Xen project Mailing List

Re: [PATCH for-4.22] char/ns16550: bound execution time of ns16550_interrupt()

To: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Thu, 25 Jun 2026 13:31:26 +0200

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=google header.d=suse.com header.i="@suse.com" header.h="Content-Transfer-Encoding:In-Reply-To:Autocrypt:From:Content-Language:References:Cc:To:Subject:User-Agent:MIME-Version:Date:Message-ID"

Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL

Cc: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Thu, 25 Jun 2026 11:31:37 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 25.06.2026 12:08, Roger Pau Monné wrote: > On Wed, Jun 24, 2026 at 10:01:36AM +0200, Jan Beulich wrote: >> On 23.06.2026 17:54, Roger Pau Monné wrote: >>> On Tue, Jun 23, 2026 at 04:27:12PM +0200, Jan Beulich wrote: >>>> On 23.06.2026 16:16, Roger Pau Monné wrote: >>>>> On Tue, Jun 23, 2026 at 03:44:06PM +0200, Jan Beulich wrote: >>>>>> On 23.06.2026 12:31, Roger Pau Monne wrote: >>>>>>> + if ( uart->force_polling ) >>>>>>> + return; >>>>>> >>>>>> As the IRQ was disabled, is this even possible? I.e. should this be some >>>>>> kind of assertion or alike? >>>>> >>>>> Hm, I wasn't setting IRQ_DISABLED before, and hence needed this guard. >>>>> But now with IRQ_DISABLED being set in ->status do_IRQ() should filter >>>>> any stray interrupts. I will attempt to add an ASSERT_UNREACHABLE() >>>>> here. >>>> >>>> Simply ASSERT(!uart->force_polling) should do here? It is not wrong to >>>> run the code below in release builds in such an event. If we kept getting >>>> interrupts (perhaps at a high frequency) we'd be in trouble anyway. >>> >>> No, I'm afraid I can't do it like that, I can't put an ASSERT there, >>> because we can still get into ns16550_interrupt() after the interrupt >>> has been disabled. In do_IRQ() we have the following loop: >>> >>> while ( desc->status & IRQ_PENDING ) >>> { >>> desc->status &= ~IRQ_PENDING; >>> spin_unlock_irq(&desc->lock); >>> >>> tsc_in = tb_init_done ? get_cycles() : 0; >>> action->handler(irq, action->dev_id); >>> TRACE_TIME(TRC_HW_IRQ_HANDLED, irq, tsc_in, get_cycles()); >>> >>> spin_lock_irq(&desc->lock); >>> } >>> >>> So if the device is generating further interrupts in the window with >>> IRQs enabled (while we execute the handler), we will keep looping >>> around this, without taking into account the setting of IRQ_DISABLED. >> >> Ah yes. >> >>> This is something that we might want to fix, so that the loop is bound >>> by IRQ_PENDING being set, and IRQ_DISABLED not, ie: >>> >>> while ( (desc->status & (IRQ_PENDING | IRQ_DISABLED)) == IRQ_PENDING ) >> >> Or perhaps ahead of the loop >> >> desc->status &= ~IRQ_REPLAY; >> >> if ( desc->status & IRQ_DISABLED ) >> goto out; >> >> desc->status |= IRQ_PENDING; >> >> /* >> * Since we set PENDING, if another processor is handling a different >> * instance of this same irq, the other processor will take care of it. >> */ >> if ( desc->status & IRQ_INPROGRESS ) >> goto out; >> >> desc->status |= IRQ_INPROGRESS; >> >> thus also having the comment no longer describe only part of the conditional. > > I think this is racy. An interrupt hitting in the window with > interrupts enabled ahead of the handler having set IRQ_DISABLED will > still set IRQ_PENDING, and thus the loop would get executed a further > time, and the handler called after IRQ_DISABLED having been set. Hmm, I don't quite agree with how you put it, but I think I see what you mean. There's one question here, though: If PENDING is set first, and DISABLED only later, shouldn't that IRQ instance still be handled? If so, ... > I think we need an extra condition in the loop, I see no way this can > be solved only by dealing with the concurrent setting of IRQ_PENDING. ... such an extra condition would be wrong. If not, yes, I agree. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.