Xen project Mailing List

Re: [PATCH v4 02/11] vpci: cancel pending map/unmap on vpci removal

To: Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>

Date: Tue, 16 Nov 2021 17:09:38 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iYm0VtEp7kV2wnizbYcIm3VxzzYeWnY1FeNOdHKy8nU=; b=Kv5YcNhEfGIkhvQd3xXQxBcQ7lXZDGf8Ze4f4EPp78yoLVd5e5+jBe6CKhWWgC1OLO7QZahu51dHUeX5DVWX4MCsjY8+vaoJhvDdAWEg9jKddgJAB1HIDZBofpWuuZkwggLIgDnRHaSmKa3N+2pWqcOEm+RloFD6pjwgLTBKXPDFZMBX4GYWm3CXfFCJ2t7DfQ61MEycT+FeMqJ+S9FEWK3P6ywEWCLVTrSl0a20Dk07Uv6QMytGkW/qsnZKSV1L9xTL1kbwZvVrgmk23XLF9NZinTDHhwUX3y84zDVG93Pb+ToiZ6vBp9R5iHOYAz9qVLRaaC9+V2pY69aOYPIHng==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O9HrRKRk3VLAkt//9jb5ZhgevwK3e+qi/24GsVZU/scXY/rkeRiIaFSgdZMKQ/EHLGb97E8dKXqrMFI2TK03zvo95hTjOH8n4SN9MsHouDtSQtIqZ/u6YMp5x6LyUBTXdFSsWw8SsaNYj8nkw+2dSQs4fwVjYZypOJMwJ7zuwUO9Dl28QasLD1xPowmAh0J+GxVaGwu4GZokazc5dJwlG946C5mcJamxcQE505Jr/HNQ1N/64odPiTdXxq2V3S6lxcP3lQgVl1JsuAC4imW7paHra7rR1FulkFpTRITU1eRf2uO1o2VyHh3+2XbkVztMlnVLRjVyP9fGmLbQ1xMXYg==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Artem Mygaiev <Artem_Mygaiev@xxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "george.dunlap@xxxxxxxxxx" <george.dunlap@xxxxxxxxxx>, "paul@xxxxxxx" <paul@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "roger.pau@xxxxxxxxxx" <roger.pau@xxxxxxxxxx>, "sstabellini@xxxxxxxxxx" <sstabellini@xxxxxxxxxx>, "julien@xxxxxxx" <julien@xxxxxxx>

Delivery-date: Tue, 16 Nov 2021 16:09:59 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 16.11.2021 15:24, Oleksandr Andrushchenko wrote: > > > On 16.11.21 16:12, Jan Beulich wrote: >> On 16.11.2021 14:41, Oleksandr Andrushchenko wrote: >>> >>> On 16.11.21 10:23, Oleksandr Andrushchenko wrote: >>>> On 16.11.21 10:01, Jan Beulich wrote: >>>>> On 16.11.2021 08:32, Oleksandr Andrushchenko wrote: >>>>>> On 15.11.21 18:56, Jan Beulich wrote: >>>>>>> On 05.11.2021 07:56, Oleksandr Andrushchenko wrote: >>>>>>>> From: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx> >>>>>>>> >>>>>>>> When a vPCI is removed for a PCI device it is possible that we have >>>>>>>> scheduled a delayed work for map/unmap operations for that device. >>>>>>>> For example, the following scenario can illustrate the problem: >>>>>>>> >>>>>>>> pci_physdev_op >>>>>>>> pci_add_device >>>>>>>> init_bars -> modify_bars -> defer_map -> >>>>>>>> raise_softirq(SCHEDULE_SOFTIRQ) >>>>>>>> iommu_add_device <- FAILS >>>>>>>> vpci_remove_device -> xfree(pdev->vpci) >>>>>>>> >>>>>>>> leave_hypervisor_to_guest >>>>>>>> vpci_process_pending: v->vpci.mem != NULL; v->vpci.pdev->vpci >>>>>>>> == NULL >>>>>>>> >>>>>>>> For the hardware domain we continue execution as the worse that >>>>>>>> could happen is that MMIO mappings are left in place when the >>>>>>>> device has been deassigned >>>>>>> Is continuing safe in this case? I.e. isn't there the risk of a NULL >>>>>>> deref? >>>>>> I think it is safe to continue >>>>> And why do you think so? I.e. why is there no race for Dom0 when there >>>>> is one for DomU? >>>> Well, then we need to use a lock to synchronize the two. >>>> I guess this needs to be pci devs lock unfortunately >>> The parties involved in deferred work and its cancellation: >>> >>> MMIO trap -> vpci_write -> vpci_cmd_write -> modify_bars -> defer_map >>> >>> Arm: leave_hypervisor_to_guest -> check_for_vcpu_work -> >>> vpci_process_pending >>> >>> x86: two places -> hvm_do_resume -> vpci_process_pending >>> >>> So, both defer_map and vpci_process_pending need to be synchronized with >>> pcidevs_{lock|unlock). >> If I was an Arm maintainer, I'm afraid I would object to the pcidevs lock >> getting used in leave_hypervisor_to_guest. > I do agree this is really not good, but it seems I am limited in choices. > @Stefano, @Julien, do you see any better way of doing that? > > We were thinking about introducing a dedicated lock for vpci [1], > but finally decided to use pcidevs_lock for now Even that locking model might be too heavyweight for this purpose, unless an r/w lock was intended. The problem would still be that all guest exiting would be serialized within a domain. (That's still better than serializing all guest exiting on the host, of course.) Jan > [1] https://lore.kernel.org/all/afe47397-a792-6b0c-0a89-b47c523e50d9@xxxxxxxx/ >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.