Xen project Mailing List

Re: [PATCH v4 02/11] vpci: cancel pending map/unmap on vpci removal

To: Jan Beulich <jbeulich@xxxxxxxx>, "roger.pau@xxxxxxxxxx" <roger.pau@xxxxxxxxxx>

From: Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>

Date: Thu, 18 Nov 2021 07:49:05 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nmp+qFIFD+EkQb+Qai1M7TC7Z9wkvbtKTE3EEwcSzrI=; b=iRBRclvgFeP7u5jYiCWlKLKhdMM6IVGps6/D0Ky374JiCx43DqEWR7C2XvgMiQUYp39/2RCjE2WvxEIS2LCpKCPnfMSZmMS1Pb8L/g1pOY/SNL207bDdr4423AU1LPXBhik1ydmDLZmvUNzR/obypZaDr3VYIms8kJD5vECIAs7mFc9XrgYbWSaQOeUnj8O4y6cENFKyZTNvM3tnRF6L+aMCZiv4SMR0SXC6tlI202nYAX/TXI1T2akQ7Y3xu6D6tM+YI68EY8FkzvKGQhXGFylnr97xP3VXvOJ9ZLk91EK8ucNhHFcI8Qd18fGraO68dNpF6zhbk/fEgpbBbUbNUw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S6xYWGp/g0FtOcMB6E95Icdv0WwsZM8DbP+KsaG0OqgeFkT83dPugwyyiw35UTKVBOZDFkbe77nREJz5I4fV899wwY0t4ugZGPxJ4uCFU9NvC9lI0R0Pf2uah3cec+bjBX/ci6XhPsryK97F7h9DBLA4mMhr4V+EkFWYEKgi0nspAgI1yn6sNiWfUboAsgut0q8Wf+N56LKWj/fI+VnlRxahS6ZndZO6eXxYBx/KcNInfsueQ6PgRJ1OdYdH5psbghVIDIA2xJvZ6icQZQrM3wkXsynjD5ZtkYjYCvYzsp/1ZbhoOrm8AEsDfZeAvo6XTjdEoyoD27YHaiHMXX4Pgg==

Cc: "julien@xxxxxxx" <julien@xxxxxxx>, "sstabellini@xxxxxxxxxx" <sstabellini@xxxxxxxxxx>, Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Artem Mygaiev <Artem_Mygaiev@xxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "george.dunlap@xxxxxxxxxx" <george.dunlap@xxxxxxxxxx>, "paul@xxxxxxx" <paul@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>

Delivery-date: Thu, 18 Nov 2021 07:49:29 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHX0hJIYALl/D9fL0OD6N0XGDJh2awHdhMAgAGHTYA=

Thread-topic: [PATCH v4 02/11] vpci: cancel pending map/unmap on vpci removal

On 17.11.21 10:28, Jan Beulich wrote: > On 05.11.2021 07:56, Oleksandr Andrushchenko wrote: >> From: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx> >> >> When a vPCI is removed for a PCI device it is possible that we have >> scheduled a delayed work for map/unmap operations for that device. >> For example, the following scenario can illustrate the problem: >> >> pci_physdev_op >> pci_add_device >> init_bars -> modify_bars -> defer_map -> >> raise_softirq(SCHEDULE_SOFTIRQ) >> iommu_add_device <- FAILS >> vpci_remove_device -> xfree(pdev->vpci) >> >> leave_hypervisor_to_guest >> vpci_process_pending: v->vpci.mem != NULL; v->vpci.pdev->vpci == NULL >> >> For the hardware domain we continue execution as the worse that >> could happen is that MMIO mappings are left in place when the >> device has been deassigned >> >> For unprivileged domains that get a failure in the middle of a vPCI >> {un}map operation we need to destroy them, as we don't know in which >> state the p2m is. This can only happen in vpci_process_pending for >> DomUs as they won't be allowed to call pci_add_device. >> >> Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx> > Thinking about it some more, I'm not convinced any of this is really > needed in the presented form. The intention of this patch was to handle error conditions which are abnormal, e.g. when iommu_add_device fails and we are in the middle of initialization. So, I am trying to cancel all pending work which might already be there and not to crash. > Removal of a vPCI device is the analogue > of hot-unplug on baremetal. That's not a "behind the backs of > everything" operation. Instead the host admin has to prepare the > device for removal, which will result in it being quiescent (which in > particular means no BAR adjustments anymore). The act of removing the > device from the system has as its virtual counterpart "xl pci-detach". > I think it ought to be in this context when pending requests get > drained, and an indicator be set that no further changes to that > device are permitted. This would mean invoking from > vpci_deassign_device() as added by patch 4, not from > vpci_remove_device(). This would yield removal of a device from the > host being independent of removal of a device from a guest. > > The need for vpci_remove_device() seems questionable in the first > place: Even for hot-unplug on the host it may be better to require a > pci-detach from (PVH) Dom0 before the actual device removal. This > would involve an adjustment to the de-assignment logic for the case > of no quarantining: We'd need to make sure explicit de-assignment > from Dom0 actually removes the device from there; right now > de-assignment assumes "from DomU" and "to Dom0 or DomIO" (depending > on quarantining mode). Please see above. What you wrote might be perfectly fine for the "expected" removals, but what about the errors which are out of administrator's control? > > Thoughts? > > Jan > Thank you, Oleksandr

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.