Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp7755373rdb; Thu, 4 Jan 2024 06:51:04 -0800 (PST) X-Google-Smtp-Source: AGHT+IFUgqkYEUYHu33rtO1nY6mVAuwkjwWhMXIoLbDTromauI/kRqozZFKLYwCJ7FrKzszxmUQn X-Received: by 2002:a17:902:db02:b0:1d4:8277:15e0 with SMTP id m2-20020a170902db0200b001d4827715e0mr957766plx.0.1704379864279; Thu, 04 Jan 2024 06:51:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704379864; cv=none; d=google.com; s=arc-20160816; b=paLZEdWLdyaHHT2RcyyT21pBgvMbtftxzVZ7mqMMCKjb+plffIzdQZ/639EZ2atVxs 7OjcKPnx4phzLaPDCkIP4g4H9Hs9HTCqzLO1RnyRBCvkWQ42XHdT7jZUkEJpQINauCLN dYiLW14XEnesgG8fe3IzRzCKlx6nY2zOLP8LVL11AgPhTYq2DVv2HD9T6UcbuEOj/D6w 9mO16qdhOoTEHavFwZdsklDrfyfoqtPbFLj9HZ1qQu+NGH4185EYrG1eKiZ1qSF4f9tX rOrQ3hTZwnZCYvqczucHbZ8AIlA4r0UZ4miboxisQGtjyJj5jg7WFZjnv+j0HznDQAoY Lk+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:reply-to:message-id :subject:cc:to:from:date:dkim-signature; bh=S9LGqTSCb/J979n+eq+OfBTLZlTpOwvLRC1FHyAj7kw=; fh=PqLG55LETIjq88oXTgULQzYsyEh/Wmn/RlBIr0FxNxg=; b=YE1a+Sg3+TaEuICpqnGzO+bucnR+IKe1mgZX4eFkYgiSiq+6H0G1ghzIy6slKMcHEH CPYEbc+Wl1zjhJai3InB8fSuAdX5gzfHK6GGzhaSNqgsoYZEcQ0FX2DiZseanKzUhNcc azCL8whmrttBWIipQp2WRLSw5c2jo7yDn2qXo7M3QSj7x8EJ4WLg/LJbphfv6s5P5zdx U5KB1ArWsCoWKPZGPf58E0FacD/zgmlIflYDi/LCS5SyWMFO5S3hNyC8hIZEm6ZFyi9p yKafmY5plcxhP11lOyJshnv3UkOPlTnpwDRVGQWB3hvNUYazRL+BqnU68xJaAuIMZ5Hc UTOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="iOadmwT/"; spf=pass (google.com: domain of linux-kernel+bounces-16803-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-16803-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id w22-20020a63f516000000b005cd813c23besi21488346pgh.415.2024.01.04.06.51.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Jan 2024 06:51:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-16803-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="iOadmwT/"; spf=pass (google.com: domain of linux-kernel+bounces-16803-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-16803-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id E3A61286535 for ; Thu, 4 Jan 2024 14:51:03 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 10A7223761; Thu, 4 Jan 2024 14:50:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="iOadmwT/" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3C15623749; Thu, 4 Jan 2024 14:50:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9AAA0C433C8; Thu, 4 Jan 2024 14:50:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1704379852; bh=3JTuWT5QZksFXhz5QlHD6DJDpXXaLdQf2WuuHegnM8A=; h=Date:From:To:Cc:Subject:Reply-To:References:In-Reply-To:From; b=iOadmwT/HEsQjg0LSG4fy90jJHIrFTXlh+6JLqLrgEm0BT14qS1vxK8nJSiKdEz11 WG0kEqPRDLeB9AXm5GHsOqFv/ltEUZk7uVUqn4YO9QUbcjpCDTzrMMzBv6AOxzKt3d EqejQbHVDr3vZa2fa7Ycz6tLADN0hM+6NMo9k3L5568ctdp1NNvzHH9Oejf0CSEBuH 2WK+RsMDpbQuiJ01GlC3MIg2nGdRru3QeUZROJjPMYTleknVFPTxIx0aTNkrO6bcWN HW8iZHsXwQL/599bXvx1K4tzIUiUZmAxJoFYJ0qLys1D5b4V6/sY2QnlAFOWMt/Bs2 vubs2tI5+akwA== Received: by paulmck-ThinkPad-P17-Gen-1.home (Postfix, from userid 1000) id 3C6A5CE130C; Thu, 4 Jan 2024 06:50:52 -0800 (PST) Date: Thu, 4 Jan 2024 06:50:52 -0800 From: "Paul E. McKenney" To: Sean Christopherson Cc: Like Xu , Andi Kleen , Kan Liang , Luwei Kang , Peter Zijlstra , Paolo Bonzini , linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Breno Leitao , Arnaldo Carvalho de Melo , Ingo Molnar Subject: Re: [BUG] Guest OSes die simultaneously (bisected) Message-ID: Reply-To: paulmck@kernel.org References: <3d8f5987-e09c-4dd2-a9c0-8ba22c9e948a@paulmck-laptop> <88f49775-2b56-48cc-81b8-651a940b7d6b@paulmck-laptop> <77d7a3e3-f35e-4507-82c2-488405b25fa4@paulmck-laptop> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <77d7a3e3-f35e-4507-82c2-488405b25fa4@paulmck-laptop> On Wed, Jan 03, 2024 at 05:00:35PM -0800, Paul E. McKenney wrote: > On Wed, Jan 03, 2024 at 04:24:06PM -0800, Sean Christopherson wrote: > > On Wed, Jan 03, 2024, Paul E. McKenney wrote: > > > On Wed, Jan 03, 2024 at 02:22:23PM -0800, Paul E. McKenney wrote: > > > > Hello! > > > > > > > > Since some time between v5.19 and v6.4, long-running rcutorture tests > > > > would (rarely but intolerably often) have all guests on