From: Eric Farman <farman@linux.ibm.com>
To: Christian Borntraeger <borntraeger@de.ibm.com>,
Janosch Frank <frankja@linux.ibm.com>,
David Hildenbrand <david@redhat.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
Thomas Huth <thuth@redhat.com>
Cc: Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
kvm@vger.kernel.org, linux-s390@vger.kernel.org
Subject: Re: [RFC PATCH v5 1/1] KVM: s390: Clarify SIGP orders versus STOP/RESTART
Date: Wed, 15 Dec 2021 09:39:19 -0500 [thread overview]
Message-ID: <132f6fbce4a2de772113067b202fb1826cff24ce.camel@linux.ibm.com> (raw)
In-Reply-To: <c6536d85-dcee-1b6b-08bc-335716c7f23e@de.ibm.com>
On Wed, 2021-12-15 at 14:07 +0100, Christian Borntraeger wrote:
>
> Am 13.12.21 um 22:05 schrieb Eric Farman:
> > With KVM_CAP_S390_USER_SIGP, there are only five Signal Processor
> > orders (CONDITIONAL EMERGENCY SIGNAL, EMERGENCY SIGNAL, EXTERNAL
> > CALL,
> > SENSE, and SENSE RUNNING STATUS) which are intended for frequent
> > use
> > and thus are processed in-kernel. The remainder are sent to
> > userspace
> > with the KVM_CAP_S390_USER_SIGP capability. Of those, three orders
> > (RESTART, STOP, and STOP AND STORE STATUS) have the potential to
> > inject work back into the kernel, and thus are asynchronous.
> >
> > Let's look for those pending IRQs when processing one of the in-
> > kernel
> > SIGP orders, and return BUSY (CC2) if one is in process. This is in
> > agreement with the Principles of Operation, which states that only
> > one
> > order can be "active" on a CPU at a time.
>
> As far as I understand this fixes a real bug with some test tools.
> Correct?
Correct.
> Then a stable tag might be appropriate.
Agreed.
> (Still have to review this)
>
> How hard would it be to also build a kvm-unit test testcase?
I don't think it's too hard, and something I'd like to see done rather
than the setup I'm using. It's on my list for after the holidays.
>
> > Suggested-by: David Hildenbrand <david@redhat.com>
> > Signed-off-by: Eric Farman <farman@linux.ibm.com>
> > ---
> > arch/s390/kvm/interrupt.c | 7 +++++++
> > arch/s390/kvm/kvm-s390.c | 9 +++++++--
> > arch/s390/kvm/kvm-s390.h | 1 +
> > arch/s390/kvm/sigp.c | 28 ++++++++++++++++++++++++++++
> > 4 files changed, 43 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
> > index 37f47e32d9c4..d339e1c47e4d 100644
> > --- a/arch/s390/kvm/interrupt.c
> > +++ b/arch/s390/kvm/interrupt.c
> > @@ -2115,6 +2115,13 @@ int kvm_s390_is_stop_irq_pending(struct
> > kvm_vcpu *vcpu)
> > return test_bit(IRQ_PEND_SIGP_STOP, &li->pending_irqs);
> > }
> >
> > +int kvm_s390_is_restart_irq_pending(struct kvm_vcpu *vcpu)
> > +{
> > + struct kvm_s390_local_interrupt *li = &vcpu->arch.local_int;
> > +
> > + return test_bit(IRQ_PEND_RESTART, &li->pending_irqs);
> > +}
> > +
> > void kvm_s390_clear_stop_irq(struct kvm_vcpu *vcpu)
> > {
> > struct kvm_s390_local_interrupt *li = &vcpu->arch.local_int;
> > diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
> > index 5f52e7eec02f..bfdf610bfecb 100644
> > --- a/arch/s390/kvm/kvm-s390.c
> > +++ b/arch/s390/kvm/kvm-s390.c
> > @@ -4641,10 +4641,15 @@ int kvm_s390_vcpu_stop(struct kvm_vcpu
> > *vcpu)
> > }
> > }
> >
> > - /* SIGP STOP and SIGP STOP AND STORE STATUS has been fully
> > processed */
> > + /*
> > + * Set the VCPU to STOPPED and THEN clear the interrupt flag,
> > + * now that the SIGP STOP and SIGP STOP AND STORE STATUS orders
> > + * have been fully processed. This will ensure that the VCPU
> > + * is kept BUSY if another VCPU is inquiring with SIGP SENSE.
> > + */
> > + kvm_s390_set_cpuflags(vcpu, CPUSTAT_STOPPED);
> > kvm_s390_clear_stop_irq(vcpu);
> >
> > - kvm_s390_set_cpuflags(vcpu, CPUSTAT_STOPPED);
> > __disable_ibs_on_vcpu(vcpu);
> >
> > for (i = 0; i < online_vcpus; i++) {
> > diff --git a/arch/s390/kvm/kvm-s390.h b/arch/s390/kvm/kvm-s390.h
> > index c07a050d757d..1876ab0c293f 100644
> > --- a/arch/s390/kvm/kvm-s390.h
> > +++ b/arch/s390/kvm/kvm-s390.h
> > @@ -427,6 +427,7 @@ void kvm_s390_destroy_adapters(struct kvm
> > *kvm);
> > int kvm_s390_ext_call_pending(struct kvm_vcpu *vcpu);
> > extern struct kvm_device_ops kvm_flic_ops;
> > int kvm_s390_is_stop_irq_pending(struct kvm_vcpu *vcpu);
> > +int kvm_s390_is_restart_irq_pending(struct kvm_vcpu *vcpu);
> > void kvm_s390_clear_stop_irq(struct kvm_vcpu *vcpu);
> > int kvm_s390_set_irq_state(struct kvm_vcpu *vcpu,
> > void __user *buf, int len);
> > diff --git a/arch/s390/kvm/sigp.c b/arch/s390/kvm/sigp.c
> > index 5ad3fb4619f1..c4884de0858b 100644
> > --- a/arch/s390/kvm/sigp.c
> > +++ b/arch/s390/kvm/sigp.c
> > @@ -276,6 +276,34 @@ static int handle_sigp_dst(struct kvm_vcpu
> > *vcpu, u8 order_code,
> > if (!dst_vcpu)
> > return SIGP_CC_NOT_OPERATIONAL;
> >
> > + /*
> > + * SIGP RESTART, SIGP STOP, and SIGP STOP AND STORE STATUS
> > orders
> > + * are processed asynchronously. Until the affected VCPU
> > finishes
> > + * its work and calls back into KVM to clear the (RESTART or
> > STOP)
> > + * interrupt, we need to return any new non-reset orders
> > "busy".
> > + *
> > + * This is important because a single VCPU could issue:
> > + * 1) SIGP STOP $DESTINATION
> > + * 2) SIGP SENSE $DESTINATION
> > + *
> > + * If the SIGP SENSE would not be rejected as "busy", it could
> > + * return an incorrect answer as to whether the VCPU is STOPPED
> > + * or OPERATING.
> > + */
> > + if (order_code != SIGP_INITIAL_CPU_RESET &&
> > + order_code != SIGP_CPU_RESET) {
> > + /*
> > + * Lockless check. Both SIGP STOP and SIGP (RE)START
> > + * properly synchronize everything while processing
> > + * their orders, while the guest cannot observe a
> > + * difference when issuing other orders from two
> > + * different VCPUs.
> > + */
> > + if (kvm_s390_is_stop_irq_pending(dst_vcpu) ||
> > + kvm_s390_is_restart_irq_pending(dst_vcpu))
> > + return SIGP_CC_BUSY;
> > + }
> > +
> > switch (order_code) {
> > case SIGP_SENSE:
> > vcpu->stat.instruction_sigp_sense++;
> >
next prev parent reply other threads:[~2021-12-15 14:39 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-13 21:05 [RFC PATCH v5 0/1] s390x: Improvements to SIGP handling [KVM] Eric Farman
2021-12-13 21:05 ` [RFC PATCH v5 1/1] KVM: s390: Clarify SIGP orders versus STOP/RESTART Eric Farman
2021-12-15 13:07 ` Christian Borntraeger
2021-12-15 14:39 ` Eric Farman [this message]
2021-12-15 13:24 ` David Hildenbrand
2021-12-15 13:57 ` Christian Borntraeger
2021-12-15 14:02 ` David Hildenbrand
2021-12-15 15:08 ` Eric Farman
2021-12-16 12:09 ` Christian Borntraeger
2021-12-17 13:31 ` Christian Borntraeger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=132f6fbce4a2de772113067b202fb1826cff24ce.camel@linux.ibm.com \
--to=farman@linux.ibm.com \
--cc=borntraeger@de.ibm.com \
--cc=david@redhat.com \
--cc=frankja@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox