Received: by 10.223.176.46 with SMTP id f43csp1413033wra; Sat, 20 Jan 2018 18:47:20 -0800 (PST) X-Google-Smtp-Source: AH8x224yOydkxJMNNAbonmKs003lMAt3hozd6tMMQ7mqotq1lXGsZEHTDVu/BBCIinoHpSevYiuy X-Received: by 2002:a17:902:b70e:: with SMTP id d14-v6mr1621868pls.224.1516502839960; Sat, 20 Jan 2018 18:47:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516502839; cv=none; d=google.com; s=arc-20160816; b=oENaBSJ7mbrKkVxiTce52tVXi3lEdyhqzbRt9yPGldhOjIeAFjlHzITSdUtu53lfw/ dTj7AqH5rrN7fAhJcBp0czhwNiGCZxLWlMgjqwsG15yDlMqtUAXPG3PEVMEeNYnJ5VSx Mafi5UYhQLknNNhWcrNpZzkaW2UMza0fDe5MpPFBHbQE4teoVPgBT+mnr4+AGlNOUPOS zCRLgmrO30CEE62dU8TrD9264akAGnMHVwE22h543ForBhAUEVwpgjbU2Oa1XwcMgIKo WgJNzl3Nzur3NC3SSb/P/hUrV+ZYMFejKzh3MG/dBJvSAbQ+r3DoHGumQxP5AwEjWoSb ypzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=Zg9Vq8xVq1vYcVvwVlsCc2ETWl+HDjI/0QKUulN4EWI=; b=u0K4DOmMKrI0N+b2SiampS4pOUFBRysIxpvmAjaNC4PQy2Ez478pTWFEfrtBDjuxVT /FM3Q7I78cEhnbrrK1MtJfZ262F1sODkKWiNWEOMTDq4fk7f2lraKpdNy6NhaByffnzq C9GAaIYHuQaVv7Tr0pXrVGMKHlovBIEAynrS3cKTgOAOK7uS5dFLpjxNSZnXkOt1pW7/ YzBEww8zgFasYOIoNR/sdjYd41YVQ7dT/1mFlKqyzTtbU8f1+CUr9/2/jMRjprt3k/fM ENPPSeKrTwg9C6ixXhu9WbjdcHJbhU2ckcbsKplKE7NGrE/fKJi4PGDA1eE9XGSqcb+7 Gt7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=aBbiTdYo; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d12si9439419pgq.658.2018.01.20.18.47.05; Sat, 20 Jan 2018 18:47:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=aBbiTdYo; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932723AbeAUCpw (ORCPT + 99 others); Sat, 20 Jan 2018 21:45:52 -0500 Received: from mail-vk0-f51.google.com ([209.85.213.51]:42182 "EHLO mail-vk0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932145AbeAUCpi (ORCPT ); Sat, 20 Jan 2018 21:45:38 -0500 Received: by mail-vk0-f51.google.com with SMTP id t4so3121064vkb.9; Sat, 20 Jan 2018 18:45:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Zg9Vq8xVq1vYcVvwVlsCc2ETWl+HDjI/0QKUulN4EWI=; b=aBbiTdYosi+b+oFiVlB3POh0bTdq2OLClGIZAcVji3Od+9P9ErObD934qudyOvKR7J YFXrqAYezznm0vJXbULEItdGUd+VgZIIyG6DUzhEN38aBk1Z+s0SYVPh8t08MvPMY7r2 SwBzfRBhBjheYrarExBaBhjACsVCRy4DSxecvVohJXrDSqok6LW6ggN/1XYhc/09dqK7 jDKrrb+K+pyRDb1mMraYrj7IEFe4wgF5CAkH74YaL89MuJukQNSAwFkf0hjeHKIPyXld 4FvbtlcfSjEASGToji9UiMmihFn+6i9EC3lU8Empv5m6b+j3a7m3l6RQc2xyoVm2cB+y A/xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Zg9Vq8xVq1vYcVvwVlsCc2ETWl+HDjI/0QKUulN4EWI=; b=ZuTTu+1qA0efJfZ/+B7qWTCErspEdyRbMWRdc56qMQZDIY16JtGmOPqeBwC/PxLo4T TcDOoLXISZDUVM6eUTXIALs9w9Z75D7ZyaP8kmX+7JKE5FYY+PHT+GXUw5YFgTvjV3N6 ZyADZVQeJG+APL35lVhXbDedPOurdY7pp5Hl+eHJR0Djv45EeyOXh31acDu2G01Lwc6a QijnBaVlDIuisUuqtmMNYFclPizYe3YXLXZDHadtoUzEgbA2CwkiIMsiXWsvu7HMVkWC 8X+rBvnJ4pE+z/oBLz0l9Q8l9y5pb5I/7rMTu+eQt+HSZVA3fi+navNGSu/ui6oFdLkG 7cKA== X-Gm-Message-State: AKwxytfCbI9lgdmmShFo7hAQKwsKIO45c2tEaB+rNCQMK5VjDx/MAFlJ bZPz7LMh+GQ7BPOEY0nQCLZLLNajXaZcO8zlebBomA== X-Received: by 10.31.94.207 with SMTP id s198mr2049244vkb.23.1516502737100; Sat, 20 Jan 2018 18:45:37 -0800 (PST) MIME-Version: 1.0 Received: by 10.159.37.131 with HTTP; Sat, 20 Jan 2018 18:45:36 -0800 (PST) In-Reply-To: <5A58F8E3.5060002@arm.com> References: <1510343650-23659-1-git-send-email-gengdongjiu@huawei.com> <1510343650-23659-8-git-send-email-gengdongjiu@huawei.com> <5A0B1334.7060500@arm.com> <4af78739-99da-4056-4db1-f80bfe11081a@huawei.com> <5A283F26.3020507@arm.com> <4b37e86d-eee3-c51e-eceb-5d0c7ad12886@huawei.com> <506cd212-3d16-ba2a-518f-34982bc162fc@huawei.com> <5A58F8E3.5060002@arm.com> From: gengdongjiu Date: Sun, 21 Jan 2018 10:45:36 +0800 Message-ID: Subject: Re: [PATCH v8 7/7] arm64: kvm: handle SError Interrupt by categorization To: James Morse Cc: gengdongjiu , wuquanming , linux-doc@vger.kernel.org, kvm@vger.kernel.org, Marc Zyngier , Catalin Marinas , Jonathan Corbet , rjw@rjwysocki.net, linux@armlinux.org.uk, linuxarm@huawei.com, Linux Kernel Mailing List , linux-acpi@vger.kernel.org, bp@alien8.de, arm-mail-list , Huangshaoyu , pbonzini@redhat.com, kvmarm@lists.cs.columbia.edu, devel@acpica.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi James, Sorry for my late response due to out of office recently. 2018-01-13 2:05 GMT+08:00 James Morse : > Hi gengdongjiu, > > On 15/12/17 03:30, gengdongjiu wrote: >> On 2017/12/7 14:37, gengdongjiu wrote: >>>> We need to tackle (1) and (3) separately. For (3) we need some API that lets >>>> Qemu _trigger_ an SError in the guest, with a specified ESR. But, we don't have >>>> a way of migrating pending SError yet... which is where I got stuck last time I >>>> was looking at this. >>> I understand you most idea. >>> >>> But In the Qemu one signal type can only correspond to one behavior, can not correspond to two behaviors, >>> otherwise Qemu will do not know how to do. >>> >>> For the Qemu, if it receives the SIGBUS_MCEERR_AR signal, it will populate the CPER >>> records and inject a SEA to guest through KVM IOCTL "KVM_SET_ONE_REG"; if receives the SIGBUS_MCEERR_AO >>> signal, it will record the CPER and trigger a IRQ to notify guest, as shown below: >>> >>> SIGBUS_MCEERR_AR trigger Synchronous External Abort. >>> SIGBUS_MCEERR_AO trigger GPIO IRQ. >>> >>> For the SIGBUS_MCEERR_AO and SIGBUS_MCEERR_AR, we have already specify trigger method, which all >>> >>> not involve _trigger_ an SError. >>> >>> so there is no chance for Qemu to trigger the SError when gets the SIGBUS_MCEERR_A{O,R}. >> >> As I explained above: >> >> If Qemu received SIGBUS_MCEERR_AR, it will record CPER and trigger Synchronous External Abort; >> If Qemu received SIGBUS_MCEERR_AO, it will record CPER and trigger GPIO IRQ; > >> So Qemu does not know when to _trigger_ an SError. > > There is no answer to this. How the CPU decides is specific to the CPU design. > How Qemu decides is going to be specific to the machine it emulates. > > My understanding is there is some overlap for which RAS errors are reported as > synchronous external abort, and which use SError. (Obviously the imprecise ones > are all SError). Which one the CPU uses depends on how the CPU is designed. > > When you take an SIGBUS_MCEERR_AR from KVM, its because KVM can't complete a > stage2 fault because the page is marked with PG_poisoned. These started out as a > synchronous exception, but you could still report these with SError. yes, I agree, it is policy choice. > > We don't have a way to signal user-space about imprecise exceptions, this isn't > a KVM specific problem. > > >> so here I "return a error" to Qemu if ghes_notify_sei() return failure in [1], if you opposed KVM "return error", >> do you have a better idea about it? thanks > > If ghes_notify_sei() fails to claim the error, we should drop through to > kernel-first-handling. We don't have that yet, just the stub that ignores errors > where we can make progress. > > If neither firmware-first nor kernel-first claim a RAS error, we're in trouble. > I'd like to panic() as we got a RAS notification but no description of the > error. We can't do