[stable] KVM: x86: Fix lost interrupt on irr_pending race

Message ID	000001d081cf$dd148fb0$973daf10$@astim.si (mailing list archive)
State	New, archived
Headers	show Return-Path: <kvm-owner@kernel.org> From: "Saso Slavicic" <saso.linux@astim.si> To: "'Paolo Bonzini'" <pbonzini@redhat.com>, <kvm@vger.kernel.org> Cc: <lists2009@fnarfbargle.com>, "'Nadav Amit'" <namit@cs.technion.ac.il> References: <1429602745-29882-1-git-send-email-pbonzini@redhat.com> <55360EA9.2030806@redhat.com> In-Reply-To: <55360EA9.2030806@redhat.com> Subject: RE: [PATCH stable] KVM: x86: Fix lost interrupt on irr_pending race Date: Tue, 28 Apr 2015 18:24:53 +0200 Message-ID: <000001d081cf$dd148fb0$973daf10$@astim.si> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Thread-Index: AQFUtzinhzGFNuDcEEol1sIWcPx3pgIv9AaHnkiuwbA= Content-Language: sl Sender: kvm-owner@vger.kernel.org Precedence: bulk

Message ID

000001d081cf$dd148fb0$973daf10$@astim.si (mailing list archive)

State

New, archived

Headers

From: "Saso Slavicic" <saso.linux@astim.si>
To: "'Paolo Bonzini'" <pbonzini@redhat.com>, <kvm@vger.kernel.org>
Cc: <lists2009@fnarfbargle.com>,
	"'Nadav Amit'" <namit@cs.technion.ac.il>
References: <1429602745-29882-1-git-send-email-pbonzini@redhat.com>
	<55360EA9.2030806@redhat.com>
In-Reply-To: <55360EA9.2030806@redhat.com>
Subject: RE: [PATCH stable] KVM: x86: Fix lost interrupt on irr_pending race
Date: Tue, 28 Apr 2015 18:24:53 +0200
Message-ID: <000001d081cf$dd148fb0$973daf10$@astim.si>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
Thread-Index: AQFUtzinhzGFNuDcEEol1sIWcPx3pgIv9AaHnkiuwbA=
Content-Language: sl
Sender: kvm-owner@vger.kernel.org
Precedence: bulk

Commit Message

Saso Slavicic April 28, 2015, 4:24 p.m. UTC

> From: Paolo Bonzini
> Sent: Tuesday, April 21, 2015 10:48 AM


Hi, big thanks to all involved in this and to Brad for endless reboots ;-)


>> Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
>> Fixes: 33e4c68656a2e461b296ce714ec322978de85412
>> Cc: stable@vger.kernel.org # 2.6.32+
>> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
>> ---
>> 	The race was reported in 3.17+ by Brad Campbell and in
>> 	2.6.32 by Saso Slavicic, so it qualifies for stable.

> Patch for kernels before 3.17:

This will probably end up in RHEL6 sooner or later (but probably not before
6.7)?
As I like to experiment a bit, would this patch do for -2.6.32-504.12.2.el6
kernel? The code in that function is somewhat different...

 static inline int apic_search_irr(struct kvm_lapic *apic)


Regards,
Saso Slavicic

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Paolo Bonzini April 29, 2015, 4:45 p.m. UTC | #1

On 28/04/2015 18:24, Saso Slavicic wrote:
> This will probably end up in RHEL6 sooner or later (but probably not before
> 6.7)?
> As I like to experiment a bit, would this patch do for -2.6.32-504.12.2.el6
> kernel? The code in that function is somewhat different...
> 
> --- a/arch/x86/kvm/lapic.c
> +++ b/arch/x86/kvm/lapic.c
> @@ -230,8 +230,13 @@
>  
>  static inline int apic_test_and_set_irr(int vec, struct kvm_lapic *apic)
>  {
> +	int ret = apic_test_and_set_vector(vec, apic->regs + APIC_IRR);
> +	/*
> +	 * irr_pending must be true if any interrupt is pending; set it
> after
> +	 * APIC_IRR to avoid race with apic_clear_irr
> +	 */
>  	apic->irr_pending = true;
> -	return apic_test_and_set_vector(vec, apic->regs + APIC_IRR);
> +	return ret;
>  }
>  
>  static inline int apic_search_irr(struct kvm_lapic *apic)
> 
> 
> Regards,

Yes, this exact same patch is brewing in the RHEL6.7 internal trees...

See https://bugzilla.redhat.com/show_bug.cgi?id=1213741

Paolo
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -230,8 +230,13 @@ 
 
 static inline int apic_test_and_set_irr(int vec, struct kvm_lapic *apic)
 {
+	int ret = apic_test_and_set_vector(vec, apic->regs + APIC_IRR);
+	/*
+	 * irr_pending must be true if any interrupt is pending; set it
after
+	 * APIC_IRR to avoid race with apic_clear_irr
+	 */
 	apic->irr_pending = true;
-	return apic_test_and_set_vector(vec, apic->regs + APIC_IRR);
+	return ret;
 }