[1/3] xen: drop in_atomic()
diff mbox series

Message ID 20190522094549.28397-2-jgross@suse.com
State New, archived
Headers show
Series
  • tune preempt_[dis|en]able()
Related show

Commit Message

Jürgen Groß May 22, 2019, 9:45 a.m. UTC
Currently there is only one user of in_atomic(), and that is in an
#ifdef 0 section. This has been so since Xen 4.1, so chances are
rather slim we suddenly want to enable it again.

Dropping in_atomic() will remove the last user of preempt_count()
in non-debug builds enabling further optimizations.

Signed-off-by: Juergen Gross <jgross@suse.com>
---
 xen/arch/x86/hvm/hvm.c    | 16 ----------------
 xen/common/preempt.c      |  5 -----
 xen/include/xen/preempt.h |  2 --
 3 files changed, 23 deletions(-)

Comments

Andrew Cooper May 22, 2019, 9:58 a.m. UTC | #1
On 22/05/2019 10:45, Juergen Gross wrote:
> Currently there is only one user of in_atomic(), and that is in an
> #ifdef 0 section. This has been so since Xen 4.1, so chances are
> rather slim we suddenly want to enable it again.
>
> Dropping in_atomic() will remove the last user of preempt_count()
> in non-debug builds enabling further optimizations.
>
> Signed-off-by: Juergen Gross <jgross@suse.com>

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

This code has never been used and is obviously not doing anything useful.
Jan Beulich May 22, 2019, 10:10 a.m. UTC | #2
>>> On 22.05.19 at 11:45, <jgross@suse.com> wrote:
> --- a/xen/arch/x86/hvm/hvm.c
> +++ b/xen/arch/x86/hvm/hvm.c
> @@ -3185,22 +3185,6 @@ static enum hvm_translation_result __hvm_copy(
>  
>      ASSERT(is_hvm_vcpu(v));
>  
> -    /*
> -     * XXX Disable for 4.1.0: PV-on-HVM drivers will do grant-table ops
> -     * such as query_size. Grant-table code currently does copy_to/from_guest
> -     * accesses under the big per-domain lock, which this test would disallow.
> -     * The test is not needed until we implement sleeping-on-waitqueue when
> -     * we access a paged-out frame, and that's post 4.1.0 now.
> -     */
> -#if 0
> -    /*
> -     * If the required guest memory is paged out, this function may sleep.
> -     * Hence we bail immediately if called from atomic context.
> -     */
> -    if ( in_atomic() )
> -        return HVMTRANS_unhandleable;
> -#endif

Dealing with this TODO item is of course much appreciated, but
should it really be deleted altogether? The big-domain-lock issue
is gone afair, in which case dropping the #if 0 would seem
possible to me, even if it's not strictly needed without the sleep-
on-waitqueue behavior mentioned.

Jan
Jürgen Groß May 22, 2019, 10:19 a.m. UTC | #3
On 22/05/2019 12:10, Jan Beulich wrote:
>>>> On 22.05.19 at 11:45, <jgross@suse.com> wrote:
>> --- a/xen/arch/x86/hvm/hvm.c
>> +++ b/xen/arch/x86/hvm/hvm.c
>> @@ -3185,22 +3185,6 @@ static enum hvm_translation_result __hvm_copy(
>>  
>>      ASSERT(is_hvm_vcpu(v));
>>  
>> -    /*
>> -     * XXX Disable for 4.1.0: PV-on-HVM drivers will do grant-table ops
>> -     * such as query_size. Grant-table code currently does copy_to/from_guest
>> -     * accesses under the big per-domain lock, which this test would disallow.
>> -     * The test is not needed until we implement sleeping-on-waitqueue when
>> -     * we access a paged-out frame, and that's post 4.1.0 now.
>> -     */
>> -#if 0
>> -    /*
>> -     * If the required guest memory is paged out, this function may sleep.
>> -     * Hence we bail immediately if called from atomic context.
>> -     */
>> -    if ( in_atomic() )
>> -        return HVMTRANS_unhandleable;
>> -#endif
> 
> Dealing with this TODO item is of course much appreciated, but
> should it really be deleted altogether? The big-domain-lock issue
> is gone afair, in which case dropping the #if 0 would seem
> possible to me, even if it's not strictly needed without the sleep-
> on-waitqueue behavior mentioned.

