All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] kvm/x86: check KVM_REQ_TLB_FLUSH with irqs disabled
@ 2009-03-16 13:03 Joerg Roedel
  2009-03-16 13:12 ` Avi Kivity
  0 siblings, 1 reply; 6+ messages in thread
From: Joerg Roedel @ 2009-03-16 13:03 UTC (permalink / raw)
  To: Avi Kivity, Marcelo Tosatti; +Cc: kvm, linux-kernel, Joerg Roedel

For KVM remote TLB flushes we need to check the KVM_REQ_TLB_FLUSH
request flag when the irqs are already disabled. Otherwise there is a
small window of time for a race condition where we may enter a guest
without doing a requested TLB flush.

Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
 arch/x86/kvm/x86.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index b556b6a..301660a 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3108,8 +3108,6 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 			kvm_write_guest_time(vcpu);
 		if (test_and_clear_bit(KVM_REQ_MMU_SYNC, &vcpu->requests))
 			kvm_mmu_sync_roots(vcpu);
-		if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests))
-			kvm_x86_ops->tlb_flush(vcpu);
 		if (test_and_clear_bit(KVM_REQ_REPORT_TPR_ACCESS,
 				       &vcpu->requests)) {
 			kvm_run->exit_reason = KVM_EXIT_TPR_ACCESS;
@@ -3133,6 +3131,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 
 	local_irq_disable();
 
+	if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests))
+		kvm_x86_ops->tlb_flush(vcpu);
+
 	if (vcpu->requests || need_resched() || signal_pending(current)) {
 		local_irq_enable();
 		preempt_enable();
-- 
1.5.6.4



^ permalink raw reply related	[flat|nested] 6+ messages in thread
* Re: [PATCH] kvm/x86: check KVM_REQ_TLB_FLUSH with irqs disabled
  2009-03-16 13:03 [PATCH] kvm/x86: check KVM_REQ_TLB_FLUSH with irqs disabled Joerg Roedel
@ 2009-03-16 13:12 ` Avi Kivity
  2009-03-16 14:11   ` Joerg Roedel
  2009-03-16 18:30   ` Marcelo Tosatti
  0 siblings, 2 replies; 6+ messages in thread
From: Avi Kivity @ 2009-03-16 13:12 UTC (permalink / raw)
  To: Joerg Roedel; +Cc: Marcelo Tosatti, kvm, linux-kernel

Joerg Roedel wrote:
> For KVM remote TLB flushes we need to check the KVM_REQ_TLB_FLUSH
> request flag when the irqs are already disabled. Otherwise there is a
> small window of time for a race condition where we may enter a guest
> without doing a requested TLB flush.
>
> @@ -3108,8 +3108,6 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
>  			kvm_write_guest_time(vcpu);
>  		if (test_and_clear_bit(KVM_REQ_MMU_SYNC, &vcpu->requests))
>  			kvm_mmu_sync_roots(vcpu);
> -		if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests))
> -			kvm_x86_ops->tlb_flush(vcpu);
>  		if (test_and_clear_bit(KVM_REQ_REPORT_TPR_ACCESS,
>  				       &vcpu->requests)) {
>  			kvm_run->exit_reason = KVM_EXIT_TPR_ACCESS;
> @@ -3133,6 +3131,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
>  
>  	local_irq_disable();
>  
> +	if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests))
> +		kvm_x86_ops->tlb_flush(vcpu);
> +
>  	if (vcpu->requests || need_resched() || signal_pending(current)) {
>  		local_irq_enable();
>  		preempt_enable();
>   

If we lost the race and someone sets a bit after the test, then the test 
immediately above will pick this up retry the bit tests.


