From: Jan Kiszka <jan.kiszka@siemens.com>
To: Avi Kivity <avi@redhat.com>
Cc: kvm@vger.kernel.org, qemu-devel@nongnu.org,
Jan Kiszka <jan.kiszka@web.de>,
"Maciej W. Rozycki" <macro@linux-mips.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Matthew Ogilvie <mmogilvi_qemu@miniinfo.net>
Subject: Re: [PATCH 1/2] KVM: fix i8259 interrupt high to low transition logic
Date: Wed, 12 Sep 2012 10:48:41 +0200 [thread overview]
Message-ID: <50504C69.60703@siemens.com> (raw)
In-Reply-To: <50504151.40704@redhat.com>
On 2012-09-12 10:01, Avi Kivity wrote:
> On 09/10/2012 04:29 AM, Matthew Ogilvie wrote:
>> Intel's definition of "edge triggered" means: "asserted with a
>> low-to-high transition at the time an interrupt is registered
>> and then kept high until the interrupt is served via one of the
>> EOI mechanisms or goes away unhandled."
>>
>> So the only difference between edge triggered and level triggered
>> is in the leading edge, with no difference in the trailing edge.
>>
>> This bug manifested itself when the guest was Microport UNIX
>> System V/386 v2.1 (ca. 1987), because it would sometimes mask
>> off IRQ14 in the slave IMR after it had already been asserted.
>> The master would still try to deliver an interrupt even though
>> IRQ2 had dropped again, resulting in a spurious interupt
>> (IRQ15) and a panicked UNIX kernel.
>> diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
>> index adba28f..5cbba99 100644
>> --- a/arch/x86/kvm/i8254.c
>> +++ b/arch/x86/kvm/i8254.c
>> @@ -302,8 +302,12 @@ static void pit_do_work(struct kthread_work *work)
>> }
>> spin_unlock(&ps->inject_lock);
>> if (inject) {
>> - kvm_set_irq(kvm, kvm->arch.vpit->irq_source_id, 0, 1);
>> + /* Clear previous interrupt, then create a rising
>> + * edge to request another interupt, and leave it at
>> + * level=1 until time to inject another one.
>> + */
>> kvm_set_irq(kvm, kvm->arch.vpit->irq_source_id, 0, 0);
>> + kvm_set_irq(kvm, kvm->arch.vpit->irq_source_id, 0, 1);
>>
>> /*
>
> I thought I understood this, now I'm not sure. How can this be correct?
> Real hardware doesn't act like this.
>
> What if the PIT is disabled after this? You're injecting a spurious
> interrupt then.
Yes, the PIT has to raise the output as long as specified, i.e.
according to the datasheet. That's important now due to the corrections
to the PIC. We can then carefully check if there is room for
simplifications / optimizations. I also cannot imagine that the above
already fulfills these requirements.
And if the PIT is disabled by the HPET, we need to clear the output
explicitly as we inject the IRQ#0 under a different source ID than
userspace HPET does (which will logically take over IRQ#0 control). The
kernel would otherwise OR both sources to an incorrect result.
Jan
--
Siemens AG, Corporate Technology, CT RTC ITP SDP-DE
Corporate Competence Center Embedded Linux
WARNING: multiple messages have this Message-ID (diff)
From: Jan Kiszka <jan.kiszka@siemens.com>
To: Avi Kivity <avi@redhat.com>
Cc: kvm@vger.kernel.org, qemu-devel@nongnu.org,
Jan Kiszka <jan.kiszka@web.de>,
"Maciej W. Rozycki" <macro@linux-mips.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Matthew Ogilvie <mmogilvi_qemu@miniinfo.net>
Subject: Re: [Qemu-devel] [PATCH 1/2] KVM: fix i8259 interrupt high to low transition logic
Date: Wed, 12 Sep 2012 10:48:41 +0200 [thread overview]
Message-ID: <50504C69.60703@siemens.com> (raw)
In-Reply-To: <50504151.40704@redhat.com>
On 2012-09-12 10:01, Avi Kivity wrote:
> On 09/10/2012 04:29 AM, Matthew Ogilvie wrote:
>> Intel's definition of "edge triggered" means: "asserted with a
>> low-to-high transition at the time an interrupt is registered
>> and then kept high until the interrupt is served via one of the
>> EOI mechanisms or goes away unhandled."
>>
>> So the only difference between edge triggered and level triggered
>> is in the leading edge, with no difference in the trailing edge.
>>
>> This bug manifested itself when the guest was Microport UNIX
>> System V/386 v2.1 (ca. 1987), because it would sometimes mask
>> off IRQ14 in the slave IMR after it had already been asserted.