Question is whether it is worth to keep it resulting in the need to
keep preempt_count() as well.


Juergen
Jan Beulich May 22, 2019, 12:34 p.m. UTC | #4
>>> On 22.05.19 at 12:19, <jgross@suse.com> wrote:
> On 22/05/2019 12:10, Jan Beulich wrote:
>>>>> On 22.05.19 at 11:45, <jgross@suse.com> wrote:
>>> --- a/xen/arch/x86/hvm/hvm.c
>>> +++ b/xen/arch/x86/hvm/hvm.c
>>> @@ -3185,22 +3185,6 @@ static enum hvm_translation_result __hvm_copy(
>>>  
>>>      ASSERT(is_hvm_vcpu(v));
>>>  
>>> -    /*
>>> -     * XXX Disable for 4.1.0: PV-on-HVM drivers will do grant-table ops
>>> -     * such as query_size. Grant-table code currently does 
> copy_to/from_guest
>>> -     * accesses under the big per-domain lock, which this test would 
> disallow.
>>> -     * The test is not needed until we implement sleeping-on-waitqueue when
>>> -     * we access a paged-out frame, and that's post 4.1.0 now.
>>> -     */
>>> -#if 0
>>> -    /*
>>> -     * If the required guest memory is paged out, this function may sleep.
>>> -     * Hence we bail immediately if called from atomic context.
>>> -     */
>>> -    if ( in_atomic() )
>>> -        return HVMTRANS_unhandleable;
>>> -#endif
>> 
>> Dealing with this TODO item is of course much appreciated, but
>> should it really be deleted altogether? The big-domain-lock issue
>> is gone afair, in which case dropping the #if 0 would seem
>> possible to me, even if it's not strictly needed without the sleep-
>> on-waitqueue behavior mentioned.
> 
> Question is whether it is worth to keep it resulting in the need to
> keep preempt_count() as well.

Well, personally I think keeping it is a small price to pay. But seeing
Andrew's R-b he clearly thinks different. And just to be clear - I
don't really want to veto this change, as at the same time it's also
easy enough to put back if need be. But I'd like this to be give a
2nd consideration at least.

Jan
Jürgen Groß May 22, 2019, 1:01 p.m. UTC | #5
On 22/05/2019 14:34, Jan Beulich wrote:
>>>> On 22.05.19 at 12:19, <jgross@suse.com> wrote:
>> On 22/05/2019 12:10, Jan Beulich wrote:
>>>>>> On 22.05.19 at 11:45, <jgross@suse.com> wrote:
>>>> --- a/xen/arch/x86/hvm/hvm.c
>>>> +++ b/xen/arch/x86/hvm/hvm.c
>>>> @@ -3185,22 +3185,6 @@ static enum hvm_translation_result __hvm_copy(
>>>>  
>>>>      ASSERT(is_hvm_vcpu(v));
>>>>  
>>>> -    /*
>>>> -     * XXX Disable for 4.1.0: PV-on-HVM drivers will do grant-table ops
>>>> -     * such as query_size. Grant-table code currently does 
>> copy_to/from_guest
>>>> -     * accesses under the big per-domain lock, which this test would 
>> disallow.
>>>> -     * The test is not needed until we implement sleeping-on-waitqueue when
>>>> -     * we access a paged-out frame, and that's post 4.1.0 now.
>>>> -     */
>>>> -#if 0
>>>> -    /*
>>>> -     * If the required guest memory is paged out, this function may sleep.
>>>> -     * Hence we bail immediately if called from atomic context.
>>>> -     */
>>>> -    if ( in_atomic() )
>>>> -        return HVMTRANS_unhandleable;
>>>> -#endif
>>>
>>> Dealing with this TODO item is of course much appreciated, but
>>> should it really be deleted altogether? The big-domain-lock issue
>>> is gone afair, in which case dropping the #if 0 would seem
>>> possible to me, even if it's not strictly needed without the sleep-
>>> on-waitqueue behavior mentioned.
>>
>> Question is whether it is worth to keep it resulting in the need to
>> keep preempt_count() as well.
> 
> Well, personally I think keeping it is a small price to pay. But seeing
> Andrew's R-b he clearly thinks different. And just to be clear - I
> don't really want to veto this change, as at the same time it's also
> easy enough to put back if need be. But I'd like this to be give a
> 2nd consideration at least.

