Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp2916233pxu; Mon, 14 Dec 2020 14:13:49 -0800 (PST) X-Google-Smtp-Source: ABdhPJyCIWim8gRsKTUfQASp1emfqwD7OAvG9qG707YMySTDLYNsPEwkUq4SnZTdvqjpuhMac4Ks X-Received: by 2002:a17:906:17d9:: with SMTP id u25mr5412193eje.34.1607984028809; Mon, 14 Dec 2020 14:13:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607984028; cv=none; d=google.com; s=arc-20160816; b=ElYB7VWRlBlVa2mBaDG3VfdNKQRdDQcvaJcN4KQYGwo+ndehcYnfK4Gx4gQYEdxYab /hwS4I4EkyJWCf7UQkrMG/dTPddIKl0BkApGtYCSHwzrsTbmOnROwcEEudH5CcbkaHTI DQMdJrJPmNKAC5J1q5rwBVtw8dc3XafyWrC9OXVRo7qgL6fJglg9ie/TM5V96pVQFsBm qZVZi3w9bKnRqQSHq+39vnwbGAvoQKdsh4x3sduk70h+FFGaUGHwcBDIYl1TBo48vAWc ahzeXR2xBjQs4f4e2jQOWowcEAcfVwQvNWsaAo5Oi1XJP3WNaQTZa5pIvo/Aw5WCpVbm 9rpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :mime-version:user-agent:date:message-id:subject:from:cc:to :dkim-signature; bh=W3CUiMegB4BVkOevPrxxwlz9k2sF0VIgjinR7mJO+zE=; b=syaPpAABhYOXP3YYHbXplevsShQ9AGP/nBR2l+bXli5PCxMgrlbC+bOlDrMswWEB1+ BLEf8UwnH5Sukdd/TKdb4P1adSzII9v6TfLJTc1wK0npMTzPqPwcXHjmDNXp0RE1NIOB aXEq7q5N6gyqIZL0ROmImbORw1JiSWZQWOStjTuBx95DdGjSryYL7E9jbxBcjN5V1aM0 wpfAM/2hma/wkYtlgpsD35j8T/BeuDsVNGixuOIMAw5MiCeQ7ABIhkvNtUC/QeOEsEAA sVeZ7eqXg48rQ+rb4kk54u/UjcqCVW6qhPOQlm83/qJjPWgfX0SzwsFM4Lu8ARC3qrJF gUIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@xen.org header.s=20200302mail header.b=GJjfM94G; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m22si11349932edr.514.2020.12.14.14.13.25; Mon, 14 Dec 2020 14:13:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@xen.org header.s=20200302mail header.b=GJjfM94G; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2441051AbgLNWLP (ORCPT + 99 others); Mon, 14 Dec 2020 17:11:15 -0500 Received: from mail.xenproject.org ([104.130.215.37]:51024 "EHLO mail.xenproject.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388570AbgLNWLO (ORCPT ); Mon, 14 Dec 2020 17:11:14 -0500 X-Greylist: delayed 2698 seconds by postgrey-1.27 at vger.kernel.org; Mon, 14 Dec 2020 17:11:13 EST DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date: Message-ID:Subject:From:Cc:To; bh=W3CUiMegB4BVkOevPrxxwlz9k2sF0VIgjinR7mJO+zE=; b=GJjfM94GNzkD7aFMOC4OuSnRby vXidysS/3DsaeOhU9ZvF6l5ynXOe0eNB78/m57sdxESt2jdQw40qybnQEycOhEH0vBKy/faEEpkmu uP6u5mG7GM+15WpbQTUs1v6awvkCX41TyEbguIREKlGEZK8s+gfpmBAxxjXWCwAbQdBM=; Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kovLV-0006YJ-2Z; Mon, 14 Dec 2020 21:25:29 +0000 Received: from [54.239.6.185] (helo=a483e7b01a66.ant.amazon.com) by xenbits.xenproject.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1kovLU-0002kx-RO; Mon, 14 Dec 2020 21:25:28 +0000 To: aams@amazon.de, Juergen Gross Cc: linux-kernel@vger.kernel.org, "xen-devel@lists.xenproject.org" , foersleo@amazon.de From: Julien Grall Subject: xen/evtchn: Interrupt for port 34, but apparently not enabled; per-user 00000000a86a4c1b on 5.10 Message-ID: Date: Mon, 14 Dec 2020 21:25:27 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.5.