| Message ID | 1477622259-3476-3-git-send-email-feng.wu@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
>>> On 28.10.16 at 04:37, <feng.wu@intel.com> wrote: > @@ -215,11 +220,21 @@ void vmx_pi_hooks_assign(struct domain *d) > /* This function is called when pcidevs_lock is held */ > void vmx_pi_hooks_deassign(struct domain *d) > { > + struct vcpu *v; > + > if ( !iommu_intpost || !has_hvm_container_domain(d) ) > return; > > ASSERT(d->arch.hvm_domain.vmx.vcpu_block); > > + /* > + * Pausing the domain can make sure the vCPU is not > + * running and hence not calling the hooks simultaneously > + * when deassigning the PI hooks and removing the vCPU > + * from the blocking list. > + */ > + domain_pause(d); There's one additional caveat here which no-one of us so far thought of: Currently there's nothing preventing the domctl-s under which this sits from being issued by the control domain for itself. Various other domctl-s, however, guard against this case when intending to pause the target domain. The same needs to be done for the ones leading here. Jan
> -----Original Message----- > From: Jan Beulich [mailto:JBeulich@suse.com] > Sent: Friday, October 28, 2016 9:19 PM > To: Wu, Feng <feng.wu@intel.com> > Cc: andrew.cooper3@citrix.com; dario.faggioli@citrix.com; > george.dunlap@eu.citrix.com; Tian, Kevin <kevin.tian@intel.com>; xen- > devel@lists.xen.org > Subject: Re: [PATCH v6 2/7] VMX: Properly handle pi when all the assigned > devices are removed > > >>> On 28.10.16 at 04:37, <feng.wu@intel.com> wrote: > > @@ -215,11 +220,21 @@ void vmx_pi_hooks_assign(struct domain *d) > > /* This function is called when pcidevs_lock is held */ > > void vmx_pi_hooks_deassign(struct domain *d) > > { > > + struct vcpu *v; > > + > > if ( !iommu_intpost || !has_hvm_container_domain(d) ) > > return; > > > > ASSERT(d->arch.hvm_domain.vmx.vcpu_block); > > > > + /* > > + * Pausing the domain can make sure the vCPU is not > > + * running and hence not calling the hooks simultaneously > > + * when deassigning the PI hooks and removing the vCPU > > + * from the blocking list. > > + */ > > + domain_pause(d); > > There's one additional caveat here which no-one of us so far thought > of: Currently there's nothing preventing the domctl-s under which > this sits from being issued by the control domain for itself. Various > other domctl-s, however, guard against this case when intending > to pause the target domain. The same needs to be done for the > ones leading here. Thanks for the comments! Could you share in which case can a domain attach/detach a device for itself? Thanks! Thanks, Feng > > Jan
>>> On 03.11.16 at 08:45, <feng.wu@intel.com> wrote: > >> -----Original Message----- >> From: Jan Beulich [mailto:JBeulich@suse.com] >> Sent: Friday, October 28, 2016 9:19 PM >> To: Wu, Feng <feng.wu@intel.com> >> Cc: andrew.cooper3@citrix.com; dario.faggioli@citrix.com; >> george.dunlap@eu.citrix.com; Tian, Kevin <kevin.tian@intel.com>; xen- >> devel@lists.xen.org >> Subject: Re: [PATCH v6 2/7] VMX: Properly handle pi when all the assigned >> devices are removed >> >> >>> On 28.10.16 at 04:37, <feng.wu@intel.com> wrote: >> > @@ -215,11 +220,21 @@ void vmx_pi_hooks_assign(struct domain *d) >> > /* This function is called when pcidevs_lock is held */ >> > void vmx_pi_hooks_deassign(struct domain *d) >> > { >> > + struct vcpu *v; >> > + >> > if ( !iommu_intpost || !has_hvm_container_domain(d) ) >> > return; >> > >> > ASSERT(d->arch.hvm_domain.vmx.vcpu_block); >> > >> > + /* >> > + * Pausing the domain can make sure the vCPU is not >> > + * running and hence not calling the hooks simultaneously >> > + * when deassigning the PI hooks and removing the vCPU >> > + * from the blocking list. >> > + */ >> > + domain_pause(d); >> >> There's one additional caveat here which no-one of us so far thought >> of: Currently there's nothing preventing the domctl-s under which >> this sits from being issued by the control domain for itself. Various >> other domctl-s, however, guard against this case when intending >> to pause the target domain. The same needs to be done for the >> ones leading here. > > Thanks for the comments! Could you share in which case can a domain > attach/detach a device for itself? Thanks! That's not the question. The code path needs to be safe, just like all others (which we also expect Dom0 - or any other eligible domain - to not use with itself as the target domain). Jan
