Need advice how to fix an access to uninitialized per_cpu clock

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



While playing with kvm cpu hot-plug, I've probably stumbled on general
kernel bug. So I'm lookng for advice on approach to fix it.

When kvm guest uses kvmclock, it may hang on cpu hot-plug at

    BSP:
     smp_apic_timer_interrupt
       ...
         -> do_timer
           -> update_wall_time

and a being on-lined CPU at waiting on sync with BSP at:
     start_secondary:
       while (!cpumask_test_cpu(smp_processor_id(), cpu_active_mask))
                    cpu_relax();

because of unusually big value returned by clock->read(clock) in
update_wall_time.
This happens due to overflow in pvclock_get_nsec_offset

        u64 delta = tsc - shadow->tsc_timestamp;

when shadow->tsc_timestamp is bigger than tsc.
And since pvclock_clocksource_read remembers and returns largest
value of any clock that ever was returned, clock for affected guest
virtually freezes.

Overflow happens due to reading undefined values from uninitialized
per_cpu variable hv_clock. In case of cpu hot-plug, clock is read at
least once on being on-lined cpu before it is initialized for this
cpu:

      start_secondary
        |-> smp_callin
        |  ->  smp_store_cpu_info
        |    -> identify_secondary_cpu
        |      -> mtrr_ap_init
        |        -> mtrr_restore
        |          -> stop_machine_from_inactive_cpu
        |            -> queue_stop_cpus_work
        |              ...
        |                -> kvm_clock_read
        |...
        |x86_cpuinit.setup_percpu_clockev

full call chain is below:
[    0.002999]  [<ffffffff8102fc74>] pvclock_clocksource_read+0x9f/0x275
[    0.002999]  [<ffffffff81071f9e>] ? check_preempt_wakeup+0x11c/0x1c2
[    0.002999]  [<ffffffff8102f05d>] kvm_clock_read+0x21/0xd3
[    0.002999]  [<ffffffff810154b1>] sched_clock+0x9/0xd
[    0.002999]  [<ffffffff81070509>] sched_clock_local+0x12/0x75
[    0.002999]  [<ffffffff8107065e>] sched_clock_cpu+0x84/0xc6
[    0.002999]  [<ffffffff8106bfd3>] update_rq_clock+0x28/0x108
[    0.002999]  [<ffffffff8106c15e>] enqueue_task+0x1d/0x64
[    0.002999]  [<ffffffff8106c500>] activate_task+0x22/0x24
[    0.002999]  [<ffffffff8106c90c>] ttwu_do_activate.constprop.39+0x32/0x61
[    0.002999]  [<ffffffff8106cd0c>] try_to_wake_up+0x17e/0x1e1
[    0.002999]  [<ffffffff8106cd98>] wake_up_process+0x15/0x17
[    0.002999]  [<ffffffff8109ebbf>] cpu_stop_queue_work+0x3d/0x5f
[    0.002999]  [<ffffffff8109ec6c>] queue_stop_cpus_work+0x8b/0xb6
[    0.002999]  [<ffffffff8109f0e3>] stop_machine_from_inactive_cpu+0xb4/0xed
[    0.002999]  [<ffffffff81023896>] ? mtrr_restore+0x4a/0x4a
[    0.002999]  [<ffffffff81023eb3>] mtrr_ap_init+0x5a/0x5c
[    0.002999]  [<ffffffff814b95f7>] identify_secondary_cpu+0x19/0x1b
[    0.002999]  [<ffffffff814bc0d3>] smp_store_cpu_info+0x3c/0x3e
[    0.002999]  [<ffffffff814bc4ed>] start_secondary+0x122/0x263

Looking at native_smp_prepare_cpus in arch/x86/kernel/smpboot.c
I see that it unconditionally calls set_mtrr_aps_delayed_init which
in turn effectively converts calls to mtrr_ap_init to nop ops.
And later call to native_smp_cpus_done -> mtrr_aps_init completes
mtrr initialization.

The same pattern might be noticed in suspend/hibernate handlers, that
call enable_nonboot_cpus.

  enable_nonboot_cpus
    -> arch_enable_nonboot_cpus_begin
         -> set_mtrr_aps_delayed_init

    -> boot secondary cpus

    -> arch_enable_nonboot_cpus_end
         -> mtrr_aps_init

So question is if the calling mtrr_ap_init so early in
identify_secondary_cpu is really necessary?
From current code it looks like it is never called at normal smp
boot/resume time. And only path that triggers it is cpu hot-plug one.

I see following possible solutions:

1. Could the call to mtrr_ap_init be just moved from identify_secondary_cpu
to start_secondary right after x86_cpuinit.setup_percpu_clockev call?
This will prevent an access to uninitialized per_cpu clock. Or move
x86_cpuinit.setup_percpu_clockev before smp_callin?

2. Another way to prevent access to uninitialized per_cpu clock is to
introduce hook.early_percpu_clock_init that will be called before
smp_callin or right before mtrr_ap_init.

I hope to see opinions about this matter from a more experienced people than me.

--
Thanks,
 Igor
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux