From patchwork Tue Jan 30 12:46:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoffer Dall X-Patchwork-Id: 126221 Delivered-To: patch@linaro.org Received: by 10.46.84.92 with SMTP id y28csp3328612ljd; Tue, 30 Jan 2018 04:46:17 -0800 (PST) X-Google-Smtp-Source: AH8x226Vlp9fz6JofuZhn4el9QDipEmPebpAKaz1sD4hRdQlm4/irSeOESmT3LfaEzse8s2yCm27 X-Received: by 2002:a17:902:8307:: with SMTP id bd7-v6mr5241400plb.369.1517316377793; Tue, 30 Jan 2018 04:46:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517316377; cv=none; d=google.com; s=arc-20160816; b=Bd8JHfdGuIpvfmKgcaotbGhVUyBjKvd0eKaAzE0Omuh+Pmx5cMqRgduceEq5fPxaoa kyJofTPTtylQ8JD8cBMNHHq0nXz7hiob1KQdaKuA9NSL/QUh3qtqf7+iPXJscBjkEOTp h9lovHSJmTfx1XvXNwYbl97ArpYw2q2oC/2vobQ2z9Lnx+oj1sH+W+u/MnwJ6Jiu39L7 i6bk3eYRP0wfeCJ7iYc3jzEd2b2Q2bLu3piagkrf/Xw2Qc4a7eJGWqD5AsCA6ORDfCp2 l1qZ6NDflAcW3wQKMHL+WOWXfY+CjbJI3nLRH2eMrFbXZm1/j/JVNPhZ0kFRWVY2zGlE 3TXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=BYNSzmsKn3OnhgqpVRSX4IIDcxng2hrVookjaSDVbFY=; b=Yhm/FQYbYMxt2pTQiCUFVpz6j/UelY6viV36Q2ymCrpe4QUo2fxjZvpz0aMIdaMtbN UvysMilnpouGo7NySZqllynYiGWjR1iRcMSceQzRKL6Fup0TIonnJVMxY1AsizTeAdwU 8QAKoVvxmEoqaUFAWmKzMdr1t5aKI1vnL8SzWqt9RFvVxQoVkz7TD3uClpQ1eLHKX47M kSaE53Ml4oNOsW7vXn2z9f2mxNLuHz1Pb3K/Tvr1caiwyDkRerjzIDTaCXgZ/eVuIUZt xXutZm8IBSf9k19w+2VTuXb4GdLizRGBC+R7EP1RW7+hIRZyVaZGzMuTsMjy4NPqeK4y Ob1g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=fjkeveAy; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a10-v6si1600355plm.109.2018.01.30.04.46.17; Tue, 30 Jan 2018 04:46:17 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=fjkeveAy; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751907AbeA3MqO (ORCPT + 10 others); Tue, 30 Jan 2018 07:46:14 -0500 Received: from mail-wm0-f68.google.com ([74.125.82.68]:50358 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751889AbeA3MqN (ORCPT ); Tue, 30 Jan 2018 07:46:13 -0500 Received: by mail-wm0-f68.google.com with SMTP id f71so896431wmf.0 for ; Tue, 30 Jan 2018 04:46:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=BYNSzmsKn3OnhgqpVRSX4IIDcxng2hrVookjaSDVbFY=; b=fjkeveAyTli6K8+NgY1stIBmu+FNw4Ihmtdtax+pCud5RagCShe/g9PixURXTnaMDL +anj/sqYaEzKhqx8ahydIFjqdP5x34sysMHibTlca+NiNWXN3XYBF69PJMC9hzRFqM7K zOtrVFIgKQDCmCXbSv4rJjUbBDmp4z0Ae9+4s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=BYNSzmsKn3OnhgqpVRSX4IIDcxng2hrVookjaSDVbFY=; b=MkVqj9+f6pOSHuoKuuujtmPPu/k+6YrAy25F+/ZRL1gYF9RnXGATYr4bJx7zMEOCQV 3VxEhX5ZJzIf4+5o3Y0/lkeHLZmxFyR5X5A2D8czNORzv/EkNVZWf08LuqH/q4oeYem6 /pFHU4ONCMq2iJ7dPDIjv9SEd9Epma9MBZuPgaU5LDk0zUCFOMqJLN6SEHRCjGe31Ndc ujxGpMoWYzTY2w1rsZ4/Ah1419wlVBgvPtTS7wU2SXiD4o07wrbNBoGEz5LOmRdxuJVt 0jcwugYB/FnVj7Yn4uxGv8MNIu7Z6t95m4bdLV28D/5cIqJoI0wTEpVmZv0rToxz4WVW VArw== X-Gm-Message-State: AKwxytcEtKIhmRTGPrVI/9q1NIBeS4mdfsK87t4H+j2kSpjlydG+hgcM cVopTTBH82enTscw5LqiR9IxMCiEyt4= X-Received: by 10.80.148.217 with SMTP id t25mr51952745eda.121.1517316372638; Tue, 30 Jan 2018 04:46:12 -0800 (PST) Received: from localhost.localdomain (x50d2404e.cust.hiper.dk. [80.210.64.78]) by smtp.gmail.com with ESMTPSA id i6sm1849396edl.57.2018.01.30.04.46.