From: Liran Alon <LIRAN.ALON@ORACLE.COM>
To: "Radim Krčmář" <rkrcmar@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, jmattson@google.com, wanpeng.li@hotmail.com,
idan.brown@ORACLE.COM,
Krish Sadhukhan <krish.sadhukhan@ORACLE.COM>
Subject: Re: [PATCH] KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
Date: Sat, 11 Nov 2017 00:47:38 +0200 [thread overview]
Message-ID: <5A062C8A.8000307@ORACLE.COM> (raw)
In-Reply-To: <20171110223018.GM2189@flask>
On 11/11/17 00:30, Radim Krčmář wrote:
> 2017-11-10 22:37+0100, Paolo Bonzini:
>> On 10/11/2017 19:06, Radim Krčmář wrote:
>>>> /* the PIR and ON have been set by L1. */
>>>> if (!kvm_vcpu_trigger_posted_interrupt(vcpu, true)) {
>>> This would still fail on the exiting case.
>>>
>>> If one VCPU was just after a VM exit, then the sender would see it
>>> IN_GUEST_MODE, send the posted notification and return true, but the
>>> notification would do nothing
>>
>> It would cause *something*---a vmexit because the vector doesn't match
>> the L1 posted interrupt. Then smp_kvm_posted_intr_nested_ipi would be
>> invoked from vmx_handle_external_intr.
>>
>> Could we detect the vector in vmx_handle_external_intr and set
>> pi_pending+KVM_REQ_EVENT? Or invoke a function in KVM from
>> smp_kvm_posted_intr_nested_ipi? Or would both be insane?...
>
> I think it is a trade-off.
>
> We could call KVM from smp_kvm_posted_intr_nested_ipi(), which would
> handle the case when the notification arrives after
> vmx_handle_external_intr().
>
> It doesn't performance, because we'd have to avoid a race on VM entry by
> possibly needlessly kicking the guest after seeing that it went from
> OUTSIDE_GUEST_MODE to IN_GUEST_MODE while we were setting the pending
> bit.
>
> But the behavior is slightly better because we can't be scanning PIR
> twice for one notification. (If the notification was handled directly by
> guest and then also by KVM due to the unconditionally set pending bit.)
>
> Well, I better think about it with fresh mind ...
>
If notification was handled directly by guest, the CPU is suppose to
clear POSTED_INTR_ON bit in pi_desc->control (bit 256 - Outstanding
Notification).
In that case, even though vmx_complete_nested_posted_interrupt() will be
called on next VMEntry, it will just set pi_pending=false and do nothing
because of:
if (!pi_test_and_clear_on(vmx->nested.pi_desc))
return;
Therefore, there should be no harm in unconditionally setting pi_pending
bit and I think Radim's original suggestion should still work well.
-Liran
next prev parent reply other threads:[~2017-11-10 22:47 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-09 18:27 [PATCH] KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2 Liran Alon
2017-11-10 17:06 ` Paolo Bonzini
2017-11-10 18:06 ` Radim Krčmář
2017-11-10 20:40 ` Liran Alon
2017-11-10 21:24 ` Radim Krčmář
2017-11-10 21:30 ` Paolo Bonzini
2017-11-10 21:37 ` Paolo Bonzini
2017-11-10 22:30 ` Radim Krčmář
2017-11-10 22:47 ` Liran Alon [this message]
2017-11-10 22:51 ` Paolo Bonzini
2017-11-10 22:59 ` Liran Alon
2017-11-10 22:37 ` Liran Alon
2017-11-16 17:37 ` Radim Krčmář
2017-11-16 18:36 ` Liran Alon
2017-11-16 19:47 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5A062C8A.8000307@ORACLE.COM \
--to=liran.alon@oracle.com \
--cc=idan.brown@ORACLE.COM \
--cc=jmattson@google.com \
--cc=krish.sadhukhan@ORACLE.COM \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=wanpeng.li@hotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.