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Juergen, When testing Linux 5.10 dom0, I could reliably hit the following warning with using event 2L ABI: [ 589.591737] Interrupt for port 34, but apparently not enabled; per-user 00000000a86a4c1b [ 589.593259] WARNING: CPU: 0 PID: 1111 at /home/ANT.AMAZON.COM/jgrall/works/oss/linux/drivers/xen/evtchn.c:170 evtchn_interrupt+0xeb/0x100 [ 589.595514] Modules linked in: [ 589.596145] CPU: 0 PID: 1111 Comm: qemu-system-i38 Tainted: G W 5.10.0+ #180 [ 589.597708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 589.599782] RIP: e030:evtchn_interrupt+0xeb/0x100 [ 589.600698] Code: 48 8d bb d8 01 00 00 ba 01 00 00 00 be 1d 00 00 00 e8 d9 10 ca ff eb b2 8b 75 20 48 89 da 48 c7 c7 a8 31 3d 82 e8 65 29 a0 ff <0f> 0b e9 42 ff ff ff 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 0f [ 589.604087] RSP: e02b:ffffc90040003e70 EFLAGS: 00010086 [ 589.605102] RAX: 0000000000000000 RBX: ffff888102091800 RCX: 0000000000000027 [ 589.606445] RDX: 0000000000000000 RSI: ffff88817fe19150 RDI: ffff88817fe19158 [ 589.607790] RBP: ffff88810f5ab980 R08: 0000000000000001 R09: 0000000000328980 [ 589.609134] R10: 0000000000000000 R11: ffffc90040003c70 R12: ffff888107fd3c00 [ 589.610484] R13: ffffc90040003ed4 R14: 0000000000000000 R15: ffff88810f5ffd80 [ 589.611828] FS: 00007f960c4b8ac0(0000) GS:ffff88817fe00000(0000) knlGS:0000000000000000 [ 589.613348] CS: 10000e030 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 589.614525] CR2: 00007f17ee72e000 CR3: 000000010f5b6000 CR4: 0000000000050660 [ 589.615874] Call Trace: [ 589.616402] [ 589.616855] __handle_irq_event_percpu+0x4e/0x2c0 [ 589.617784] handle_irq_event_percpu+0x30/0x80 [ 589.618660] handle_irq_event+0x3a/0x60 [ 589.619428] handle_edge_irq+0x9b/0x1f0 [ 589.620209] generic_handle_irq+0x4f/0x60 [ 589.621008] evtchn_2l_handle_events+0x160/0x280 [ 589.621913] __xen_evtchn_do_upcall+0x66/0xb0 [ 589.622767] __xen_pv_evtchn_do_upcall+0x11/0x20 [ 589.623665] asm_call_irq_on_stack+0x12/0x20 [ 589.624511] [ 589.624978] xen_pv_evtchn_do_upcall+0x77/0xf0 [ 589.625848] exc_xen_hypervisor_callback+0x8/0x10 This can be reproduced when creating/destroying guest in a loop. Although, I have struggled to reproduce it on a vanilla Xen. After several hours of debugging, I think I have found the root cause. While we only expect the unmask to happen when the event channel is EOIed, there is an unmask happening as part of handle_edge_irq() because the interrupt was seen as pending by another vCPU (IRQS_PENDING is set). It turns out that the event channel is set for multiple vCPU is in cpu_evtchn_mask. This is happening because the affinity is not cleared when freeing an event channel. The implementation of evtchn_2l_handle_events() will look for all the active interrupts for the current vCPU and later on clear the pending bit (via the ack() callback). IOW, I believe, this is not an atomic operation. Even if Xen will notify the event to a single vCPU, evtchn_pending_sel may still be set on the other vCPU (thanks to a different event channel). Therefore, there is a chance that two vCPUs will try to handle the same interrupt. The IRQ handler handle_edge_irq() is able to deal with that and will mask/unmask the interrupt. This will mess us with the lateeoi logic (although, I managed to reproduce it once without XSA-332). My initial idea to fix the problem was to switch the affinity from CPU X to CPU0 when the event channel is freed. However, I am not sure this is enough because I haven't found anything yet preventing a race between evtchn_2l_handle_events9) and evtchn_2l_bind_vcpu(). So maybe we want to introduce a refcounting (if there is nothing provided by the IRQ framework) and only unmask when the counter drop to 0. Any opinions? Cheers, -- Julien Grall