Completely understandable.

I just stumbled over that when I needed to introduce rcu_read_lock()
usage in some hot paths for my core scheduling series and I wanted to
understand the performance implications for adding those calls.


Juergen
Jürgen Groß May 24, 2019, 5:41 a.m. UTC | #6
On 22/05/2019 12:10, Jan Beulich wrote:
>>>> On 22.05.19 at 11:45, <jgross@suse.com> wrote:
>> --- a/xen/arch/x86/hvm/hvm.c
>> +++ b/xen/arch/x86/hvm/hvm.c
>> @@ -3185,22 +3185,6 @@ static enum hvm_translation_result __hvm_copy(
>>  
>>      ASSERT(is_hvm_vcpu(v));
>>  
>> -    /*
>> -     * XXX Disable for 4.1.0: PV-on-HVM drivers will do grant-table ops
>> -     * such as query_size. Grant-table code currently does copy_to/from_guest
>> -     * accesses under the big per-domain lock, which this test would disallow.
>> -     * The test is not needed until we implement sleeping-on-waitqueue when
>> -     * we access a paged-out frame, and that's post 4.1.0 now.
>> -     */
>> -#if 0
>> -    /*
>> -     * If the required guest memory is paged out, this function may sleep.
>> -     * Hence we bail immediately if called from atomic context.
>> -     */
>> -    if ( in_atomic() )
>> -        return HVMTRANS_unhandleable;
>> -#endif
> 
> Dealing with this TODO item is of course much appreciated, but
> should it really be deleted altogether? The big-domain-lock issue
> is gone afair, in which case dropping the #if 0 would seem
> possible to me, even if it's not strictly needed without the sleep-
> on-waitqueue behavior mentioned.

I just had a look and found the following path:

do_domctl() (takes domctl_lock and hypercall_deadlock_mutex)
  arch_do_domctl()
    raw_copy_from_guest()
      copy_from_user_hvm()
        hvm_copy_from_guest_linear()
          __hvm_copy()

So no, we can't do the in_atomic() test IMO.


Juergen
Jan Beulich May 24, 2019, 6:38 a.m. UTC | #7
>>> On 24.05.19 at 07:41, <jgross@suse.com> wrote:
> On 22/05/2019 12:10, Jan Beulich wrote:
>>>>> On 22.05.19 at 11:45, <jgross@suse.com> wrote:
>>> --- a/xen/arch/x86/hvm/hvm.c
>>> +++ b/xen/arch/x86/hvm/hvm.c
>>> @@ -3185,22 +3185,6 @@ static enum hvm_translation_result __hvm_copy(
>>>  
>>>      ASSERT(is_hvm_vcpu(v));
>>>  
>>> -    /*
>>> -     * XXX Disable for 4.1.0: PV-on-HVM drivers will do grant-table ops
>>> -     * such as query_size. Grant-table code currently does copy_to/from_guest
>>> -     * accesses under the big per-domain lock, which this test would disallow.
>>> -     * The test is not needed until we implement sleeping-on-waitqueue when
>>> -     * we access a paged-out frame, and that's post 4.1.0 now.
>>> -     */
>>> -#if 0
>>> -    /*
>>> -     * If the required guest memory is paged out, this function may sleep.
>>> -     * Hence we bail immediately if called from atomic context.
>>> -     */
>>> -    if ( in_atomic() )
>>> -        return HVMTRANS_unhandleable;
>>> -#endif
>> 
>> Dealing with this TODO item is of course much appreciated, but
>> should it really be deleted altogether? The big-domain-lock issue
>> is gone afair, in which case dropping the #if 0 would seem
>> possible to me, even if it's not strictly needed without the sleep-
>> on-waitqueue behavior mentioned.
> 
> I just had a look and found the following path:
> 
> do_domctl() (takes domctl_lock and hypercall_deadlock_mutex)
>   arch_do_domctl()
>     raw_copy_from_guest()
>       copy_from_user_hvm()
>         hvm_copy_from_guest_linear()
>           __hvm_copy()
> 
> So no, we can't do the in_atomic() test IMO.

