KVM's recently introduced adaptive tuning of lapic_timer_advance_ns has
several critical flaws:
- The advancement is completely unbounded, e.g. there's nothing in the
logic that prevents the advancement from creeping up to hundreds of
milliseconds in case something goes awry with the guest's TSC.
- TSC scaling is done on a per-vCPU basis, while the advancement value
is global. This issue is also present without adaptive tuning, but
is now more pronounced.
- Tuning the value concurrently on multiple CPUs can corrupt the
advancement variable.
- Userspace can't disable adaptive tuning.
Fix the above issues along with a theoretical bug found by inspenction,
where the wait_lapic_timer() delay could be inaccurate when the guest
TSC is running at a different ratio than the host's TSC.
v4:
- Rebase to latest kvm/queue.
- Kill the timer advancement if adaptive tuning goes above the
abrbitrary threshold of 5000ns. [Paolo].
- Revert back to disabling adaptive tuning via the existing param,
except use '-1' as the "use adaptive tuning" indicator. [Paolo].
- Do the conversion to nanoseconds when delaying iff the guest TSC
is running at a different ratio, and move the patch to the end
so that the other patches are not dependent on it since it's not
100% clear (to me) that the conversion is correct/necessary.
v3:
- https://patchwork.kernel.org/cover/10904163/
- Split the refactoring of start_hv_timer() and ->set_hv_timer
into three separate patches instead of attempting to do a big
refactor in a single patch to fix three separate issues.
- Explicitly cancel the hv timer to avoid
- Use a param for "expired" instead of overloading the return
value of ->set_hv_timer().
- Check for a pending non-periodic in restart_apic_timer(). [Liran]
- Add more Reviewed-by tags.
v2:
- https://patchwork.kernel.org/cover/10903613/
- Add explicit param to control automatic tuning. [Liran]
- Document the effect of per-vCPU tracking on the module params.
- Use fancy math to convert guest clockcycles to host nanoseconds
instead of brute forcing the delay with a for loop. [Liran]
- Refactor start_hv_timer()'s return semantics to move the "expired
timer" handling up a level. [Liran and Paolo]
- Add Liran's Reviewed-by tags.
v1: https://patchwork.kernel.org/cover/10899101/
Sean Christopherson (4):
KVM: lapic: Disable timer advancement if adaptive tuning goes haywire
KVM: lapic: Track lapic timer advance per vCPU
KVM: lapic: Allow user to disable adaptive tuning of timer advancement
KVM: lapic: Convert guest TSC to host time domain if necessary
arch/x86/kvm/lapic.c | 61 +++++++++++++++++++++++++++++++-----------
arch/x86/kvm/lapic.h | 4 ++-
arch/x86/kvm/vmx/vmx.c | 4 ++-
arch/x86/kvm/x86.c | 14 ++++++----
arch/x86/kvm/x86.h | 2 --
5 files changed, 61 insertions(+), 24 deletions(-)
--
2.21.0