this until we have kernel-first support, hence that stub. > > >> About the way of migrating pending SError, I think it is a separate case, because Qemu still does not know >> how and when to trigger the SError. > > I agree, but I think we should fix this first before we add another user of this > unmigratable hypervisor state. > > (I recall someone saying migration is needed for any new KVM/cpu features, but I > can't find the thread) > > >> [1]: >> static int kvm_handle_guest_sei(struct kvm_vcpu *vcpu, struct kvm_run *run) >> { >> ....................... >> + case ESR_ELx_AET_UER: /* The error has not been propagated */ >> + /* >> + * Userspace only handle the guest SError Interrupt(SEI) if the >> + * error has not been propagated >> + */ >> + run->exit_reason = KVM_EXIT_EXCEPTION; >> + run->ex.exception = ESR_ELx_EC_SERROR; > > I'm against telling user space RAS errors ever happened, only the final > user-visible error when the kernel can't fix it. thanks for the explanation. For the ESR_ELx_AET_UER, this exception is precise, closing the VM may be better[1]. But if you think panic is better until we support kernel-first, it is also OK to me. +static int kvm_handle_guest_sei(struct kvm_vcpu *vcpu, struct kvm_run *run) +{ + unsigned int esr = kvm_vcpu_get_hsr(vcpu); + bool impdef_syndrome = esr & ESR_ELx_ISV; /* aka IDS */ + unsigned int aet = esr & ESR_ELx_AET; + + /* + * This is not RAS SError + */ + if (!cpus_have_const_cap(ARM64_HAS_RAS_EXTN)) { + kvm_inject_vabt(vcpu); + return 1; + } + + /* For RAS the host kernel may handle this abort. */ + if (!handle_guest_sei()) + return 1; + + /* + * In below two conditions, it will directly inject the + * virtual SError: + * 1. The Syndrome is IMPLEMENTATION DEFINED + * 2. It is Uncategorized SEI + */ + if (impdef_syndrome || + ((esr & ESR_ELx_FSC) != ESR_ELx_FSC_SERROR)) { + kvm_inject_vabt(vcpu); + return 1; + } + + switch (aet) { + case ESR_ELx_AET_CE: /* corrected error */ + case ESR_ELx_AET_UEO: /* restartable error, not yet consumed */ + return 1; /* continue processing the guest exit */ + case ESR_ELx_AET_UER: /* recoverable error */ + /* + * the exception is precise, not been silently propagated + * and not been consumed by the CPU, temporarily shut down + * the VM to isolated the error, hope not touch it again. + */ + run->exit_reason = KVM_EXIT_EXCEPTION; + return 0; + default: + /* + * Until now, the CPU supports RAS, SError interrupt is fatal + * and host does not successfully handle it. + */ + panic("This Asynchronous SError interrupt is dangerous, panic"); + } + + return 0; +} + > > This is inventing something new for RAS errors not claimed by firmware-first. > If we have kernel-first too, this will never happen. (unless your system is > losing the error description). In fact, if we have kernel-first, I think we still need to judge the error type by ESR, right? If the handle_guest_sei() , may be the system does not support firmware-first, so we judge the ESR value, > > > Your system has firmware-first, why isn't it claiming the notification? > If its not finding CPER records written by firmware, check firmware and the UEFI > memory map agree on the attributes to be used when read/writing that area. > > >> + run->ex.error_code = KVM_SEI_SEV_RECOVERABLE; >> + return 0; > > > Thanks, > > James > > _______________________________________________ > kvmarm mailing list > kvmarm@lists.cs.columbia.edu > https://lists.cs.columbia.edu/mailman/listinfo/kvmarm