[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 2/6] xen: pci: introduce reference counting for pdev

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Wed, 29 Mar 2023 12:48:06 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zjccRZPr+GMcor3zhNZBlxQ+vDMUSFsIPZ21KlTWugg=; b=SwqHG5F7fE4AQ+sNrM6S5Q7ZABP9FM4Fotmuf+5dOnUp3eEqkZR3MZ/wB4BspX5l0KBCE7ZKVyvRudU0J6fweyz0KsWHKIkJdXLZQE0LsKsU8VBrz0Qenpf6BqEZ9P8bUqOmczpNKclyZjLa7Iz48/JPp9aMQBuR6ekO7e0weTIAcPJF1kaKzk50W/j71V8ga1A1EuNCMB9QQ4YmRUF6dkAC0mjoHSUx29whZF1FKrmfr/JsZcwO2DvFARstBNVTdozqmUeny5U4B/ZKIHTpdZ9wnhqDdpCc4FrSGQhSIpX3jEoQ4LBPeDDGazuWbdYAvY0h2GF+16zniOgAa6jpuw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iahTiel1oJ9aEzXq9e8BIpcFZbChQ/gZDMu5xpU+gcGOtH1c6sbn0bXc36cDFHfoQmpp/ClaTIZ05vWEehlBOEurbw+Sg/wCZ6YPl2foxGylnWGG11lcwFvifmuXWinM/f0gVK9dnxMuPLG9unRPsZf6YewanjDTEQbMu+VsGXZaQjxcTvmrcMGs1Y1+o3YnBbHo2Uz/Yn5X3frJjkabwUSqiIZ4/SP64LOb2uSGOQ/gR8HaBreInlrqn2yjV9FbierIdfjDSDx3I/7GyWhNx/h/27lTuOLWLdbiODhTHYsPiqGtGtK+54iDSCrQKU01EIhr7WFbqDEr5bJGAztfYg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>
  • Delivery-date: Wed, 29 Mar 2023 10:48:30 +0000
  • Ironport-data: A9a23:cuxBKKIf+O1qekp1FE+RX5QlxSXFcZb7ZxGr2PjKsXjdYENS0zAHz TMYD22EaPvYYDP0Kt4jPYW/oUoD6J/Uz4JrHFdlqX01Q3x08seUXt7xwmUcnc+xBpaaEB84t ZV2hv3odp1coqr0/0/1WlTZhSAgk/rOHvykU7Ss1hlZHWdMUD0mhQ9oh9k3i4tphcnRKw6Ws Jb5rta31GWNglaYCUpJrfPTwP9TlK6q4mhA5QZvPakjUGL2zBH5MrpOfcldEFOgKmVkNrbSb /rOyri/4lTY838FYj9yuu+mGqGiaue60Tmm0hK6aYD76vRxjnVaPpIAHOgdcS9qZwChxLid/ jnvWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I+QrvBIAzt03ZHzaM7H09c4pOkR37 NFbcAsSVRqKprin64KRSPVz05FLwMnDZOvzu1lG5BSAVbMDfsqGRK/Ho9hFwD03m8ZCW+7EY NYUYiZuaxKGZABTPlAQC9Q1m+LAanvXKmUE7g7K4/dqpTGLlGSd05C0WDbRUsaNSshP2F6Ru 0rN/njjAwFcP9uaodaA2iv03b6XxnyiBur+EpWH1aBxiw2NyFYxGSYyVQCkm/iks3OXDoc3x 0s8v3BGQbIJ3E6hQ8T5Xha4iGWZpRNaUN1Ve8UE7wWKxrvR8hyuLGEORT5ca/QrrMYzAzct0 zehj97vQDBirrCRYXac7auP6yO/PzAPKm0PbjNCShEKi/H8pKkjgxSJScxseIa3k9n0FDfY0 z2M6i8kiN07ltUX3q+2+VTGhTOEpZXTSAMxoALNUQqN9gpkYKa1aoru7kLUhd5DIZiYSB+dv XECs8mY8O0KS5qKkUSwrP4lGbio47OAL2faiFs2R505rW31ozikYJxa5yx4KAFxKMEYdDT1Y UjV/wRM+JtUO3jsZqhyC26sN/kXIWHbPYyNfpjpghBmO/CdqCfvEPlSWHOt
  • Ironport-hdrordr: A9a23:VBygo6Fd8Ii4DswfpLqE5seALOsnbusQ8zAXPiFKJSC9F/byqy nAppsmPHPP5gr5OktBpTnwAsi9qBrnnPYejLX5Vo3SPzUO1lHYSb1K3M/PxCDhBj271sM179 YFT0GmMqyTMWRH
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Wed, Mar 29, 2023 at 11:55:26AM +0200, Jan Beulich wrote:
> On 16.03.2023 17:16, Roger Pau Monné wrote:
> > On Tue, Mar 14, 2023 at 08:56:29PM +0000, Volodymyr Babchuk wrote:
> >> Prior to this change, lifetime of pci_dev objects was protected by global
> >> pcidevs_lock(). Long-term plan is to remove this log, so we need some
> >                                                    ^ lock
> > 
> > I wouldn't say remove, as one way or another we need a lock to protect
> > concurrent accesses.
> > 
> >> other mechanism to ensure that those objects will not disappear under
> >> feet of code that access them. Reference counting is a good choice as
> >> it provides easy to comprehend way to control object lifetime.
> >>
> >> This patch adds two new helper functions: pcidev_get() and
> >> pcidev_put(). pcidev_get() will increase reference counter, while
> >> pcidev_put() will decrease it, destroying object when counter reaches
> >> zero.
> >>
> >> pcidev_get() should be used only when you already have a valid pointer
