Xen project Mailing List

Re: [PATCH v4 02/11] vpci: cancel pending map/unmap on vpci removal

To: Jan Beulich <jbeulich@xxxxxxxx>, "sstabellini@xxxxxxxxxx" <sstabellini@xxxxxxxxxx>, "julien@xxxxxxx" <julien@xxxxxxx>

From: Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>

Date: Tue, 16 Nov 2021 14:24:30 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ERC3kglmfYm4kn36U4BGgfIU7oIuuiJ97Q8wXkZEMDM=; b=lJ+FiuEeE4yetXIWR5vf5QvARCGzqHkO02fr8dmyxAQeIjGU+1OlQpLnhorj/23936DhIFUwGGtWn7tUgXBDGAltI/SlhjpxAClrfY+/QXIWx+Rm6HX1VeJY7+gLHk00fbJLNK1SRwwsZni3+Y+sk/beVhoxlvXdon59nFGMCiM7TMjjbK8Ahbkuk5KGZq1Za5gcOKwvQghjMzWxbWSmL/2qmSp4b8RHWMTm4xyt0NWLVEBOG0HyvElHy6urNAdoPMHc6sGcCeTBOk3H0xPeB5D783TdvYyEQI4bg96oj4oyVEmn+Jh2iPGdKNrc9Fs+45iGobfqxpaB6P/4TG4Hew==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CYJQ7ii0mHvTirHkLc1dADKWvJ1zHxhOpX8qd0tlGoOKoGsMWm/TCNpgoArxjd5weO1PZd0CMaUeyVO1/ycF5HLh/dkJC15B6bzkovic1jtYYEmmZTImIIPW5XBAwEoDWMuZ3WCcLj4LrvljDBCzkRTAxnCkXgqVjy9sSSrC46Yxs4JwsavzK87NalZvGKLs0VaEEsvqztBGrrmbDdmhgnxIyiCU6eGewdI+1j/QPnbeErmZoLCzNrRRqvZv+ExDTuPWbnLJ+Lb5fFRRe6URlNNR9Gwfjogdmg9YBPRA28giOZ3+6JsXI6kaSh90sD8oTBxZP/qLhqc0kqc0Voimrg==

Cc: Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Artem Mygaiev <Artem_Mygaiev@xxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "george.dunlap@xxxxxxxxxx" <george.dunlap@xxxxxxxxxx>, "paul@xxxxxxx" <paul@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "roger.pau@xxxxxxxxxx" <roger.pau@xxxxxxxxxx>

Delivery-date: Tue, 16 Nov 2021 14:24:51 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHX0hJIYALl/D9fL0OD6N0XGDJh2awE30EAgAD09oCAAAgGAIAABgyAgABY44CAAAjHAIAAAz2A

Thread-topic: [PATCH v4 02/11] vpci: cancel pending map/unmap on vpci removal

On 16.11.21 16:12, Jan Beulich wrote: > On 16.11.2021 14:41, Oleksandr Andrushchenko wrote: >> >> On 16.11.21 10:23, Oleksandr Andrushchenko wrote: >>> On 16.11.21 10:01, Jan Beulich wrote: >>>> On 16.11.2021 08:32, Oleksandr Andrushchenko wrote: >>>>> On 15.11.21 18:56, Jan Beulich wrote: >>>>>> On 05.11.2021 07:56, Oleksandr Andrushchenko wrote: >>>>>>> From: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx> >>>>>>> >>>>>>> When a vPCI is removed for a PCI device it is possible that we have >>>>>>> scheduled a delayed work for map/unmap operations for that device. >>>>>>> For example, the following scenario can illustrate the problem: >>>>>>> >>>>>>> pci_physdev_op >>>>>>> pci_add_device >>>>>>> init_bars -> modify_bars -> defer_map -> >>>>>>> raise_softirq(SCHEDULE_SOFTIRQ) >>>>>>> iommu_add_device <- FAILS >>>>>>> vpci_remove_device -> xfree(pdev->vpci) >>>>>>> >>>>>>> leave_hypervisor_to_guest >>>>>>> vpci_process_pending: v->vpci.mem != NULL; v->vpci.pdev->vpci == >>>>>>> NULL >>>>>>> >>>>>>> For the hardware domain we continue execution as the worse that >>>>>>> could happen is that MMIO mappings are left in place when the >>>>>>> device has been deassigned >>>>>> Is continuing safe in this case? I.e. isn't there the risk of a NULL >>>>>> deref? >>>>> I think it is safe to continue >>>> And why do you think so? I.e. why is there no race for Dom0 when there >>>> is one for DomU? >>> Well, then we need to use a lock to synchronize the two. >>> I guess this needs to be pci devs lock unfortunately >> The parties involved in deferred work and its cancellation: >> >> MMIO trap -> vpci_write -> vpci_cmd_write -> modify_bars -> defer_map >> >> Arm: leave_hypervisor_to_guest -> check_for_vcpu_work -> vpci_process_pending >> >> x86: two places -> hvm_do_resume -> vpci_process_pending >> >> So, both defer_map and vpci_process_pending need to be synchronized with >> pcidevs_{lock|unlock). > If I was an Arm maintainer, I'm afraid I would object to the pcidevs lock > getting used in leave_hypervisor_to_guest. I do agree this is really not good, but it seems I am limited in choices. @Stefano, @Julien, do you see any better way of doing that? We were thinking about introducing a dedicated lock for vpci [1], but finally decided to use pcidevs_lock for now > Jan > [1] https://lore.kernel.org/all/afe47397-a792-6b0c-0a89-b47c523e50d9@xxxxxxxx/

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.