Xen project Mailing List

Re: [PATCH 4/4] vpci: move lock outside of struct vpci

To: Oleksandr Andrushchenko <andr2000@xxxxxxxxx>

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Wed, 2 Feb 2022 10:45:01 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WiuF1apECAnbhAM7S6UWj9N5RR/vCYnE9hCPsKt8K+Q=; b=IhTbqLMj7kc2t9dpKPQci2MCuEaKGJYsXDjgKfvUWCeZt2n3vFhWBVOmtinB/QgsqaNltidSIm2HFJ5BlsIy2i+UPzjAEKihXeM2UtaB9PUaMaCi7hKEiyLbg0thRjGProtW5iMMMrzV2N/f0wrATeRdyiYyuPNyAEFEmHMY++RccNNoULNOizUgcpOms81XKUb+g4qxexXacrKQSJKopu4oyGhFhdjEa2AublGVqQGJDTMgae+a3wJOBnZplCcrygsIc0oNpRkNg4n0wZFWEAZSi0NtMbIKw/L0aekBEpb3pEIDLbtvo+hjc51pWIkxk23ZWUKQC7qPM1t5MQf9uQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SP9OYwr9XzMRDEH3zZoDT4YA0X6D+t2eFE20aZgS7B4Nqq/B0Ho+lxojp3ZjGwLw0coLJVF5gq3LtuFQE7rAuvTC1ycIR+ZUOBdK/diKPfi4+Jmo0tfc9LGOIPB84ANobaPWF2Uwia+h5S4N9IwV54mYW2sTuhfQkUyE/32Mut8CGdnk8td49GWDhvKklZQ6PtNxviemWwWHspDj4tzwLHDkA00CT7iXNnAwiW81CfuZmDBnqRwqEBFKh+xLH5ejKPmXXy6xjFBnYO1UP1AbaOKV/0ya3SHtWuAzcBKzDjGbfEoJWjvzUJQg2NMcVUCaUMhbBc37Zg9wu55tkwVtnw==

Authentication-results: esa5.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com

Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, <julien@xxxxxxx>, <sstabellini@xxxxxxxxxx>, <oleksandr_tyshchenko@xxxxxxxx>, <volodymyr_babchuk@xxxxxxxx>, <Artem_Mygaiev@xxxxxxxx>, <jbeulich@xxxxxxxx>, <andrew.cooper3@xxxxxxxxxx>, <george.dunlap@xxxxxxxxxx>, <paul@xxxxxxx>, <bertrand.marquis@xxxxxxx>, <rahul.singh@xxxxxxx>, Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx>

Delivery-date: Wed, 02 Feb 2022 09:45:22 +0000

Ironport-data: A9a23:Dip8R6KMCS8fUcXUFE+R7ZMlxSXFcZb7ZxGr2PjKsXjdYENS1GQBx zFLW2mBb/bYYjaje9wjOo3noU8DucSGyNMySwFlqX01Q3x08seUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokcxIn5BC5C5xZVG/fjgqoHUVaiUakideSc+EH170Ug7wbZg6mJVqYPR7z2l6 IuaT/L3YDdJ6xYsWo7Dw/vewP/HlK2aVAIw5jTSV9gS1LPtvyB94KYkDbOwNxPFrrx8RYZWc QphIIaRpQs19z91Yj+sfy2SnkciGtY+NiDW4pZatjTLbrGvaUXe345iXMfwZ3u7hB22k48rz ox9i6ePTAoGZPHHneNDTBtxRnQW0a1uoNcrIFC6uM2XiUbHb2Ht07NlC0Re0Y8wo7gtRzsUr LpBdW5LPkvra+GemdpXTsF2gcsuNo/zNZ43sXB81zDJS/0hRPgvRo2Uv4AGgmdv26iiG978Z vs+Wyd+Mi/jeiJNK0cuFcoYrLqR0yyXnzpw9wvO+PtfD3Lo5BR4zbzFINfTPNuQSq19nEyVu 2bH9GTRGQwBOZqUzj/t2lu2muLKqgbqV4sTGaOQ++ZjhRuYwWl7IBoSWFigqP+1kHm3Xd5FN lcU8Sojq6s13EGzR9y7VBq9yFaetx4BX5xLEus16CmE0K+S6AGcbkAOQyRdctUguIkzTCYzy 16St9rzAHpkt7j9YXCA8raZqxuiNC5TKnUNDQcUQA1A79T9rYUbihPUUs0lAKOzlsfyGzz73 3aNtidWr7wVgdRRj/3j1V/CijOo4JPOS2Yd+ALTWW606xJjU4SsbYeo9Fvz4O5JKcCSSVzpl H8AlsuF5eYCF6aRhTeNS+UAGrKuz/udOTiaillqd7E67Cik8XOneYFW4Rl9KV1vP8JCfiXmC HI/oisIusUVZiHzK/YqPcThUKzG0JQMC/zaWq+OaIN+XKNOcQKopn1lYEnOwGLExR1Efb4EB b+XdsOlDHA/AKthzSarS+p17YLH1hzS1kuIG8mlkk3PPa62ISfMFOxbaAfmgvURsfvcyDg55 eqzICdjJ/93dOTlKhfa/ocIRbzhBShqXMumwyC7mwPqH+aHJI3DI6OAqV/CU9Y890iwqgsv1 irlMnK0MHKl2RX6xfyiMxiPko/HU5dltm4cNicxJ1uu0HVLSd/xsPxAK8JmLOR+qrwLIRtIo x4tIJ3oPxiyYm6fp2R1gWfV8OSOiyhHdSrRZnH4MVDTjrZrRhDT+8+MQ+cc3HJmM8ZDjuNn+ +fI/lqCGfIrHl0+ZO6LNq7H5w7v7BA1xbIjN2OVc4I7UBi9r+BXx9nZ06Vfzzckc0uTn1N3F m++XH8lmAU6i9RkrYCU1f3Y9NrB/ikXNhMyIlQ3JI2ebEHy1mGi3ZVBQKCPezXcX3nz46Kse aNeyPSUDRHNtA8iX1NUH+k5wKQgycHoorMGnA1oEG+SNwagC696I2nA1s5K7/UfyrhcsAqwe 0SO5tgFZunZZJK7SAYcdFg/c+CO9fAIgT2Ov/47F1r3uX1s972dXEQMYxTV0H5BLKF4OZ8Oy Ps6vJJE8BS2jxcna47Uji1d+2mWAGYHVqEr6sMTDIPx01J5wVBee53MTCTx5cjXOdlLN0ArJ B6ShbbD2OsAlhaTLSJrGCGUj+RHhJkItBRb93M4JgyEyojfm/s6/BxN6jBrHA5b+QpKjrBoM W9xOkwreajXp2V0hNJOVnyHEh1aAEHL4VT4zlYEmTGLT0SsUWCRfmQxNfzUoRIc+mNYODNa4 KuZ2CDuVjOzJJP92S47WEhErf3/TIMuql2eyZ7/R8nVTYMnZTfFg7O1YTtaohTqNso9mUnbq LQ45+13c6D6aXYdrqBT51N2DljMpMRo/FB/fMw=

Ironport-hdrordr: A9a23:6p0YS6rMMiCaQ9+ON/hwT3YaV5uzL9V00zEX/kB9WHVpm5Oj+P xGzc526farslsssREb+OxpOMG7MBThHLpOkPMs1NCZLXTbUQqTXfpfBO7ZrQEIdBeOlNK1uZ 0QFpSWTeeAcWSS7vyKkTVQcexQueVvmZrA7Yy1rwYPcegpUdAZ0+4QMHfkLqQcfnghOXNWLu v52iIRzADQBkj/I/7LTUUtbqzmnZnmhZjmaRkJC1oO7xSPtyqh7PrfHwKD1hkTfjtTyfN6mF K13jDR1+GGibWW2xXc32jc49B/n8bg8MJKAIiphtIOIjvhpw60bMBKWqGEvhoyvOazgWxa2u XkklMFBYBe+nnRdma6rV/E3BTh6i8n7zvYxVqRkRLY0LrEbQN/L/AEqZNScxPf5UZllsp7yr h302WQsIcSJQ/cnQzmjuK4GS1Cpw6Rmz4PgOQTh3tQXc81c7lKt7ES+0tTDdMpAD/60oY6C+ NjZfusq8q+SWnqL0wxg1Mfg+BFBh8Ib1W7qwk5y4CoOgFt7TFEJxBy/r1bop8CnKhNPKWsqd 60dpiAr4s+PfP+W5gNcNvpcfHHelAlfii8Ql56AW6XXZ3vaEi946Ie3t0OlZSXkdozvdwPpK g=

Ironport-sdr: lNZrdtPnl3IxEKApYEvHBGFKJJmh43hGDiHONqY2da/qJ2gVnrYf3Bg0OG4x17hOuW9D0s1eiH FudRBRRf97zNeC+qn+ADK1DanHzQVQ+VWssvl0wQcJmlELUAJkzcuZdon5wVHG23kRrtAfiPjW 8IZ2IDBa9nkpYoxRH+5ahVvp7OsVTuHHGgqbVeoXTSI6/8mIw0mhYPyaXUd9BtnTQ7qv2kJc4a o5FgDEVkDCXpZDA3t3xVZIIqat10gfROguI6yca4PfV1fVJ74lmJkI4vq0ZWkbLg/oo2m7SUAn CH3c2E+EHemvUgJRdTP7bnef

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, Feb 01, 2022 at 06:25:08PM +0200, Oleksandr Andrushchenko wrote: > From: Roger Pau Monne <roger.pau@xxxxxxxxxx> > > This way the lock can be used to check whether vpci is present, and > removal can be performed while holding the lock, in order to make > sure there are no accesses to the contents of the vpci struct. > Previously removal could race with vpci_read for example, since the > lock was dropped prior to freeing pdev->vpci. > > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> > Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx> > --- > Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > Cc: Jan Beulich <jbeulich@xxxxxxxx> > Cc: Julien Grall <julien@xxxxxxx> > Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx> > --- > New in v5 of this series: this is an updated version of the patch published at > https://lore.kernel.org/xen-devel/20180717094830.54806-2-roger.pau@xxxxxxxxxx/ > > Changes since v5: > - do not split code into vpci_remove_device_handlers_locked yet > - move INIT_LIST_HEAD outside the locked region (Jan) > - stripped out locking optimizations for vpci_{read|write} into a > dedicated patch > Changes since v2: > - fixed pdev->vpci = xzalloc(struct vpci); under spin_lock (Jan) > Changes since v1: > - Assert that vpci_lock is locked in vpci_remove_device_locked. > - Remove double newline. > - Shrink critical section in vpci_{read/write}. > --- > tools/tests/vpci/emul.h | 5 ++- > tools/tests/vpci/main.c | 4 +-- > xen/arch/x86/hvm/vmsi.c | 8 ++--- > xen/drivers/passthrough/pci.c | 1 + > xen/drivers/vpci/header.c | 21 ++++++++---- > xen/drivers/vpci/msi.c | 11 ++++-- > xen/drivers/vpci/msix.c | 8 ++--- > xen/drivers/vpci/vpci.c | 63 ++++++++++++++++++++++------------- > xen/include/xen/pci.h | 1 + > xen/include/xen/vpci.h | 3 +- > 10 files changed, 78 insertions(+), 47 deletions(-) > > diff --git a/tools/tests/vpci/emul.h b/tools/tests/vpci/emul.h > index 2e1d3057c9d8..d018fb5eef21 100644 > --- a/tools/tests/vpci/emul.h > +++ b/tools/tests/vpci/emul.h > @@ -44,6 +44,7 @@ struct domain { > }; > > struct pci_dev { > + bool vpci_lock; > struct vpci *vpci; > }; > > @@ -53,10 +54,8 @@ struct vcpu > }; > > extern const struct vcpu *current; > -extern const struct pci_dev test_pdev; > +extern struct pci_dev test_pdev; > > -typedef bool spinlock_t; > -#define spin_lock_init(l) (*(l) = false) > #define spin_lock(l) (*(l) = true) > #define spin_unlock(l) (*(l) = false) > > diff --git a/tools/tests/vpci/main.c b/tools/tests/vpci/main.c > index b9a0a6006bb9..26c95b08b6b1 100644 > --- a/tools/tests/vpci/main.c > +++ b/tools/tests/vpci/main.c > @@ -23,7 +23,8 @@ static struct vpci vpci; > > const static struct domain d; > > -const struct pci_dev test_pdev = { > +struct pci_dev test_pdev = { > + .vpci_lock = false, Nit: vpci_lock will already be initialized to false by default, so this is redundant. > .vpci = &vpci, > }; > > @@ -158,7 +159,6 @@ main(int argc, char **argv) > int rc; > > INIT_LIST_HEAD(&vpci.handlers); > - spin_lock_init(&vpci.lock); > > VPCI_ADD_REG(vpci_read32, vpci_write32, 0, 4, r0); > VPCI_READ_CHECK(0, 4, r0); > diff --git a/xen/arch/x86/hvm/vmsi.c b/xen/arch/x86/hvm/vmsi.c > index 13e2a190b439..1f7a37f78264 100644 > --- a/xen/arch/x86/hvm/vmsi.c > +++ b/xen/arch/x86/hvm/vmsi.c > @@ -910,14 +910,14 @@ int vpci_msix_arch_print(const struct vpci_msix *msix) > { > struct pci_dev *pdev = msix->pdev; > > - spin_unlock(&msix->pdev->vpci->lock); > + spin_unlock(&msix->pdev->vpci_lock); > process_pending_softirqs(); > /* NB: we assume that pdev cannot go away for an alive domain. */ > - if ( !pdev->vpci || !spin_trylock(&pdev->vpci->lock) ) > + if ( !spin_trylock(&pdev->vpci_lock) ) > return -EBUSY; > - if ( pdev->vpci->msix != msix ) > + if ( !pdev->vpci || pdev->vpci->msix != msix ) > { > - spin_unlock(&pdev->vpci->lock); > + spin_unlock(&pdev->vpci_lock); > return -EAGAIN; > } > } > diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c > index 1fad80362f0e..af648c6a19b5 100644 > --- a/xen/drivers/passthrough/pci.c > +++ b/xen/drivers/passthrough/pci.c > @@ -328,6 +328,7 @@ static struct pci_dev *alloc_pdev(struct pci_seg *pseg, > u8 bus, u8 devfn) > *((u8*) &pdev->bus) = bus; > *((u8*) &pdev->devfn) = devfn; > pdev->domain = NULL; > + spin_lock_init(&pdev->vpci_lock); > > arch_pci_init_pdev(pdev); > > diff --git a/xen/drivers/vpci/header.c b/xen/drivers/vpci/header.c > index 40ff79c33f8f..bd23c0274d48 100644 > --- a/xen/drivers/vpci/header.c > +++ b/xen/drivers/vpci/header.c > @@ -142,12 +142,13 @@ bool vpci_process_pending(struct vcpu *v) > if ( rc == -ERESTART ) > return true; > > - spin_lock(&v->vpci.pdev->vpci->lock); > - /* Disable memory decoding unconditionally on failure. */ > - modify_decoding(v->vpci.pdev, > - rc ? v->vpci.cmd & ~PCI_COMMAND_MEMORY : v->vpci.cmd, > - !rc && v->vpci.rom_only); > - spin_unlock(&v->vpci.pdev->vpci->lock); > + spin_lock(&v->vpci.pdev->vpci_lock); > + if ( v->vpci.pdev->vpci ) > + /* Disable memory decoding unconditionally on failure. */ > + modify_decoding(v->vpci.pdev, > + rc ? v->vpci.cmd & ~PCI_COMMAND_MEMORY : > v->vpci.cmd, > + !rc && v->vpci.rom_only); > + spin_unlock(&v->vpci.pdev->vpci_lock); > > rangeset_destroy(v->vpci.mem); > v->vpci.mem = NULL; > @@ -285,6 +286,12 @@ static int modify_bars(const struct pci_dev *pdev, > uint16_t cmd, bool rom_only) > continue; > } > > + spin_lock(&tmp->vpci_lock); > + if ( !tmp->vpci ) > + { > + spin_unlock(&tmp->vpci_lock); > + continue; > + } > for ( i = 0; i < ARRAY_SIZE(tmp->vpci->header.bars); i++ ) > { > const struct vpci_bar *bar = &tmp->vpci->header.bars[i]; > @@ -303,12 +310,14 @@ static int modify_bars(const struct pci_dev *pdev, > uint16_t cmd, bool rom_only) > rc = rangeset_remove_range(mem, start, end); > if ( rc ) > { > + spin_unlock(&tmp->vpci_lock); > printk(XENLOG_G_WARNING "Failed to remove [%lx, %lx]: %d\n", > start, end, rc); > rangeset_destroy(mem); > return rc; > } > } > + spin_unlock(&tmp->vpci_lock); > } > > ASSERT(dev); > diff --git a/xen/drivers/vpci/msi.c b/xen/drivers/vpci/msi.c > index 5757a7aed20f..e3ce46869dad 100644 > --- a/xen/drivers/vpci/msi.c > +++ b/xen/drivers/vpci/msi.c > @@ -270,7 +270,7 @@ void vpci_dump_msi(void) > rcu_read_lock(&domlist_read_lock); > for_each_domain ( d ) > { > - const struct pci_dev *pdev; > + struct pci_dev *pdev; > > if ( !has_vpci(d) ) > continue; > @@ -282,8 +282,13 @@ void vpci_dump_msi(void) > const struct vpci_msi *msi; > const struct vpci_msix *msix; > > - if ( !pdev->vpci || !spin_trylock(&pdev->vpci->lock) ) > + if ( !spin_trylock(&pdev->vpci_lock) ) > continue; > + if ( !pdev->vpci ) > + { > + spin_unlock(&pdev->vpci_lock); > + continue; > + } > > msi = pdev->vpci->msi; > if ( msi && msi->enabled ) > @@ -323,7 +328,7 @@ void vpci_dump_msi(void) > } > } > > - spin_unlock(&pdev->vpci->lock); > + spin_unlock(&pdev->vpci_lock); > process_pending_softirqs(); > } > } > diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c > index 846f1b8d7038..5310cc3ff520 100644 > --- a/xen/drivers/vpci/msix.c > +++ b/xen/drivers/vpci/msix.c > @@ -225,7 +225,7 @@ static int msix_read(struct vcpu *v, unsigned long addr, > unsigned int len, I think you also need to add locking to msix_find, otherwise it will dereference pdev->vpci without holding the vpci_lock. It might be a better approach to rename msix_find to msix_get and return the vpci_msix struct with the vpci_lock taken, so we can assert it's not going to disappear under our feet. Then you will also need to add a msix_put function that releases the lock. > return X86EMUL_OKAY; > } > > - spin_lock(&msix->pdev->vpci->lock); > + spin_lock(&msix->pdev->vpci_lock); > entry = get_entry(msix, addr); > offset = addr & (PCI_MSIX_ENTRY_SIZE - 1); > > @@ -254,7 +254,7 @@ static int msix_read(struct vcpu *v, unsigned long addr, > unsigned int len, > ASSERT_UNREACHABLE(); > break; > } > - spin_unlock(&msix->pdev->vpci->lock); > + spin_unlock(&msix->pdev->vpci_lock); > > return X86EMUL_OKAY; > } > @@ -297,7 +297,7 @@ static int msix_write(struct vcpu *v, unsigned long addr, > unsigned int len, > return X86EMUL_OKAY; > } > > - spin_lock(&msix->pdev->vpci->lock); > + spin_lock(&msix->pdev->vpci_lock); > entry = get_entry(msix, addr); > offset = addr & (PCI_MSIX_ENTRY_SIZE - 1); > > @@ -370,7 +370,7 @@ static int msix_write(struct vcpu *v, unsigned long addr, > unsigned int len, > ASSERT_UNREACHABLE(); > break; > } > - spin_unlock(&msix->pdev->vpci->lock); > + spin_unlock(&msix->pdev->vpci_lock); > > return X86EMUL_OKAY; > } > diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c > index fb0947179b79..c015a4d77540 100644 > --- a/xen/drivers/vpci/vpci.c > +++ b/xen/drivers/vpci/vpci.c > @@ -35,12 +35,10 @@ extern vpci_register_init_t *const __start_vpci_array[]; > extern vpci_register_init_t *const __end_vpci_array[]; > #define NUM_VPCI_INIT (__end_vpci_array - __start_vpci_array) > > -void vpci_remove_device(struct pci_dev *pdev) > +static void vpci_remove_device_locked(struct pci_dev *pdev) Nit: since it's a static function you can drop the vpci_ prefix here. Thanks, Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.