From: Paolo Bonzini <pbonzini@redhat.com>
To: David Woodhouse <dwmw2@infradead.org>, kvm@vger.kernel.org
Cc: Sean Christopherson <seanjc@google.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
Joao Martins <joao.m.martins@oracle.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Metin Kaya <metikaya@amazon.co.uk>,
Paul Durrant <pdurrant@amazon.co.uk>
Subject: Re: [PATCH 1/2] KVM: x86/xen: PV oneshot timer fixes
Date: Wed, 9 Mar 2022 16:39:58 +0100 [thread overview]
Message-ID: <846caa99-2e42-4443-1070-84e49d2f11d2@redhat.com> (raw)
In-Reply-To: <20220309143835.253911-2-dwmw2@infradead.org>
On 3/9/22 15:38, David Woodhouse wrote:
> + if (hrtimer_active(&vcpu->arch.xen.timer))
> + data->u.timer.expires_ns = vcpu->arch.xen.timer_expires;
> + else
> + data->u.timer.expires_ns = 0;
> r = 0;
This is still racy. You should instead clear timer_expires in
xen_timer_callback, and only do so after a *successful* write to the
event channel (setting timer_pending is not enough).
Still, this only works if userspace reads the pending events *after*
expires_ns. It's the usual pattern:
xen_timer_callback() userspace
------------------------ ------------------------
kvm_xen_set_evtchn_fast() read timer_expires
smp_wmb() smp_rmb()
expires_ns = 0; read event channel
Now, if expires is read as 0, userspace surely will read the event properly.
Is this doable with the KVM ioctls that you have, considering that the
pending events are in memory? If not, you should add pause timer and
resume timer ioctls. These will change the hrtimer state without
touching timer_expires and timer_pending.
But even better, and even simpler: just set timer_pending in
xen_timer_callback, always go through the delayed injection path, and
remove this "if" from KVM_XEN_VCPU_GET_ATTR. Then there are no races,
because KVM_RUN and KVM_XEN_VCPU_GET_ATTR are protected with vcpu->mutex:
xen_timer_callback() migration source
------------------------ ------------------------
read event channel
inc timer_pending
ioctl(KVM_XEN_VCPU_GET_ATTR)
read timer_expires
timer_expires is *not* read as zero, because the clearing happens only
in kvm_xen_inject_timer_irqs(), which cannot be concurrent with
KVM_XEN_VCPU_GET_ATTR. And the destination does:
migration destination xen_timer_callback()
------------------------ ------------------------
ioctl(KVM_XEN_VCPU_SET_ATTR)
set timer_expires
hrtimer_start()
inc timer_pending
ioctl(KVM_RUN)
kvm_xen_inject_timer_irqs()
kvm_xen_set_evtchn()
kvm_xen_set_evtchn_fast()
expires_ns = 0;
Paolo
next prev parent reply other threads:[~2022-03-09 15:40 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-09 14:38 [PATCH 0/2] KVM: Xen PV timer fixups David Woodhouse
2022-03-09 14:38 ` [PATCH 1/2] KVM: x86/xen: PV oneshot timer fixes David Woodhouse
2022-03-09 15:39 ` Paolo Bonzini [this message]
2022-03-09 16:11 ` David Woodhouse
2022-03-09 16:28 ` Paolo Bonzini
2022-03-09 16:37 ` David Woodhouse
2022-03-09 16:39 ` Paolo Bonzini
2022-03-09 16:41 ` [PATCH v2 " David Woodhouse
2022-03-13 14:30 ` Paolo Bonzini
2022-03-13 14:57 ` David Woodhouse
2022-03-09 14:38 ` [PATCH 2/2] KVM: x86/xen: Update self test for Xen PV timers David Woodhouse
2022-03-09 14:47 ` [PATCH 0/2] KVM: Xen PV timer fixups David Woodhouse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=846caa99-2e42-4443-1070-84e49d2f11d2@redhat.com \
--to=pbonzini@redhat.com \
--cc=boris.ostrovsky@oracle.com \
--cc=dwmw2@infradead.org \
--cc=jmattson@google.com \
--cc=joao.m.martins@oracle.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=metikaya@amazon.co.uk \
--cc=pdurrant@amazon.co.uk \
--cc=seanjc@google.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).