[PATCH], issue EOI to APIC prior to calling crash_kexec in die_nmi path
Neil Horman
nhorman at tuxdriver.com
Thu Feb 7 07:17:19 EST 2008
On Wed, Feb 06, 2008 at 05:31:11PM -0700, Eric W. Biederman wrote:
> Ingo Molnar <mingo at elte.hu> writes:
>
> > * H. Peter Anvin <hpa at zytor.com> wrote:
> >
> >>> I am wondering if interrupts are disabled on crashing cpu or if
> >>> crashing cpu is inside die_nmi(), how would it stop/prevent delivery
> >>> of NMI IPI to other cpus.
> >>
> >> I don't see how it would.
> >
> > cross-CPU IPIs are a bit fragile on some PC platforms. So if the kexec
> > code relies on getting IPIs to all other CPUs, it might not be able to
> > do it reliably. There might be limitations on how many APIC irqs there
> > can be queued at a time, and if those slots are used up and the CPU is
> > not servicing irqs then stuff gets retried. This might even affect NMIs
> > sent via APIC messages - not sure about that.
>
>
>
> The design was as follows:
> - Doing anything in the crashing kernel is unreliable.
> - We do not have the information to do anything useful in the recovery/target
> kernel.
> - Having the other cpus stopped is very nice as it reduces the amount of
> weirdness happening. We do not share the same text or data addresses
> so stopping the other cpus is not mandatory. On some other architectures
> there are cpu tables that must live at a fixed address but this is not
> the case on x86.
> - Having the location the other cpus were running at is potentially very
> interesting debugging information.
>
> Therefore the intent of the code is to send an NMI to each other cpu. With
> a timeout of a second or so. So that if the NMI do not get sent we continue
> on.
>
> There is certainly still room for improving the robustness by not shutting
> down the ioapics and using less general infrastructure code on that path.
> That said I would be a little surprised if that is what is biting us.
>
> Looking at the patch the local_irq_enable() is totally bogus. As soon
> was we hit machine_crash_shutdown the first thing we do is disable irqs.
>
Ingo noted a few posts down the nmi_exit doesn't actually write to the APIC EOI
register, so yeah, I agree, its bogus (and I apologize, I should have checked
that more carefully). Nevertheless, this patch consistently allowed a hangning
machine to boot through an Nmi lockup. So I'm forced to wonder whats going on
then that this patch helps with. perhaps its a just a very fragile timing
issue, I'll need to look more closely.
> I'm wondering if someone was using the switch cpus on crash patch that was
> floating around. That would require the ipis to work.
>
Definately not the case, I did a clean build from a cvs tree to test this and
can verify that the switch cpu patch was not in place.
> I don't know if nmi_exit makes sense. There are enough layers of abstraction
> in that piece of code I can't quickly spot the part that is banging the hardware.
>
As ingo mentioned this does seem to be bogus.
> The location of nmi_exit in the patch is clearly wrong. crash_kexec is a noop
> if we don't have a crash kernel loaded (and if we are not the first cpu into it),
> so if we don't execute the crash code something weird may happen. Further the
> code is just more maintainable if that kind of code lives in machine_crash_shutdown.
>
>
>
> Eric
--
/****************************************************
* Neil Horman <nhorman at tuxdriver.com>
* Software Engineer, Red Hat
****************************************************/
More information about the kexec
mailing list