Xen project Mailing List

Re: [PATCH v3 8/8] common: convert vCPU info area registration

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Thu, 28 Sep 2023 12:15:22 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+nH2Art6T4/MCklXzOTcMhEpuiaF1SYFMn0ATROEjgk=; b=BelfnvAKAxlD9IvqLFJUoDKgmHsdT+2uNbL0b8cLOIpSCYDE3ZIX9JzDKYrCelidLEwuK4LPpaoVUiJrY9F/WV24p0CfydpX5+K+dHkUzyTfWIbxEqi6+s+njyVYXq9U8/rikLoFiHP6X09SqwQsyvYQKtLOti3fLDh1zaRywDBeh2WzJno/uoRHoPMkmo5aTpmyumKrv0H4vf641iwGNS2kqOi3sNgcvWXtDStccN+WS3yIElEWVFH0/ymbq+LO2VBs17AMgZM0P46iDRrGiGc5UReEl7Ix/wxCpEmW+3kmUs3ep5K/RKMhtny46Q9PU7+NzYomeFBxJOk+lo9uzg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XNFBeb4liRa4uBU2tKTPh2NEhCbFqcjfAvWvxpnMjWwXDDk+C6ytWIjDK+cT8VQrFrl9b7sV89F7ZXx1U/yvkNZgqGA2ThKR930ysIcGEfw6Pis2H6rCa5bcx72OcIJ3wl5fE9v79PAwXmBYDpc7zXaaZbzKaUuv9VLbVfrnnTprPwXNKA4PdImt2yfeXaMZ7bYwR34M4ujQBK3wxUMOTC2ye9dlNj+MEC+H/piMW5kzajHq4ZKMz4lWOUpilh7umpdUbhcmNPdj6CmLGC9es56BZeMmn9HXJ2WcVcmhDhfUCJzeGkkU/9UcmZXPUhrM+YkJu6YuYHQvlRAfIh1I7w==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>

Delivery-date: Thu, 28 Sep 2023 10:15:40 +0000

Ironport-data: A9a23:8Hi82aCkXG6wxhVW/8ziw5YqxClBgxIJ4kV8jS/XYbTApDIr1WcCx mEbWWCDP/+CMTP2fItyO4/npxwGup6BydJiQQY4rX1jcSlH+JHPbTi7wuUcHAvJd5GeExg3h yk6QoOdRCzhZiaE/n9BCpC48D8kk/nOH+KgYAL9EngZbRd+Tys8gg5Ulec8g4p56fC0GArIs t7pyyHlEAbNNwVcbCRMsMpvlDs15K6p4GJC7gRnDRx2lAS2e0c9Xcp3yZ6ZdxMUcqEMdsamS uDKyq2O/2+x13/B3fv8z94X2mVTKlLjFVDmZkh+AsBOsTAbzsAG6Y4pNeJ0VKtio27hc+ada jl6ncfYpQ8BZsUgkQmGOvVSO3kW0aZuoNcrLZUj2CA6IoKvn3bEmp1T4E8K0YIw4bpPC0Fqp OUjDDkuYxm6ub6kmovgc7w57igjBJGD0II3nFhFlGicJtF/BJfJTuPN+MNS2yo2ioZWB/HCa sEFaD1pKhPdfxlIPVRRA5U79AuqriCnL3sE9xTI++xuvDC7IA9ZidABNPLPfdOHX4NNl1uwr WPa5WXpRBodMbRzzBLcqC7w2baezHqTtIQ6Gby8yr17mAWphUNKOh8WWH2ig/OasxvrMz5YA wlOksY0loAw/kG2Stj2XzWjvWWJ+BUbXrJ4A+A8rQ2A1KfQywKYHXQfCC5MbsQ8s807TiBs0 UWG9/vrGDhuvbu9WX+bsLCOoluaIjMJJGUPYSsFSwot4NT5pow3yBXVQb5LD6qdntDzXzbqz FiisCE7jq47kc0P2qO07F3DxTmro/D0ohUd4wzWWieu6Vp/bYv8PoiwswGEtbBHMZqTSUSHs D4cgc+C4esSDJaL0iuQXOEKG7Lv7PGAWNHBvWNS81Aa32zF0xaekUp4uVmS+G8B3h44RALU

Ironport-hdrordr: A9a23:HmS5JKAxrT+kc1vlHemT55DYdb4zR+YMi2TDGXoBMCC9E/bo7/ xG+c5w6faaskd1ZJhNo6HjBEDEewK+yXcX2+gs1NWZLW3bUQKTRekI0WKh+V3d8kbFh4lgPM lbAs5D4R7LYWSST/yW3OB1KbkdKRC8npyVuQ==

