[PATCH 0/3] KVM: Fix lost IRQ acks for RTC

From: Joerg Roedel
Date: Mon Feb 29 2016 - 10:05:25 EST


here is a small patch-set to fix a race condition which
happens when an RTC-IRQ is migrated to another VCPU while it
is being handled by the guest.

The RTC-EOI handling in KVM requires that all sent interrupt
messages to the VCPUs need to be acked before another
RTC-IRQ can be sent. When an EOI signal from the guest is
lost, it will never see an RTC interrupt again (until it

This is easily reproducible with a Linux guest executing
this loop:

$ while true;do time hwclock --show --test --debug;done

When the guest has multiple vcpus and the RTC-IRQ is
regularily migrated (e.g. by irqbalance), the race condition
will be hit after some time and the hwclock tool will fail

select() to /dev/rtc to wait for clock tick timed out...synchronization failed

The race condition happens because of the way the EOI
backtracking between local APIC and IOAPIC works in KVM. The
destination VCPU and vector is part of the IOAPIC state.
When the guest sends an EOI to the local APIC the vector is
matched against the destinations stored in the IOAPIC and
ACKed there too if it matches.

The problem begins when a VCPU handles an RTC interrupt and
at the same time another VCPU migrates the RTC-IRQ away from
that VCPU. This updates the IOAPIC state in KVM to
the new destination, so that the EOI sent from the first
VCPU does not match anymore in the IOAPIC, hence losing the

This patch-set fixes the race-condition by adding explicit
back-tracking information for RTC-IRQs. The rtc_status
struct already holds a dest_map bitmap to store which VCPUs
receveived an RTC-IRQ. This is extended to also hold the
vector that was sent to this VCPU.

This information is then used to match EOI signals from the
guest to the RTC. This explicit back-tracking fixes the



Joerg Roedel (3):
kvm: x86: Convert ioapic->rtc_status.dest_map to a struct
kvm: x86: Track irq vectors in ioapic->rtc_status.dest_map
kvm: x86: Check dest_map->vector to match eoi signals for rtc

arch/x86/kvm/ioapic.c | 30 +++++++++++++++++++++---------
arch/x86/kvm/ioapic.h | 17 +++++++++++++++--
arch/x86/kvm/irq_comm.c | 2 +-
arch/x86/kvm/lapic.c | 14 ++++++++------
arch/x86/kvm/lapic.h | 7 +++++--
5 files changed, 50 insertions(+), 20 deletions(-)