From: "Herongguang (Stephen)" <herongguang.he@huawei.com>
To: Paolo Bonzini <pbonzini@redhat.com>, <rkrcmar@redhat.com>,
<afaerber@suse.de>, <jan.kiszka@siemens.com>,
<qemu-devel@nongnu.org>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
<wangxinxin.wang@huawei.com>,
"weidong.huang@huawei.com >> Huangweidong (C)"
<weidong.huang@huawei.com>
Subject: Re: [BUG/RFC] INIT IPI lost when VM starts
Date: Thu, 6 Apr 2017 09:47:21 +0800 [thread overview]
Message-ID: <58E59E29.7070305@huawei.com> (raw)
In-Reply-To: <135b6663-b65c-b5ba-d3a8-b2a2127a07fa@redhat.com>
On 2017/4/6 0:16, Paolo Bonzini wrote:
>
> On 20/03/2017 15:21, Herongguang (Stephen) wrote:
>> We encountered a problem that when a domain starts, seabios failed to
>> online a vCPU.
>>
>> After investigation, we found that the reason is in kvm-kmod,
>> KVM_APIC_INIT bit in
>> vcpu->arch.apic->pending_events was overwritten by qemu, and thus an
>> INIT IPI sent
>> to AP was lost. Qemu does this since libvirtd sends a ‘query-cpus’ qmp
>> command to qemu
>> on VM start.
>>
>> In qemu, qmp_query_cpus-> cpu_synchronize_state->
>> kvm_cpu_synchronize_state->
>> do_kvm_cpu_synchronize_state, qemu gets registers/vcpu_events from
>> kvm-kmod and
>> sets cpu->kvm_vcpu_dirty to true, and vcpu thread in qemu will call
>> kvm_arch_put_registers if cpu->kvm_vcpu_dirty is true, thus
>> pending_events is
>> overwritten by qemu.
>>
>> I think there is no need for qemu to set cpu->kvm_vcpu_dirty to true
>> after ‘query-cpus’,
>> and kvm-kmod should not clear KVM_APIC_INIT unconditionally. And I am
>> not sure whether
>> it is OK for qemu to set cpu->kvm_vcpu_dirty in
>> do_kvm_cpu_synchronize_state in each caller.
>>
>> What’s your opinion?
> Hi Rongguang,
>
> sorry for the late response.
>
> Where exactly is KVM_APIC_INIT dropped? kvm_get_mp_state does clear the
> bit, but the result of the INIT is stored in mp_state.
It's dropped in KVM_SET_VCPU_EVENTS, see below.
>
> kvm_get_vcpu_events is called after kvm_get_mp_state; it retrieves
> KVM_APIC_INIT in events.smi.latched_init and kvm_set_vcpu_events passes
> it back. Maybe it should ignore events.smi.latched_init if not in SMM,
> but I would like to understand the exact sequence of events.
time0:
vcpu1:
qmp_query_cpus-> cpu_synchronize_state-> kvm_cpu_synchronize_state->
> do_kvm_cpu_synchronize_state(and set vcpu1's cpu->kvm_vcpu_dirty to true)-> kvm_arch_get_registers(KVM_APIC_INIT bit in vcpu->arch.apic->pending_events was not set)
time1:
vcpu0:
send INIT-SIPI to all AP->(in vcpu 0's context)__apic_accept_irq(KVM_APIC_INIT bit in vcpu1's arch.apic->pending_events is set)
time2:
vcpu1:
kvm_cpu_exec->(if cpu->kvm_vcpu_dirty is true)kvm_arch_put_registers->kvm_put_vcpu_events(overwritten KVM_APIC_INIT bit in vcpu->arch.apic->pending_events!)
So it's a race between vcpu1 get/put registers with kvm/other vcpus changing vcpu1's status/structure fields in the mean time, I am in worry of if there are other fields may be overwritten,
sipi_vector is one.
also see: https://www.mail-archive.com/qemu-devel@nongnu.org/msg438675.html
> Thanks,
>
> paolo
>
> .
>
WARNING: multiple messages have this Message-ID (diff)
From: "Herongguang (Stephen)" <herongguang.he@huawei.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
rkrcmar@redhat.com, afaerber@suse.de, jan.kiszka@siemens.com,
qemu-devel@nongnu.org,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
wangxinxin.wang@huawei.com,
"weidong.huang@huawei.com >> Huangweidong (C)"
<weidong.huang@huawei.com>
Subject: Re: [Qemu-devel] [BUG/RFC] INIT IPI lost when VM starts
Date: Thu, 6 Apr 2017 09:47:21 +0800 [thread overview]
Message-ID: <58E59E29.7070305@huawei.com> (raw)
In-Reply-To: <135b6663-b65c-b5ba-d3a8-b2a2127a07fa@redhat.com>
On 2017/4/6 0:16, Paolo Bonzini wrote:
>
> On 20/03/2017 15:21, Herongguang (Stephen) wrote:
>> We encountered a problem that when a domain starts, seabios failed to
>> online a vCPU.
