From: Liran Alon <LIRAN.ALON@ORACLE.COM>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>,
kvm@vger.kernel.org, jmattson@google.com,
"wanpeng li" <wanpeng.li@hotmail.com>,
"idan brown" <idan.brown@ORACLE.COM>,
"Krish Sadhukhan" <krish.sadhukhan@ORACLE.COM>
Subject: Re: [PATCH] KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
Date: Sat, 11 Nov 2017 00:59:51 +0200 [thread overview]
Message-ID: <5A062F67.7050709@ORACLE.COM> (raw)
In-Reply-To: <1774540798.19563775.1510354270639.JavaMail.zimbra@redhat.com>
On 11/11/17 00:51, Paolo Bonzini wrote:
>
> Liran Alon <LIRAN.ALON@ORACLE.COM> wrote:
>> On 10/11/17 23:37, Paolo Bonzini wrote:
>>> On 10/11/2017 19:06, Radim Krčmář wrote:
>>>>> /* the PIR and ON have been set by L1. */
>>>>> if (!kvm_vcpu_trigger_posted_interrupt(vcpu, true)) {
>>>> This would still fail on the exiting case.
>>>>
>>>> If one VCPU was just after a VM exit, then the sender would see it
>>>> IN_GUEST_MODE, send the posted notification and return true, but the
>>>> notification would do nothing
>>>
>>> It would cause *something*---a vmexit because the vector doesn't match
>>> the L1 posted interrupt. Then smp_kvm_posted_intr_nested_ipi would be
>>> invoked from vmx_handle_external_intr.
>>>
>>> Could we detect the vector in vmx_handle_external_intr and set
>>> pi_pending+KVM_REQ_EVENT? Or invoke a function in KVM from
>>> smp_kvm_posted_intr_nested_ipi? Or would both be insane?...
>>
>> Consider the case sender sees vcpu->mode==IN_GUEST_MODE and before it
>> sends the physical IPI, dest CPU exits from guest and continues in L0
>> all the way until vcpu_enter_guest() and pass the part it checks for
>> KVM_REQ_EVENT but before it disables interrupts. Then sender sends the
>> physical IPI which is received in host-context and therefore runs
>> smp_kvm_posted_intr_nested_ipi() which sets KVM_REQ_EVENT &
>> pi_pending=true. But without Radim's suggestion of checking pi_pending
>> after interrupts disabled, this is too late as dest CPU will not check
>> these again until next exit from L2 guest.
>
> The destination CPU checks vcpu->requests before entering the guest, so this
> case would be handled fine (see Documentation/virtual/kvm/vcpu-requests.rst
> for an explanation of IN_GUEST_MODE, vcpu->requests, and PIR.ON).
>
Oh I see. You are right. My bad.
So I think your suggestion also works and may be simpler but I would
further think about it before sending a v2.
Thanks for clarifying this.
-Liran
> Thanks,
>
> Paolo
>
>> I hope I didn't misunderstand something here :)
next prev parent reply other threads:[~2017-11-10 23:00 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-09 18:27 [PATCH] KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2 Liran Alon
2017-11-10 17:06 ` Paolo Bonzini
2017-11-10 18:06 ` Radim Krčmář
2017-11-10 20:40 ` Liran Alon
2017-11-10 21:24 ` Radim Krčmář
2017-11-10 21:30 ` Paolo Bonzini
2017-11-10 21:37 ` Paolo Bonzini
2017-11-10 22:30 ` Radim Krčmář
2017-11-10 22:47 ` Liran Alon
2017-11-10 22:51 ` Paolo Bonzini
2017-11-10 22:59 ` Liran Alon [this message]
2017-11-10 22:37 ` Liran Alon
2017-11-16 17:37 ` Radim Krčmář
2017-11-16 18:36 ` Liran Alon
2017-11-16 19:47 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5A062F67.7050709@ORACLE.COM \
--to=liran.alon@oracle.com \
--cc=idan.brown@ORACLE.COM \
--cc=jmattson@google.com \
--cc=krish.sadhukhan@ORACLE.COM \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=wanpeng.li@hotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.