Benjamin Herrenschmidt <b...@kernel.crashing.org> writes: > On Fri, 2017-10-06 at 11:40 +0530, Nikunj A Dadhania wrote: >> Cédric Le Goater <c...@kaod.org> writes: >> >> > Hello, >> > >> > When a CPU is stopped with the 'stop-self' RTAS call, its state >> > 'halted' is switched to 1 and, in this case, the MSR is not taken into >> > account anymore in the cpu_has_work() routine. Only the pending >> > hardware interrupts are checked with their LPCR:PECE* enablement bit. >> > >> > If the DECR timer fires after 'stop-self' is called and before the CPU >> > 'stop' state is reached, the nearly-dead CPU will have some work to do >> > and the guest will crash. This case happens very frequently with the >> > not yet upstream P9 XIVE exploitation mode. In XICS mode, the DECR is >> > occasionally fired but after 'stop' state, so no work is to be done >> > and the guest survives. >> > >> > I suspect there is a race between the QEMU mainloop triggering the >> > timers and the TCG CPU thread but I could not quite identify the root >> > cause. To be safe, let's disable the decrementer interrupt in the LPCR >> > when the CPU is halted and reenable it when the CPU is restarted. >> >> Moreover, disabling the DECR in the reset path solves the TCG multi cpu >> reboot case, as reboot path does not call stop-cpu rtas call. > > SHouldn't we do it in set_papr too and only turn it on for the boot CPU > and in start-cpu RTAS call ? Same with the other PECEs in fact...
Yes, +1 for that Regards Nikunj