From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2DB53C4346E for ; Tue, 29 Sep 2020 08:12:59 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id AF3C120897 for ; Tue, 29 Sep 2020 08:12:58 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="VE64W/tw"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="Iz4qozHv" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org AF3C120897 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Type: Content-Transfer-Encoding:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Message-ID:References:In-Reply-To:Subject:To:From: Date:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=XIsNjAyZCoKUMKlF5d6nfPJqil2EdblDVqWQVRsB1Kw=; b=VE64W/twLnJlPPr/XMr/KWWxi 2wtbMvOePlKgNIX0QFdHV41w6KsGFhE7RenFoVJmpn/v32NcI02v0+vQgJ2GRzmiPiwfGds51LJE2 14KyYdVMRabJ/TR+540oMsAwVSZyyT3swZ1kboaJYWeef6DcHtMe7HnaOySrIOHPKtgMN/zhy9dql bvLwcRAzIqGxgN05tO9W2mfdNrJIhk5tgxhjXOLQN53eMtjLriJ0/+sfe3ZFZLWkp7CkjGKt4fwQP 5d80TC7WuqcjEHgZp8D9WXUeNycskiIvY3X6ObMLPcZhkx4ariP2G8HyMCRfMM91EC263rrphBnRA OHjZwqQmw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kNAjW-0008AA-Fh; Tue, 29 Sep 2020 08:11:34 +0000 Received: from mail.kernel.org ([198.145.29.99]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kNAjS-000892-Hv for linux-arm-kernel@lists.infradead.org; Tue, 29 Sep 2020 08:11:32 +0000 Received: from disco-boy.misterjones.org (disco-boy.misterjones.org [51.254.78.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6A57D20897; Tue, 29 Sep 2020 08:11:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1601367089; bh=2QtfuAN12D0f3UZ6nHo4OKWmNd0W3GooleNYU97QzbA=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=Iz4qozHvccRRoCfKpWtAi3one5bCCu9wDBlO5CNB9ckO/Fox3MisSb7/8ncL/jGos +F6tdhPl8lDIV1AJg22Hwi93YXUT3yRnyJfRf7Wdkq1+SHFP6ZLLvt1sdy1OX86YWi OGClXcTR2HkrGNny0R+wm8cF2O6tYAKgcf2Kg738= Received: from disco-boy.misterjones.org ([51.254.78.96] helo=www.loen.fr) by disco-boy.misterjones.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1kNAjP-00FiPB-JV; Tue, 29 Sep 2020 09:11:27 +0100 MIME-Version: 1.0 Date: Tue, 29 Sep 2020 09:11:27 +0100 From: Marc Zyngier To: Alexandru Elisei Subject: Re: [PATCH v7 5/7] KVM: arm64: pmu: Make overflow handler NMI safe In-Reply-To: <20200924110706.254996-6-alexandru.elisei@arm.com> References: <20200924110706.254996-1-alexandru.elisei@arm.com> <20200924110706.254996-6-alexandru.elisei@arm.com> User-Agent: Roundcube Webmail/1.4.8 Message-ID: <14a0562fee95d5c7aa5bc6b67d213858@kernel.org> X-Sender: maz@kernel.org X-SA-Exim-Connect-IP: 51.254.78.96 X-SA-Exim-Rcpt-To: alexandru.elisei@arm.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, mark.rutland@arm.com, sumit.garg@linaro.org, swboyd@chromium.org, catalin.marinas@arm.com, will@kernel.org, julien.thierry@arm.com, julien.thierry.kdev@gmail.com, marc.zyngier@arm.com, will.deacon@arm.com, james.morse@arm.com, suzuki.poulose@arm.com, kvm@vger.kernel.org, kvmarm@lists.cs.columbia.edu X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200929_041130_719128_3BC061F1 X-CRM114-Status: GOOD ( 32.67 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mark.rutland@arm.com, sumit.garg@linaro.org, kvm@vger.kernel.org, Julien Thierry , Marc Zyngier , catalin.marinas@arm.com, Suzuki K Pouloze , Will Deacon , linux-kernel@vger.kernel.org, swboyd@chromium.org, James Morse , Julien Thierry , will@kernel.org, kvmarm@lists.cs.columbia.edu, linux-arm-kernel@lists.infradead.org Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 2020-09-24 12:07, Alexandru Elisei wrote: > From: Julien Thierry > > kvm_vcpu_kick() is not NMI safe. When the overflow handler is called > from > NMI context, defer waking the vcpu to an irq_work queue. > > A vcpu can be freed while it's not running