Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp7430703rdb; Wed, 3 Jan 2024 16:25:13 -0800 (PST) X-Google-Smtp-Source: AGHT+IEhAVKY9iqy3GPKiD3yZnP7k3k8SiJBFzjGpyX/IXHpLkcQPJUGu+/HOcgvy0kw3u/Xe2i8 X-Received: by 2002:a17:903:230d:b0:1d3:155b:8181 with SMTP id d13-20020a170903230d00b001d3155b8181mr26093483plh.1.1704327912785; Wed, 03 Jan 2024 16:25:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704327912; cv=none; d=google.com; s=arc-20160816; b=GD/laMrPJETJCKTT5D2NUYsU/3yapKoUDI/EJo0amJAqRE71fgFrhe4LCQs9OyjLv+ eVmzW7Jjd0II163mA0wkborztm4sNDnfCbGgpHWmUOixaVr5YOA2Y+GBy3H7J8hxd+Eb zuQQqdGv24sKtfSyQvCEPdr1fvIxIMI5ksIQJHWm5Z/gPLDVHWglx8zqvlcUwidqcxMx RjTVQC/Hpr/v2eXf1Wh5tNUoxqPjczkULiWPJ1thlMxUw48MdxKsndlfLRadxkrx+FY7 RpCpicy5szGjQ97zEALvTrbrXlJgJ5deCCc2svbP6A3dyCAwWuJv8hEz08jbA+zZeJwk oIkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=YGoAdMkmn3Mnvumr2fIYY5+6zsbtkTCTOlb0bB43RH8=; fh=YfBg0695AxdbAVUYOudpRFa4esWHkRTxIu9ZFXHFCk0=; b=nxN6Z9pMUQ7HX2H39Xta2l9vV7fZdtgXIqfJvARJs2uaiDZMTMOLdtRxnEs44vQNg8 jquYTouLtbEG3j/EpdFWa0w1M8MeYG+xzmXpfGNPGLkOJFPX4s6yTWinaUIQLOSNic8P Gqvq2r2+de41+9gfR1nNjOnSIW1GAqPH4YgnpdmoXr3VOFpfNEOVWGqfBbn+P5syVCqA yP5yBvTvzE2I2c9OCdoUIZapLq09PfKQnofq4enyKQkjfW9/mUD2muWZbcfgfbfm88iM MDP1Vy8WemLDveOSWE8xNr33lXlVxc3lnchme668PZS2wICZwZa6cF7Kd3QLzg558UOH 404Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=RFpA8CKw; spf=pass (google.com: domain of linux-kernel+bounces-16141-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-16141-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id m1-20020a1709026bc100b001d466549dfbsi15280728plt.563.2024.01.03.16.25.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Jan 2024 16:25:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-16141-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=RFpA8CKw; spf=pass (google.com: domain of linux-kernel+bounces-16141-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-16141-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 782C9B224D0 for ; Thu, 4 Jan 2024 00:24:28 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A3A2E23C6; Thu, 4 Jan 2024 00:24:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="RFpA8CKw" X-Original-To: linux-kernel@vger.kernel.org Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 726E21859 for ; Thu, 4 Jan 2024 00:24:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-5efb07ddb0fso146657b3.0 for ; Wed, 03 Jan 2024 16:24:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1704327848; x=1704932648; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=YGoAdMkmn3Mnvumr2fIYY5+6zsbtkTCTOlb0bB43RH8=; b=RFpA8CKw0QT9basRBKCniJs1Un80M1ye9YVQbKW9qNaAM5wVvtrWsapA5Uqe7c2hIY +WJAv9XNkLwkOc3AJyWi7enOcEJFagrCc07G7pTmXxqnTJusTV6N/dsllcxXtAJqC+ys wkeSsMvRNYlCQfQixWCZ4+xYNC/KB+nMehXQwNDggsgBBMb8NK9zKA5oCNEtM97Ezju0 3J6wTYq8+Gn/rvAqHPZk1PVgaCjIodkPx+ljVRGPiDoaFsCRypkTHfIRkAl07jQJRBv2 Lu1lbzv/0wbhvgEC0uzHMqGxyDioE+QW2dmNfjIZdqWkWUz4OLTsnU7ZzSxDKDJ6/+1D WgCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704327848; x=1704932648; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=YGoAdMkmn3Mnvumr2fIYY5+6zsbtkTCTOlb0bB43RH8=; b=qBDzF9QbTV0y0RIfxsoeaQYt3zpE9OO55g+JmjDHcmyUDbOkLOH5+hVQa1AyrQgFbd jEV05nMvGaBXlOo20BUJ954UoDVnbTW+d1MIB+iUfXDgNwc1TrnWl4yT9BmWlnJ/WlYY odz0XPn+0ZVB7Apw2iQ4XrWNV9B2jxGhEhwzhSVmbAAGjreY8KbKdu/Bh+0t1WXBI3mU w56es3MHXdX7uw/Qs84UMgA+9GWdb0xTp8xVnsCgq8hfET6t6qL55fIorPwxZ3qeGRcZ HjbSfYyLg53jLVjPu1DBAZJ0n28t2OsdgFVX6abNbxKguDFI/XryTpEwEFsO01Jquq1Y iIxw== X-Gm-Message-State: AOJu0Ywtzu0oskqk7VE/ailY+OUF5030k2Q02gPQTWUgqBMhdCk1G3tG W6jEgqiWQKkilUbW5Q5HOLeYni1MLG/7LUdiaQ== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:8142:0:b0:d9c:801c:4230 with SMTP id j2-20020a258142000000b00d9c801c4230mr472209ybm.5.1704327848261; Wed, 03 Jan 2024 16:24:08 -0800 (PST) Date: Wed, 3 Jan 2024 16:24:06 -0800 In-Reply-To: <88f49775-2b56-48cc-81b8-651a940b7d6b@paulmck-laptop> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <3d8f5987-e09c-4dd2-a9c0-8ba22c9e948a@paulmck-laptop> <88f49775-2b56-48cc-81b8-651a940b7d6b@paulmck-laptop> Message-ID: Subject: Re: [BUG] Guest OSes die simultaneously (bisected) From: Sean Christopherson To: "Paul E. McKenney" Cc: Like Xu , Andi Kleen , Kan Liang , Luwei Kang , Peter Zijlstra , Paolo Bonzini , linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Breno Leitao , Arnaldo Carvalho de Melo , Ingo Molnar Content-Type: text/plain; charset="us-ascii" On Wed, Jan 03, 2024, Paul E. McKenney wrote: > On Wed, Jan 03, 2024 at 02:22:23PM -0800, Paul E. McKenney wrote: > > Hello! > > > > Since some time between v5.19 and v6.4, long-running rcutorture tests > > would (rarely but intolerably often) have all guests on a given host die > > simultaneously with something like an instruction fault or a segmentation > > violation. > > > > Each bisection step required 20 hosts running 10 hours each, and > > this eventually fingered commit c59a1f106f5c ("KVM: x86/pmu: Add > > IA32_PEBS_ENABLE MSR emulation for extended PEBS"). Although this commit > > is certainly messing with things that could possibly cause all manner > > of mischief, I don't immediately see a smoking gun. Except that the > > commit prior to this one is rock solid. > > Just to make things a bit more exciting, bisection in mainline proved > > to be problematic due to bugs of various kinds that hid this one. I was > > therefore forced to bisect among the commits backported to the internal > > v5.19-based kernel, which fingered the backported version of the patch > > called out above. > > Ah, and so why do I believe that this is a problem in mainline rather > than just (say) a backporting mistake? > > Because this issue was first located in v6.4, which already has this > commit included. > > Thanx, Paul > > > Please note that this is not (yet) an emergency. I will just continue > > to run rcutorture on v5.19-based hypervisors in the meantime. > > > > Any suggestions for debugging or fixing? This looks suspect: + u64 pebs_mask = cpuc->pebs_enabled & x86_pmu.pebs_capable; + int global_ctrl, pebs_enable; - arr[0].msr = MSR_CORE_PERF_GLOBAL_CTRL; - arr[0].host = intel_ctrl & ~cpuc->intel_ctrl_guest_mask; - arr[0].guest = intel_ctrl & ~cpuc->intel_ctrl_host_mask; - arr[0].guest &= ~(cpuc->pebs_enabled & x86_pmu.pebs_capable); - *nr = 1; + *nr = 0; + global_ctrl = (*nr)++; + arr[global_ctrl] = (struct perf_guest_switch_msr){ + .msr = MSR_CORE_PERF_GLOBAL_CTRL, + .host = intel_ctrl & ~cpuc->intel_ctrl_guest_mask, + .guest = intel_ctrl & (~cpuc->intel_ctrl_host_mask | ~pebs_mask), + }; IIUC (always a big if with this code), the intent is that the guest's version of PERF_GLOBAL_CTRL gets bits that are (a) not exclusive to the host and (b) not being used for PEBS. (b) is necessary because PEBS generates records in memory using virtual addresses, i.e. the CPU will write to memory using a virtual address that is valid for the host but not the guest. And so PMU counters that are configured to generate PEBS records need to be disabled while running the guest. Before that commit, the logic was: guest[PERF_GLOBAL_CTRL] = ctrl & ~host; guest[PERF_GLOBAL_CTRL] &= ~pebs; But after, it's now: guest[PERF_GLOBAL_CTRL] = ctrl & (~host | ~pebs); I.e. the kernel is enabled counters in the guest that are not host-only OR not PEBS. E.g. if only counter 0 is in use, it's using PEBS, but it's not exclusive to the host, then the new code will yield (truncated to a single byte for sanity) 1 = 1 & (0xf | 0xe) and thus keep counter 0 enabled, whereas the old code would yield 1 = 1 & 0xf 0 = 1 & 0xe A bit of a shot in the dark and completed untested, but I think this is the correct fix? diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index a08f794a0e79..92d5a3464cb2 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -4056,7 +4056,7 @@ static struct perf_guest_switch_msr *intel_guest_get_msrs(int *nr, void *data) arr[global_ctrl] = (struct perf_guest_switch_msr){ .msr = MSR_CORE_PERF_GLOBAL_CTRL, .host = intel_ctrl & ~cpuc->intel_ctrl_guest_mask, - .guest = intel_ctrl & (~cpuc->intel_ctrl_host_mask | ~pebs_mask), + .guest = intel_ctrl & ~(cpuc->intel_ctrl_host_mask | pebs_mask), }; if (!x86_pmu.pebs)