From: Nicholas Piggin <npiggin@gmail.com>
To: kvm-ppc@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org, Nicholas Piggin <npiggin@gmail.com>
Subject: [PATCH v2 22/37] KVM: PPC: Book3S HV P9: Reduce irq_work vs guest decrementer races
Date: Thu, 25 Feb 2021 13:46:37 +0000 [thread overview]
Message-ID: <20210225134652.2127648-23-npiggin@gmail.com> (raw)
In-Reply-To: <20210225134652.2127648-1-npiggin@gmail.com>
irq_work's use of the DEC SPR is racy with guest<->host switch and guest
entry which flips the DEC interrupt to guest, which could lose a host
work interrupt.
This patch closes one race, and attempts to comment several others.
(XXX: should think a bit harder about this)
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
arch/powerpc/include/asm/paca.h | 1 +
arch/powerpc/kvm/book3s_hv.c | 15 ++++++++++++++-
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/include/asm/paca.h b/arch/powerpc/include/asm/paca.h
index ec18ac818e3a..23c12048fbc9 100644
--- a/arch/powerpc/include/asm/paca.h
+++ b/arch/powerpc/include/asm/paca.h
@@ -174,6 +174,7 @@ struct paca_struct {
u8 irq_happened; /* irq happened while soft-disabled */
u8 irq_work_pending; /* IRQ_WORK interrupt while soft-disable */
#ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE
+ /* Could have irq_work_using_hdec here, but what about nested HV entry modifying DEC? Could have a pointer to the hv struct time limit */
u8 pmcregs_in_use; /* pseries puts this in lppaca */
#endif
u64 sprg_vdso; /* Saved user-visible sprg */
diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
index d98958b78830..1997cf347d3e 100644
--- a/arch/powerpc/kvm/book3s_hv.c
+++ b/arch/powerpc/kvm/book3s_hv.c
@@ -3689,6 +3689,18 @@ static int kvmhv_p9_guest_entry(struct kvm_vcpu *vcpu, u64 time_limit,
if (!(vcpu->arch.ctrl & 1))
mtspr(SPRN_CTRLT, mfspr(SPRN_CTRLF) & ~1);
+ /*
+ * XXX: must always deal with irq_work_raise via NMI vs setting DEC.
+ * The problem occurs right as we switch into guest mode if a NMI
+ * hits and sets pending work and sets DEC, then that will apply to
+ * the guest and not bring us back to the host.
+ *
+ * irq_work_raise could check a flag (or possibly LPCR[HDICE] for
+ * example) and set HDEC to 1? That wouldn't solve the nested hv
+ * case which needs to abort the hcall or zero the time limit.
+ *
+ * Another day's problem.
+ */
mtspr(SPRN_DEC, vcpu->arch.dec_expires - tb);
if (kvmhv_on_pseries()) {
@@ -3822,7 +3834,8 @@ static int kvmhv_p9_guest_entry(struct kvm_vcpu *vcpu, u64 time_limit,
vc->entry_exit_map = 0x101;
vc->in_guest = 0;
- mtspr(SPRN_DEC, local_paca->kvm_hstate.dec_expires - tb);
+ set_dec_or_work(local_paca->kvm_hstate.dec_expires - tb);
+
mtspr(SPRN_SPRG_VDSO_WRITE, local_paca->sprg_vdso);
kvmhv_load_host_pmu();
--
2.23.0
WARNING: multiple messages have this Message-ID (diff)
From: Nicholas Piggin <npiggin@gmail.com>
To: kvm-ppc@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org, Nicholas Piggin <npiggin@gmail.com>
Subject: [PATCH v2 22/37] KVM: PPC: Book3S HV P9: Reduce irq_work vs guest decrementer races
Date: Thu, 25 Feb 2021 23:46:37 +1000 [thread overview]
Message-ID: <20210225134652.2127648-23-npiggin@gmail.com> (raw)
In-Reply-To: <20210225134652.2127648-1-npiggin@gmail.com>
irq_work's use of the DEC SPR is racy with guest<->host switch and guest
entry which flips the DEC interrupt to guest, which could lose a host
work interrupt.
This patch closes one race, and attempts to comment several others.