Oh, right - that's a PVH constraint that could probably not even
be thought of that the time the comment was written. I'm still
of the opinion though that at least the still applicable part of
the comment should be kept in place. Whether this means also
keeping in_atomic() itself is then an independent question, i.e.
I wouldn't consider it overly bad if there was no implementation
in the tree, but the above still served as documentation of what
would need to be re-added. Still my preference would be for it
to be kept.

Jan
Jürgen Groß May 24, 2019, 8:34 a.m. UTC | #8
On 24/05/2019 08:38, Jan Beulich wrote:
>>>> On 24.05.19 at 07:41, <jgross@suse.com> wrote:
>> On 22/05/2019 12:10, Jan Beulich wrote:
>>>>>> On 22.05.19 at 11:45, <jgross@suse.com> wrote:
>>>> --- a/xen/arch/x86/hvm/hvm.c
>>>> +++ b/xen/arch/x86/hvm/hvm.c
>>>> @@ -3185,22 +3185,6 @@ static enum hvm_translation_result __hvm_copy(
>>>>  
>>>>      ASSERT(is_hvm_vcpu(v));
>>>>  
>>>> -    /*
>>>> -     * XXX Disable for 4.1.0: PV-on-HVM drivers will do grant-table ops
>>>> -     * such as query_size. Grant-table code currently does copy_to/from_guest
>>>> -     * accesses under the big per-domain lock, which this test would disallow.
>>>> -     * The test is not needed until we implement sleeping-on-waitqueue when
>>>> -     * we access a paged-out frame, and that's post 4.1.0 now.
>>>> -     */
>>>> -#if 0
>>>> -    /*
>>>> -     * If the required guest memory is paged out, this function may sleep.
>>>> -     * Hence we bail immediately if called from atomic context.
>>>> -     */
>>>> -    if ( in_atomic() )
>>>> -        return HVMTRANS_unhandleable;
>>>> -#endif
>>>
>>> Dealing with this TODO item is of course much appreciated, but
>>> should it really be deleted altogether? The big-domain-lock issue
>>> is gone afair, in which case dropping the #if 0 would seem
>>> possible to me, even if it's not strictly needed without the sleep-
>>> on-waitqueue behavior mentioned.
>>
>> I just had a look and found the following path:
>>
>> do_domctl() (takes domctl_lock and hypercall_deadlock_mutex)
>>   arch_do_domctl()
>>     raw_copy_from_guest()
>>       copy_from_user_hvm()
>>         hvm_copy_from_guest_linear()
>>           __hvm_copy()
>>
>> So no, we can't do the in_atomic() test IMO.
> 
> Oh, right - that's a PVH constraint that could probably not even
> be thought of that the time the comment was written. I'm still
> of the opinion though that at least the still applicable part of
> the comment should be kept in place. Whether this means also
> keeping in_atomic() itself is then an independent question, i.e.
> I wouldn't consider it overly bad if there was no implementation
> in the tree, but the above still served as documentation of what
> would need to be re-added. Still my preference would be for it
> to be kept.

Would you be okay with replacing the removed stuff above with:

/*
 * If the required guest memory is paged out this function may sleep.
 * So in theory we should bail out if called in atomic context.
 * Unfortunately this is true for PVH dom0 doing domctl calls which
 * holds the domctl lock when accessing dom0 memory. OTOH dom0 memory
 * should never be paged out, so we are fine without testing for
 * atomic context.
 */