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, Sep 28, 2023 at 11:53:36AM +0200, Jan Beulich wrote: > On 28.09.2023 10:24, Roger Pau Monné wrote: > > On Wed, May 03, 2023 at 05:58:30PM +0200, Jan Beulich wrote: > >> Switch to using map_guest_area(). Noteworthy differences from > >> map_vcpu_info(): > >> - remote vCPU-s are paused rather than checked for being down (which in > >> principle can change right after the check), > >> - the domain lock is taken for a much smaller region, > >> - the error code for an attempt to re-register the area is now -EBUSY, > >> - we could in principle permit de-registration when no area was > >> previously registered (which would permit "probing", if necessary for > >> anything). > >> > >> Note that this eliminates a bug in copy_vcpu_settings(): The function > >> did allocate a new page regardless of the GFN already having a mapping, > >> thus in particular breaking the case of two vCPU-s having their info > >> areas on the same page. > >> > >> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> > > > > Some minor comments below: > > > > Acked-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> > > Thanks. > > >> --- a/xen/common/domain.c > >> +++ b/xen/common/domain.c > >> @@ -127,10 +127,10 @@ static void vcpu_info_reset(struct vcpu > >> { > >> struct domain *d = v->domain; > > > > d could likely be made const? > > Probably, but this is just context here. > > >> @@ -1633,14 +1528,44 @@ int map_guest_area(struct vcpu *v, paddr > >> > >> domain_lock(d); > >> > >> - if ( map ) > >> - populate(map, v); > >> + /* No re-registration of the vCPU info area. */ > >> + if ( area != &v->vcpu_info_area || !area->pg ) > > > > It would be nice if this check could be done earlier, as to avoid > > having to fetch and map the page just to discard it. That would > > however require taking the domain lock earlier. > > In order to kind of balance the conflicting goals, there is an unlocked > early check in the caller. See also the related RFC remark; I might > interpret your remark as "yes, keep the early check". Oh, yes, do keep the check. > >> + { > >> + if ( map ) > >> + populate(map, v); > >> > >> - SWAP(area->pg, pg); > >> - SWAP(area->map, map); > >> + SWAP(area->pg, pg); > >> + SWAP(area->map, map); > >> + } > >> + else > >> + rc = -EBUSY; > >> > >> domain_unlock(d); > >> > >> + /* Set pending flags /after/ new vcpu_info pointer was set. */ > >> + if ( area == &v->vcpu_info_area && !rc ) > >> + { > >> + /* > >> + * Mark everything as being pending just to make sure nothing gets > >> + * lost. The domain will get a spurious event, but it can cope. > >> + */ > >> +#ifdef CONFIG_COMPAT > >> + if ( !has_32bit_shinfo(d) ) > >> + { > >> + vcpu_info_t *info = area->map; > >> + > >> + /* For VCPUOP_register_vcpu_info handling in > >> common_vcpu_op(). */ > >> + BUILD_BUG_ON(sizeof(*info) != sizeof(info->compat)); > >> + write_atomic(&info->native.evtchn_pending_sel, ~0); > >> + } > >> + else > >> +#endif > >> + write_atomic(&vcpu_info(v, evtchn_pending_sel), ~0); > > > > Can't the setting of evtchn_pending_sel be done in > > vcpu_info_populate()? > > No, see the comment ahead of the outer if(). populate() needs calling > ahead of updating the pointer. I'm afraid I don't obviously see why evtchn_pending_sel can't be set before v->vcpu_info is updated. It will end up being ~0 anyway, regardless of the order of operations, and we do force an event channel injection. There's something I'm clearly missing. vcpu_mark_events_pending() and force_update_vcpu_system_time() obviously cannot be moved to the populate hook. > >> @@ -1801,6 +1729,27 @@ bool update_runstate_area(struct vcpu *v > >> return rc; > >> } > >> > >> +/* > >> + * This makes sure that the vcpu_info is always pointing at a valid piece > >> of > >> + * memory, and it sets a pending event to make sure that a pending event > >> + * doesn't get missed. > >> + */ > >> +static void cf_check > >> +vcpu_info_populate(void *map, struct vcpu *v) > >> +{ > >> + vcpu_info_t *info = map; > >> + > >> + if ( v->vcpu_info_area.map == &dummy_vcpu_info ) > >> + { > >> + memset(info, 0, sizeof(*info)); > >> +#ifdef XEN_HAVE_PV_UPCALL_MASK > >> + __vcpu_info(v, info, evtchn_upcall_mask) = 1; > >> +#endif > > > > I'm not sure about the point of those guards, this will always be 1, > > as we always build the hypervisor with the headers in xen/public? > > That's the case on x86, but this is common code, and hence the build would > break on other architectures if the guard wasn't there. Ah, I see, sorry for the noise. Thanks, Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.