commit 770539f499e02010ffa26b99973a4120eba5827c Author: Dario Faggioli Date: Sat Jan 30 08:16:59 2021 +0000 xen: deal with vCPUs that do not yield when idle Our RCU implementation needs that a CPU goes through Xen, from time to time, e.g., for a context switch, to properly mark the end of grace period. This usually happen often enough, and CPUs that go idle and stay like that for a while are handled specially (so that they are recorded as quiescent and "leave" the grace period before starting idling). In principle, even a CPU that starts executing guest code may/should be marked as quiescent (it certainly can't be in the middle of a read side RCU critical section if it's leaving Xen and entering the guest!). This isn't done and in general does not cause problems. However, if the NULL scheduler is used and the guest is configured to not go back in Xen when its vCPUs become idle (e.g., with "vwfi=native" on ARM) grace periods may extend for very long time and RCU callback delayed to a point that, for instance, a domain is not properly destroyed. To fix that, we must start marking a CPU as quiescent as soon as it enter the guest (and, vice versa, register it back to the current grace period when it enters Xen). In order to do that, some changes to the API of rcu_idle_enter/exit were necessary (and the functions were renamed too). Note that, exactly like in the case where the CPU goes idle, we need the arm the callback timer when we enter guest context. In fact, if a CPU enter a guest with an RCU callback queued and then stays in that context for long enough, we still risk to not execute the callback itself for long enough to have problems. XXX ARM only for now. Signed-off-by: Dario Faggioli --- - Implemented for ARM only for now. Julien, is where I put the calls to rcu_quiet_enter/exit ? - x86 people, do we have an equally handny place where to do the same on our lovely arch? :-) diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index bdd3d3e5b5..90726afe15 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -47,7 +47,7 @@ static void do_idle(void) { unsigned int cpu = smp_processor_id(); - rcu_idle_enter(cpu); + rcu_quiet_enter(); /* rcu_idle_enter() can raise TIMER_SOFTIRQ. Process it now. */ process_pending_softirqs(); @@ -59,7 +59,7 @@ static void do_idle(void) } local_irq_enable(); - rcu_idle_exit(cpu); + rcu_quiet_exit(); } void idle_loop(void) diff --git a/xen/arch/arm/traps.c b/xen/arch/arm/traps.c index 6fa135050b..806870a38f 100644 --- a/xen/arch/arm/traps.c +++ b/xen/arch/arm/traps.c @@ -2048,6 +2048,8 @@ void enter_hypervisor_from_guest(void) { struct vcpu *v = current; + rcu_quiet_exit(); + /* * If we pended a virtual abort, preserve it until it gets cleared. * See ARM ARM DDI 0487A.j D1.14.3 (Virtual Interrupts) for details, @@ -2326,6 +2328,8 @@ static bool check_for_vcpu_work(void) */ void leave_hypervisor_to_guest(void) { + rcu_quiet_enter(); + local_irq_disable(); /* diff --git a/xen/arch/x86/acpi/cpu_idle.c b/xen/arch/x86/acpi/cpu_idle.c index c092086b33..473a89e212 100644 --- a/xen/arch/x86/acpi/cpu_idle.c +++ b/xen/arch/x86/acpi/cpu_idle.c @@ -714,8 +714,8 @@ static void acpi_processor_idle(void) cpufreq_dbs_timer_suspend(); - rcu_idle_enter(cpu); - /* rcu_idle_enter() can raise TIMER_SOFTIRQ. Process it now. */ + rcu_quiet_enter(); + /* rcu_quiet_enter() can raise TIMER_SOFTIRQ. Process it now. */ process_pending_softirqs(); /* @@ -727,7 +727,7 @@ static void acpi_processor_idle(void) if ( !cpu_is_haltable(cpu) ) { local_irq_enable(); - rcu_idle_exit(cpu); + rcu_quiet_exit(); cpufreq_dbs_timer_resume(); return; } @@ -852,7 +852,7 @@ static void acpi_processor_idle(void) /* Now in C0 */ power->last_state = &power->states[0]; local_irq_enable(); - rcu_idle_exit(cpu); + rcu_quiet_exit(); cpufreq_dbs_timer_resume(); return; } @@ -860,7 +860,7 @@ static void acpi_processor_idle(void) /* Now in C0 */ power->last_state = &power->states[0]; - rcu_idle_exit(cpu); + rcu_quiet_exit(); cpufreq_dbs_timer_resume(); if ( cpuidle_current_governor->reflect ) diff --git a/xen/arch/x86/cpu/mwait-idle.c b/xen/arch/x86/cpu/mwait-idle.c index f0c6ff9d52..dc12559396 100644 --- a/xen/arch/x86/cpu/mwait-idle.c +++ b/xen/arch/x86/cpu/mwait-idle.c @@ -778,8 +778,8 @@ static void mwait_idle(void) cpufreq_dbs_timer_suspend(); - rcu_idle_enter(cpu); - /* rcu_idle_enter() can raise TIMER_SOFTIRQ. Process it now. */ + rcu_quiet_enter(); + /* rcu_quiet_enter() can raise TIMER_SOFTIRQ. Process it now. */ process_pending_softirqs(); /* Interrupts must be disabled for C2 and higher transitions. */ @@ -787,7 +787,7 @@ static void mwait_idle(void) if (!cpu_is_haltable(cpu)) { local_irq_enable(); - rcu_idle_exit(cpu); + rcu_quiet_exit(); cpufreq_dbs_timer_resume(); return; } @@ -829,7 +829,7 @@ static void mwait_idle(void) if (!(lapic_timer_reliable_states & (1 << cx->type))) lapic_timer_on(); - rcu_idle_exit(cpu); + rcu_quiet_exit(); cpufreq_dbs_timer_resume(); if ( cpuidle_current_governor->reflect ) diff --git a/xen/common/rcupdate.c b/xen/common/rcupdate.c index e0bf842f13..54a292ae75 100644 --- a/xen/common/rcupdate.c +++ b/xen/common/rcupdate.c @@ -55,8 +55,8 @@ static struct rcu_ctrlblk { int next_pending; /* Is the next batch already waiting? */ spinlock_t lock __cacheline_aligned; - cpumask_t cpumask; /* CPUs that need to switch in order ... */ - cpumask_t ignore_cpumask; /* ... unless they are already idle */ + cpumask_t cpumask; /* CPUs that need to switch in order... */ + cpumask_t ignore_cpumask; /* ...unless already idle or in guest */ /* for current batch to proceed. */ } __cacheline_aligned rcu_ctrlblk = { .cur = -300, @@ -87,7 +87,7 @@ struct rcu_data { int cpu; long last_rs_qlen; /* qlen during the last resched */ - /* 3) idle CPUs handling */ + /* 3) idle (or in guest mode) CPUs handling */ struct timer cb_timer; bool cb_timer_active; @@ -112,6 +112,12 @@ struct rcu_data { * 3) it is stopped immediately, if the CPU wakes up from idle and * resumes 'normal' execution. * + * Note also that the same happens if a CPU starts executing a guest that + * (almost) never comes back into the hypervisor. This may be the case if + * the guest uses "idle=poll" / "vwfi=native". Therefore, we need to handle + * guest entry events in the same way as the CPU going idle, i.e., consider + * it quiesced and arm the timer. + * * About how far in the future the timer should be programmed each time, * it's hard to tell (guess!!). Since this mimics Linux's periodic timer * tick, take values used there as an indication. In Linux 2.6.21, tick @@ -359,9 +365,10 @@ static void rcu_start_batch(struct rcu_ctrlblk *rcp) * Make sure the increment of rcp->cur is visible so, even if a * CPU that is about to go idle, is captured inside rcp->cpumask, * rcu_pending() will return false, which then means cpu_quiet() - * will be invoked, before the CPU would actually enter idle. + * will be invoked, before the CPU would actually go idle (or + * enter a guest). * - * This barrier is paired with the one in rcu_idle_enter(). + * This barrier is paired with the one in rcu_quiet_enter(). */ smp_mb(); cpumask_andnot(&rcp->cpumask, &cpu_online_map, &rcp->ignore_cpumask); @@ -531,14 +538,15 @@ int rcu_needs_cpu(int cpu) * periodically poke rcu_pedning(), so that it will invoke the callback * not too late after the end of the grace period. */ -static void cb_timer_start(void) +static void cb_timer_start(unsigned int cpu) { - struct rcu_data *rdp = &this_cpu(rcu_data); + struct rcu_data *rdp = &per_cpu(rcu_data, cpu); /* * Note that we don't check rcu_pending() here. In fact, we don't want * the timer armed on CPUs that are in the process of quiescing while - * going idle, unless they really are the ones with a queued callback. + * going idle or entering guest mode, unless they really have queued + * callbacks. */ if (likely(!rdp->curlist)) return; @@ -547,9 +555,9 @@ static void cb_timer_start(void) rdp->cb_timer_active = true; } -static void cb_timer_stop(void) +static void cb_timer_stop(unsigned int cpu) { - struct rcu_data *rdp = &this_cpu(rcu_data); + struct rcu_data *rdp = &per_cpu(rcu_data, cpu); if (likely(!rdp->cb_timer_active)) return; @@ -706,11 +714,14 @@ void __init rcu_init(void) } /* - * The CPU is becoming idle, so no more read side critical - * sections, and one more step toward grace period. + * The CPU is becoming about to either idle or enter the guest. In any of + * these cases, it can't have any outstanding read side critical sections + * so this is one step toward the end of the grace period. */ -void rcu_idle_enter(unsigned int cpu) +void rcu_quiet_enter() { + unsigned int cpu = smp_processor_id(); + ASSERT(!cpumask_test_cpu(cpu, &rcu_ctrlblk.ignore_cpumask)); cpumask_set_cpu(cpu, &rcu_ctrlblk.ignore_cpumask); /* @@ -723,12 +734,14 @@ void rcu_idle_enter(unsigned int cpu) */ smp_mb(); - cb_timer_start(); + cb_timer_start(cpu); } -void rcu_idle_exit(unsigned int cpu) +void rcu_quiet_exit() { - cb_timer_stop(); + unsigned int cpu = smp_processor_id(); + + cb_timer_stop(cpu); ASSERT(cpumask_test_cpu(cpu, &rcu_ctrlblk.ignore_cpumask)); cpumask_clear_cpu(cpu, &rcu_ctrlblk.ignore_cpumask); } diff --git a/xen/include/xen/rcupdate.h b/xen/include/xen/rcupdate.h index 6f2587058e..f378cc2aa2 100644 --- a/xen/include/xen/rcupdate.h +++ b/xen/include/xen/rcupdate.h @@ -177,7 +177,7 @@ void call_rcu(struct rcu_head *head, void rcu_barrier(void); -void rcu_idle_enter(unsigned int cpu); -void rcu_idle_exit(unsigned int cpu); +void rcu_quiet_enter(void); +void rcu_quiet_exit(void); #endif /* __XEN_RCUPDATE_H */