(XXX: should think a bit harder about this)
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
arch/powerpc/include/asm/paca.h | 1 +
arch/powerpc/kvm/book3s_hv.c | 15 ++++++++++++++-
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/include/asm/paca.h b/arch/powerpc/include/asm/paca.h
index ec18ac818e3a..23c12048fbc9 100644
--- a/arch/powerpc/include/asm/paca.h
+++ b/arch/powerpc/include/asm/paca.h
@@ -174,6 +174,7 @@ struct paca_struct {
u8 irq_happened; /* irq happened while soft-disabled */
u8 irq_work_pending; /* IRQ_WORK interrupt while soft-disable */
#ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE
+ /* Could have irq_work_using_hdec here, but what about nested HV entry modifying DEC? Could have a pointer to the hv struct time limit */
u8 pmcregs_in_use; /* pseries puts this in lppaca */
#endif
u64 sprg_vdso; /* Saved user-visible sprg */
diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
index d98958b78830..1997cf347d3e 100644
--- a/arch/powerpc/kvm/book3s_hv.c
+++ b/arch/powerpc/kvm/book3s_hv.c
@@ -3689,6 +3689,18 @@ static int kvmhv_p9_guest_entry(struct kvm_vcpu *vcpu, u64 time_limit,
if (!(vcpu->arch.ctrl & 1))
mtspr(SPRN_CTRLT, mfspr(SPRN_CTRLF) & ~1);
+ /*
+ * XXX: must always deal with irq_work_raise via NMI vs setting DEC.
+ * The problem occurs right as we switch into guest mode if a NMI
+ * hits and sets pending work and sets DEC, then that will apply to
+ * the guest and not bring us back to the host.
+ *
+ * irq_work_raise could check a flag (or possibly LPCR[HDICE] for
+ * example) and set HDEC to 1? That wouldn't solve the nested hv
+ * case which needs to abort the hcall or zero the time limit.
+ *
+ * Another day's problem.
+ */
mtspr(SPRN_DEC, vcpu->arch.dec_expires - tb);
if (kvmhv_on_pseries()) {
@@ -3822,7 +3834,8 @@ static int kvmhv_p9_guest_entry(struct kvm_vcpu *vcpu, u64 time_limit,
vc->entry_exit_map = 0x101;
vc->in_guest = 0;
- mtspr(SPRN_DEC, local_paca->kvm_hstate.dec_expires - tb);
+ set_dec_or_work(local_paca->kvm_hstate.dec_expires - tb);
+
mtspr(SPRN_SPRG_VDSO_WRITE, local_paca->sprg_vdso);
kvmhv_load_host_pmu();
--
2.23.0
next prev parent reply other threads:[~2021-02-25 13:46 UTC|newest]
Thread overview: 134+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-25 13:46 [PATCH v2 00/37] KVM: PPC: Book3S: C-ify the P9 entry/exit code Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 01/37] KVM: PPC: Book3S 64: remove unused kvmppc_h_protect argument Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-26 5:01 ` Daniel Axtens
2021-02-26 5:01 ` Daniel Axtens
2021-02-26 23:50 ` Nicholas Piggin
2021-02-26 23:50 ` Nicholas Piggin
2021-03-05 4:45 ` Daniel Axtens
2021-03-05 4:45 ` Daniel Axtens
2021-02-25 13:46 ` [PATCH v2 02/37] KVM: PPC: Book3S HV: Fix CONFIG_SPAPR_TCE_IOMMU=n default hcalls Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-26 5:21 ` Daniel Axtens
2021-02-26 5:21 ` Daniel Axtens
2021-02-25 13:46 ` [PATCH v2 03/37] powerpc/64s: Remove KVM handler support from CBE_RAS interrupts Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 04/37] powerpc/64s: remove KVM SKIP test from instruction breakpoint handler Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-26 5:44 ` Daniel Axtens
2021-02-26 5:44 ` Daniel Axtens
2021-02-26 23:51 ` Nicholas Piggin
2021-02-26 23:51 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 05/37] KVM: PPC: Book3S HV: Ensure MSR[ME] is always set in guest MSR Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-26 6:06 ` Daniel Axtens
2021-02-26 6:06 ` Daniel Axtens
2021-02-26 23:55 ` Nicholas Piggin
2021-02-26 23:55 ` Nicholas Piggin
2021-03-05 4:50 ` Daniel Axtens
2021-03-05 4:50 ` Daniel Axtens
2021-02-25 13:46 ` [PATCH v2 06/37] KVM: PPC: Book3S 64: move KVM interrupt entry to a common entry point Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-03-05 5:03 ` Daniel Axtens
2021-03-05 5:03 ` Daniel Axtens
2021-02-25 13:46 ` [PATCH v2 07/37] KVM: PPC: Book3S 64: Move GUEST_MODE_SKIP test into KVM Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-03-05 5:54 ` Daniel Axtens
2021-03-05 5:54 ` Daniel Axtens
2021-02-25 13:46 ` [PATCH v2 08/37] KVM: PPC: Book3S 64: add hcall interrupt handler Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-03-05 6:03 ` Daniel Axtens
2021-03-05 6:03 ` Daniel Axtens
2021-02-25 13:46 ` [PATCH v2 09/37] KVM: PPC: Book3S 64: Move hcall early register setup to KVM Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-03-05 6:48 ` Daniel Axtens
2021-03-05 6:48 ` Daniel Axtens
2021-02-25 13:46 ` [PATCH v2 10/37] KVM: PPC: Book3S 64: Move interrupt " Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 11/37] KVM: PPC: Book3S 64: move bad_host_intr check to HV handler Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 12/37] KVM: PPC: Book3S 64: Minimise hcall handler calling convention differences Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 13/37] KVM: PPC: Book3S HV P9: Move radix MMU switching instructions together Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-26 15:56 ` Fabiano Rosas