by kvm_destroy_vm(). Prevent > running the irq_work for a non-existent vcpu by calling irq_work_sync() > on > the PMU destroy path. > > Cc: Julien Thierry > Cc: Marc Zyngier > Cc: Will Deacon > Cc: Mark Rutland > Cc: Catalin Marinas > Cc: James Morse > Cc: Suzuki K Pouloze > Cc: kvm@vger.kernel.org > Cc: kvmarm@lists.cs.columbia.edu > Signed-off-by: Julien Thierry > Tested-by: Sumit Garg (Developerbox) > [Alexandru E.: Added irq_work_sync()] > Signed-off-by: Alexandru Elisei > --- > I suggested in v6 that I will add an irq_work_sync() to > kvm_pmu_vcpu_reset(). It turns out it's not necessary: a vcpu reset is > done > by the vcpu being reset with interrupts enabled, which means all the > work > has had a chance to run before the reset takes place. I don't understand your argument about interrupts being enabled. The real reason for not needing any synchronization is that all that the queued work does is to kick the vcpu. Given that the vcpu is resetting, no amount of kicking is going to change anything (it is already outside of the guest). Things are obviously different on destroy, where the vcpu is actively going away and we need to make sure we don't use stale data. > > arch/arm64/kvm/pmu-emul.c | 26 +++++++++++++++++++++++++- > include/kvm/arm_pmu.h | 1 + > 2 files changed, 26 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/kvm/pmu-emul.c b/arch/arm64/kvm/pmu-emul.c > index f0d0312c0a55..81916e360b1e 100644 > --- a/arch/arm64/kvm/pmu-emul.c > +++ b/arch/arm64/kvm/pmu-emul.c > @@ -269,6 +269,7 @@ void kvm_pmu_vcpu_destroy(struct kvm_vcpu *vcpu) > > for (i = 0; i < ARMV8_PMU_MAX_COUNTERS; i++) > kvm_pmu_release_perf_event(&pmu->pmc[i]); > + irq_work_sync(&vcpu->arch.pmu.overflow_work); > } > > u64 kvm_pmu_valid_counter_mask(struct kvm_vcpu *vcpu) > @@ -433,6 +434,22 @@ void kvm_pmu_sync_hwstate(struct kvm_vcpu *vcpu) > kvm_pmu_update_state(vcpu); > } > > +/** > + * When perf interrupt is an NMI, we cannot safely notify the vcpu > corresponding > + * to the event. > + * This is why we need a callback to do it once outside of the NMI > context. > + */ > +static void kvm_pmu_perf_overflow_notify_vcpu(struct irq_work *work) > +{ > + struct kvm_vcpu *vcpu; > + struct kvm_pmu *pmu; > + > + pmu = container_of(work, struct kvm_pmu, overflow_work); > + vcpu = kvm_pmc_to_vcpu(pmu->pmc); > + > + kvm_vcpu_kick(vcpu); > +} > + > /** > * When the perf event overflows, set the overflow status and inform > the vcpu. > */ > @@ -465,7 +482,11 @@ static void kvm_pmu_perf_overflow(struct > perf_event *perf_event, > > if (kvm_pmu_overflow_status(vcpu)) { > kvm_make_request(KVM_REQ_IRQ_PENDING, vcpu); > - kvm_vcpu_kick(vcpu); > + > + if (!in_nmi()) > + kvm_vcpu_kick(vcpu); > + else > + irq_work_queue(&vcpu->arch.pmu.overflow_work); > } > > cpu_pmu->pmu.start(perf_event, PERF_EF_RELOAD); > @@ -764,6 +785,9 @@ static int kvm_arm_pmu_v3_init(struct kvm_vcpu > *vcpu) > return ret; > } > > + init_irq_work(&vcpu->arch.pmu.overflow_work, > + kvm_pmu_perf_overflow_notify_vcpu); > + > vcpu->arch.pmu.created = true; > return 0; > } > diff --git a/include/kvm/arm_pmu.h b/include/kvm/arm_pmu.h > index 6db030439e29..dbf4f08d42e5 100644 > --- a/include/kvm/arm_pmu.h > +++ b/include/kvm/arm_pmu.h > @@ -27,6 +27,7 @@ struct kvm_pmu { > bool ready; > bool created; > bool irq_level; > + struct irq_work overflow_work; Nit: placing this new field right after the pmc array would avoid creating an unnecessary padding in the structure. Not a big deal, and definitely something we can sort out when applying the patch. > }; > > #define kvm_arm_pmu_v3_ready(v) ((v)->arch.pmu.ready) Reviewed-by: Marc Zyngier M. -- Jazz is not dead. It just smells funny... _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel