From patchwork Thu Apr 2 10:05:19 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Marc Zyngier X-Patchwork-Id: 46717 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-la0-f69.google.com (mail-la0-f69.google.com [209.85.215.69]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id A3162216D1 for ; Thu, 2 Apr 2015 10:31:21 +0000 (UTC) Received: by labtp8 with SMTP id tp8sf17321552lab.2 for ; Thu, 02 Apr 2015 03:31:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:subject:date:message-id :in-reply-to:references:mime-version:cc:precedence:list-id :list-unsubscribe:list-archive:list-post:list-help:list-subscribe :content-type:content-transfer-encoding:sender:errors-to :x-original-sender:x-original-authentication-results:mailing-list; bh=nH+j93FAxNHk0u+Ts6/ZgFKU3OX1NktqFym5ld3EMHY=; b=MheM+S3NqGmRMtAcc2271dKHt0UVq79Z3LQcyZhR3nWhws9CTjScCGguBz0QpKpp1j HbATYUYmov9m/WVF9l8JtGOax+jS9Bgph+Y3+QWa5NyyENJt+T1RwCv+YdE3FAwZswtH kHHM+FVqrCinB48eg96SOwWQlRWdyemL28P6ydUTOBnzzrVLNTXXvfkQblNchW9mmgb8 z/dtBuW+0PeXjAbZ0EN9hv1UvCi753ZGVwFJ+gNWeiFP8Hp29f6bbfsQP07RSNn7ZT/V Oor6d/35SCxziVuLF0gs5XWgidQHsrRcNiOfBaeNvABjuC2wPfFQkBZTihnIQuhc2kL8 h1vg== X-Gm-Message-State: ALoCoQmG+K7uOu9pkgfbBg+qWOyLztUlDoIkKLzRLgXmrAXarYmr/Ou2uXr8ojJ4pHqEClV7s8iE X-Received: by 10.152.20.41 with SMTP id k9mr10622326lae.10.1427970680619; Thu, 02 Apr 2015 03:31:20 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.207.4 with SMTP id ls4ls189322lac.73.gmail; Thu, 02 Apr 2015 03:31:20 -0700 (PDT) X-Received: by 10.152.1.194 with SMTP id 2mr40075065lao.38.1427970680279; Thu, 02 Apr 2015 03:31:20 -0700 (PDT) Received: from mail-la0-f42.google.com (mail-la0-f42.google.com. [209.85.215.42]) by mx.google.com with ESMTPS id t2si3906303laj.59.2015.04.02.03.31.19 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 Apr 2015 03:31:19 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.42 as permitted sender) client-ip=209.85.215.42; Received: by lagg8 with SMTP id g8so56906897lag.1 for ; Thu, 02 Apr 2015 03:31:19 -0700 (PDT) X-Received: by 10.112.162.167 with SMTP id yb7mr39104695lbb.76.1427970679659; Thu, 02 Apr 2015 03:31:19 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.57.201 with SMTP id k9csp1241131lbq; Thu, 2 Apr 2015 03:31:18 -0700 (PDT) X-Received: by 10.70.103.230 with SMTP id fz6mr85324572pdb.45.1427970677661; Thu, 02 Apr 2015 03:31:17 -0700 (PDT) Received: from bombadil.infradead.org (bombadil.infradead.org. [198.137.202.9]) by mx.google.com with ESMTPS id ot4si6940549pdb.82.2015.04.02.03.31.16 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 Apr 2015 03:31:17 -0700 (PDT) Received-SPF: none (google.com: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org does not designate permitted sender hosts) client-ip=198.137.202.9; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1YdcMC-0002w0-Mz; Thu, 02 Apr 2015 10:28:16 +0000 Received: from inca-roads.misterjones.org ([213.251.177.50]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1YdcH1-0006qI-JQ for linux-arm-kernel@lists.infradead.org; Thu, 02 Apr 2015 10:22:57 +0000 Received: from dab-yat1-h-1-5.dab.02.net ([82.132.213.233] helo=why.wild-wind.fr.eu.org) by cheepnis.misterjones.org with esmtpsa (TLSv1.2:AES128-SHA256:128) (Exim 