Xen project Mailing List

Re: [PATCH v6 05/13] vpci: add hooks for PCI device assign/de-assign

From: Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>

Date: Tue, 8 Feb 2022 10:22:45 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pJUyAo0jW1J0+ga7HlrzqC5OcvxEppGSq93D+3FRDqQ=; b=a6MPm1gu/DPV1/HJsOiLUg6edjBvdEE4QsgeMpyVCM2rC+OBbkD8TuZuq206f93Wu0OHUgsyYIhncXeq9rOvEJYr8BynWQFn4U+bci+q9PjLcdZv1dzF+9/rIYUaOWaj3QnMO7kfCgEPdqMQ4Sw8OLxtWZJqOkR4EYw+oaEbjyj1G7mFp14mPqy9JtLm20TnJZvlDofYHtXYJMjRIfnwgpcQb8ZCJAYDG1bJ+FwmL9U5F4x8KfW1UFIkV8aAyv/i/bWduVEpDVtez29nQ2Wg/PEaFntvL3KJ2fo2QtwCPzv7t94pdw7gwKfBOg5SCdIJrUatCVelC7Nur3wbICUpWg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FaY6jq5GO9igg0SYniZ6O3K8MEMaz9O656QFbLc0//jNz7wkSkO7Gi7kVzDRMBURx+QE6lXyLvE9QPFdcmgpxqYFhRiBswR4Orc/TrN66nO2ybXmErjFKWpZ6dBDI1TFHtexAzO//4P11ah8SGdCeZAz4kUBk4dLgezc3mvjttlbZXMVyjvyhK+ZYlRRap4urJaA5PiFbSYeJfg16pePfQEmhGT0ju7e25bUrdHz2Ozr2ZizLIVAyztRTRDuH1kCDNGXZCmLXWUI8jpNfkNt2TS43iiv1g5VI/cy5us4Oz2l+uzNTkVNob6hZsplHSxgPcRcs21M2NOtVcAnwSqfZA==

Cc: "julien@xxxxxxx" <julien@xxxxxxx>, "sstabellini@xxxxxxxxxx" <sstabellini@xxxxxxxxxx>, Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Artem Mygaiev <Artem_Mygaiev@xxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "george.dunlap@xxxxxxxxxx" <george.dunlap@xxxxxxxxxx>, "paul@xxxxxxx" <paul@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "roger.pau@xxxxxxxxxx" <roger.pau@xxxxxxxxxx>, Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>

Delivery-date: Tue, 08 Feb 2022 10:22:57 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHYGZFdYv4W1RdbQkeQtzN+PyKqmqyITGQAgAENNICAAAt2AIAAA+uAgAAEsACAAAMyAIAABAgAgAADmAA=

Thread-topic: [PATCH v6 05/13] vpci: add hooks for PCI device assign/de-assign

On 08.02.22 12:09, Jan Beulich wrote: > On 08.02.2022 10:55, Oleksandr Andrushchenko wrote: >> >> On 08.02.22 11:44, Jan Beulich wrote: >>> On 08.02.2022 10:27, Oleksandr Andrushchenko wrote: >>>> On 08.02.22 11:13, Jan Beulich wrote: >>>>> On 08.02.2022 09:32, Oleksandr Andrushchenko wrote: >>>>>> On 07.02.22 18:28, Jan Beulich wrote: >>>>>>> On 04.02.2022 07:34, Oleksandr Andrushchenko wrote: >>>>>>>> @@ -1507,6 +1511,8 @@ static int assign_device(struct domain *d, u16 >>>>>>>> seg, u8 bus, u8 devfn, u32 flag) >>>>>>>> pci_to_dev(pdev), flag); >>>>>>>> } >>>>>>>> >>>>>>>> + rc = vpci_assign_device(d, pdev); >>>>>>>> + >>>>>>>> done: >>>>>>>> if ( rc ) >>>>>>>> printk(XENLOG_G_WARNING "%pd: assign (%pp) failed (%d)\n", >>>>>>> There's no attempt to undo anything in the case of getting back an >>>>>>> error. ISTR this being deemed okay on the basis that the tool stack >>>>>>> would then take whatever action, but whatever it is that is supposed >>>>>>> to deal with errors here wants spelling out in the description. >>>>>> Why? I don't change the previously expected decision and implementation >>>>>> of the assign_device function: I use error paths as they were used before >>>>>> for the existing code. So, I see no clear reason to stress that the >>>>>> existing >>>>>> and new code relies on the toolstack >>>>> Saying half a sentence on this is helping review. >>>> Ok >>>>>>> What's important is that no caller up the call tree may be left with >>>>>>> the impression that the device is still owned by the original >>>>>>> domain. With how you have it, the device is going to be owned by the >>>>>>> new domain, but not really usable. >>>>>> This is not true: vpci_assign_device will call vpci_deassign_device >>>>>> internally if it fails. So, the device won't be assigned in this case >>>>> No. The device is assigned to whatever pdev->domain holds. Calling >>>>> vpci_deassign_device() there merely makes sure that the device will >>>>> have _no_ vPCI data and hooks in place, rather than something >>>>> partial. >>>> So, this patch is only dealing with vpci assign/de-assign >>>> And it rolls back what it did in case of a failure >>>> It also returns rc in assign_device to signal it has failed >>>> What else is expected from this patch?? >>> Until now if assign_device() returns an error, this tells the caller >>> that the device did not change ownership; >> Not sure this is the case: >> if ( (rc = iommu_call(hd->platform_ops, assign_device, d, devfn, >> pci_to_dev(pdev), flag)) ) >> iommu_call can leave the new ownership even now without >> vpci_assign_device. > Did you check the actual hook functions for when exactly the ownership > change happens. For both VT-d and AMD it is the last thing they do, > when no error can occur anymore. This functionality does not exist for Arm yet, so this is up to the future series to add that. WRT to the existing code: static int amd_iommu_assign_device(struct domain *d, u8 devfn, struct pci_dev *pdev, u32 flag) { if ( !rc ) rc = reassign_device(pdev->domain, d, devfn, pdev); <<<<< this will set pdev->domain if ( rc && !is_hardware_domain(d) ) { int ret = amd_iommu_reserve_domain_unity_unmap( d, ivrs_mappings[req_id].unity_map); if ( ret ) { printk(XENLOG_ERR "AMD-Vi: " "unity-unmap for %pd/%04x:%02x:%02x.%u failed (%d)\n", d, pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), ret); domain_crash(d); } So.... This is IMO wrong in the first place to let IOMMU code assign pdev->domain. This is something that needs to be done by the PCI code itself and not relying on each IOMMU callback implementation > > My understanding is that the roll-back is >> expected to be performed by the toolstack and vpci_assign_device >> doesn't prevent that by returning rc. Even more, before we discussed >> that it would be good for vpci_assign_device to try recovering from >> a possible error early which is done by calling vpci_deassign_device >> internally. > Yes, but that's only part of it. It at least needs considering what > effects have resulted from operations prior to vpci_assign_device(). Taking into account the code snippet above: what is your expectation from this patch with this respect? > > Jan > Thank you, Oleksandr

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.