + * Save the physical active state, and reset it to inactive.
> >>> + *
> >>> + * Return 1 if HW interrupt went from active to inactive, and 0 otherwise.
> >>> + */
> >>> +static int vgic_sync_hwirq(struct kvm_vcpu *vcpu, struct vgic_lr vlr)
> >>> +{
> >>> + struct irq_phys_map *map;
> >>> + int ret;
> >>> +
> >>> + if (!(vlr.state & LR_HW))
> >>> + return 0;
> >>> +
> >>> + map = vgic_irq_map_search(vcpu, vlr.irq);
> >>> + BUG_ON(!map || !map->active);
> >>> +
> >>> + ret = irq_get_irqchip_state(map->irq,
> >>> + IRQCHIP_STATE_ACTIVE,
> >>> + &map->active);
> >>> +
> >>> + WARN_ON(ret);
> >>> +
> >>> + if (map->active) {
> >>> + ret = irq_set_irqchip_state(map->irq,
> >>> + IRQCHIP_STATE_ACTIVE,
> >>> + false);
> >>> + WARN_ON(ret);
> >>> + return 0;
> >>> + }
> >>> +
> >>> + return 1;
> >>> +}
> >>> +
> >>> /* Sync back the VGIC state after a guest run */
> >>> static void __kvm_vgic_sync_hwstate(struct kvm_vcpu *vcpu)
> >>> {
> >>> @@ -1378,14 +1444,31 @@ static void __kvm_vgic_sync_hwstate(struct kvm_vcpu *vcpu)
> >>> elrsr = vgic_get_elrsr(vcpu);
> >>> elrsr_ptr = u64_to_bitmask(&elrsr);
> >>>
> >>> - /* Clear mappings for empty LRs */
> >>> - for_each_set_bit(lr, elrsr_ptr, vgic->nr_lr) {
> >>> + /* Deal with HW interrupts, and clear mappings for empty LRs */
> >>> + for (lr = 0; lr < vgic->nr_lr; lr++) {
> >>> struct vgic_lr vlr;
> >>>
> >>> - if (!test_and_clear_bit(lr, vgic_cpu->lr_used))
> >>> + if (!test_bit(lr, vgic_cpu->lr_used))
> >>> continue;
> >>>
> >>> vlr = vgic_get_lr(vcpu, lr);
> >>> + if (vgic_sync_hwirq(vcpu, vlr)) {
> >>> + /*
> >>> + * So this is a HW interrupt that the guest
> >>> + * EOI-ed. Clean the LR state and allow the
> >>> + * interrupt to be sampled again.
> >>> + */
> >>> + vlr.state = 0;
> >>> + vlr.hwirq = 0;
> >>> + vgic_set_lr(vcpu, lr, vlr);
> >>> + vgic_irq_clear_queued(vcpu, vlr.irq);
> >>
> >> Isn't this line altering common VGIC state without holding the lock?
> >> Eric removed the coarse dist->lock around the whole
> >> __kvm_vgic_sync_hwstate() function, we take it now in
> >> vgic_process_maintenance(), but don't hold it here AFAICT.
> >> As long as we are only dealing with private timer IRQs this is probably
> >> not a problem, but the IRQ number could be a SPI as well, right?
> >>
> > I don't see a problematic race with this though, as all we're doing is
> > to clear a bit in a bitmap, which is always checked atomically, so
> > adding a lock around this really doesn't change anything as far as I can
> > tell.
>
> Indeed I found a similar comment in some older revisions of the code.
>
> But isn't it that other code holding the lock (thinking about
> kvm_vgic_flush_hwstate() in particular) assumes that no-one else tinkers
> with the VGIC state while it holds the lock?
> So couldn't we (potentially) run into inconsistent state because we
> cleared the queued bit while the flushing code runs over all interrupts?
> Maybe not in this particular case, but in general?
In general, yes, you should lock operations accessing the distributor.
It just feels silly to do
spin_lock();
vgic_irq_clear_queued(...);
spin_unlock();
because vgic_irq_clear_queued just clears a bit and I don't see the
race.
>
> Haven't looked at your new series yet, but will do this ASAP.
>
Thanks, much appreciated. Based on your comment on the previous
version, the whole thing is now wrapped in a spinlock so this point is
moot. Unless there's a clear race to be fixed here, I would prefer if
we focus our energy on getting the other series merged.
-Christoffer
WARNING: multiple messages have this Message-ID (diff)
From: christoffer.dall@linaro.org (Christoffer Dall)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v4 07/11] KVM: arm/arm64: vgic: Allow HW interrupts to be queued to a guest
Date: Thu, 1 Oct 2015 12:25:04 +0200 [thread overview]
Message-ID: <20151001102504.GA32011@cbox> (raw)
In-Reply-To: <560BEC68.4010400@arm.com>
On Wed, Sep 30, 2015 at 03:06:32PM +0100, Andre Przywara wrote:
> Hi Christoffer,
>
> On 29/09/15 14:44, Christoffer Dall wrote:
> > On Wed, Sep 23, 2015 at 06:55:04PM +0100, Andre Przywara wrote:
> >> Salut Marc,
> >>
> >> I know that this patch is already merged, but ....
> >>
> >> On 07/08/15 16:45, Marc Zyngier wrote:
> >>> diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c
> >>> index 51c9900..9d009d2 100644
> >> ...
> >>> @@ -1364,6 +1397,39 @@ static bool vgic_process_maintenance(struct kvm_vcpu *vcpu)
> >>> return level_pending;
> >>> }
> >>>
> >>> +/*
> >>> + * Save the physical active state, and reset it to inactive.
> >>> + *
> >>> + * Return 1 if HW interrupt went from active to inactive, and 0 otherwise.
> >>> + */
> >>> +static int vgic_sync_hwirq(struct kvm_vcpu *vcpu, struct vgic_lr vlr)
> >>> +{
> >>> + struct irq_phys_map *map;
> >>> + int ret;
> >>> +
> >>> + if (!(vlr.state & LR_HW))
> >>> + return 0;
> >>> +
> >>> + map = vgic_irq_map_search(vcpu, vlr.irq);
> >>> + BUG_ON(!map || !map->active);
> >>> +
> >>> + ret = irq_get_irqchip_state(map->irq,
> >>> + IRQCHIP_STATE_ACTIVE,
> >>> + &map->active);
> >>> +
> >>> + WARN_ON(ret);
> >>> +
> >>> + if (map->active) {
> >>> + ret = irq_set_irqchip_state(map->irq,
> >>> + IRQCHIP_STATE_ACTIVE,
> >>> + false);
> >>> + WARN_ON(ret);
> >>> + return 0;
> >>> + }
> >>> +
> >>> + return 1;
> >>> +}
> >>> +
> >>> /* Sync back the VGIC state after a guest run */
> >>> static void __kvm_vgic_sync_hwstate(struct kvm_vcpu *vcpu)
> >>> {
> >>> @@ -1378,14 +1444,31 @@ static void __kvm_vgic_sync_hwstate(struct kvm_vcpu *vcpu)
> >>> elrsr = vgic_get_elrsr(vcpu);
> >>> elrsr_ptr = u64_to_bitmask(&elrsr);
> >>>
> >>> - /* Clear mappings for empty LRs */
> >>> - for_each_set_bit(lr, elrsr_ptr, vgic->nr_lr) {
> >>> + /* Deal with HW interrupts, and clear mappings for empty LRs */
> >>> + for (lr = 0; lr < vgic->nr_lr; lr++) {
> >>> struct vgic_lr vlr;
> >>>
> >>> - if (!test_and_clear_bit(lr, vgic_cpu->lr_used))
> >>> + if (!test_bit(lr, vgic_cpu->lr_used))
> >>> continue;
> >>>
> >>> vlr = vgic_get_lr(vcpu, lr);
> >>> + if (vgic_sync_hwirq(vcpu, vlr)) {
> >>> + /*
> >>> + * So this is a HW interrupt that the guest
> >>> + * EOI-ed. Clean the LR state and allow the
> >>> + * interrupt to be sampled again.
> >>> + */
> >>> + vlr.state = 0;
> >>> + vlr.hwirq = 0;
> >>> + vgic_set_lr(vcpu, lr, vlr);
> >>> + vgic_irq_clear_queued(vcpu, vlr.irq);
> >>
> >> Isn't this line altering common VGIC state without holding the lock?
> >> Eric removed the coarse dist->lock around the whole
> >> __kvm_vgic_sync_hwstate() function, we take it now in
> >> vgic_process_maintenance(), but don't hold it here AFAICT.
> >> As long as we are only dealing with private timer IRQs this is probably
> >> not a problem, but the IRQ number could be a SPI as well, right?
> >>
> > I don't see a problematic race with this though, as all we're doing is
> > to clear a bit in a bitmap, which is always checked atomically, so
> > adding a lock around this really doesn't change anything as far as I can
> > tell.
>
> Indeed I found a similar comment in some older revisions of the code.
>
> But isn't it that other code holding the lock (thinking about
> kvm_vgic_flush_hwstate() in particular) assumes that no-one else tinkers
> with the VGIC state while it holds the lock?