a given host die > > > > simultaneously with something like an instruction fault or a segmentation > > > > violation. > > > > > > > > Each bisection step required 20 hosts running 10 hours each, and > > > > this eventually fingered commit c59a1f106f5c ("KVM: x86/pmu: Add > > > > IA32_PEBS_ENABLE MSR emulation for extended PEBS"). Although this commit > > > > is certainly messing with things that could possibly cause all manner > > > > of mischief, I don't immediately see a smoking gun. Except that the > > > > commit prior to this one is rock solid. > > > > Just to make things a bit more exciting, bisection in mainline proved > > > > to be problematic due to bugs of various kinds that hid this one. I was > > > > therefore forced to bisect among the commits backported to the internal > > > > v5.19-based kernel, which fingered the backported version of the patch > > > > called out above. > > > > > > Ah, and so why do I believe that this is a problem in mainline rather > > > than just (say) a backporting mistake? > > > > > > Because this issue was first located in v6.4, which already has this > > > commit included. > > > > > > Thanx, Paul > > > > > > > Please note that this is not (yet) an emergency. I will just continue > > > > to run rcutorture on v5.19-based hypervisors in the meantime. > > > > > > > > Any suggestions for debugging or fixing? > > > > This looks suspect: > > > > + u64 pebs_mask = cpuc->pebs_enabled & x86_pmu.pebs_capable; > > + int global_ctrl, pebs_enable; > > > > - arr[0].msr = MSR_CORE_PERF_GLOBAL_CTRL; > > - arr[0].host = intel_ctrl & ~cpuc->intel_ctrl_guest_mask; > > - arr[0].guest = intel_ctrl & ~cpuc->intel_ctrl_host_mask; > > - arr[0].guest &= ~(cpuc->pebs_enabled & x86_pmu.pebs_capable); > > - *nr = 1; > > + *nr = 0; > > + global_ctrl = (*nr)++; > > + arr[global_ctrl] = (struct perf_guest_switch_msr){ > > + .msr = MSR_CORE_PERF_GLOBAL_CTRL, > > + .host = intel_ctrl & ~cpuc->intel_ctrl_guest_mask, > > + .guest = intel_ctrl & (~cpuc->intel_ctrl_host_mask | ~pebs_mask), > > + }; > > > > > > IIUC (always a big if with this code), the intent is that the guest's version of > > PERF_GLOBAL_CTRL gets bits that are (a) not exclusive to the host and (b) not > > being used for PEBS. (b) is necessary because PEBS generates records in memory > > using virtual addresses, i.e. the CPU will write to memory using a virtual address > > that is valid for the host but not the guest. And so PMU counters that are > > configured to generate PEBS records need to be disabled while running the guest. > > > > Before that commit, the logic was: > > > > guest[PERF_GLOBAL_CTRL] = ctrl & ~host; > > guest[PERF_GLOBAL_CTRL] &= ~pebs; > > > > But after, it's now: > > > > guest[PERF_GLOBAL_CTRL] = ctrl & (~host | ~pebs); > > > > I.e. the kernel is enabled counters in the guest that are not host-only OR not > > PEBS. E.g. if only counter 0 is in use, it's using PEBS, but it's not exclusive > > to the host, then the new code will yield (truncated to a single byte for sanity) > > > > 1 = 1 & (0xf | 0xe) > > > > and thus keep counter 0 enabled, whereas the old code would yield > > > > 1 = 1 & 0xf > > 0 = 1 & 0xe > > > > A bit of a shot in the dark and completed untested, but I think this is the correct > > fix? > > I am firing off some tests, and either way, thank you very much!!! Woo-hoo!!! ;-) Tested-by: Paul E. McKenney Will you be sending a proper patch, or would you prefer that I do so? In the latter case, I would need your Signed-off-by. And again, thank you very much!!! Thanx, Paul > > diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c > > index a08f794a0e79..92d5a3464cb2 100644 > > --- a/arch/x86/events/intel/core.c > > +++ b/arch/x86/events/intel/core.c > > @@ -4056,7 +4056,7 @@ static struct perf_guest_switch_msr *intel_guest_get_msrs(int *nr, void *data) > > arr[global_ctrl] = (struct perf_guest_switch_msr){ > > .msr = MSR_CORE_PERF_GLOBAL_CTRL, > > .host = intel_ctrl & ~cpuc->intel_ctrl_guest_mask, > > - .guest = intel_ctrl & (~cpuc->intel_ctrl_host_mask | ~pebs_mask), > > + .guest = intel_ctrl & ~(cpuc->intel_ctrl_host_mask | pebs_mask), > > }; > > > > if (!x86_pmu.pebs) > >