Juergen
Jan Beulich May 24, 2019, 8:39 a.m. UTC | #9
>>> On 24.05.19 at 10:34, <jgross@suse.com> wrote:
> On 24/05/2019 08:38, Jan Beulich wrote:
>>>>> On 24.05.19 at 07:41, <jgross@suse.com> wrote:
>>> On 22/05/2019 12:10, Jan Beulich wrote:
>>>>>>> On 22.05.19 at 11:45, <jgross@suse.com> wrote:
>>>>> --- a/xen/arch/x86/hvm/hvm.c
>>>>> +++ b/xen/arch/x86/hvm/hvm.c
>>>>> @@ -3185,22 +3185,6 @@ static enum hvm_translation_result __hvm_copy(
>>>>>  
>>>>>      ASSERT(is_hvm_vcpu(v));
>>>>>  
>>>>> -    /*
>>>>> -     * XXX Disable for 4.1.0: PV-on-HVM drivers will do grant-table ops
>>>>> -     * such as query_size. Grant-table code currently does copy_to/from_guest
>>>>> -     * accesses under the big per-domain lock, which this test would disallow.
>>>>> -     * The test is not needed until we implement sleeping-on-waitqueue when
>>>>> -     * we access a paged-out frame, and that's post 4.1.0 now.
>>>>> -     */
>>>>> -#if 0
>>>>> -    /*
>>>>> -     * If the required guest memory is paged out, this function may sleep.
>>>>> -     * Hence we bail immediately if called from atomic context.
>>>>> -     */
>>>>> -    if ( in_atomic() )
>>>>> -        return HVMTRANS_unhandleable;
>>>>> -#endif
>>>>
>>>> Dealing with this TODO item is of course much appreciated, but
>>>> should it really be deleted altogether? The big-domain-lock issue
>>>> is gone afair, in which case dropping the #if 0 would seem
>>>> possible to me, even if it's not strictly needed without the sleep-
>>>> on-waitqueue behavior mentioned.
>>>
>>> I just had a look and found the following path:
>>>
>>> do_domctl() (takes domctl_lock and hypercall_deadlock_mutex)
>>>   arch_do_domctl()
>>>     raw_copy_from_guest()
>>>       copy_from_user_hvm()
>>>         hvm_copy_from_guest_linear()
>>>           __hvm_copy()
>>>
>>> So no, we can't do the in_atomic() test IMO.
>> 
>> Oh, right - that's a PVH constraint that could probably not even
>> be thought of that the time the comment was written. I'm still
>> of the opinion though that at least the still applicable part of
>> the comment should be kept in place. Whether this means also
>> keeping in_atomic() itself is then an independent question, i.e.
>> I wouldn't consider it overly bad if there was no implementation
>> in the tree, but the above still served as documentation of what
>> would need to be re-added. Still my preference would be for it
>> to be kept.
> 
> Would you be okay with replacing the removed stuff above with:
> 
> /*
>  * If the required guest memory is paged out this function may sleep.
>  * So in theory we should bail out if called in atomic context.
>  * Unfortunately this is true for PVH dom0 doing domctl calls which

... this is true at least for ...

>  * holds the domctl lock when accessing dom0 memory. OTOH dom0 memory
>  * should never be paged out, so we are fine without testing for
>  * atomic context.
>  */

Not sure about this Dom0-specific remark: Are we certain there are
no other paths, similar to the gnttab one having been mentioned till
now?

