[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 5/5] evtchn: don't call Xen consumer callback with per-channel lock held

To: Julien Grall <julien@xxxxxxx>
From: Tamas K Lengyel <tamas.k.lengyel@xxxxxxxxx>
Date: Wed, 23 Dec 2020 10:15:39 -0500
Cc: Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Tamas K Lengyel <lengyelt@xxxxxxxxxxxx>, Petre Ovidiu PIRCALABU <ppircalabu@xxxxxxxxxxxxxxx>, Alexandru Isaila <aisaila@xxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 23 Dec 2020 15:16:20 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, Dec 23, 2020 at 9:44 AM Julien Grall <julien@xxxxxxx> wrote:
>
>
>
> On 23/12/2020 13:41, Jan Beulich wrote:
> > On 23.12.2020 14:33, Julien Grall wrote:
> >> On 23/12/2020 13:12, Jan Beulich wrote:
> >>>  From the input by both of you I still can't
> >>> conclude whether this patch should remain as is in v4, or revert
> >>> back to its v2 version. Please can we get this settled so I can get
> >>> v4 out?
> >>
> >> I haven't had time to investigate the rest of the VM event code to find
> >> other cases where this may happen. I still think there is a bigger
> >> problem in the VM event code, but the maintainer disagrees here.
> >>
> >> At which point, I see limited reason to try to paper over in the common
> >> code. So I would rather ack/merge v2 rather than v3.
> >
> > Since I expect Tamas and/or the Bitdefender folks to be of the
> > opposite opinion, there's still no way out, at least if "rather
> > ack" implies a nak for v3.
>
> The only way out here is for someone to justify why this patch is
> sufficient for the VM event race. I am not convinced it is (see more below).
>
> > Personally, if this expectation of
> > mine is correct, I'd prefer to keep the accounting but make it
> > optional (as suggested in a post-commit-message remark).
> > That'll eliminate the overhead you appear to be concerned of,
> > but of course it'll further complicate the logic (albeit just
> > slightly).
>
> I am more concerned about adding over complex code that would just
> papering over a bigger problem. I also can't see use of it outside of
> the VM event discussion.
>
> I had another look at the code. As I mentioned in the past,
> vm_put_event_request() is able to deal with d != current->domain (it
> will set VM_EVENT_FLAG_FOREIGN). There are 4 callers for the function:
>     1) p2m_mem_paging_drop_page()
>     2) p2m_mem_paging_populate()
>     3) mem_sharing_notify_enomem()
>     4) monitor_traps()
>
> 1) and 2) belongs to the mem paging subsystem. Tamas suggested that it
> was abandoned.
>
> 4) can only be called with the current domain.
>
> This leave us 3) in the mem sharing subsystem. As this is call the
> memory hypercalls, it looks possible to me that d != current->domain.
> The code also seems to be maintained (there were recent non-trivial
> changes).
>
> Can one of the VM event developper come up with a justification why this
> patch enough to make the VM event subsystem safe?

3) is an unused feature as well that likely should be dropped at some
point. It can also only be called with current->domain, it effectively
just signals an out-of-memory error to a vm_event listener in dom0
that populating an entry for the VM that EPT faulted failed. I guess
the idea was that the dom0 agent would be able to make a decision on
how to proceed (ie which VM to kill to free up memory).

References:
- Re: [PATCH v3 5/5] evtchn: don't call Xen consumer callback with per-channel lock held
  - From: Julien Grall
- Re: [PATCH v3 5/5] evtchn: don't call Xen consumer callback with per-channel lock held
  - From: Jan Beulich
- Re: [PATCH v3 5/5] evtchn: don't call Xen consumer callback with per-channel lock held
  - From: Julien Grall
- Re: [PATCH v3 5/5] evtchn: don't call Xen consumer callback with per-channel lock held
  - From: Tamas K Lengyel
- Re: [PATCH v3 5/5] evtchn: don't call Xen consumer callback with per-channel lock held
  - From: Julien Grall
- Re: [PATCH v3 5/5] evtchn: don't call Xen consumer callback with per-channel lock held
  - From: Tamas K Lengyel
- Re: [PATCH v3 5/5] evtchn: don't call Xen consumer callback with per-channel lock held
  - From: Jan Beulich
- Re: [PATCH v3 5/5] evtchn: don't call Xen consumer callback with per-channel lock held
  - From: Julien Grall
- Re: [PATCH v3 5/5] evtchn: don't call Xen consumer callback with per-channel lock held
  - From: Tamas K Lengyel
- Re: [PATCH v3 5/5] evtchn: don't call Xen consumer callback with per-channel lock held
  - From: Jan Beulich
- Re: [PATCH v3 5/5] evtchn: don't call Xen consumer callback with per-channel lock held
  - From: Julien Grall
- Re: [PATCH v3 5/5] evtchn: don't call Xen consumer callback with per-channel lock held
  - From: Jan Beulich
- Re: [PATCH v3 5/5] evtchn: don't call Xen consumer callback with per-channel lock held
  - From: Julien Grall

Prev by Date: Re: Ryzen 4000 (Mobile) Softlocks/Micro-stutters
Next by Date: Re: [PATCH for-4.15 3/4] [RFC] xen/iommu: x86: Clear the root page-table before freeing the page-tables
Previous by thread: Re: [PATCH v3 5/5] evtchn: don't call Xen consumer callback with per-channel lock held
Next by thread: Re: [PATCH v3 2/5] evtchn: avoid access tearing for ->virq_to_evtchn[] accesses
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.