>> The master would still try to deliver an interrupt even though
>> IRQ2 had dropped again, resulting in a spurious interupt
>> (IRQ15) and a panicked UNIX kernel.
>> diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
>> index adba28f..5cbba99 100644
>> --- a/arch/x86/kvm/i8254.c
>> +++ b/arch/x86/kvm/i8254.c
>> @@ -302,8 +302,12 @@ static void pit_do_work(struct kthread_work *work)
>> }
>> spin_unlock(&ps->inject_lock);
>> if (inject) {
>> - kvm_set_irq(kvm, kvm->arch.vpit->irq_source_id, 0, 1);
>> + /* Clear previous interrupt, then create a rising
>> + * edge to request another interupt, and leave it at
>> + * level=1 until time to inject another one.
>> + */
>> kvm_set_irq(kvm, kvm->arch.vpit->irq_source_id, 0, 0);
>> + kvm_set_irq(kvm, kvm->arch.vpit->irq_source_id, 0, 1);
>>
>> /*
>
> I thought I understood this, now I'm not sure. How can this be correct?
> Real hardware doesn't act like this.
>
> What if the PIT is disabled after this? You're injecting a spurious
> interrupt then.
Yes, the PIT has to raise the output as long as specified, i.e.
according to the datasheet. That's important now due to the corrections
to the PIC. We can then carefully check if there is room for
simplifications / optimizations. I also cannot imagine that the above
already fulfills these requirements.
And if the PIT is disabled by the HPET, we need to clear the output
explicitly as we inject the IRQ#0 under a different source ID than
userspace HPET does (which will logically take over IRQ#0 control). The
kernel would otherwise OR both sources to an incorrect result.
Jan
--
Siemens AG, Corporate Technology, CT RTC ITP SDP-DE
Corporate Competence Center Embedded Linux
next prev parent reply other threads:[~2012-09-12 8:48 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-10 1:29 [PATCH 1/2] KVM: fix i8259 interrupt high to low transition logic Matthew Ogilvie
2012-09-10 1:29 ` [Qemu-devel] " Matthew Ogilvie
2012-09-10 1:29 ` [PATCH 2/2] KVM: i8259: refactor pic_set_irq level logic Matthew Ogilvie
2012-09-10 1:29 ` [Qemu-devel] " Matthew Ogilvie
2012-09-11 0:49 ` [PATCH 1/2] KVM: fix i8259 interrupt high to low transition logic Maciej W. Rozycki
2012-09-11 0:49 ` [Qemu-devel] " Maciej W. Rozycki
2012-09-11 4:54 ` Matthew Ogilvie
2012-09-11 4:54 ` [Qemu-devel] " Matthew Ogilvie
2012-09-11 11:53 ` Maciej W. Rozycki
2012-09-11 11:53 ` [Qemu-devel] " Maciej W. Rozycki
2012-09-11 9:04 ` Jan Kiszka
2012-09-11 9:04 ` [Qemu-devel] " Jan Kiszka
2012-09-12 8:01 ` Avi Kivity
2012-09-12 8:01 ` Avi Kivity
2012-09-12 8:48 ` Jan Kiszka [this message]
2012-09-12 8:48 ` Jan Kiszka
2012-09-12 8:51 ` Avi Kivity
2012-09-12 8:51 ` [Qemu-devel] " Avi Kivity
2012-09-12 8:57 ` Jan Kiszka
2012-09-12 8:57 ` Jan Kiszka
2012-09-12 9:02 ` Avi Kivity
2012-09-12 9:02 ` Avi Kivity
2012-09-13 5:49 ` Matthew Ogilvie
2012-09-13 5:49 ` [Qemu-devel] " Matthew Ogilvie
2012-09-13 13:41 ` Maciej W. Rozycki
2012-09-13 13:41 ` Maciej W. Rozycki
2012-09-13 13:49 ` Jan Kiszka
2012-09-13 13:49 ` Jan Kiszka
2012-09-13 13:55 ` Jan Kiszka
2012-09-13 13:55 ` Jan Kiszka
2012-09-13 15:48 ` Maciej W. Rozycki
2012-09-13 15:48 ` Maciej W. Rozycki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50504C69.60703@siemens.com \
--to=jan.kiszka@siemens.com \
--cc=avi@redhat.com \
--cc=jan.kiszka@web.de \
--cc=kvm@vger.kernel.org \
--cc=macro@linux-mips.org \
--cc=mmogilvi_qemu@miniinfo.net \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.