Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp1077162rwb;
        Thu, 19 Jan 2023 06:24:27 -0800 (PST)
X-Google-Smtp-Source: AMrXdXuAmKEMbOjEgVDznixoX4NIdH7t5dGUOMTMt4E5asE6BpkjHtawU9S8eAxSL01wEiMwsa8s
X-Received: by 2002:a17:90a:3fca:b0:227:161a:6318 with SMTP id u10-20020a17090a3fca00b00227161a6318mr11120827pjm.47.1674138267424;
        Thu, 19 Jan 2023 06:24:27 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1674138267; cv=none;
        d=google.com; s=arc-20160816;
        b=dKCOCkh0I8olqx9cuthUCXMiJOZ6fqipNLsXJm3HpcwM7qE2XC9qQHkG7xhcxK9MPi
         6kVHskXB027xWBeJ0vErMuorTuEdX31TihexA+A1tx0WLX96X8WB5G9uOi51IVjeTdGZ
         oYXyTY4cmgN5sNzYfca2B4h25Fhv4223sir/KMn2YHpkS1aNg50h+NW8EPVLfWYBdqkO
         9eYSCG4w4ViI/+yvb59f+nrvkGEfMyA5RryOTD8aaRiILDGYpoN8b/0+rv+4m9ttewKT
         x98o1Stwl2u8sre/DOSRs3HKqGgKqem3C2UNrojvyM7ZI6zanM/VNDFL7IrUkWwbxuwB
         OHZQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:user-agent:references:in-reply-to
         :subject:cc:to:from:message-id:date:dkim-signature;
        bh=G17nOrpycG6aXCmqjH0aof5VEgPCQ/0z8b6hmxCJ8Wg=;
        b=gNCRfpzROnVusHYSivgzpqULULVgNrvTGsjFrwdwUWAzdq4wdDsqkZcldJuKH41e62
         kPqKgABWIIrMl6CiyaQyPE3GcdKIBm/o989aRRCKnQhblQRHCdO2Oa03ApkKP9bnvUzR
         wCLr7XxlHXOakP/sjAd5qJeUj7y3yo9Cuobqs8wS8CRwsiILKVv3q6KIOp49djwukZ7Q
         n2yatw19nH2yD5NiftzTwcl+fMoALaARCBO9u6xFUUu6GNBOf7LXw7lwYoJ3wPwbXok0
         8gBt5vRrgviZJBTfID0CPnmQPtdzTNtZjdJxwypaeY4ryffN5N8SouD2Cb1WdYJo6P/8
         vV2Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=HLRHn7MB;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id sj11-20020a17090b2d8b00b00228c8ab6569si5417321pjb.115.2023.01.19.06.24.22;
        Thu, 19 Jan 2023 06:24:27 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=HLRHn7MB;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231361AbjASOCW (ORCPT <rfc822;abelvesa@gmail.com> + 45 others);
        Thu, 19 Jan 2023 09:02:22 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58574 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231325AbjASOCA (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 19 Jan 2023 09:02:00 -0500
Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B2F475A02
        for <linux-kernel@vger.kernel.org>; Thu, 19 Jan 2023 06:01:54 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 9A9A061369
        for <linux-kernel@vger.kernel.org>; Thu, 19 Jan 2023 14:01:53 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0CE7DC433F0;
        Thu, 19 Jan 2023 14:01:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1674136913;
        bh=ERwloxsMur2+1ZyE7gnOd8YyhrMcQ6tIXzM9/y1/rDM=;
        h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
        b=HLRHn7MBfhC0W22B9ymDJLKzDe7Y/fGinfwy2LBfQJ1b2p6mCx54AL3tIvPcmWsAZ
         YyCJcgl7uAZMy8NvxLW93uj+GX2CH5MOdjgX4FaIms6a2uUuAvycGtiCYsaRhBcuvG
         cjrEGtjuVosd9NQIc8C9VAdm9axnSpeOOlFkQW17txpGngqqYPJ3F0+bikKcitkQ6C
         2vN6lBlwGeXoDyOEV8XbPGr9U+lMjVZQPMVGsuf0/CfoEZHk+XCBH7CZyeeg8j3pKM
         nMXM1jCjQLYXg1o0fZPA72JUHt7hHxS+OVY40qZgK4bM422VMcgKT4g56R0X1ocU5G
         ybzvbn13qM9MA==
Received: from sofa.misterjones.org ([185.219.108.64] helo=goblin-girl.misterjones.org)
        by disco-boy.misterjones.org with esmtpsa  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        (Exim 4.95)
        (envelope-from <maz@kernel.org>)
        id 1pIVUE-0036Tt-OQ;
        Thu, 19 Jan 2023 14:01:50 +0000
Date:   Thu, 19 Jan 2023 14:01:50 +0000
Message-ID: <86wn5imxm9.wl-maz@kernel.org>
From:   Marc Zyngier <maz@kernel.org>
To:     Shanker Donthineni <sdonthineni@nvidia.com>
Cc:     James Morse <james.morse@arm.com>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will@kernel.org>,
        linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev,
        linux-kernel@vger.kernel.org, Vikram Sethi <vsethi@nvidia.com>,
        Zenghui Yu <yuzenghui@huawei.com>,
        Oliver Upton <oliver.upton@linux.dev>,
        Suzuki K Poulose <suzuki.poulose@arm.com>,
        Ard Biesheuvel <ardb@kernel.org>
Subject: Re: [PATCH] KVM: arm64: vgic: Fix soft lockup during VM teardown
In-Reply-To: <2e0c971a-0199-ff0d-c13c-d007d9f03122@nvidia.com>
References: <20230118022348.4137094-1-sdonthineni@nvidia.com>
        <863588njmt.wl-maz@kernel.org>
        <28061ceb-a7ce-0aca-a97d-8227dcfe6800@nvidia.com>
        <87bkmvdmna.wl-maz@kernel.org>
        <2e0c971a-0199-ff0d-c13c-d007d9f03122@nvidia.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue)
 FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/28.2
 (aarch64-unknown-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
X-SA-Exim-Connect-IP: 185.219.108.64
X-SA-Exim-Rcpt-To: sdonthineni@nvidia.com, james.morse@arm.com, catalin.marinas@arm.com, will@kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org, vsethi@nvidia.com, yuzenghui@huawei.com, oliver.upton@linux.dev, suzuki.poulose@arm.com, ardb@kernel.org
X-SA-Exim-Mail-From: maz@kernel.org
X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 19 Jan 2023 13:00:49 +0000,
Shanker Donthineni <sdonthineni@nvidia.com> wrote:
> 
> 
> 
> On 1/19/23 01:11, Marc Zyngier wrote:
> > So you can see the VM being torn down while the vgic save sequence is
> > still in progress?
> > 
> > If you can actually see that, then this is a much bigger bug than the
> > simple race you are describing, and we're missing a reference on the
> > kvm structure. This would be a *MAJOR* bug.
> > 
> How do we know vGIC save sequence is in progress while VM is being
> teardown?  I'm launching/terminating ~32 VMs in a loop to reproduce
> the issue.

Errr... *you* know when you are issuing the save ioctl, right? You
also know when you are terminating the VM (closing its fd or killing
the VMM).

>  
> > Please post the full traces, not snippets. The absolutely full kernel
> > log, the configuration, what you run, how you run it, *EVERYTHING*. I
> > need to be able to reproduce this.
> Sure, I'll share the complete boot log messages of host kernel next run.
>  
> > 
> >> 
> >>>> 
> >>>> irqreturn_t handle_irq_event(struct irq_desc *desc)
> >>>> {
> >>>>       irqd_set(&desc->irq_data, IRQD_IRQ_INPROGRESS);
> >>>>       raw_spin_unlock(&desc->lock);
> >>>> 
> >>>>       ret = handle_irq_event_percpu(desc);
> >>>> 
> >>>>       raw_spin_lock(&desc->lock);
> >>>>       irqd_clear(&desc->irq_data, IRQD_IRQ_INPROGRESS);
> >>>> }
> >>> 
> >>> How is that relevant to this trace? Do you see this function running
> >>> concurrently with the teardown? If it matters here, it must be a VPE
> >>> doorbell, right? But you claim that this is on a GICv4 platform, while
> >>> this would only affect GICv4.1... Or are you using GICv4.1?
> >>> 
> >> handle_irq_event() is running concurrently with irq_domain_activate_irq()
> >> which happens before free_irq() called. Corruption at [78.983544] and
> >> teardown started at [87.360891].
> > 
> > But that doesn't match the description you made of concurrent
> > events. Does it take more than 9 seconds for the vgic state to be
> > saved to memory?
> 
> Are there any other possibilities of corrupting IRQD_IRQ_INPROGRESS
> state bit other than concurrent accesses?

Forget about this bit. You said that we could see the VM teardown
happening *at the same time* as the vgic state saving, despite the
vgic device holding a reference on the kvm structure. If that's the
case, this bit is the least of our worries. Think of the consequences
for a second...

[...]

> Using the below steps for launching/terminating 32 VMs in loop. The
> failure is intermittent. The same issue is reproducible with KVMTOOL
> also.

kvmtool never issue a KVM_DEV_ARM_VGIC_GRP_CTRL with the
KVM_DEV_ARM_ITS_SAVE_TABLES argument, so the code path we discussed is
never used. What is the exact problem you're observing with kvmtool
as the VMM?

	M.

-- 
Without deviation from the norm, progress is not possible.