-- 
error compiling committee.c: too many arguments to function


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] kvm/x86: check KVM_REQ_TLB_FLUSH with irqs disabled
  2009-03-16 13:12 ` Avi Kivity
@ 2009-03-16 14:11   ` Joerg Roedel
  2009-03-16 18:30   ` Marcelo Tosatti
  1 sibling, 0 replies; 6+ messages in thread
From: Joerg Roedel @ 2009-03-16 14:11 UTC (permalink / raw)
  To: Avi Kivity; +Cc: Marcelo Tosatti, kvm, linux-kernel

On Mon, Mar 16, 2009 at 03:12:52PM +0200, Avi Kivity wrote:
> Joerg Roedel wrote:
> >For KVM remote TLB flushes we need to check the KVM_REQ_TLB_FLUSH
> >request flag when the irqs are already disabled. Otherwise there is a
> >small window of time for a race condition where we may enter a guest
> >without doing a requested TLB flush.
> >
> >@@ -3108,8 +3108,6 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
> > 			kvm_write_guest_time(vcpu);
> > 		if (test_and_clear_bit(KVM_REQ_MMU_SYNC, &vcpu->requests))
> > 			kvm_mmu_sync_roots(vcpu);
> >-		if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests))
> >-			kvm_x86_ops->tlb_flush(vcpu);
> > 		if (test_and_clear_bit(KVM_REQ_REPORT_TPR_ACCESS,
> > 				       &vcpu->requests)) {
> > 			kvm_run->exit_reason = KVM_EXIT_TPR_ACCESS;
> >@@ -3133,6 +3131,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
> >  	local_irq_disable();
> > +	if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests))
> >+		kvm_x86_ops->tlb_flush(vcpu);
> >+
> > 	if (vcpu->requests || need_resched() || signal_pending(current)) {
> > 		local_irq_enable();
> > 		preempt_enable();
> >  
> 
> If we lost the race and someone sets a bit after the test, then the
> test immediately above will pick this up retry the bit tests.
>

Ah true. Sorry for the noise.

-- 
           | Advanced Micro Devices GmbH
 Operating | Karl-Hammerschmidt-Str. 34, 85609 Dornach bei München
 System    | 
 Research  | Geschäftsführer: Jochen Polster, Thomas M. McCoy, Giuliano Meroni
 Center    | Sitz: Dornach, Gemeinde Aschheim, Landkreis München
           | Registergericht München, HRB Nr. 43632


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] kvm/x86: check KVM_REQ_TLB_FLUSH with irqs disabled
  2009-03-16 13:12 ` Avi Kivity
  2009-03-16 14:11   ` Joerg Roedel
@ 2009-03-16 18:30   ` Marcelo Tosatti
  2009-03-16 18:32     ` Avi Kivity
  2009-03-16 18:44     ` Joerg Roedel
  1 sibling, 2 replies; 6+ messages in thread
From: Marcelo Tosatti @ 2009-03-16 18:30 UTC (permalink / raw)
  To: Avi Kivity; +Cc: Joerg Roedel, kvm, linux-kernel

On Mon, Mar 16, 2009 at 03:12:52PM +0200, Avi Kivity wrote:
> Joerg Roedel wrote:
>> For KVM remote TLB flushes we need to check the KVM_REQ_TLB_FLUSH
>> request flag when the irqs are already disabled. Otherwise there is a
>> small window of time for a race condition where we may enter a guest
>> without doing a requested TLB flush.
>>
>> @@ -3108,8 +3108,6 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
>>  			kvm_write_guest_time(vcpu);
>>  		if (test_and_clear_bit(KVM_REQ_MMU_SYNC, &vcpu->requests))
>>  			kvm_mmu_sync_roots(vcpu);
>> -		if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests))
>> -			kvm_x86_ops->tlb_flush(vcpu);
>>  		if (test_and_clear_bit(KVM_REQ_REPORT_TPR_ACCESS,
>>  				       &vcpu->requests)) {
>>  			kvm_run->exit_reason = KVM_EXIT_TPR_ACCESS;
>> @@ -3133,6 +3131,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
>>   	local_irq_disable();
>>  +	if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests))
>> +		kvm_x86_ops->tlb_flush(vcpu);
>> +
>>  	if (vcpu->requests || need_resched() || signal_pending(current)) {
>>  		local_irq_enable();
>>  		preempt_enable();
>>   
>
> If we lost the race and someone sets a bit after the test, then the test  
> immediately above will pick this up retry the bit tests.

BTW, I've wondered if the local_irq_enable in svm_vcpu_run is safe:

        clgi();

        local_irq_enable();

There is no way that an interrupt can be handled there without an exit, 
right?


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] kvm/x86: check KVM_REQ_TLB_FLUSH with irqs disabled
  2009-03-16 18:30   ` Marcelo Tosatti
@ 2009-03-16 18:32     ` Avi Kivity
  2009-03-16 18:44     ` Joerg Roedel
  1 sibling, 0 replies; 6+ messages in thread
From: Avi Kivity @ 2009-03-16 18:32 UTC (permalink / raw)
  To: Marcelo Tosatti; +Cc: Joerg Roedel, kvm, linux-kernel

Marcelo Tosatti wrote:
> BTW, I've wondered if the local_irq_enable in svm_vcpu_run is safe:
>
>         clgi();
>
>         local_irq_enable();
>
> There is no way that an interrupt can be handled there without an exit, 
> right?
>   

clgi trumps sti, so all interrupts will be deferred until the guest is 
entered (which will cause an immediate vmexit).

-- 
Do not meddle in the internals of kernels, for they are subtle and quick to panic.


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] kvm/x86: check KVM_REQ_TLB_FLUSH with irqs disabled
  2009-03-16 18:30   ` Marcelo Tosatti
  2009-03-16 18:32     ` Avi Kivity
@ 2009-03-16 18:44     ` Joerg Roedel
  1 sibling, 0 replies; 6+ messages in thread
From: Joerg Roedel @ 2009-03-16 18:44 UTC (permalink / raw)
  To: Marcelo Tosatti; +Cc: Avi Kivity, kvm, linux-kernel

On Mon, Mar 16, 2009 at 03:30:00PM -0300, Marcelo Tosatti wrote:
> On Mon, Mar 16, 2009 at 03:12:52PM +0200, Avi Kivity wrote:
> > Joerg Roedel wrote:
> >> For KVM remote TLB flushes we need to check the KVM_REQ_TLB_FLUSH
> >> request flag when the irqs are already disabled. Otherwise there is a
> >> small window of time for a race condition where we may enter a guest
> >> without doing a requested TLB flush.
> >>
> >> @@ -3108,8 +3108,6 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
> >>  			kvm_write_guest_time(vcpu);
> >>  		if (test_and_clear_bit(KVM_REQ_MMU_SYNC, &vcpu->requests))
> >>  			kvm_mmu_sync_roots(vcpu);
> >> -		if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests))
> >> -			kvm_x86_ops->tlb_flush(vcpu);
> >>  		if (test_and_clear_bit(KVM_REQ_REPORT_TPR_ACCESS,
> >>  				       &vcpu->requests)) {
> >>  			kvm_run->exit_reason = KVM_EXIT_TPR_ACCESS;
> >> @@ -3133,6 +3131,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
> >>   	local_irq_disable();
> >>  +	if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests))
> >> +		kvm_x86_ops->tlb_flush(vcpu);
> >> +
> >>  	if (vcpu->requests || need_resched() || signal_pending(current)) {
> >>  		local_irq_enable();
> >>  		preempt_enable();
> >>   
> >
> > If we lost the race and someone sets a bit after the test, then the test  
> > immediately above will pick this up retry the bit tests.
> 
> BTW, I've wondered if the local_irq_enable in svm_vcpu_run is safe:
> 
>         clgi();
> 
>         local_irq_enable();

The reason behind this is that we have to allow the host to accept
interrupts. Interrupts are still blocked by clgi (together with
NMI, INIT, debug traps and SMI) until the global interrupt flag is
reenabled as a final step of VMRUN. If we don't enable interrupts here
they would be blocked and an external interrupt would not cause an
#VMEXIT.

Joerg

-- 
           | Advanced Micro Devices GmbH
 Operating | Karl-Hammerschmidt-Str. 34, 85609 Dornach bei München
 System    | 
 Research  | Geschäftsführer: Jochen Polster, Thomas M. McCoy, Giuliano Meroni
 Center    | Sitz: Dornach, Gemeinde Aschheim, Landkreis München
           | Registergericht München, HRB Nr. 43632


^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2009-03-16 18:45 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-03-16 13:03 [PATCH] kvm/x86: check KVM_REQ_TLB_FLUSH with irqs disabled Joerg Roedel
2009-03-16 13:12 ` Avi Kivity
2009-03-16 14:11   ` Joerg Roedel
2009-03-16 18:30   ` Marcelo Tosatti
2009-03-16 18:32     ` Avi Kivity
2009-03-16 18:44     ` Joerg Roedel

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.