Xen project Mailing List

Re: [Xen-devel] [PATCH 5/9] x86/IRQ: fix locking around vector management

To: "Roger Pau Monne" <roger.pau@xxxxxxxxxx>

From: "Jan Beulich" <JBeulich@xxxxxxxx>

Date: Mon, 06 May 2019 07:06:10 -0600

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 06 May 2019 13:06:30 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

>>> On 06.05.19 at 13:48, <roger.pau@xxxxxxxxxx> wrote: > On Mon, Apr 29, 2019 at 05:25:03AM -0600, Jan Beulich wrote: >> All of __{assign,bind,clear}_irq_vector() manipulate struct irq_desc >> fields, and hence ought to be called with the descriptor lock held in >> addition to vector_lock. This is currently the case for only >> set_desc_affinity() and destroy_irq(), which also clarifies what the > > AFAICT set_desc_affinity is called from set_ioapic_affinity_irq which in > turn is called from setup_ioapic_dest without holding the desc lock. > Is this fine because that's only used a boot time? No, this isn't fine, and it's also not only called at boot time. I simply didn't spot this case of function re-use - I had come to the conclusion that all calls to set_desc_affinity() would come through the .set_affinity hook pointers (or happen sufficiently early). VT-d's adjust_irq_affinity() has a similar issue. At boot time alone would be insufficient anyway. Not taking locks can only be safe prior to bringing up APs; any later skipping of locking would at least require additional justification. >> nesting behavior between the locks has to be. Reflect the new >> expectation by having these functions all take a descriptor as >> parameter instead of an interrupt number. >> >> Drop one of the two leading underscores from all three functions at >> the same time. >> >> There's one case left where descriptors get manipulated with just >> vector_lock held: setup_vector_irq() assumes its caller to acquire >> vector_lock, and hence can't itself acquire the descriptor locks (wrong >> lock order). I don't currently see how to address this. > > Can you take the desc lock and vector lock for each irq in the second > loop of setup_vector_irq and remove the vector locking from the caller? > > That might be inefficient, but it's just done for CPU initialization. > > AFAICT the first loop of setup_vector_irq doesn't require any locking > since it's per-cpu initialization. It's not so much the first lock afaict. It's the combined action of calling this function and setting the online bit which needs the lock held around it. I.e. the function setting bits in various descriptors' CPU masks (and the tracking of the vector -> IRQ relationships) has to be atomic (to the outside world) with the setting of the CPU's bit in cpu_online_map. >> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> > > Change looks good to me: > > Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> Thanks, but I'll not add this for now, given the further locking to be added as per above. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.