Bug 450953

Summary: el4u6 xenU guest kernel lockup due to mm_unpinned_lock and runqueue spinlock deadlock
Product: Red Hat Enterprise Linux 4 Reporter: Herbert van den Bergh <herbert.van.den.bergh>
Component: kernel-xenAssignee: Chris Lalancette <clalance>
Status: CLOSED ERRATA QA Contact: Martin Jenner <mjenner>
Severity: high Docs Contact:
Priority: high    
Version: 4.6CC: bmr, clalance, cward, greg.marsden, jwest, riel, rpacheco, tao, uobergfe, vgoyal, xen-maint
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-05-18 19:15:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 461304, 470304    
Attachments:
Description Flags
fix for mm_unpinned_lock / runq deadlock
none
Backport of upstream xen-unstable c/s 10343 and 10995 none

Description Herbert van den Bergh 2008-06-11 21:13:09 UTC 
Description of problem:

After running an arbitrary workload involving network traffic for some time (1-2
days), a xen guest running the 2.6.9-67 x86_64 xenU kernel locks up with both
vcpu's spinning at 100%.  

Version-Release number of selected component (if applicable):
kernel-2.6.9-67

How reproducible:
Reproduces after running a test workload (involving network traffic) for 1-2
days, but not consistently.

Steps to Reproduce:
1. Run a test workload involving network traffic
2. monitor cpu usage of guest
3. wait... until guest cpu usage goes to 100%
  
Actual results:
Guest kernel spins on both vcpu's

Expected results:
Guest kernel doesn't spin

Additional info:
The problem is due to a race between the scheduler and network interrupts.  On
one vcpu, the scheduler takes the runqueue spinlock of the other vcpu to
schedule a process, and attempts to lock mm_unpinned_lock.  On the other vcpu,
another process is holding mm_unpinned_lock (because it is starting or exiting),
and is interrupted by a network interrupt.  The network interrupt handler
attempts to wake up the same process that the first vcpu is trying to schedule,
and will try to get the runqueue spinlock that the first vcpu is already holding.

I was not able to obtain a full kernel stack from the interrupt, but do have
kernel stacks of the tasks on the vcpu's, if needed.
Comment 1 Herbert van den Bergh 2008-06-11 21:13:09 UTC 
Created attachment 309000 [details]
fix for mm_unpinned_lock / runq deadlock
Comment 2 Rik van Riel 2008-07-30 15:17:56 UTC 
The patch looks good to me.
Comment 3 RHEL Program Management 2008-09-03 13:17:16 UTC 
Updating PM score.
Comment 4 RHEL Program Management 2008-09-17 18:52:15 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 10 Chris Lalancette 2008-11-22 09:29:09 UTC 
OK.  I posted this patch to upstream Xen, and they pointed out that not only does 2.6.18 probably not have this issue, but also that the patch isn't entirely sufficient, since you might still deadlock with the mm->page_table_lock.  Upstream 2.6.18 does this a different way (which the RHEL-5 kernel already has); I've backported the changes, and built a test kernel available at http://people.redhat.com/clalance/bz450953/.  Can the reporter please download the test kernel, try it out, and report back test results?

Thank you,
Chris Lalancette
Comment 11 Chris Lalancette 2008-11-22 09:31:04 UTC 
Created attachment 324399 [details]
Backport of upstream xen-unstable c/s 10343 and 10995

This is a backport of xen-unstable c/s 10343 and 10995, that I believe will fix the issue.  Instead of changing the locking, this actually defers the mm_pin time until activate_mm, which means that we should avoid the deadlock in the first place.
Comment 12 Rik van Riel 2008-11-22 15:32:29 UTC 
Chris, the upstream patches are indeed better.  I'll go NACK Larry's patches :)
Comment 14 Vivek Goyal 2008-11-27 19:38:23 UTC 
Committed in 78.20.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/
Comment 17 Chris Ward 2009-05-05 13:56:31 UTC 
Any updates here? Has this issue been resolved in the RHEL 4.8 Beta? later kernel?
Comment 21 errata-xmlrpc 2009-05-18 19:15:53 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1024.html