On Wed, Aug 19, 2020 at 02:34:17PM +0100, Alexandru Elisei wrote: > From: Julien Thierry <julien.thierry@xxxxxxx> > > kvm_vcpu_kick() is not NMI safe. When the overflow handler is called from > NMI context, defer waking the vcpu to an irq_work queue. > > Cc: Julien Thierry <julien.thierry.kdev@xxxxxxxxx> > Cc: Marc Zyngier <marc.zyngier@xxxxxxx> > Cc: Will Deacon <will.deacon@xxxxxxx> > Cc: Mark Rutland <mark.rutland@xxxxxxx> > Cc: Catalin Marinas <catalin.marinas@xxxxxxx> > Cc: James Morse <james.morse@xxxxxxx> > Cc: Suzuki K Pouloze <suzuki.poulose@xxxxxxx> > Cc: kvm@xxxxxxxxxxxxxxx > Cc: kvmarm@xxxxxxxxxxxxxxxxxxxxx > Signed-off-by: Julien Thierry <julien.thierry@xxxxxxx> > Signed-off-by: Alexandru Elisei <alexandru.elisei@xxxxxxx> > --- > arch/arm64/kvm/pmu-emul.c | 25 ++++++++++++++++++++++++- > include/kvm/arm_pmu.h | 1 + > 2 files changed, 25 insertions(+), 1 deletion(-) I'd like an Ack from the KVM side on this one, but some minor comments inline. > diff --git a/arch/arm64/kvm/pmu-emul.c b/arch/arm64/kvm/pmu-emul.c > index f0d0312c0a55..30268397ed06 100644 > --- a/arch/arm64/kvm/pmu-emul.c > +++ b/arch/arm64/kvm/pmu-emul.c > @@ -433,6 +433,22 @@ void kvm_pmu_sync_hwstate(struct kvm_vcpu *vcpu) > kvm_pmu_update_state(vcpu); > } > > +/** > + * When perf interrupt is an NMI, we cannot safely notify the vcpu corresponding > + * to the event. > + * This is why we need a callback to do it once outside of the NMI context. > + */ > +static void kvm_pmu_perf_overflow_notify_vcpu(struct irq_work *work) > +{ > + struct kvm_vcpu *vcpu; > + struct kvm_pmu *pmu; > + > + pmu = container_of(work, struct kvm_pmu, overflow_work); > + vcpu = kvm_pmc_to_vcpu(&pmu->pmc[0]); Can you spell this kvm_pmc_to_vcpu(pmu->pmc); ? > + > + kvm_vcpu_kick(vcpu); How do we guarantee that the vCPU is still around by the time this runs? Sorry to ask such a horrible question, but I don't see anything associating the workqueue with the lifetime of the vCPU. Will