4.80) (envelope-from ) id 1Ydc0B-0006QV-UL; Thu, 02 Apr 2015 12:05:32 +0200 From: Marc Zyngier To: Paolo Bonzini , Marcelo Tosatti Subject: [PATCH 15/27] arm/arm64: KVM: Fix migration race in the arch timer Date: Thu, 2 Apr 2015 11:05:19 +0100 Message-Id: <1427969131-8445-16-git-send-email-marc.zyngier@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1427969131-8445-1-git-send-email-marc.zyngier@arm.com> References: <1427969131-8445-1-git-send-email-marc.zyngier@arm.com> MIME-Version: 1.0 X-SA-Exim-Connect-IP: 82.132.213.233 X-SA-Exim-Rcpt-To: pbonzini@redhat.com, mtosatti@redhat.com, christoffer.dall@linaro.org, alex.bennee@linaro.org, kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org, mark.rutland@arm.com, eric.auger@linaro.org, n.nikolaev@virtualopensystems.com, andre.przywara@arm.com X-SA-Exim-Mail-From: marc.zyngier@arm.com X-SA-Exim-Scanned: No (on cheepnis.misterjones.org); SAEximRunCond expanded to false X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20150402_032255_855334_55F172E4 X-CRM114-Status: GOOD ( 20.55 ) X-Spam-Score: 1.6 (+) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (1.6 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server [82.132.213.233 listed in dnsbl.sorbs.net] 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) Cc: Mark Rutland , kvm@vger.kernel.org, Eric Auger , Andre Przywara , Nikolay Nikolaev , Christoffer Dall , =?UTF-8?q?Alex=20Benn=C3=A9e?= , kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: marc.zyngier@arm.com X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.42 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 From: Christoffer Dall When a VCPU is no longer running, we currently check to see if it has a timer scheduled in the future, and if it does, we schedule a host hrtimer to notify is in case the timer expires while the VCPU is still not running. When the hrtimer fires, we mask the guest's timer and inject the timer IRQ (still relying on the guest unmasking the time when it receives the IRQ). This is all good and fine, but when migration a VM (checkpoint/restore) this introduces a race. It is unlikely, but possible, for the following sequence of events to happen: 1. Userspace stops the VM 2. Hrtimer for VCPU is scheduled 3. Userspace checkpoints the VGIC state (no pending timer interrupts) 4. The hrtimer fires, schedules work in a workqueue 5. Workqueue function runs, masks the timer and injects timer interrupt 6. Userspace checkpoints the timer state (timer masked) At restore time, you end up with a masked timer without any timer interrupts and your guest halts never receiving timer interrupts. Fix this by only kicking the VCPU in the workqueue function, and sample the expired state of the timer when entering the guest again and inject the interrupt and mask the timer only then. Signed-off-by: Christoffer Dall Signed-off-by: Alex Bennée Signed-off-by: Christoffer Dall --- arch/arm/kvm/arm.c | 2 +- include/kvm/arm_arch_timer.h | 2 ++ virt/kvm/arm/arch_timer.c | 45 +++++++++++++++++++++++++++++++++++--------- 3 files changed, 39 insertions(+), 10 deletions(-) diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c index 9a5f057..e98370c 100644 --- a/arch/arm/kvm/arm.c +++ b/arch/arm/kvm/arm.c @@ -266,7 +266,7 @@ void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu) int kvm_cpu_has_pending_timer(struct kvm_vcpu *vcpu) { - return 0; + return kvm_timer_should_fire(vcpu); } int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu) diff --git a/include/kvm/arm_arch_timer.h b/include/kvm/arm_arch_timer.h index a74e4c2..e596675 100644 --- a/include/kvm/arm_arch_timer.h +++ b/include/kvm/arm_arch_timer.h @@ -67,4 +67,6 @@ void kvm_timer_vcpu_terminate(struct kvm_vcpu *vcpu); u64 kvm_arm_timer_get_reg(struct kvm_vcpu *, u64 regid); int kvm_arm_timer_set_reg(struct kvm_vcpu *, u64 regid, u64 value); +bool kvm_timer_should_fire(struct kvm_vcpu *vcpu); + #endif diff --git a/virt/kvm/arm/arch_timer.c b/virt/kvm/arm/arch_timer.c index 6e54f35..98c95f2 100644 --- a/virt/kvm/arm/arch_timer.c +++ b/virt/kvm/arm/arch_timer.c @@ -85,13 +85,22 @@ static irqreturn_t kvm_arch_timer_handler(int irq, void *dev_id) return IRQ_HANDLED; } +/* + * Work function for handling the backup timer that we schedule when a vcpu is + * no longer running, but had a timer programmed to fire in the future. + */ static void kvm_timer_inject_irq_work(struct work_struct *work) { struct kvm_vcpu *vcpu; vcpu = container_of(work, struct kvm_vcpu, arch.timer_cpu.expired); vcpu->arch.timer_cpu.armed = false; - kvm_timer_inject_irq(vcpu); + + /* + * If the vcpu is blocked we want to wake it up so that it will see + * the timer has expired when entering the guest. + */ + kvm_vcpu_kick(vcpu); } static enum hrtimer_restart kvm_timer_expire(struct hrtimer *hrt) @@ -102,6 +111,21 @@ static enum hrtimer_restart kvm_timer_expire(struct hrtimer *hrt) return HRTIMER_NORESTART; } +bool kvm_timer_should_fire(struct kvm_vcpu *vcpu) +{ + struct arch_timer_cpu *timer = &vcpu->arch.timer_cpu; + cycle_t cval, now; + + if ((timer->cntv_ctl & ARCH_TIMER_CTRL_IT_MASK) || + !(timer->cntv_ctl & ARCH_TIMER_CTRL_ENABLE)) + return false; + + cval = timer->cntv_cval; + now = kvm_phys_timer_read() - vcpu->kvm->arch.timer.cntvoff; + + return cval <= now; +} + /** * kvm_timer_flush_hwstate - prepare to move the virt timer to the cpu * @vcpu: The vcpu pointer @@ -119,6 +143,13 @@ void kvm_timer_flush_hwstate(struct kvm_vcpu *vcpu) * populate the CPU timer again. */ timer_disarm(timer); + + /* + * If the timer expired while we were not scheduled, now is the time + * to inject it. + */ + if (kvm_timer_should_fire(vcpu)) + kvm_timer_inject_irq(vcpu); } /** @@ -134,16 +165,9 @@ void kvm_timer_sync_hwstate(struct kvm_vcpu *vcpu) cycle_t cval, now; u64 ns; - if ((timer->cntv_ctl & ARCH_TIMER_CTRL_IT_MASK) || - !(timer->cntv_ctl & ARCH_TIMER_CTRL_ENABLE)) - return; - - cval = timer->cntv_cval; - now = kvm_phys_timer_read() - vcpu->kvm->arch.timer.cntvoff; - BUG_ON(timer_is_armed(timer)); - if (cval <= now) { + if (kvm_timer_should_fire(vcpu)) { /* * Timer has already expired while we were not * looking. Inject the interrupt and carry on. @@ -152,6 +176,9 @@ void kvm_timer_sync_hwstate(struct kvm_vcpu *vcpu) return; } + cval = timer->cntv_cval; + now = kvm_phys_timer_read() - vcpu->kvm->arch.timer.cntvoff; + ns = cyclecounter_cyc2ns(timecounter->cc, cval - now, timecounter->mask, &timecounter->frac); timer_arm(timer, ns);