> >> to the object or you are holding lock that protects one of the
> >> lists (domain, pseg or ats) that store pci_dev structs.
> >>
> >> pcidev_get() is rarely used directly, because there already are
> >> functions that will provide valid pointer to pci_dev struct:
> >> pci_get_pdev(), pci_get_real_pdev(). They will lock appropriate list,
> >> find needed object and increase its reference counter before returning
> >> to the caller.
> >>
> >> Naturally, pci_put() should be called after finishing working with a
> >> received object. This is the reason why this patch have so many
> >> pcidev_put()s and so little pcidev_get()s: existing calls to
> >> pci_get_*() functions now will increase reference counter
> >> automatically, we just need to decrease it back when we finished.
> > 
> > After looking a bit into this, I would like to ask whether it's been
> > considered the need to increase the refcount for each use of a pdev.
> > 
> > For example I would consider the initial alloc_pdev() to take a
> > refcount, and then pci_remove_device() _must_ be the function that
> > removes the last refcount, so that it can return -EBUSY otherwise (see
> > my comment below).
> 
> I thought I had replied to this, but couldn't find any record thereof;
> apologies for a possible duplicate.
> 
> In a get-/put-ref model, much like we have it for domheap pages, the
> last put should trigger whatever is needed for "freeing" (here:
> removing) the item. Therefore I think in this new model all
> PHYSDEVOP_{pci_device_remove,manage_pci_remove} should cause is the
> dropping of the ref that alloc_pdev() has put in place (plus some
> marking of the device, so that another PHYSDEVOP_{pci_device_remove,
> manage_pci_remove} can be properly ignored rather than dropping one
> ref too many; this marking may then also prevent the obtaining of new
> references, if such can be arranged for without breaking [cleanup]
> functionality elsewhere). Whenever the last reference is put, that
> would trigger the operations that pci_remove_device() presently
> carries out.

Right, this all seems sensible.

> 
> Of course this would mean that if PHYSDEVOP_{pci_device_remove,
> manage_pci_remove} didn't drop the last reference, it would need to
> signal this to its caller, for it to be aware that the device is not
> yet ready for (e.g.) hot-unplug. There'll then also need to be a way
> for the caller to figure out when that situation has changed (which
> might be via repeated invocations of the same hypercall sub-op, or
> some new sub-op).

Returning -EBUSY and expecting the caller to repeat the call would
likely be the easier one to implement and likely fine for our
purposes.  There's a risk that the toolstack/kernel enters an infinite
loop if there's a dangling extra ref somewhere, but that would be a
bug anyway.

So device creation would take a reference, and device assignation would
take another one.  Devices assigned are safe against removal, so there
should be no need to take an extra reference in that case.

There are however a number of cases that use pci_get_pdev(NULL, ...)
for example, at which point we would need to take an extra reference
on those cases if the device is not assigned to a domain?

Or would we just keep those under pcidevs_locked regions as-is?

(as PHYSDEVOP_{pci_device_remove, manage_pci_remove} will still take
the pci_lock).

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.