2021-02-26 15:56 ` Fabiano Rosas
2021-02-26 23:57 ` Nicholas Piggin
2021-02-26 23:57 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 14/37] KVM: PPC: Book3S HV P9: implement kvmppc_xive_pull_vcpu in C Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 15/37] KVM: PPC: Book3S HV P9: Move xive vcpu context management into kvmhv_p9_guest_entry Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 16/37] KVM: PPC: Book3S HV P9: Stop handling hcalls in real-mode in the P9 path Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 14:51 ` Cédric Le Goater
2021-02-25 14:51 ` Cédric Le Goater
2021-02-26 23:59 ` Nicholas Piggin
2021-02-26 23:59 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 17/37] KVM: PPC: Book3S HV P9: Move setting HDEC after switching to guest LPCR Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-26 16:38 ` Fabiano Rosas
2021-02-26 16:38 ` Fabiano Rosas
2021-02-26 23:59 ` Nicholas Piggin
2021-02-26 23:59 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 18/37] KVM: PPC: Book3S HV P9: Use large decrementer for HDEC Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 19/37] KVM: PPC: Book3S HV P9: Use host timer accounting to avoid decrementer read Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 20/37] KVM: PPC: Book3S HV P9: Reduce mftb per guest entry/exit Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 21/37] powerpc: add set_dec_or_work API for safely updating decrementer Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin [this message]
2021-02-25 13:46 ` [PATCH v2 22/37] KVM: PPC: Book3S HV P9: Reduce irq_work vs guest decrementer races Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 23/37] KVM: PPC: Book3S HV P9: Implement the rest of the P9 path in C Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-26 22:37 ` Fabiano Rosas
2021-02-26 22:37 ` Fabiano Rosas
2021-02-27 0:21 ` Nicholas Piggin
2021-02-27 0:21 ` Nicholas Piggin
2021-02-27 0:55 ` Nicholas Piggin
2021-02-27 0:55 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 24/37] KVM: PPC: Book3S HV P9: inline kvmhv_load_hv_regs_and_go into __kvmhv_vcpu_entry_p9 Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-03-02 13:48 ` [PATCH v2 24/37] KVM: PPC: Book3S HV P9: inline kvmhv_load_hv_regs_and_go into __kvmhv_vcpu_entr Fabiano Rosas
2021-03-02 13:48 ` [PATCH v2 24/37] KVM: PPC: Book3S HV P9: inline kvmhv_load_hv_regs_and_go into __kvmhv_vcpu_entry_p9 Fabiano Rosas
2021-02-25 13:46 ` [PATCH v2 25/37] KVM: PPC: Book3S HV P9: Read machine check registers while MSR[RI] is 0 Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 26/37] KVM: PPC: Book3S HV P9: Improve exit timing accounting coverage Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 27/37] KVM: PPC: Book3S HV P9: Move SPR loading after expiry time check Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 28/37] KVM: PPC: Book3S HV P9: Add helpers for OS SPR handling Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-03-02 15:04 ` Fabiano Rosas
2021-03-02 15:04 ` Fabiano Rosas
2021-03-04 11:02 ` Nicholas Piggin
2021-03-04 11:02 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 29/37] KVM: PPC: Book3S HV P9: Switch to guest MMU context as late as possible Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 30/37] KVM: PPC: Book3S HV: Implement radix prefetch workaround by disabling MMU Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-03-02 21:21 ` Fabiano Rosas
2021-03-02 21:21 ` Fabiano Rosas
2021-03-04 11:04 ` Nicholas Piggin
2021-03-04 11:04 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 31/37] KVM: PPC: Book3S HV: Remove support for dependent threads mode on P9 Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 32/37] KVM: PPC: Book3S HV: Remove radix guest support from P7/8 path Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 33/37] KVM: PPC: Book3S HV: small pseries_do_hcall cleanup Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 34/37] KVM: PPC: Book3S HV: add virtual mode handlers for HPT hcalls and page faults Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-03-03 20:09 ` Fabiano Rosas
2021-03-03 20:09 ` Fabiano Rosas
2021-03-04 11:05 ` Nicholas Piggin
2021-03-04 11:05 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 35/37] KVM: PPC: Book3S HV P9: implement hash guest support Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 36/37] KVM: PPC: Book3S HV P9: implement hash host / " Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
2021-02-25 13:46 ` [PATCH v2 37/37] KVM: PPC: Book3S HV: remove POWER9 support from P7/8 paths Nicholas Piggin
2021-02-25 13:46 ` Nicholas Piggin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210225134652.2127648-23-npiggin@gmail.com \
--to=npiggin@gmail.com \
--cc=kvm-ppc@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.