> So couldn't we (potentially) run into inconsistent state because we
> cleared the queued bit while the flushing code runs over all interrupts?
> Maybe not in this particular case, but in general?
In general, yes, you should lock operations accessing the distributor.
It just feels silly to do
spin_lock();
vgic_irq_clear_queued(...);
spin_unlock();
because vgic_irq_clear_queued just clears a bit and I don't see the
race.
>
> Haven't looked at your new series yet, but will do this ASAP.
>
Thanks, much appreciated. Based on your comment on the previous
version, the whole thing is now wrapped in a spinlock so this point is
moot. Unless there's a clear race to be fixed here, I would prefer if
we focus our energy on getting the other series merged.
-Christoffer
next prev parent reply other threads:[~2015-10-01 10:25 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-07 15:45 [PATCH v4 00/11] arm/arm64: KVM: Active interrupt state switching for shared devices Marc Zyngier
2015-08-07 15:45 ` Marc Zyngier
2015-08-07 15:45 ` [PATCH v4 01/11] arm/arm64: KVM: Fix ordering of timer/GIC on guest entry Marc Zyngier
2015-08-07 15:45 ` Marc Zyngier
2015-08-07 15:45 ` [PATCH v4 02/11] arm/arm64: KVM: Move vgic handling to a non-preemptible section Marc Zyngier
2015-08-07 15:45 ` Marc Zyngier
2015-08-07 15:45 ` [PATCH v4 03/11] KVM: arm/arm64: vgic: Convert struct vgic_lr to use bitfields Marc Zyngier
2015-08-07 15:45 ` Marc Zyngier
2015-08-07 15:45 ` [PATCH v4 04/11] KVM: arm/arm64: vgic: Allow HW irq to be encoded in LR Marc Zyngier
2015-08-07 15:45 ` Marc Zyngier
2015-08-07 15:45 ` [PATCH v4 05/11] KVM: arm/arm64: vgic: Relax vgic_can_sample_irq for edge IRQs Marc Zyngier
2015-08-07 15:45 ` Marc Zyngier
2015-08-07 15:45 ` [PATCH v4 06/11] KVM: arm/arm64: vgic: Allow dynamic mapping of physical/virtual interrupts Marc Zyngier
2015-08-07 15:45 ` Marc Zyngier
2015-08-11 7:42 ` Christoffer Dall
2015-08-11 7:42 ` Christoffer Dall
2015-08-12 9:56 ` Marc Zyngier
2015-08-12 9:56 ` Marc Zyngier
2015-08-12 11:45 ` Christoffer Dall
2015-08-12 11:45 ` Christoffer Dall
2015-08-07 15:45 ` [PATCH v4 07/11] KVM: arm/arm64: vgic: Allow HW interrupts to be queued to a guest Marc Zyngier
2015-08-07 15:45 ` Marc Zyngier
2015-09-23 17:55 ` Andre Przywara
2015-09-23 17:55 ` Andre Przywara
2015-09-29 13:44 ` Christoffer Dall
2015-09-29 13:44 ` Christoffer Dall
2015-09-30 14:06 ` Andre Przywara
2015-09-30 14:06 ` Andre Przywara
2015-10-01 10:25 ` Christoffer Dall [this message]
2015-10-01 10:25 ` Christoffer Dall
2015-08-07 15:45 ` [PATCH v4 08/11] KVM: arm/arm64: vgic: Add vgic_{get,set}_phys_irq_active Marc Zyngier
2015-08-07 15:45 ` [PATCH v4 08/11] KVM: arm/arm64: vgic: Add vgic_{get, set}_phys_irq_active Marc Zyngier
2015-08-07 15:45 ` [PATCH v4 09/11] KVM: arm/arm64: vgic: Prevent userspace injection of a mapped interrupt Marc Zyngier
2015-08-07 15:45 ` Marc Zyngier
2015-08-11 7:44 ` Christoffer Dall
2015-08-11 7:44 ` Christoffer Dall
2015-08-07 15:45 ` [PATCH v4 10/11] KVM: arm/arm64: timer: Allow the timer to control the active state Marc Zyngier
2015-08-07 15:45 ` Marc Zyngier
2015-08-07 15:45 ` [PATCH v4 11/11] KVM: arm/arm64: vgic: Allow HW interrupts for non-shared devices Marc Zyngier
2015-08-07 15:45 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151001102504.GA32011@cbox \
--to=christoffer.dall@linaro.org \
--cc=Marc.Zyngier@arm.com \
--cc=andre.przywara@arm.com \
--cc=eric.auger@linaro.org \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.