| Message ID | 20220621193659.700787-1-frank.heimes@canonical.com |
|---|---|
| Headers | show |
| Series | Include patches to avoid self-detected stall with Secure Execution (LP: 1979296) | expand |
Acked-by: Bartlomiej Zolnierkiewicz <bartlomiej.zolnierkiewicz@canonical.com> On Tue, Jun 21, 2022 at 9:37 PM <frank.heimes@canonical.com> wrote: > > BugLink: https://bugs.launchpad.net/bugs/1979296 > > SRU Justification: > > [Impact] > > * On IBM Z secure execution environments under heavy load > (means with over-committed resources - KVM guests) > rcu_sched self-detected stalls can occur, > which lead to LPAR crashes. > > [Fix] > > * 57c5df13eca4 57c5df13eca4017ed28f9375dc1d246ec0f54217 "KVM: s390: pv: add macros for UVC CC values" > > * 1e2aa46de526 1e2aa46de526a5adafe580bca4c25856bb06f09e "KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm" > > * f0a1a0615a6f f0a1a0615a6ff6d38af2c65a522698fb4bb85df6 "KVM: s390: pv: avoid stalls when making pages secure" > > [Test Plan] > > * An IBM z15 or LinuxONE III LPAR with FC 115 (secure execution) > enabled is required. > > * Installation of Ubuntu Server 20.04 LTS (18.04 with hwe-5.4) > or 22.04 LTS on top. > > * Install a kernel that incl. the above two patches/commits > > * Bring the system under high load with KVM guests. > > * Monitor dmesg for 'rcu_sched self-detected stalls' > and/or look for crashes. > > * Due to hardware requirements this test needs to be conducted by IBM. > > [Where problems could occur] > > * The definition from 57c5df13eca4 are missing in both jammy > and focal, but shouldn't harm. > > * The change in 1e2aa46de526 only uses uv_call_sched instead > of just uv_call, which should lead to a snappier system > under high load, but may consume overall some more cycles. > > * With f0a1a0615a6f the uv_call_sched cannot simply replace > uv_call, due to locks being held. > > * Instead __uv_call is replacing uv_call, which does not loop. > > * But due to these changes of the (uv) calls, > - in case erroneous - they may lead to wrong states, > and even broken ultravisor calls > and with that broken secure execution (SE). > > * As a side effect the uv might no longer loop over all pages, > and in worst case leaving some unprotected. > > * All this is s390x-only functionality, > that is only available on IBM z15 / LinuxONE III systems and newer, > and only is the optional feature 'FC 115' in place, > which is limited to 'secure-execution' workloads. > > [Other Info] > > * Patches are upstream accepted with kernel 5.16. > > * Commit 1e2aa46de526 is already included in jammy > but 57c5df13eca4 and f0a1a0615a6f are missing. > > * Focal requires all 3 commits 57c5df13eca4, 1e2aa46de526 and f0a1a0615a6f. > > * Since impish is very close to it's EOL, it's not covered by this SRU. > > Claudio Imbrenda (3): > KVM: s390: pv: add macros for UVC CC values > KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm > KVM: s390: pv: avoid stalls when making pages secure > > arch/s390/include/asm/uv.h | 5 +++++ > arch/s390/kernel/uv.c | 29 +++++++++++++++++++++++------ > arch/s390/kvm/intercept.c | 5 +++++ > arch/s390/kvm/pv.c | 2 +- > 4 files changed, 34 insertions(+), 7 deletions(-) > > -- > 2.25.1
On 6/21/22 13:36, frank.heimes@canonical.com wrote: > BugLink: https://bugs.launchpad.net/bugs/1979296 > > SRU Justification: > > [Impact] > > * On IBM Z secure execution environments under heavy load > (means with over-committed resources - KVM guests) > rcu_sched self-detected stalls can occur, > which lead to LPAR crashes. > > [Fix] > > * 57c5df13eca4 57c5df13eca4017ed28f9375dc1d246ec0f54217 "KVM: s390: pv: add macros for UVC CC values" > > * 1e2aa46de526 1e2aa46de526a5adafe580bca4c25856bb06f09e "KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm" > > * f0a1a0615a6f f0a1a0615a6ff6d38af2c65a522698fb4bb85df6 "KVM: s390: pv: avoid stalls when making pages secure" > > [Test Plan] > > * An IBM z15 or LinuxONE III LPAR with FC 115 (secure execution) > enabled is required. > > * Installation of Ubuntu Server 20.04 LTS (18.04 with hwe-5.4) > or 22.04 LTS on top. > > * Install a kernel that incl. the above two patches/commits > > * Bring the system under high load with KVM guests. > > * Monitor dmesg for 'rcu_sched self-detected stalls' > and/or look for crashes. > > * Due to hardware requirements this test needs to be conducted by IBM. > > [Where problems could occur] > > * The definition from 57c5df13eca4 are missing in both jammy > and focal, but shouldn't harm. > > * The change in 1e2aa46de526 only uses uv_call_sched