Received: by 2002:a05:7412:8d08:b0:f9:2d0a:d759 with SMTP id bj8csp84148rdb; Sun, 17 Dec 2023 03:26:32 -0800 (PST) X-Google-Smtp-Source: AGHT+IH0dBIw3Wfk5huFZx4vPwPjf67tXxu8uP0bnkQZbCJS3+sukE01rOabY5YzimBXMEObhbgE X-Received: by 2002:a05:6e02:3210:b0:35f:a998:263b with SMTP id cd16-20020a056e02321000b0035fa998263bmr2261243ilb.41.1702812392663; Sun, 17 Dec 2023 03:26:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702812392; cv=none; d=google.com; s=arc-20160816; b=kIfIsUYsYSK2LRUQvrECxsLHPOmRq5aeNfDn0iknJR7+NlM7zYUtoR186PNBkYb1yc kCBAsgYzA+ejYFq/KnQJeHvOiyxohlS1Lz1mi8LYDa4UuxR7VrZXrIwXV9zlPifNhjIE miySNjZzHTOjuCb5md7/XiPk+AaN3lGBbiiKoAbz5MY6DuEjhVDg7SWyS43ELujhB2Rw OWSIXbICsTznyBfWDPB5HgXG1/lxXK3E0vh+eB4RTgnXzdCOVjSUZ3fwx/uy3hlNhPOj JCxxxerjqpHOzujNcHUn3XWXlv6x2JXS47lrgbrAcQH/gUV01fQE4J6tJcIRUXgM30PW HVGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:user-agent:references:in-reply-to :subject:cc:to:from:message-id:date:dkim-signature; bh=45tvjNgNDE0o/d/xfictyeBb79igY4RKNFAfoSq2ZtA=; fh=YYcuXiI0209Sd3wWUj01AiyLq3Q3WoUEcAwe5/KAtE4=; b=AunVXw3flYdgtKmJCRT4NFUz/JhcsetqD/HHRaNTdT3eEbCvROpJooW24ODJGTwfco FlIESrv1ldHYrftjcNU632btx2EiQLud7o8a9l1ZU9n3zRNzqXTfg5LKoccmYAyMHGbS W14szHtl2i8rwBClH2q1VjlmfbCl4VrTlEiycW+eIzlF+IeQrEKGm0lrnZjfm6uwlmII Ys2/N+eT0ELPRNf6EGTe3iHe35T54+ugiP8EqGNi684rsnqBw/B/A2GANVfDfuSCwaQG cTC9e90pCGUEngw7MoVSq9Yu6F1V2t+Xg/odRywLFRmdFyGthfLxo52ssJP03jsXYbqW P6ZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=bwOg1YzV; spf=pass (google.com: domain of linux-kernel+bounces-2547-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-2547-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id a21-20020a631a55000000b005c687302e8esi16263448pgm.48.2023.12.17.03.26.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 17 Dec 2023 03:26:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-2547-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=bwOg1YzV; spf=pass (google.com: domain of linux-kernel+bounces-2547-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-2547-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 4C03C282E2A for ; Sun, 17 Dec 2023 11:26:32 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 61A7A32C63; Sun, 17 Dec 2023 11:26:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="bwOg1YzV" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8331E3219A; Sun, 17 Dec 2023 11:26:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 76B49C433C7; Sun, 17 Dec 2023 11:26:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1702812383; bh=RyZFvFJ+ALGNyHMWUvbkqjcQLUmcXZtzeRYDSGpYI3s=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=bwOg1YzVOP6Pmx60xNxvbqRoFse5NJmoPOsJTTUvgFezZ0LojWpbP0s3kfyrvXynj s0/BgpVDvE6TtgAA3EzHMl5clql2reSfvIvND08VQoBxvg/ahXxwcw0dN8Y1PPfFmf ZAZIqvT93tAh4Zuffz9pjsi4dmbDC3TKAHXeOrLLq9Vnc6iHFe5ORuLOQMEE6bHDhW qNeGn8YlOqjXb17UdrZCgDDTbJjrdCD1bty/U85jYwja0c0pcJq4ZljIv4snEPU6zm NkvDHUrlRG/F56ZbNLs88UzjBAozUSFeHSY1JDCXREl1XNanpuRLV1XS5Nw11oM5U2 AvzAWCwPUj9Uw== Received: from sofa.misterjones.org ([185.219.108.64] helo=wait-a-minute.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rEpHo-004oS6-RN; Sun, 17 Dec 2023 11:26:20 +0000 Date: Sun, 17 Dec 2023 11:26:15 +0000 Message-ID: <87a5q983zc.wl-maz@kernel.org> From: Marc Zyngier To: Kunkun Jiang Cc: Oliver Upton , James Morse , Suzuki K Poulose , Zenghui Yu , Catalin Marinas , Will Deacon , Jean-Philippe Brucker , "moderated list:ARM SMMU DRIVERS" , , open list , "wanghaibin.wang@huawei.com" Subject: Re: [bug report] GICv4.1: vSGI remains pending across the guest reset In-Reply-To: <7e7f2c0c-448b-10a9-8929-4b8f4f6e2a32@huawei.com> References: <7e7f2c0c-448b-10a9-8929-4b8f4f6e2a32@huawei.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/28.2 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: jiangkunkun@huawei.com, oliver.upton@linux.dev, james.morse@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, catalin.marinas@arm.com, will@kernel.org, jean-philippe@linaro.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-kernel@vger.kernel.org, wanghaibin.wang@huawei.com X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false On Thu, 14 Dec 2023 12:13:57 +0000, Kunkun Jiang wrote: >=20 > Hi list, >=20 > We have observed on GICv4.1 systems that, after a guest reset, the > secondary VCPU would receive an IPI_CPU_STOP accidently and failed to > come online eventually. >=20 > | Guest User-space Guest userspace???? > | > | reset (with a vSGI pending in the > | hardware) [0] > | > | disable the distributor (write 0 > | into GICD_CTLR) [1] > | > | clear pending status (write 0 into > | GICR_ISPENDR0 for each RD) [2] This cannot clear the pending bits. Writing 0 to any of the ISPEND/ICPEND registers is effectively a NOP. If you want to remove the pending SGIs, you need to write a bunch of 1s to ICPENDR0. > | > | disable the distributor (write 0 > | into GICD_CTLR) [3] > | > | enable the distributor with ARE, > | Group1 and nASSGIreq [4] >=20 > The problem is that even if user-space tries to disable the distributor I don't understand what userspace does here. Why is it significant that it is an EL0 access? I don't know of any SW doing that, but even if it existed, this should make no difference. > and clear pending bits for all SGIs, we don't actually propogate it into > HW (we only record it via vgic_dist->{enabled, nassgireq} and > vgic_irq->pending_latch) and the vSGI remains pending across the guest > reset. > > And when we're at [4], all vSGI's vgic_irq->hw are *true* and > vgic_v4_enable_vsgis() becomes a nop.. That's not good. >=20 > The following solution can solve the problem. Not sure if this is a good > solution.Sent out early for suggestions or solutions. >=20 > diff --git a/arch/arm64/kvm/vgic/vgic-mmio-v3.c > b/arch/arm64/kvm/vgic/vgic-mmio-v3.c > index 89117ba2528a..3678ab33f5b9 100644 > --- a/arch/arm64/kvm/vgic/vgic-mmio-v3.c > +++ b/arch/arm64/kvm/vgic/vgic-mmio-v3.c > @@ -374,6 +374,10 @@ static int vgic_v3_uaccess_write_pending(struct > kvm_vcpu *vcpu, > =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 irq->pendi= ng_latch =3D true; > =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 vgic_queue= _irq_unlock(vcpu->kvm, irq, flags); > =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 } else { > + =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 if (irq->hw &&= vgic_irq_is_sgi(irq->intid)) > + =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0= =C2=A0 irq_set_irqchip_state(irq->host_irq, > + =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0= =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 IRQCH= IP_STATE_PENDING, > + =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0= =C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0 false= ); > =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 irq->pendi= ng_latch =3D false; > =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 raw_spin_u= nlock_irqrestore(&irq->irq_lock, flags); > =C2=A0=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 } >=20 But this has *nothing* to do with the guest. This is the *host* userspace performing a write to the redistributor view, which has different semantics. Which is why your earlier description made no sense to me. I think the problem is slightly larger than what you describe. A write to ISPENDR0 should be propagated to the ITS for any values of the latch, just like this happens on enabling HW-backed SGIs. Can you please give this a go? Thanks, M. =46rom 9932d74392d969057e84bc3c18bd15f1769b6211 Mon Sep 17 00:00:00 2001 From: Marc Zyngier Date: Sun, 17 Dec 2023 11:15:09 +0000 Subject: [PATCH] KVM: arm64: vgic-v4: Restore pending state on host userspa= ce write When the VMM writes to ISPENDR0 to set the state pending state of an SGI, we fail to convey this to the HW if this SGI is already backed by a GICv4.1 vSGI. This is a bit of a corner case, as this would only occur if the vgic state is changed on an already running VM, but this can apparently happen across a guest reset driven by the VMM. Fix this by always writing out the pending_latch value to the HW, and reseting it to false. Reported-by: Kunkun Jiang Signed-off-by: Marc Zyngier Link: https://lore.kernel.org/r/7e7f2c0c-448b-10a9-8929-4b8f4f6e2a32@huawei= .com --- arch/arm64/kvm/vgic/vgic-mmio-v3.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/arch/arm64/kvm/vgic/vgic-mmio-v3.c b/arch/arm64/kvm/vgic/vgic-= mmio-v3.c index a764b0ab8bf9..2533f264b954 100644 --- a/arch/arm64/kvm/vgic/vgic-mmio-v3.c +++ b/arch/arm64/kvm/vgic/vgic-mmio-v3.c @@ -365,19 +365,26 @@ static int vgic_v3_uaccess_write_pending(struct kvm_v= cpu *vcpu, struct vgic_irq *irq =3D vgic_get_irq(vcpu->kvm, vcpu, intid + i); =20 raw_spin_lock_irqsave(&irq->irq_lock, flags); - if (test_bit(i, &val)) { - /* - * pending_latch is set irrespective of irq type - * (level or edge) to avoid dependency that VM should - * restore irq config before pending info. - */ - irq->pending_latch =3D true; - vgic_queue_irq_unlock(vcpu->kvm, irq, flags); - } else { + + /* + * pending_latch is set irrespective of irq type + * (level or edge) to avoid dependency that VM should + * restore irq config before pending info. + */ + irq->pending_latch =3D test_bit(i, &val); + + if (irq->hw && vgic_irq_is_sgi(irq->intid)) { + irq_set_irqchip_state(irq->host_irq, + IRQCHIP_STATE_PENDING, + irq->pending_latch); irq->pending_latch =3D false; - raw_spin_unlock_irqrestore(&irq->irq_lock, flags); } =20 + if (irq->pending_latch) + vgic_queue_irq_unlock(vcpu->kvm, irq, flags); + else + raw_spin_unlock_irqrestore(&irq->irq_lock, flags); + vgic_put_irq(vcpu->kvm, irq); } =20 --=20 2.39.2 --=20 Without deviation from the norm, progress is not possible.