From: Alexander Graf <agraf@suse.de>
To: Scott Wood <scottwood@freescale.com>
Cc: kvm-ppc@vger.kernel.org, kvm@vger.kernel.org
Subject: Re: [PATCH 00/33] KVM: PPC: Fix IRQ race in magic page code
Date: Wed, 25 Jun 2014 00:41:17 +0200 [thread overview]
Message-ID: <53A9FE8D.1060300@suse.de> (raw)
In-Reply-To: <1403635989.26908.25.camel@snotra.buserror.net>
On 24.06.14 20:53, Scott Wood wrote:
> On Sun, 2014-06-22 at 23:23 +0200, Alexander Graf wrote:
>> Howdy,
>>
>> Ben reminded me a while back that we have a nasty race in our KVM PV code.
>>
>> We replace a few instructions with longer streams of instructions to check
>> whether it's necessary to trap out from it (like mtmsr, no need to trap if
>> we only disable interrupts). During those replacement chunks we must not get
>> any interrupts, because they might overwrite scratch space that we already
>> used to save otherwise clobbered register state into.
>>
>> So we have a thing called "critical sections" which allows us to atomically
>> get in and out of "interrupt disabled" modes without touching MSR. When we
>> are supposed to deliver an interrupt into the guest while we are in a critical
>> section, we just don't inject the interrupt yet, but leave it be until the
>> next trap.
>>
>> However, we never really know when the next trap would be. For all we know it
>> could be never. At this point we created a race that is a potential source
>> for interrupt loss or at least deferral.
>>
>> This patch set aims at solving the race. Instead of merely deferring an
>> interrupt when we see such a situation, we go into a special instruction
>> interpretation mode. In this mode, we interpret all PPC assembler instructions
>> that happen until we are out of the critical section again, at which point
>> we can now inject the interrupt.
>>
>> This bug only affects KVM implementations that make use of the magic page, so
>> e500v2, book3s_32 and book3s_64 PR KVM.
> Would it be possible to single step through the critical section
> instead? Or set a high res timer to expire very quickly?
There are a few other alternatives to this implementation:
1) Unmap the magic page, emulate all memory access to it while in
critical and irq pending
2) Trigger a timer that sends a request to the vcpu to wake it from
potential sleep and inject the irq
3) Single step until we're beyond the critical section
4) Probably more that I can't think of right now :)
Each has their good and bad sides. Unmapping the magic page adds
complexity to the MMU mapping code, since we need to make sure we don't
map it back in on demand and treat faults to it specially.
The timer interrupt works, but I'm not fully convinced that it's a good
idea for things like MC events which we also block during critical
sections on e500v2.
Single stepping is hard enough to get right on interaction between QEMU,
KVM and the guest. I didn't really want to make that stuff any more
complicated.
This approach is really just one out of many - and it's one that's
nicely self-contained and shouldn't have any impact at all on
implementations that don't care about it ;).
Alex
next prev parent reply other threads:[~2014-06-24 22:41 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-22 21:23 [PATCH 00/33] KVM: PPC: Fix IRQ race in magic page code Alexander Graf
2014-06-22 21:23 ` [PATCH 01/33] KVM: PPC: Implement kvmppc_xlate for all targets Alexander Graf
2014-06-22 21:23 ` [PATCH 02/33] KVM: PPC: Move kvmppc_ld/st to common code Alexander Graf
2014-06-22 21:23 ` [PATCH 03/33] KVM: PPC: Remove kvmppc_bad_hva() Alexander Graf
2014-06-22 21:23 ` [PATCH 04/33] KVM: PPC: Propagate kvmppc_xlate errors properly Alexander Graf
2014-06-22 21:23 ` [PATCH 05/33] KVM: PPC: Use kvm_read_guest in kvmppc_ld Alexander Graf
2014-06-22 21:23 ` [PATCH 06/33] KVM: PPC: Handle magic page in kvmppc_ld/st Alexander Graf
2014-06-22 21:23 ` [PATCH 07/33] KVM: PPC: Separate loadstore emulation from priv emulation Alexander Graf
2014-06-22 21:23 ` [PATCH 08/33] KVM: PPC: Introduce emulation for unprivileged instructions Alexander Graf
2014-06-22 21:23 ` [PATCH 09/33] KVM: PPC: Move critical section detection to common code Alexander Graf
2014-06-22 21:23 ` [PATCH 10/33] KVM: PPC: Make critical section detection conditional Alexander Graf
2014-06-22 21:23 ` [PATCH 11/33] KVM: PPC: BookE: Use common critical section helper Alexander Graf
2014-06-22 21:23 ` [PATCH 12/33] KVM: PPC: Emulate critical sections when we hit them Alexander Graf
2014-06-22 21:23 ` [PATCH 13/33] KVM: PPC: Expose helper functions for data/inst faults Alexander Graf
2014-06-22 21:23 ` [PATCH 14/33] KVM: PPC: Add std instruction emulation Alexander Graf
2014-06-22 21:23 ` [PATCH 15/33] KVM: PPC: Add stw " Alexander Graf
2014-06-22 21:23 ` [PATCH 16/33] KVM: PPC: Add ld " Alexander Graf
2014-06-22 21:23 ` [PATCH 17/33] KVM: PPC: Add lwz " Alexander Graf
2014-06-22 21:23 ` [PATCH 18/33] KVM: PPC: Add mfcr " Alexander Graf
2014-06-22 21:23 ` [PATCH 19/33] KVM: PPC: Add addis " Alexander Graf
2014-06-22 21:23 ` [PATCH 20/33] KVM: PPC: Add ori " Alexander Graf
2014-06-22 21:23 ` [PATCH 21/33] KVM: PPC: Add and " Alexander Graf
2014-06-22 21:23 ` [PATCH 22/33] KVM: PPC: Add andi. " Alexander Graf
2014-06-22 21:23 ` [PATCH 23/33] KVM: PPC: Add or " Alexander Graf
2014-06-22 21:23 ` [PATCH 24/33] KVM: PPC: Add cmpwi/cmpdi " Alexander Graf
2014-06-22 21:23 ` [PATCH 25/33] KVM: PPC: Add bc " Alexander Graf
2014-06-22 21:23 ` [PATCH 26/33] KVM: PPC: Add mtcrf " Alexander Graf
2014-06-22 21:23 ` [PATCH 27/33] KVM: PPC: Add xor " Alexander Graf
2014-06-22 21:23 ` [PATCH 28/33] KVM: PPC: Add oris " Alexander Graf
2014-06-22 21:23 ` [PATCH 29/33] KVM: PPC: Add rldicr/rldicl/rldic " Alexander Graf
2014-06-22 21:23 ` [PATCH 30/33] KVM: PPC: Add rlwimi " Alexander Graf
2014-06-22 21:23 ` [PATCH 31/33] KVM: PPC: Add rlwinm " Alexander Graf
2014-06-22 21:23 ` [PATCH 32/33] KVM: PPC: Handle NV registers in emulated critical sections Alexander Graf
2014-06-22 21:23 ` [PATCH 33/33] KVM: PPC: Enable critical section emulation Alexander Graf
2014-06-24 18:53 ` [PATCH 00/33] KVM: PPC: Fix IRQ race in magic page code Scott Wood
2014-06-24 22:41 ` Alexander Graf [this message]
2014-06-24 23:15 ` Scott Wood
2014-06-24 23:40 ` Alexander Graf
2014-06-25 0:21 ` Scott Wood
2014-07-28 14:10 ` Alexander Graf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53A9FE8D.1060300@suse.de \
--to=agraf@suse.de \
--cc=kvm-ppc@vger.kernel.org \
--cc=kvm@vger.kernel.org \
--cc=scottwood@freescale.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).