instead > of just uv_call, which should lead to a snappier system > under high load, but may consume overall some more cycles. > > * With f0a1a0615a6f the uv_call_sched cannot simply replace > uv_call, due to locks being held. > > * Instead __uv_call is replacing uv_call, which does not loop. > > * But due to these changes of the (uv) calls, > - in case erroneous - they may lead to wrong states, > and even broken ultravisor calls > and with that broken secure execution (SE). > > * As a side effect the uv might no longer loop over all pages, > and in worst case leaving some unprotected. > > * All this is s390x-only functionality, > that is only available on IBM z15 / LinuxONE III systems and newer, > and only is the optional feature 'FC 115' in place, > which is limited to 'secure-execution' workloads. > > [Other Info] > > * Patches are upstream accepted with kernel 5.16. > > * Commit 1e2aa46de526 is already included in jammy > but 57c5df13eca4 and f0a1a0615a6f are missing. > > * Focal requires all 3 commits 57c5df13eca4, 1e2aa46de526 and f0a1a0615a6f. > > * Since impish is very close to it's EOL, it's not covered by this SRU. > > Claudio Imbrenda (3): > KVM: s390: pv: add macros for UVC CC values > KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm > KVM: s390: pv: avoid stalls when making pages secure > > arch/s390/include/asm/uv.h | 5 +++++ > arch/s390/kernel/uv.c | 29 +++++++++++++++++++++++------ > arch/s390/kvm/intercept.c | 5 +++++ > arch/s390/kvm/pv.c | 2 +- > 4 files changed, 34 insertions(+), 7 deletions(-) > Acked-by: Tim Gardner <tim.gardner@canonical.com>
On 21.06.22 21:36, frank.heimes@canonical.com wrote: > BugLink: https://bugs.launchpad.net/bugs/1979296 > > SRU Justification: > > [Impact] > > * On IBM Z secure execution environments under heavy load > (means with over-committed resources - KVM guests) > rcu_sched self-detected stalls can occur, > which lead to LPAR crashes. > > [Fix] > > * 57c5df13eca4 57c5df13eca4017ed28f9375dc1d246ec0f54217 "KVM: s390: pv: add macros for UVC CC values" > > * 1e2aa46de526 1e2aa46de526a5adafe580bca4c25856bb06f09e "KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm" > > * f0a1a0615a6f f0a1a0615a6ff6d38af2c65a522698fb4bb85df6 "KVM: s390: pv: avoid stalls when making pages secure" > > [Test Plan] > > * An IBM z15 or LinuxONE III LPAR with FC 115 (secure execution) > enabled is required. > > * Installation of Ubuntu Server 20.04 LTS (18.04 with hwe-5.4) > or 22.04 LTS on top. > > * Install a kernel that incl. the above two patches/commits > > * Bring the system under high load with KVM guests. > > * Monitor dmesg for 'rcu_sched self-detected stalls' > and/or look for crashes. > > * Due to hardware requirements this test needs to be conducted by IBM. > > [Where problems could occur] > > * The definition from 57c5df13eca4 are missing in both jammy > and focal, but shouldn't harm. > > * The change in 1e2aa46de526 only uses uv_call_sched instead > of just uv_call, which should lead to a snappier system > under high load, but may consume overall some more cycles. > > * With f0a1a0615a6f the uv_call_sched cannot simply replace > uv_call, due to locks being held. > > * Instead __uv_call is replacing uv_call, which does not loop. > > * But due to these changes of the (uv) calls, > - in case erroneous - they may lead to wrong states, > and even broken ultravisor calls > and with that broken secure execution (SE). > > * As a side effect the uv might no longer loop over all pages, > and in worst case leaving some unprotected. > > * All this is s390x-only functionality, > that is only available on IBM z15 / LinuxONE III systems and newer, > and only is the optional feature 'FC 115' in place, > which is limited to 'secure-execution' workloads. > > [Other Info] > > * Patches are upstream accepted with kernel 5.16. > > * Commit 1e2aa46de526 is already included in jammy > but 57c5df13eca4 and f0a1a0615a6f are missing. > > * Focal requires all 3 commits 57c5df13eca4, 1e2aa46de526 and f0a1a0615a6f. > > * Since impish is very close to it's EOL, it's not covered by this SRU. > > Claudio Imbrenda (3): > KVM: s390: pv: add macros for UVC CC values > KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm > KVM: s390: pv: avoid stalls when making pages secure > > arch/s390/include/asm/uv.h | 5 +++++ > arch/s390/kernel/uv.c | 29 +++++++++++++++++++++++------ > arch/s390/kvm/intercept.c | 5 +++++ > arch/s390/kvm/pv.c | 2 +- > 4 files changed, 34 insertions(+), 7 deletions(-) > Applied to jammy,focal:linux/master-next. Thanks. -Stefan