>>
>> After investigation, we found that the reason is in kvm-kmod,
>> KVM_APIC_INIT bit in
>> vcpu->arch.apic->pending_events was overwritten by qemu, and thus an
>> INIT IPI sent
>> to AP was lost. Qemu does this since libvirtd sends a ‘query-cpus’ qmp
>> command to qemu
>> on VM start.
>>
>> In qemu, qmp_query_cpus-> cpu_synchronize_state->
>> kvm_cpu_synchronize_state->
>> do_kvm_cpu_synchronize_state, qemu gets registers/vcpu_events from
>> kvm-kmod and
>> sets cpu->kvm_vcpu_dirty to true, and vcpu thread in qemu will call
>> kvm_arch_put_registers if cpu->kvm_vcpu_dirty is true, thus
>> pending_events is
>> overwritten by qemu.
>>
>> I think there is no need for qemu to set cpu->kvm_vcpu_dirty to true
>> after ‘query-cpus’,
>> and kvm-kmod should not clear KVM_APIC_INIT unconditionally. And I am
>> not sure whether
>> it is OK for qemu to set cpu->kvm_vcpu_dirty in
>> do_kvm_cpu_synchronize_state in each caller.
>>
>> What’s your opinion?
> Hi Rongguang,
>
> sorry for the late response.
>
> Where exactly is KVM_APIC_INIT dropped? kvm_get_mp_state does clear the
> bit, but the result of the INIT is stored in mp_state.
It's dropped in KVM_SET_VCPU_EVENTS, see below.
>
> kvm_get_vcpu_events is called after kvm_get_mp_state; it retrieves
> KVM_APIC_INIT in events.smi.latched_init and kvm_set_vcpu_events passes
> it back. Maybe it should ignore events.smi.latched_init if not in SMM,
> but I would like to understand the exact sequence of events.
time0:
vcpu1:
qmp_query_cpus-> cpu_synchronize_state-> kvm_cpu_synchronize_state->
> do_kvm_cpu_synchronize_state(and set vcpu1's cpu->kvm_vcpu_dirty to true)-> kvm_arch_get_registers(KVM_APIC_INIT bit in vcpu->arch.apic->pending_events was not set)
time1:
vcpu0:
send INIT-SIPI to all AP->(in vcpu 0's context)__apic_accept_irq(KVM_APIC_INIT bit in vcpu1's arch.apic->pending_events is set)
time2:
vcpu1:
kvm_cpu_exec->(if cpu->kvm_vcpu_dirty is true)kvm_arch_put_registers->kvm_put_vcpu_events(overwritten KVM_APIC_INIT bit in vcpu->arch.apic->pending_events!)
So it's a race between vcpu1 get/put registers with kvm/other vcpus changing vcpu1's status/structure fields in the mean time, I am in worry of if there are other fields may be overwritten,
sipi_vector is one.
also see: https://www.mail-archive.com/qemu-devel@nongnu.org/msg438675.html
> Thanks,
>
> paolo
>
> .
>
next prev parent reply other threads:[~2017-04-06 1:48 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-20 14:21 [BUG/RFC] INIT IPI lost when VM starts Herongguang (Stephen)
2017-03-20 14:21 ` [Qemu-devel] " Herongguang (Stephen)
2017-03-21 3:34 ` Herongguang (Stephen)
2017-03-21 3:34 ` [Qemu-devel] " Herongguang (Stephen)
2017-04-05 16:16 ` Paolo Bonzini
2017-04-05 16:16 ` [Qemu-devel] " Paolo Bonzini
2017-04-06 1:47 ` Herongguang (Stephen) [this message]
2017-04-06 1:47 ` Herongguang (Stephen)
2017-11-20 6:57 ` Gonglei (Arei)
2017-11-20 6:57 ` [Qemu-devel] " Gonglei (Arei)
2017-11-23 15:41 ` rkrcmar
2017-11-23 15:41 ` [Qemu-devel] " rkrcmar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=58E59E29.7070305@huawei.com \
--to=herongguang.he@huawei.com \
--cc=afaerber@suse.de \
--cc=jan.kiszka@siemens.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rkrcmar@redhat.com \
--cc=wangxinxin.wang@huawei.com \
--cc=weidong.huang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.