| Message ID | 1237208625-2657-1-git-send-email-joerg.roedel@amd.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
Joerg Roedel wrote: > For KVM remote TLB flushes we need to check the KVM_REQ_TLB_FLUSH > request flag when the irqs are already disabled. Otherwise there is a > small window of time for a race condition where we may enter a guest > without doing a requested TLB flush. > > @@ -3108,8 +3108,6 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) > kvm_write_guest_time(vcpu); > if (test_and_clear_bit(KVM_REQ_MMU_SYNC, &vcpu->requests)) > kvm_mmu_sync_roots(vcpu); > - if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests)) > - kvm_x86_ops->tlb_flush(vcpu); > if (test_and_clear_bit(KVM_REQ_REPORT_TPR_ACCESS, > &vcpu->requests)) { > kvm_run->exit_reason = KVM_EXIT_TPR_ACCESS; > @@ -3133,6 +3131,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) > > local_irq_disable(); > > + if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests)) > + kvm_x86_ops->tlb_flush(vcpu); > + > if (vcpu->requests || need_resched() || signal_pending(current)) { > local_irq_enable(); > preempt_enable(); > If we lost the race and someone sets a bit after the test, then the test immediately above will pick this up retry the bit tests.
On Mon, Mar 16, 2009 at 03:12:52PM +0200, Avi Kivity wrote: > Joerg Roedel wrote: > >For KVM remote TLB flushes we need to check the KVM_REQ_TLB_FLUSH > >request flag when the irqs are already disabled. Otherwise there is a > >small window of time for a race condition where we may enter a guest > >without doing a requested TLB flush. > > > >@@ -3108,8 +3108,6 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) > > kvm_write_guest_time(vcpu); > > if (test_and_clear_bit(KVM_REQ_MMU_SYNC, &vcpu->requests)) > > kvm_mmu_sync_roots(vcpu); > >- if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests)) > >- kvm_x86_ops->tlb_flush(vcpu); > > if (test_and_clear_bit(KVM_REQ_REPORT_TPR_ACCESS, > > &vcpu->requests)) { > > kvm_run->exit_reason = KVM_EXIT_TPR_ACCESS; > >@@ -3133,6 +3131,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) > > local_irq_disable(); > > + if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests)) > >+ kvm_x86_ops->tlb_flush(vcpu); > >+ > > if (vcpu->requests || need_resched() || signal_pending(current)) { > > local_irq_enable(); > > preempt_enable(); > > > > If we lost the race and someone sets a bit after the test, then the > test immediately above will pick this up retry the bit tests. > Ah true. Sorry for the noise.
On Mon, Mar 16, 2009 at 03:12:52PM +0200, Avi Kivity wrote: > Joerg Roedel wrote: >> For KVM remote TLB flushes we need to check the KVM_REQ_TLB_FLUSH >> request flag when the irqs are already disabled. Otherwise there is a >> small window of time for a race condition where we may enter a guest >> without doing a requested TLB flush. >> >> @@ -3108,8 +3108,6 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) >> kvm_write_guest_time(vcpu); >> if (test_and_clear_bit(KVM_REQ_MMU_SYNC, &vcpu->requests)) >> kvm_mmu_sync_roots(vcpu); >> - if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests)) >> - kvm_x86_ops->tlb_flush(vcpu); >> if (test_and_clear_bit(KVM_REQ_REPORT_TPR_ACCESS, >> &vcpu->requests)) { >> kvm_run->exit_reason = KVM_EXIT_TPR_ACCESS; >> @@ -3133,6 +3131,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) >> local_irq_disable(); >> + if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests)) >> + kvm_x86_ops->tlb_flush(vcpu); >> + >> if (vcpu->requests || need_resched() || signal_pending(current)) { >> local_irq_enable(); >> preempt_enable(); >> > > If we lost the race and someone sets a bit after the test, then the test > immediately above will pick this up retry the bit tests. BTW, I've wondered if the local_irq_enable in svm_vcpu_run is safe: clgi(); local_irq_enable(); There is no way that an interrupt can be handled there without an exit, right? -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Marcelo Tosatti wrote: > BTW, I've wondered if the local_irq_enable in svm_vcpu_run is safe: > > clgi(); > > local_irq_enable(); > > There is no way that an interrupt can be handled there without an exit, > right? > clgi trumps sti, so all interrupts will be deferred until the guest is entered (which will cause an immediate vmexit).
On Mon, Mar 16, 2009 at 03:30:00PM -0300, Marcelo Tosatti wrote: > On Mon, Mar 16, 2009 at 03:12:52PM +0200, Avi Kivity wrote: > > Joerg Roedel wrote: > >> For KVM remote TLB flushes we need to check the KVM_REQ_TLB_FLUSH > >> request flag when the irqs are already disabled. Otherwise there is a > >> small window of time for a race condition where we may enter a guest > >> without doing a requested TLB flush. > >> > >> @@ -3108,8 +3108,6 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) > >> kvm_write_guest_time(vcpu); > >> if (test_and_clear_bit(KVM_REQ_MMU_SYNC, &vcpu->requests)) > >> kvm_mmu_sync_roots(vcpu); > >> - if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests)) > >> - kvm_x86_ops->tlb_flush(vcpu); > >> if (test_and_clear_bit(KVM_REQ_REPORT_TPR_ACCESS, > >> &vcpu->requests)) { > >> kvm_run->exit_reason = KVM_EXIT_TPR_ACCESS; > >> @@ -3133,6 +3131,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) > >> local_irq_disable(); > >> + if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests)) > >> + kvm_x86_ops->tlb_flush(vcpu); > >> + > >> if (vcpu->requests || need_resched() || signal_pending(current)) { > >> local_irq_enable(); > >> preempt_enable(); > >> > > > > If we lost the race and someone sets a bit after the test, then the test > > immediately above will pick this up retry the bit tests. > > BTW, I've wondered if the local_irq_enable in svm_vcpu_run is safe: > > clgi(); > > local_irq_enable(); The reason behind this is that we have to allow the host to accept interrupts. Interrupts are still blocked by clgi (together with NMI, INIT, debug traps and SMI) until the global interrupt flag is reenabled as a final step of VMRUN. If we don't enable interrupts here they would be blocked and an external interrupt would not cause an #VMEXIT. Joerg
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index b556b6a..301660a 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3108,8 +3108,6 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) kvm_write_guest_time(vcpu); if (test_and_clear_bit(KVM_REQ_MMU_SYNC, &vcpu->requests)) kvm_mmu_sync_roots(vcpu); - if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests)) - kvm_x86_ops->tlb_flush(vcpu); if (test_and_clear_bit(KVM_REQ_REPORT_TPR_ACCESS, &vcpu->requests)) { kvm_run->exit_reason = KVM_EXIT_TPR_ACCESS; @@ -3133,6 +3131,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) local_irq_disable(); + if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests)) + kvm_x86_ops->tlb_flush(vcpu); + if (vcpu->requests || need_resched() || signal_pending(current)) { local_irq_enable(); preempt_enable();
For KVM remote TLB flushes we need to check the KVM_REQ_TLB_FLUSH request flag when the irqs are already disabled. Otherwise there is a small window of time for a race condition where we may enter a guest without doing a requested TLB flush. Signed-off-by: Joerg Roedel <joerg.roedel@amd.com> --- arch/x86/kvm/x86.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-)