WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] non-emulated rdtsc: a smoking gun!

from [Dan Magenheimer] [Permanent Link][Original]
To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] non-emulated rdtsc: a smoking gun!
From: Dan Magenheimer <dan.magenheimer@xxxxxxxxxx>
Date: Thu, 22 Oct 2009 13:53:41 -0700 (PDT)
Cc: kurt.hackel@xxxxxxxxxx, Jeremy Fitzhardinge <jeremy.fitzhardinge@xxxxxxxxxx>, Avi Kivity <avi@xxxxxxxxxx>, chris.mason@xxxxxxxxxx, Keir Fraser <Keir.Fraser@xxxxxxxxxxxxx>
Delivery-date: Thu, 22 Oct 2009 13:54:43 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
I just found a Linux kernel use of rdtsc that
MAY cause a significant failure if rdtsc is
unemulated and a poorly timed migration (or
save/restore) occurs under Xen or KVM.

The problem is that a call to __udelay() --
or any member of the delay() family -- may
return prematurely**.  Since these functions
"must guarantee that we wait at least the
amount of time" specified, there are likely
unknown kernel circumstances where a
premature return will cause problems.
(Disclaimer: I haven't gone through every use
of every call site of every member of the delay
function family to prove this.)

I observed this use of rdtsc on a real running
released EL5U2-32b PV kernel, but the problem also
exists on 2.6.31 and probably on any currently
shipping PV kernel.  AND due to a bug(?) in HVM
management of TSC, I think it will occur in any
Linux HVM as well.  And, other than Xen/KVM
guaranteeing rdtsc is monotonically-increasing
(and tracks wallclock time across a migration
which Xen's emulated rdtsc doesn't yet do),
I don't think there is a solution.

The problem can occur if a migration or
save/restore results in the appearance that
the physical TSC went backwards.  For example:
1) A live migration occurs from machine A
   to machine B, and machine B was much more
   recently booted than machine A; or
2) A guest is saved on machine A, machine A
   has been running for a long time, machine
   A is rebooted, and the guest is restored
   on machine A shortly after it is booted.

If a delay() function is currently executing
in the guest kernel when the above occurs
and the rdtsc instruction is unemulated,
the delay() function will return immediately**
when the kernel vcpu regains control.
True, in many circumstances, the overhead
incurred by the migration or save/restore will
expire the intended delay, and so perhaps serve
the same purpose as the intended delay, but
there may also be circumstances where this is
not true.

** Note that some clever coding in the Linux
kernel sources averts a much worse disaster,
namely a very extended spinwait for hours or
days or more!  This cleverness may not exist
in all kernels -- or in applications that might
implement a similar rdtsc-based __udelay()-like
technique.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] qemu-3.4-testing problems..., Mark Johnson
Next by Date:  [Xen-devel] [PATCH] /xen/xsm/ Corrected check in io_has_perm(), Paul Nuzzi
Previous by Thread:  [Xen-devel] qemu-3.4-testing problems..., Mark Johnson
Next by Thread:  Re: [Xen-devel] non-emulated rdtsc: a smoking gun!, Jeremy Fitzhardinge
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy