Xen project Mailing List

Re: [PATCH v4 02/11] vpci: cancel pending map/unmap on vpci removal

To: Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>

Date: Tue, 16 Nov 2021 15:11:20 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BDUdK1qoypFEv2Du/ypnRw1OL3dipyoJSLoQIStcT+Y=; b=P4GaRyhrYIiIR9I2ZvtHcsJL538LVtVCaocyRQtzPk3S39Mi7d2kDhQ5VGuZC7NhvZoZS88lsIRazx7Ur4YKPxePvoRwmZHxmThOOjnRlAKp3RfIMiD5KKhiRWmc8oP1wZ0tQdSdwc1lGsEdKr3FeGtOuO672SbSS6wTAUkJHnWr32FluCKETx4z+4k1KH167tUm6ODi4fbPbNIElLu9pSqr5qsADL8sV9etXdL4N8ot4eH9oircAJNtcB6HLygL+IBkp5BXWErWq2TfJmeE6VUjYuwJSAELLNH/VebG3873RokEql7w4TSCjrla6nB0ofVwAe39MZi8HNmaTCnozg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mCP2glo0ZcHQchWwX73zbh7LLvUo65zwfTPi6Jez+2H1HwVz6+3b3kkFkHzEsZuI7K4MIo6sM6wk/KJXNgZLaWHbQmpchiGv/dqNLhQtBk9HgopPv8S4Id++F4mvrV0uD8W04djzYSAh6XKp8niNMifB/nQREYBfrsQowmFIK8qWgeeffKkp/9R4wXgEOmc6AhHqK5nqqPQRl5FaDFl0t2jP8MQd4L3XtYJ+QMLipH7soe9AQnfNFetoQLDLZ6RxYdIs4JWXVFKnXQjSGw/vdkjRgz6Yjc0imGwu61lYVs7kCbS5FUSTLUqIH0sjqxGJgmGf+zvy1vcSSti2IBCs9w==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: "julien@xxxxxxx" <julien@xxxxxxx>, "sstabellini@xxxxxxxxxx" <sstabellini@xxxxxxxxxx>, Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Artem Mygaiev <Artem_Mygaiev@xxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "george.dunlap@xxxxxxxxxx" <george.dunlap@xxxxxxxxxx>, "paul@xxxxxxx" <paul@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "roger.pau@xxxxxxxxxx" <roger.pau@xxxxxxxxxx>

Delivery-date: Tue, 16 Nov 2021 14:11:37 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 16.11.2021 14:27, Oleksandr Andrushchenko wrote: > > > On 16.11.21 13:38, Jan Beulich wrote: >> On 16.11.2021 09:23, Oleksandr Andrushchenko wrote: >>> >>> On 16.11.21 10:01, Jan Beulich wrote: >>>> On 16.11.2021 08:32, Oleksandr Andrushchenko wrote: >>>>> On 15.11.21 18:56, Jan Beulich wrote: >>>>>> On 05.11.2021 07:56, Oleksandr Andrushchenko wrote: >>>>>>> @@ -165,6 +164,18 @@ bool vpci_process_pending(struct vcpu *v) >>>>>>> return false; >>>>>>> } >>>>>>> >>>>>>> +void vpci_cancel_pending(const struct pci_dev *pdev) >>>>>>> +{ >>>>>>> + struct vcpu *v = current; >>>>>>> + >>>>>>> + /* Cancel any pending work now. */ >>>>>> Doesn't "any" include pending work on all vCPU-s of the guest, not >>>>>> just current? Is current even relevant (as in: part of the correct >>>>>> domain), considering ... >>>>>> >>>>>>> --- a/xen/drivers/vpci/vpci.c >>>>>>> +++ b/xen/drivers/vpci/vpci.c >>>>>>> @@ -51,6 +51,8 @@ void vpci_remove_device(struct pci_dev *pdev) >>>>>>> xfree(r); >>>>>>> } >>>>>>> spin_unlock(&pdev->vpci->lock); >>>>>>> + >>>>>>> + vpci_cancel_pending(pdev); >>>>>> ... this code path, when coming here from pci_{add,remove}_device()? >>>>>> >>>>>> I can agree that there's a problem here, but I think you need to >>>>>> properly (i.e. in a race free manner) drain pending work. >>>>> Yes, the code is inconsistent with this respect. I am thinking about: >>>>> >>>>> void vpci_cancel_pending(const struct pci_dev *pdev) >>>>> { >>>>> struct domain *d = pdev->domain; >>>>> struct vcpu *v; >>>>> >>>>> /* Cancel any pending work now. */ >>>>> domain_lock(d); >>>>> for_each_vcpu ( d, v ) >>>>> { >>>>> vcpu_pause(v); >>>>> if ( v->vpci.mem && v->vpci.pdev == pdev) >>>> Nit: Same style issue as in the original patch. >>> Will fix >>>>> { >>>>> rangeset_destroy(v->vpci.mem); >>>>> v->vpci.mem = NULL; >>>>> } >>>>> vcpu_unpause(v); >>>>> } >>>>> domain_unlock(d); >>>>> } >>>>> >>>>> which seems to solve all the concerns. Is this what you mean? >>>> Something along these lines. I expect you will want to make use of >>>> domain_pause_except_self(), >>> Yes, this is what is needed here, thanks. The only question is that >>> >>> int domain_pause_except_self(struct domain *d) >>> { >>> [snip] >>> /* Avoid racing with other vcpus which may want to be pausing us >>> */ >>> if ( !spin_trylock(&d->hypercall_deadlock_mutex) ) >>> return -ERESTART; >>> >>> so it is not clear what do we do in case of -ERESTART: do we want to spin? >>> Otherwise we will leave the job not done effectively not canceling the >>> pending work. Any idea other then spinning? >> Depends on the call chain you come through. There may need to be some >> rearrangements such that you may be able to preempt the enclosing >> hypercall. > Well, there are three places which may lead to the pending work > needs to be canceled: > > MMIO trap -> vpci_write -> vpci_cmd_write -> modify_bars -> > vpci_cancel_pending (on modify_bars fail path) > > PHYSDEVOP_pci_device_add -> pci_add_device (error path) -> vpci_remove_device > -> vpci_cancel_pending > > PHYSDEVOP_pci_device_remove -> pci_remove_device -> vpci_remove_device -> > vpci_cancel_pending > > So, taking into account the MMIO path, I think about the below code > > /* > * Cancel any pending work now. > * > * FIXME: this can be called from an MMIO trap handler's error > * path, so we cannot just return an error code here, so upper > * layers can handle it. The best we can do is to still try > * removing the range sets. > */ The MMIO trap path should simply exit to the guest to have the insn retried. With the vPCI removal a subsequent emulation attempt will no longer be able to resolve the address to BDF, and hence do whatever it would do for an attempted access to config space not belonging to any device. For the two physdevops it may not be possible to preempt the hypercalls without further code adjustments. Jan > while ( (rc = domain_pause_except_self(d)) == -ERESTART ) > cpu_relax(); > > if ( rc ) > printk(XENLOG_G_ERR > "Failed to pause vCPUs while canceling vPCI map/unmap for %pp > %pd: %d\n", > &pdev->sbdf, pdev->domain, rc); > > I am not sure how to handle this otherwise > @Roger, do you see any other good way? >> >> Jan >> > Thank you, > Oleksandr >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.