Re: [PATCH] KVM: arm64: vgic-v3: Clear pending bit in guest memory after synchronization

From: Marc Zyngier
Date: Wed Apr 01 2020 - 06:28:08 EST

Next message: Will Deacon: "Re: [PATCH] checkpatch: Warn about data_race() without comment"
Previous message: Adam Thomson: "RE: [PATCH v2] rtc: da9052: convert to devm_rtc_allocate_device"
Next in thread: Zenghui Yu: "Re: [PATCH] KVM: arm64: vgic-v3: Clear pending bit in guest memory after synchronization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 31 Mar 2020 17:11:37 +0800
Zenghui Yu <yuzenghui@xxxxxxxxxx> wrote:

Hi Zenghui,

> Hi Marc,
>
> On 2020/3/31 16:07, Marc Zyngier wrote:
> > Hi Zenghui,

[...]

> >> > > I've been thinking about this, and I wonder why we don't simply clear
> > the whole pending table instead of carefully wiping it one bit at a
> > time. My reasoning is that if a LPI isn't mapped, then it cannot be made
> > pending the first place.
>
> A writing to GICR_CTLR.EnableLPIs can happen in parallel with MAPTI/INT
> command sequence, where the new LPI is mapped to *this* vcpu and made
> pending, wrong? I think commit 7d8b44c54e0c had described it in detail.

I'm not sure this commit is relevant here. It describes how the
configuration is picked up by MAPTI, not how the pending bit got there
the first place.

> But thinking that we cache the pending bit in pending_latch (instead of
> writing the corresponding bit in guest memory) when a LPI is made
> pending, it seems to be safe to clear the whole pending table here.

Yes, and this is my worry. The spec is pretty vague about what the
behaviour of the redistributor is when something is set in the pending
table. At the moment, we treat these bits as if they had been generated
by a translation, but we do so inconsistently: we only pick these bits
up and generate a LPI if there is a mapping at the ITS level. If these
bits are relevant, we should forward a LPI to the CPU.

It feels we're in UNPREDICTIBLE land...

>
> >
> > And I think there is a similar issue in vgic_v3_lpi_sync_pending_status().
> > Why sync something back from the pending table when the LPI wasn't
> > mapped yet?
>
> vgic_v3_lpi_sync_pending_status() can be called on the ITE restore path:
> vgic_its_restore_ite/vgic_add_lpi/vgic_v3_lpi_sync_pending_status.
> We should rely on it to sync the pending bit from guest memory (which
> was saved on the source side).

The fact that we have *two* paths to restore pending bits is pretty
annoying. There is certainly some scope for simplification here.

Thanks,

M.
--
Jazz is not dead. It just smells funny...

Next message: Will Deacon: "Re: [PATCH] checkpatch: Warn about data_race() without comment"
Previous message: Adam Thomson: "RE: [PATCH v2] rtc: da9052: convert to devm_rtc_allocate_device"
Next in thread: Zenghui Yu: "Re: [PATCH] KVM: arm64: vgic-v3: Clear pending bit in guest memory after synchronization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]