Jan
Andrew Cooper May 24, 2019, 12:30 p.m. UTC | #10
On 24/05/2019 09:39, Jan Beulich wrote:
>>>> On 24.05.19 at 10:34, <jgross@suse.com> wrote:
>> On 24/05/2019 08:38, Jan Beulich wrote:
>>>>>> On 24.05.19 at 07:41, <jgross@suse.com> wrote:
>>>> On 22/05/2019 12:10, Jan Beulich wrote:
>>>>>>>> On 22.05.19 at 11:45, <jgross@suse.com> wrote:
>>>>>> --- a/xen/arch/x86/hvm/hvm.c
>>>>>> +++ b/xen/arch/x86/hvm/hvm.c
>>>>>> @@ -3185,22 +3185,6 @@ static enum hvm_translation_result __hvm_copy(
>>>>>>  
>>>>>>      ASSERT(is_hvm_vcpu(v));
>>>>>>  
>>>>>> -    /*
>>>>>> -     * XXX Disable for 4.1.0: PV-on-HVM drivers will do grant-table ops
>>>>>> -     * such as query_size. Grant-table code currently does copy_to/from_guest
>>>>>> -     * accesses under the big per-domain lock, which this test would disallow.
>>>>>> -     * The test is not needed until we implement sleeping-on-waitqueue when
>>>>>> -     * we access a paged-out frame, and that's post 4.1.0 now.
>>>>>> -     */
>>>>>> -#if 0
>>>>>> -    /*
>>>>>> -     * If the required guest memory is paged out, this function may sleep.
>>>>>> -     * Hence we bail immediately if called from atomic context.
>>>>>> -     */
>>>>>> -    if ( in_atomic() )
>>>>>> -        return HVMTRANS_unhandleable;
>>>>>> -#endif
>>>>> Dealing with this TODO item is of course much appreciated, but
>>>>> should it really be deleted altogether? The big-domain-lock issue
>>>>> is gone afair, in which case dropping the #if 0 would seem
>>>>> possible to me, even if it's not strictly needed without the sleep-
>>>>> on-waitqueue behavior mentioned.
>>>> I just had a look and found the following path:
>>>>
>>>> do_domctl() (takes domctl_lock and hypercall_deadlock_mutex)
>>>>   arch_do_domctl()
>>>>     raw_copy_from_guest()
>>>>       copy_from_user_hvm()
>>>>         hvm_copy_from_guest_linear()
>>>>           __hvm_copy()
>>>>
>>>> So no, we can't do the in_atomic() test IMO.
>>> Oh, right - that's a PVH constraint that could probably not even
>>> be thought of that the time the comment was written. I'm still
>>> of the opinion though that at least the still applicable part of
>>> the comment should be kept in place. Whether this means also
>>> keeping in_atomic() itself is then an independent question, i.e.
>>> I wouldn't consider it overly bad if there was no implementation
>>> in the tree, but the above still served as documentation of what
>>> would need to be re-added. Still my preference would be for it
>>> to be kept.
>> Would you be okay with replacing the removed stuff above with:
>>
>> /*
>>  * If the required guest memory is paged out this function may sleep.
>>  * So in theory we should bail out if called in atomic context.
>>  * Unfortunately this is true for PVH dom0 doing domctl calls which
> ... this is true at least for ...
>
>>  * holds the domctl lock when accessing dom0 memory. OTOH dom0 memory
>>  * should never be paged out, so we are fine without testing for
>>  * atomic context.
>>  */
> Not sure about this Dom0-specific remark: Are we certain there are
> no other paths, similar to the gnttab one having been mentioned till
> now?

Why is __hvm_copy() so special?  It is just one of many places which can
end up touching guest memory.

A comment here isn't going to help anyone who might find themselves with
problems.

Given that the test has never been used, and no issues have been raised,
and this path isn't AFAICT special, I don't see why it should be
special-cased.