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 30 Jan 2018 04:46:11 -0800 (PST) From: Christoffer Dall To: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu Cc: kvm@vger.kernel.org, Marc Zyngier , Christoffer Dall , Alexander Graf , stable@vger.kernel.org Subject: [PATCH] KVM: arm/arm64: Fix arch timers with userspace irqchips Date: Tue, 30 Jan 2018 13:46:09 +0100 Message-Id: <20180130124609.15076-1-christoffer.dall@linaro.org> X-Mailer: git-send-email 2.14.2 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org When introducing support for irqchip in userspace we needed a way to mask the timer signal to prevent the guest continuously exiting due to a screaming timer. We did this by disabling the corresponding percpu interrupt on the host interrupt controller, because we cannot rely on the host system having a GIC, and therefore cannot make any assumptions about having an active state to hide the timer signal. Unfortunately, when introducing this feature, it became entirely possible that a VCPU which belongs to a VM that has a userspace irqchip can disable the vtimer irq on the host on some physical CPU, and then go away without ever enabling the vimter irq on that physical CPU again. This means that using irqchips in userspace on a system that also supports running VMs with an in-kernel GIC can prevent forward progress from in-kernel GIC VMs. Later on, when we started taking virtual timer interrupts in the arch timer code, we would also leave this timer state active for userspace irqchip VMs, because we leave it up to a VGIC-enabled guest to deactivate the hardware IRQ using the HW bit in the LR. Both issues are solved by only using the enable/disable trick on systems that do not have a host GIC which supports the active state, because all VMs on such systems must use irqchips in userspace. Systems that have a working GIC with support for an active state use the active state to mask the timer signal for both userspace an in-kernel irqchips. Cc: Alexander Graf Cc: # v4.12+ Fixes: d9e139778376 ("KVM: arm/arm64: Support arch timers with a userspace gic") Signed-off-by: Christoffer Dall --- This conflicts horribly with everything when applied to either kvmarm/queue or kvmarm/master. Therefore, this patch is written for (and applies to) v4.15 with kvmarm/queue merged and should therefore apply cleanly after v4.16-rc1. An example with this patch applied can be found on kvmarm/temp-for-v4.16-rc2. I plan on sending this along with any other potential fixes post v4.16-rc1. virt/kvm/arm/arch_timer.c | 77 ++++++++++++++++++++++++++--------------------- 1 file changed, 42 insertions(+), 35 deletions(-) -- 2.14.2 Reviewed-by: Marc Zyngier diff --git a/virt/kvm/arm/arch_timer.c b/virt/kvm/arm/arch_timer.c index 70268c0bec79..228906ceb722 100644 --- a/virt/kvm/arm/arch_timer.c +++ b/virt/kvm/arm/arch_timer.c @@ -35,6 +35,7 @@ static struct timecounter *timecounter; static unsigned int host_vtimer_irq; static u32 host_vtimer_irq_flags; +static bool has_gic_active_state; static const struct kvm_irq_level default_ptimer_irq = { .irq = 30, @@ -69,25 +70,6 @@ static void soft_timer_cancel(struct hrtimer *hrt, struct work_struct *work) cancel_work_sync(work); } -static void kvm_vtimer_update_mask_user(struct kvm_vcpu *vcpu) -{ - struct arch_timer_context *vtimer = vcpu_vtimer(vcpu); - - /* - * When using a userspace irqchip with the architected timers, we must - * prevent continuously exiting from the guest, and therefore mask the - * physical interrupt by disabling it on the host interrupt controller - * when the virtual level is high, such that the guest can make - * forward progress. Once we detect the output level being - * de-asserted, we unmask the interrupt again so that we exit from the - * guest when the timer fires. - */ - if (vtimer->irq.level) - disable_percpu_irq(host_vtimer_irq); - else - enable_percpu_irq(host_vtimer_irq, 0); -} - static irqreturn_t kvm_arch_timer_handler(int irq, void *dev_id) { struct kvm_vcpu *vcpu = *(struct kvm_vcpu **)dev_id; @@ -107,8 +89,8 @@ static irqreturn_t kvm_arch_timer_handler(int irq, void *dev_id) kvm_timer_update_irq(vcpu, true, vtimer); if (static_branch_unlikely(&userspace_irqchip_in_use) && - unlikely(!irqchip_in_kernel(vcpu->kvm))) - kvm_vtimer_update_mask_user(vcpu); + unlikely(!irqchip_in_kernel(vcpu->kvm)) && !has_gic_active_state) + disable_percpu_irq(host_vtimer_irq); return IRQ_HANDLED; } @@ -460,13 +442,16 @@ static void set_cntvoff(u64 cntvoff) kvm_call_hyp(__kvm_timer_set_cntvoff, low, high); } -static void kvm_timer_vcpu_load_vgic(struct kvm_vcpu *vcpu) +static void kvm_timer_vcpu_load_gic(struct kvm_vcpu *vcpu) { struct arch_timer_context *vtimer = vcpu_vtimer(vcpu); bool phys_active; int ret; - phys_active = kvm_vgic_map_is_active(vcpu, vtimer->irq.irq); + if (irqchip_in_kernel(vcpu->kvm)) + phys_active = kvm_vgic_map_is_active(vcpu, vtimer->irq.irq); + else + phys_active = vtimer->irq.level; ret = irq_set_irqchip_state(host_vtimer_irq, IRQCHIP_STATE_ACTIVE, @@ -474,9 +459,24 @@ static void kvm_timer_vcpu_load_vgic(struct kvm_vcpu *vcpu) WARN_ON(ret); } -static void kvm_timer_vcpu_load_user(struct kvm_vcpu *vcpu) +static void kvm_timer_vcpu_load_nogic(struct kvm_vcpu *vcpu) { - kvm_vtimer_update_mask_user(vcpu); + struct arch_timer_context *vtimer = vcpu_vtimer(vcpu); + + /* + * When using a userspace irqchip with the architected timers and a + * host interrupt controller that doesn't support an active state, we + * must still we must prevent continuously exiting from the guest, and + * therefore mask the physical interrupt by disabling it on the host + * interrupt controller when the virtual level is high, such that the + * guest can make forward progress. Once we detect the output level + * being de-asserted, we unmask the interrupt again so that we exit + * from the guest when the timer fires. + */ + if (vtimer->irq.level) + disable_percpu_irq(host_vtimer_irq); + else + enable_percpu_irq(host_vtimer_irq, host_vtimer_irq_flags); } void kvm_timer_vcpu_load(struct kvm_vcpu *vcpu) @@ -487,10 +487,10 @@ void kvm_timer_vcpu_load(struct kvm_vcpu *vcpu) if (unlikely(!timer->enabled)) return; - if (unlikely(!irqchip_in_kernel(vcpu->kvm))) - kvm_timer_vcpu_load_user(vcpu); + if (has_gic_active_state) + kvm_timer_vcpu_load_gic(vcpu); else - kvm_timer_vcpu_load_vgic(vcpu); + kvm_timer_vcpu_load_nogic(vcpu); set_cntvoff(vtimer->cntvoff); @@ -555,18 +555,23 @@ static void unmask_vtimer_irq_user(struct kvm_vcpu *vcpu) { struct arch_timer_context *vtimer = vcpu_vtimer(vcpu); - if (unlikely(!irqchip_in_kernel(vcpu->kvm))) { - __timer_snapshot_state(vtimer); - if (!kvm_timer_should_fire(vtimer)) { - kvm_timer_update_irq(vcpu, false, vtimer); - kvm_vtimer_update_mask_user(vcpu); - } + __timer_snapshot_state(vtimer); + if (!kvm_timer_should_fire(vtimer)) { + kvm_timer_update_irq(vcpu, false, vtimer); + if (!has_gic_active_state) + enable_percpu_irq(host_vtimer_irq, host_vtimer_irq_flags); } } void kvm_timer_sync_hwstate(struct kvm_vcpu *vcpu) { - unmask_vtimer_irq_user(vcpu); + struct arch_timer_cpu *timer = &vcpu->arch.timer_cpu; + + if (unlikely(!timer->enabled)) + return; + + if (unlikely(!irqchip_in_kernel(vcpu->kvm))) + unmask_vtimer_irq_user(vcpu); } int kvm_timer_vcpu_reset(struct kvm_vcpu *vcpu) @@ -753,6 +758,8 @@ int kvm_timer_hyp_init(bool has_gic) kvm_err("kvm_arch_timer: error setting vcpu affinity\n"); goto out_free_irq; } + + has_gic_active_state = true; } kvm_info("virtual timer IRQ%d\n", host_vtimer_irq);