On Wed, Apr 02 2025, David Hildenbrand <da...@redhat.com> wrote:
> If we finds a vq without a name in our input array in
> virtio_ccw_find_vqs(), we treat it as "non-existing" and set the vq pointer
> to NULL; we will not call virtio_ccw_setup_vq() to allocate/setup a vq.
>
> Consequently, we create only a queue if it actually exists (name != NULL)
> and assign an incremental queue index to each such existing queue.
>
> However, in virtio_ccw_register_adapter_ind()->get_airq_indicator() we
> will not ignore these "non-existing queues", but instead assign an airq
> indicator to them.
>
> Besides never releasing them in virtio_ccw_drop_indicators() (because
> there is no virtqueue), the bigger issue seems to be that there will be a
> disagreement between the device and the Linux guest about the airq
> indicator to be used for notifying a queue, because the indicator bit
> for adapter I/O interrupt is derived from the queue index.
>
> The virtio spec states under "Setting Up Two-Stage Queue Indicators":
>
> ... indicator contains the guest address of an area wherein the
> indicators for the devices are contained, starting at bit_nr, one
> bit per virtqueue of the device.
>
> And further in "Notification via Adapter I/O Interrupts":
>
> For notifying the driver of virtqueue buffers, the device sets the
> bit in the guest-provided indicator area at the corresponding
> offset.
>
> For example, QEMU uses in virtio_ccw_notify() the queue index (passed as
> "vector") to select the relevant indicator bit. If a queue does not exist,
> it does not have a corresponding indicator bit assigned, because it
> effectively doesn't have a queue index.
>
> Using a virtio-balloon-ccw device under QEMU with free-page-hinting
> disabled ("free-page-hint=off") but free-page-reporting enabled
> ("free-page-reporting=on") will result in free page reporting
> not working as expected: in the virtio_balloon driver, we'll be stuck
> forever in virtballoon_free_page_report()->wait_event(), because the
> waitqueue will not be woken up as the notification from the device is
> lost: it would use the wrong indicator bit.
>
> Free page reporting stops working and we get splats (when configured to
> detect hung wqs) like:
>
> INFO: task kworker/1:3:463 blocked for more than 61 seconds.
> Not tainted 6.14.0 #4
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:kworker/1:3 [...]
> Workqueue: events page_reporting_process
> Call Trace:
> [<000002f404e6dfb2>] __schedule+0x402/0x1640
> [<000002f404e6f22e>] schedule+0x3e/0xe0
> [<000002f3846a88fa>] virtballoon_free_page_report+0xaa/0x110
> [virtio_balloon]
> [<000002f40435c8a4>] page_reporting_process+0x2e4/0x740
> [<000002f403fd3ee2>] process_one_work+0x1c2/0x400
> [<000002f403fd4b96>] worker_thread+0x296/0x420
> [<000002f403fe10b4>] kthread+0x124/0x290
> [<000002f403f4e0dc>] __ret_from_fork+0x3c/0x60
> [<000002f404e77272>] ret_from_fork+0xa/0x38
>
> There was recently a discussion [1] whether the "holes" should be
> treated differently again, effectively assigning also non-existing
> queues a queue index: that should also fix the issue, but requires other
> workarounds to not break existing setups.
>
> Let's fix it without affecting existing setups for now by properly ignoring
> the non-existing queues, so the indicator bits will match the queue
> indexes.
>
> [1] https://lore.kernel.org/all/cover.1720611677.git....@redhat.com/
>
> Fixes: a229989d975e ("virtio: don't allocate vqs when names[i] = NULL")
> Reported-by: Chandra Merla <cme...@redhat.com>
> Cc: <sta...@vger.kernel.org>
> Cc: Cornelia Huck <coh...@redhat.com>
> Cc: Thomas Huth <th...@redhat.com>
> Cc: Halil Pasic <pa...@linux.ibm.com>
> Cc: Eric Farman <far...@linux.ibm.com>
> Cc: Heiko Carstens <h...@linux.ibm.com>
> Cc: Vasily Gorbik <g...@linux.ibm.com>
> Cc: Alexander Gordeev <agord...@linux.ibm.com>
> Cc: Christian Borntraeger <borntrae...@linux.ibm.com>
> Cc: Sven Schnelle <sv...@linux.ibm.com>
> Cc: "Michael S. Tsirkin" <m...@redhat.com>
> Cc: Wei Wang <wei.w.w...@intel.com>
> Signed-off-by: David Hildenbrand <da...@redhat.com>
> ---
> drivers/s390/virtio/virtio_ccw.c | 16 ++++++++++++----
> 1 file changed, 12 insertions(+), 4 deletions(-)
Reviewed-by: Cornelia Huck <coh...@redhat.com>
[I assume that one of the IBM folks can simply pick this up?]
