| Message ID | 20250214041635.608012-5-gshan@redhat.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | target/arm: Improvement on memory error handling | expand |
On Fri, 14 Feb 2025 14:16:35 +1000 Gavin Shan <gshan@redhat.com> wrote: > The error -1 is returned if the previously reported CPER error > hasn't been claimed. The virtual machine is terminated due to > abort(). It's conflicting to the ideal behaviour that the affected > vCPU retries pushing the CPER error in this case since the vCPU > can't proceed its execution. > > Move the chunk of code to push CPER error to a separate helper > report_memory_errors() and retry the request when the return > value from acpi_ghes_memory_errors() is greater than zero. > > Signed-off-by: Gavin Shan <gshan@redhat.com> > --- > target/arm/kvm.c | 31 +++++++++++++++++++++++++------ > 1 file changed, 25 insertions(+), 6 deletions(-) > > diff --git a/target/arm/kvm.c b/target/arm/kvm.c > index 5c0bf99aec..9f063f6053 100644 > --- a/target/arm/kvm.c > +++ b/target/arm/kvm.c > @@ -2362,6 +2362,30 @@ int kvm_arch_get_registers(CPUState *cs, Error **errp) > return ret; > } > > +static void report_memory_error(CPUState *c, hwaddr paddr) > +{ > + int ret; > + > + while (true) { > + /* Retry if the previously report error hasn't been claimed */ > + ret = acpi_ghes_memory_errors(ACPI_HEST_SRC_ID_SEA, paddr, true); > + if (ret <= 0) { > + break; > + } > + > + bql_unlock(); > + g_usleep(1000); even with bql released it's not safe to loop in here. consider, a guest with 2 vcpus * vcpu 1 gets SIGBUS due to error * vcpu 2 trips over the same error and gets into this loop * on guest side vcpu 1 continues to run to handle SEA but might need to acquire a lock that vcpu 2 holds GHESv2 error source we support, can report several errors, currently QEMU supports only 1 'error status block' which can hold several error records (CPER) (though storage size is limited) 1: We can potentially add support for more GHESv2 error sources with their own Read ACK registers (let's say =max_cpus) (that is under assumption that no other error will be triggered while guest VCPUs handle their own SEA (upto clearing Read ACK)) 2: Another way could be for QEMU to allocate more error status _blocks_ for the only one error source it has now and try to find empty status block to inject new error(s). * it can be saturated with high rate of errors (so what do we do in case it happens?) * subject to race between clearing/setting Read ACK (maybe it can dealt with that on side by keeping internal read_ack counter) 3: And alternatively, queue incoming errors until read ack is cleared and then inject pending errors in one go. (problem with that is that at the moment QEMU doesn't monitor read ack register memory so it won't notice guest clearing that) Given spec has provision for multiple error status blocks/error data entries it seems that #2 is an expected way to deal with the problem. PS: I'd prefer Mauro's series being merged 1st (once it's resplit), for it refactors a bunch of original code and hopefully makes code easier to follow/extend. > + bql_lock(); > + } > + > + if (ret == 0) { > + kvm_inject_arm_sea(c); > + } else { > + error_report("Error %d to report memory error", ret); > + abort(); > + } > +} > + > void kvm_arch_on_sigbus_vcpu(CPUState *c, int code, void *addr) > { > ram_addr_t ram_addr; > @@ -2387,12 +2411,7 @@ void kvm_arch_on_sigbus_vcpu(CPUState *c, int code, void *addr) > */ > if (code == BUS_MCEERR_AR) { > kvm_cpu_synchronize_state(c); > - if (!acpi_ghes_memory_errors(ACPI_HEST_SRC_ID_SEA, paddr, false)) { > - kvm_inject_arm_sea(c); > - } else { > - error_report("failed to record the error"); > - abort(); > - } > + report_memory_error(c, paddr); > } > return; > }
diff --git a/target/arm/kvm.c b/target/arm/kvm.c index 5c0bf99aec..9f063f6053 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -2362,6 +2362,30 @@ int kvm_arch_get_registers(CPUState *cs, Error **errp) return ret; } +static void report_memory_error(CPUState *c, hwaddr paddr) +{ + int ret; + + while (true) { + /* Retry if the previously report error hasn't been claimed */ + ret = acpi_ghes_memory_errors(ACPI_HEST_SRC_ID_SEA, paddr, true); + if (ret <= 0) { + break; + } + + bql_unlock(); + g_usleep(1000); + bql_lock(); + } + + if (ret == 0) { + kvm_inject_arm_sea(c); + } else { + error_report("Error %d to report memory error", ret); + abort(); + } +} + void kvm_arch_on_sigbus_vcpu(CPUState *c, int code, void *addr) { ram_addr_t ram_addr; @@ -2387,12 +2411,7 @@ void kvm_arch_on_sigbus_vcpu(CPUState *c, int code, void *addr) */ if (code == BUS_MCEERR_AR) { kvm_cpu_synchronize_state(c); - if (!acpi_ghes_memory_errors(ACPI_HEST_SRC_ID_SEA, paddr, false)) { - kvm_inject_arm_sea(c); - } else { - error_report("failed to record the error"); - abort(); - } + report_memory_error(c, paddr); } return; }
The error -1 is returned if the previously reported CPER error hasn't been claimed. The virtual machine is terminated due to abort(). It's conflicting to the ideal behaviour that the affected vCPU retries pushing the CPER error in this case since the vCPU can't proceed its execution. Move the chunk of code to push CPER error to a separate helper report_memory_errors() and retry the request when the return value from acpi_ghes_memory_errors() is greater than zero. Signed-off-by: Gavin Shan <gshan@redhat.com> --- target/arm/kvm.c | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-)