~Andrew
Jan Beulich May 24, 2019, 12:35 p.m. UTC | #11
>>> On 24.05.19 at 14:30, <andrew.cooper3@citrix.com> wrote:
> On 24/05/2019 09:39, Jan Beulich wrote:
>>>>> On 24.05.19 at 10:34, <jgross@suse.com> wrote:
>>> On 24/05/2019 08:38, Jan Beulich wrote:
>>>>>>> On 24.05.19 at 07:41, <jgross@suse.com> wrote:
>>>>> On 22/05/2019 12:10, Jan Beulich wrote:
>>>>>>>>> On 22.05.19 at 11:45, <jgross@suse.com> wrote:
>>>>>>> --- a/xen/arch/x86/hvm/hvm.c
>>>>>>> +++ b/xen/arch/x86/hvm/hvm.c
>>>>>>> @@ -3185,22 +3185,6 @@ static enum hvm_translation_result __hvm_copy(
>>>>>>>  
>>>>>>>      ASSERT(is_hvm_vcpu(v));
>>>>>>>  
>>>>>>> -    /*
>>>>>>> -     * XXX Disable for 4.1.0: PV-on-HVM drivers will do grant-table ops
>>>>>>> -     * such as query_size. Grant-table code currently does 
> copy_to/from_guest
>>>>>>> -     * accesses under the big per-domain lock, which this test would 
> disallow.
>>>>>>> -     * The test is not needed until we implement sleeping-on-waitqueue when
>>>>>>> -     * we access a paged-out frame, and that's post 4.1.0 now.
>>>>>>> -     */
>>>>>>> -#if 0
>>>>>>> -    /*
>>>>>>> -     * If the required guest memory is paged out, this function may sleep.
>>>>>>> -     * Hence we bail immediately if called from atomic context.
>>>>>>> -     */
>>>>>>> -    if ( in_atomic() )
>>>>>>> -        return HVMTRANS_unhandleable;
>>>>>>> -#endif
>>>>>> Dealing with this TODO item is of course much appreciated, but
>>>>>> should it really be deleted altogether? The big-domain-lock issue
>>>>>> is gone afair, in which case dropping the #if 0 would seem
>>>>>> possible to me, even if it's not strictly needed without the sleep-
>>>>>> on-waitqueue behavior mentioned.
>>>>> I just had a look and found the following path:
>>>>>
>>>>> do_domctl() (takes domctl_lock and hypercall_deadlock_mutex)
>>>>>   arch_do_domctl()
>>>>>     raw_copy_from_guest()
>>>>>       copy_from_user_hvm()
>>>>>         hvm_copy_from_guest_linear()
>>>>>           __hvm_copy()
>>>>>
>>>>> So no, we can't do the in_atomic() test IMO.
>>>> Oh, right - that's a PVH constraint that could probably not even
>>>> be thought of that the time the comment was written. I'm still
>>>> of the opinion though that at least the still applicable part of
>>>> the comment should be kept in place. Whether this means also
>>>> keeping in_atomic() itself is then an independent question, i.e.
>>>> I wouldn't consider it overly bad if there was no implementation
>>>> in the tree, but the above still served as documentation of what
>>>> would need to be re-added. Still my preference would be for it
>>>> to be kept.
>>> Would you be okay with replacing the removed stuff above with:
>>>
>>> /*
>>>  * If the required guest memory is paged out this function may sleep.
>>>  * So in theory we should bail out if called in atomic context.
>>>  * Unfortunately this is true for PVH dom0 doing domctl calls which
>> ... this is true at least for ...
>>
>>>  * holds the domctl lock when accessing dom0 memory. OTOH dom0 memory
>>>  * should never be paged out, so we are fine without testing for
>>>  * atomic context.
>>>  */
>> Not sure about this Dom0-specific remark: Are we certain there are
>> no other paths, similar to the gnttab one having been mentioned till
>> now?
> 
> Why is __hvm_copy() so special?  It is just one of many places which can
> end up touching guest memory.

Are you sure? I think everything that can touch guest (HVM) memory
actually ends up calling into this function.

Jan

Patch
diff mbox series

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 8993c2aa57..7b36765b97 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3185,22 +3185,6 @@  static enum hvm_translation_result __hvm_copy(
 
     ASSERT(is_hvm_vcpu(v));
 
-    /*
-     * XXX Disable for 4.1.0: PV-on-HVM drivers will do grant-table ops
-     * such as query_size. Grant-table code currently does copy_to/from_guest
-     * accesses under the big per-domain lock, which this test would disallow.
-     * The test is not needed until we implement sleeping-on-waitqueue when
-     * we access a paged-out frame, and that's post 4.1.0 now.
-     */
-#if 0
-    /*
-     * If the required guest memory is paged out, this function may sleep.
-     * Hence we bail immediately if called from atomic context.
-     */
-    if ( in_atomic() )
-        return HVMTRANS_unhandleable;
-#endif
-
     while ( todo > 0 )
     {
         enum hvm_translation_result res;
diff --git a/xen/common/preempt.c b/xen/common/preempt.c
index 3b4178fd44..20913e20d3 100644
--- a/xen/common/preempt.c
+++ b/xen/common/preempt.c
@@ -25,11 +25,6 @@ 
 
 DEFINE_PER_CPU(unsigned int, __preempt_count);
 
-bool_t in_atomic(void)
-{
-    return preempt_count() || in_irq() || !local_irq_is_enabled();
-}
-
 #ifndef NDEBUG
 void ASSERT_NOT_IN_ATOMIC(void)
 {
diff --git a/xen/include/xen/preempt.h b/xen/include/xen/preempt.h
index bef83135a1..f715ca09bc 100644
--- a/xen/include/xen/preempt.h
+++ b/xen/include/xen/preempt.h
@@ -26,8 +26,6 @@  DECLARE_PER_CPU(unsigned int, __preempt_count);
     preempt_count()--;                          \
 } while (0)
 
-bool_t in_atomic(void);
-
 #ifndef NDEBUG
 void ASSERT_NOT_IN_ATOMIC(void);
 #else