From: David Hildenbrand <david@redhat.com>
To: Thomas Huth <thuth@redhat.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Eric Farman <farman@linux.ibm.com>,
Janosch Frank <frankja@linux.ibm.com>,
Cornelia Huck <cohuck@redhat.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Jason Herne <jjherne@linux.ibm.com>
Cc: kvm@vger.kernel.org, linux-s390@vger.kernel.org
Subject: Re: [RFC PATCH v1 2/6] KVM: s390: Reject SIGP when destination CPU is busy
Date: Mon, 11 Oct 2021 19:58:53 +0200 [thread overview]
Message-ID: <e9935fe6-8c8a-b63d-4076-de85fb0e7146@redhat.com> (raw)
In-Reply-To: <bddd3a05-b364-7b52-f329-11a07146394e@redhat.com>
On 11.10.21 09:52, Thomas Huth wrote:
> On 11/10/2021 09.43, Christian Borntraeger wrote:
>> Am 11.10.21 um 09:27 schrieb Thomas Huth:
>>> On 08/10/2021 22.31, Eric Farman wrote:
>>>> With KVM_CAP_USER_SIGP enabled, most orders are handled by userspace.
>>>> However, some orders (such as STOP or STOP AND STORE STATUS) end up
>>>> injecting work back into the kernel. Userspace itself should (and QEMU
>>>> does) look for this conflict, and reject additional (non-reset) orders
>>>> until this work completes.
>>>>
>>>> But there's no need to delay that. If the kernel knows about the STOP
>>>> IRQ that is in process, the newly-requested SIGP order can be rejected
>>>> with a BUSY condition right up front.
>>>>
>>>> Signed-off-by: Eric Farman <farman@linux.ibm.com>
>>>> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
>>>> ---
>>>> arch/s390/kvm/sigp.c | 43 +++++++++++++++++++++++++++++++++++++++++++
>>>> 1 file changed, 43 insertions(+)
>>>>
>>>> diff --git a/arch/s390/kvm/sigp.c b/arch/s390/kvm/sigp.c
>>>> index cf4de80bd541..6ca01bbc72cf 100644
>>>> --- a/arch/s390/kvm/sigp.c
>>>> +++ b/arch/s390/kvm/sigp.c
>>>> @@ -394,6 +394,45 @@ static int handle_sigp_order_in_user_space(struct
>>>> kvm_vcpu *vcpu, u8 order_code,
>>>> return 1;
>>>> }
>>>> +static int handle_sigp_order_is_blocked(struct kvm_vcpu *vcpu, u8
>>>> order_code,
>>>> + u16 cpu_addr)
>>>> +{
>>>> + struct kvm_vcpu *dst_vcpu = kvm_get_vcpu_by_id(vcpu->kvm, cpu_addr);
>>>> + int rc = 0;
>>>> +
>>>> + /*
>>>> + * SIGP orders directed at invalid vcpus are not blocking,
>>>> + * and should not return busy here. The code that handles
>>>> + * the actual SIGP order will generate the "not operational"
>>>> + * response for such a vcpu.
>>>> + */
>>>> + if (!dst_vcpu)
>>>> + return 0;
>>>> +
>>>> + /*
>>>> + * SIGP orders that process a flavor of reset would not be
>>>> + * blocked through another SIGP on the destination CPU.
>>>> + */
>>>> + if (order_code == SIGP_CPU_RESET ||
>>>> + order_code == SIGP_INITIAL_CPU_RESET)
>>>> + return 0;
>>>> +
>>>> + /*
>>>> + * Any other SIGP order could race with an existing SIGP order
>>>> + * on the destination CPU, and thus encounter a busy condition
>>>> + * on the CPU processing the SIGP order. Reject the order at
>>>> + * this point, rather than racing with the STOP IRQ injection.
>>>> + */
>>>> + spin_lock(&dst_vcpu->arch.local_int.lock);
>>>> + if (kvm_s390_is_stop_irq_pending(dst_vcpu)) {
>>>> + kvm_s390_set_psw_cc(vcpu, SIGP_CC_BUSY);
>>>> + rc = 1;
>>>> + }
>>>> + spin_unlock(&dst_vcpu->arch.local_int.lock);
>>>> +
>>>> + return rc;
>>>> +}
>>>> +
>>>> int kvm_s390_handle_sigp(struct kvm_vcpu *vcpu)
>>>> {
>>>> int r1 = (vcpu->arch.sie_block->ipa & 0x00f0) >> 4;
>>>> @@ -408,6 +447,10 @@ int kvm_s390_handle_sigp(struct kvm_vcpu *vcpu)
>>>> return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
>>>> order_code = kvm_s390_get_base_disp_rs(vcpu, NULL);
>>>> +
>>>> + if (handle_sigp_order_is_blocked(vcpu, order_code, cpu_addr))
>>>> + return 0;
>>>> +
>>>> if (handle_sigp_order_in_user_space(vcpu, order_code, cpu_addr))
>>>> return -EOPNOTSUPP;
>>>
>>> We've been bitten quite a bit of times in the past already by doing too
>>> much control logic in the kernel instead of doing it in QEMU, where we
>>> should have a more complete view of the state ... so I'm feeling quite a
>>> bit uneasy of adding this in front of the "return -EOPNOTSUPP" here ...
>>> Did you see any performance issues that would justify this change?
>>
>> It does at least handle this case for simple userspaces without
>> KVM_CAP_S390_USER_SIGP .
>
> For that case, I'd prefer to swap the order here by doing the "if
> handle_sigp_order_in_user_space return -EOPNOTSUPP" first, and doing the "if
> handle_sigp_order_is_blocked return 0" afterwards.
>
> ... unless we feel really, really sure that it always ok to do it like in
> this patch ... but as I said, we've been bitten by such things a couple of
> times already, so I'd suggest to better play safe...
As raised in the QEMU series, I wonder if it's cleaner for user space to
set the target CPU as busy/!busy for SIGP while processing an order.
We'll need a new VCPU IOCTL, but it conceptually sounds cleaner to me ...
--
Thanks,
David / dhildenb
next prev parent reply other threads:[~2021-10-11 17:59 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-08 20:31 [RFC PATCH v1 0/6] Improvements to SIGP handling [KVM] Eric Farman
2021-10-08 20:31 ` [RFC PATCH v1 1/6] KVM: s390: Simplify SIGP Set Arch handling Eric Farman
2021-10-11 6:29 ` Thomas Huth
2021-10-11 7:24 ` Christian Borntraeger
2021-10-11 17:57 ` David Hildenbrand
2021-10-12 7:35 ` Claudio Imbrenda
2021-10-12 8:42 ` Christian Borntraeger
2021-10-08 20:31 ` [RFC PATCH v1 2/6] KVM: s390: Reject SIGP when destination CPU is busy Eric Farman
2021-10-11 7:27 ` Thomas Huth
2021-10-11 7:43 ` Christian Borntraeger
2021-10-11 7:52 ` Thomas Huth
2021-10-11 17:58 ` David Hildenbrand [this message]
2021-10-11 18:13 ` Eric Farman
2021-10-08 20:31 ` [RFC PATCH v1 3/6] KVM: s390: Simplify SIGP Restart Eric Farman
2021-10-11 7:45 ` Christian Borntraeger
2021-10-12 15:23 ` Thomas Huth
2021-10-12 15:31 ` Eric Farman
2021-10-13 5:54 ` Thomas Huth
2021-10-13 13:54 ` Eric Farman
2021-10-08 20:31 ` [RFC PATCH v1 4/6] KVM: s390: Restart IRQ should also block SIGP Eric Farman
2021-10-08 20:31 ` [RFC PATCH v1 5/6] KVM: s390: Give BUSY to SIGP SENSE during Restart Eric Farman
2021-10-11 18:01 ` David Hildenbrand
2021-10-08 20:31 ` [RFC PATCH v1 6/6] KVM: s390: Add a routine for setting userspace CPU state Eric Farman
2021-10-11 7:31 ` Thomas Huth
2021-10-11 7:45 ` David Hildenbrand
2021-10-12 7:45 ` Claudio Imbrenda
2021-10-12 8:44 ` Christian Borntraeger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e9935fe6-8c8a-b63d-4076-de85fb0e7146@redhat.com \
--to=david@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=farman@linux.ibm.com \
--cc=frankja@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=jjherne@linux.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox