Xen project Mailing List

Re: [PATCH v6 05/13] vpci: add hooks for PCI device assign/de-assign

From: Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>

Date: Tue, 8 Feb 2022 09:55:27 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ELE4ept9w7zonXmv40CfvMpz45CqGkgRm7/PIfSpHXs=; b=AYAWhKzwDLWLC2CNXD1Ct2k/+43fCxOGEpoUS617sQtF1yzbX8/tSTBX/4hw0Di88vOvZ3Wpnd/hA+2dQQxzFV99sbmU62dlpwMvrPi5qcB6de/FUAILcizTsIDIrjwt562CoxcGg4Dx7jLfZhfps2HvZObmHd6IsI30XrU/rxJ57LhevIw/aq2J82ktilNf97FO2ZtdKjRFiaJ5xTMyQuiimEK8rogRp6GLisfWEX9DffaZcAtDGQK0oh6nW1yTN/HuT8h6xRksRrmHqv1M1mYwCI8dRmkY7H2uuyjoUecL+OGbNm1B3HkItPaBaZO1sp7HAfw6HYj51GLrnlkmiw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QcY3BnyU0C76RuHptxdHYDJM4MlsbGsuKaW5vhPVy5auXSpC6EQ3ORfdTsyTxyX3VQsAuNcpUzkDffYKZm3K9e5P+I5ghTBfPFPvEZGRZuT8dkVzg1b4GjxGaje4sXtsdAoPkI8Zpz8J8v8XzvkYpoy9hFavQT6TS31kJAJmQoncngnZNKZV5dtUZnPqOjXncQKOSNHy3ctIUKxNbNLXy8sCh+Ld8XFUNyew4LDaNlH5oXBtkcWnvcfamP6EhygPw8yIJoEKcvPupNxheNBpKNvwJSQe7zlwAu2FB6vc7L4sIUPS4bG9CUgIaibLG9B3lFjGJ3CJyzGBgF6viFcQmA==

Cc: "julien@xxxxxxx" <julien@xxxxxxx>, "sstabellini@xxxxxxxxxx" <sstabellini@xxxxxxxxxx>, Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Artem Mygaiev <Artem_Mygaiev@xxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "george.dunlap@xxxxxxxxxx" <george.dunlap@xxxxxxxxxx>, "paul@xxxxxxx" <paul@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "roger.pau@xxxxxxxxxx" <roger.pau@xxxxxxxxxx>, Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>

Delivery-date: Tue, 08 Feb 2022 09:55:43 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHYGZFdYv4W1RdbQkeQtzN+PyKqmqyITGQAgAENNICAAAt2AIAAA+uAgAAEsACAAAMyAA==

Thread-topic: [PATCH v6 05/13] vpci: add hooks for PCI device assign/de-assign

On 08.02.22 11:44, Jan Beulich wrote: > On 08.02.2022 10:27, Oleksandr Andrushchenko wrote: >> On 08.02.22 11:13, Jan Beulich wrote: >>> On 08.02.2022 09:32, Oleksandr Andrushchenko wrote: >>>> On 07.02.22 18:28, Jan Beulich wrote: >>>>> On 04.02.2022 07:34, Oleksandr Andrushchenko wrote: >>>>>> @@ -1507,6 +1511,8 @@ static int assign_device(struct domain *d, u16 >>>>>> seg, u8 bus, u8 devfn, u32 flag) >>>>>> pci_to_dev(pdev), flag); >>>>>> } >>>>>> >>>>>> + rc = vpci_assign_device(d, pdev); >>>>>> + >>>>>> done: >>>>>> if ( rc ) >>>>>> printk(XENLOG_G_WARNING "%pd: assign (%pp) failed (%d)\n", >>>>> There's no attempt to undo anything in the case of getting back an >>>>> error. ISTR this being deemed okay on the basis that the tool stack >>>>> would then take whatever action, but whatever it is that is supposed >>>>> to deal with errors here wants spelling out in the description. >>>> Why? I don't change the previously expected decision and implementation >>>> of the assign_device function: I use error paths as they were used before >>>> for the existing code. So, I see no clear reason to stress that the >>>> existing >>>> and new code relies on the toolstack >>> Saying half a sentence on this is helping review. >> Ok >>>>> What's important is that no caller up the call tree may be left with >>>>> the impression that the device is still owned by the original >>>>> domain. With how you have it, the device is going to be owned by the >>>>> new domain, but not really usable. >>>> This is not true: vpci_assign_device will call vpci_deassign_device >>>> internally if it fails. So, the device won't be assigned in this case >>> No. The device is assigned to whatever pdev->domain holds. Calling >>> vpci_deassign_device() there merely makes sure that the device will >>> have _no_ vPCI data and hooks in place, rather than something >>> partial. >> So, this patch is only dealing with vpci assign/de-assign >> And it rolls back what it did in case of a failure >> It also returns rc in assign_device to signal it has failed >> What else is expected from this patch?? > Until now if assign_device() returns an error, this tells the caller > that the device did not change ownership; Not sure this is the case: if ( (rc = iommu_call(hd->platform_ops, assign_device, d, devfn, pci_to_dev(pdev), flag)) ) iommu_call can leave the new ownership even now without vpci_assign_device. My understanding is that the roll-back is expected to be performed by the toolstack and vpci_assign_device doesn't prevent that by returning rc. Even more, before we discussed that it would be good for vpci_assign_device to try recovering from a possible error early which is done by calling vpci_deassign_device internally. So, if you want the things to be clearly handled without relying on the toolstack then it is not vpci_assign_device introduced issue, but the existing one, which needs (if there is a good reason) to be fixed separately. I think that new code doesn't make things worse. At least > in the worst case it either > only moved to the quarantine domain, or the new owner may have been > crashed. In no case is the device owned by an alive DomU. You're > changing this property, and hence you need to make clear/sure that > this isn't colliding with assumptions made elsewhere. > > Jan > >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.