> -----Original Message----- > From: Jan Beulich [mailto:JBeulich@suse.com] > Sent: Thursday, November 3, 2016 5:08 PM > To: Wu, Feng <feng.wu@intel.com> > Cc: andrew.cooper3@citrix.com; dario.faggioli@citrix.com; > george.dunlap@eu.citrix.com; Tian, Kevin <kevin.tian@intel.com>; xen- > devel@lists.xen.org > Subject: RE: [PATCH v6 2/7] VMX: Properly handle pi when all the assigned > devices are removed > > >>> On 03.11.16 at 08:45, <feng.wu@intel.com> wrote: > > > > >> -----Original Message----- > >> From: Jan Beulich [mailto:JBeulich@suse.com] > >> Sent: Friday, October 28, 2016 9:19 PM > >> To: Wu, Feng <feng.wu@intel.com> > >> Cc: andrew.cooper3@citrix.com; dario.faggioli@citrix.com; > >> george.dunlap@eu.citrix.com; Tian, Kevin <kevin.tian@intel.com>; xen- > >> devel@lists.xen.org > >> Subject: Re: [PATCH v6 2/7] VMX: Properly handle pi when all the assigned > >> devices are removed > >> > >> >>> On 28.10.16 at 04:37, <feng.wu@intel.com> wrote: > >> > @@ -215,11 +220,21 @@ void vmx_pi_hooks_assign(struct domain *d) > >> > /* This function is called when pcidevs_lock is held */ > >> > void vmx_pi_hooks_deassign(struct domain *d) > >> > { > >> > + struct vcpu *v; > >> > + > >> > if ( !iommu_intpost || !has_hvm_container_domain(d) ) > >> > return; > >> > > >> > ASSERT(d->arch.hvm_domain.vmx.vcpu_block); > >> > > >> > + /* > >> > + * Pausing the domain can make sure the vCPU is not > >> > + * running and hence not calling the hooks simultaneously > >> > + * when deassigning the PI hooks and removing the vCPU > >> > + * from the blocking list. > >> > + */ > >> > + domain_pause(d); > >> > >> There's one additional caveat here which no-one of us so far thought > >> of: Currently there's nothing preventing the domctl-s under which > >> this sits from being issued by the control domain for itself. Various > >> other domctl-s, however, guard against this case when intending > >> to pause the target domain. The same needs to be done for the > >> ones leading here. > > > > Thanks for the comments! Could you share in which case can a domain > > attach/detach a device for itself? Thanks! > > That's not the question. The code path needs to be safe, just like > all others (which we also expect Dom0 - or any other eligible domain > - to not use with itself as the target domain). Sure, got it! Thanks, Feng > > Jan
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index faaa987..508be7c 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -158,14 +158,12 @@ static void vmx_pi_switch_to(struct vcpu *v) pi_clear_sn(pi_desc); } -static void vmx_pi_do_resume(struct vcpu *v) +static void vmx_pi_unblock_vcpu(struct vcpu *v) { unsigned long flags; spinlock_t *pi_blocking_list_lock; struct pi_desc *pi_desc = &v->arch.hvm_vmx.pi_desc; - ASSERT(!test_bit(_VPF_blocked, &v->pause_flags)); - /* * Set 'NV' field back to posted_intr_vector, so the * Posted-Interrupts can be delivered to the vCPU when @@ -173,12 +171,12 @@ static void vmx_pi_do_resume(struct vcpu *v) */ write_atomic(&pi_desc->nv, posted_intr_vector); - /* The vCPU is not on any blocking list. */ pi_blocking_list_lock = v->arch.hvm_vmx.pi_blocking.lock; /* Prevent the compiler from eliminating the local variable.*/ smp_rmb(); + /* The vCPU is not on any blocking list. */ if ( pi_blocking_list_lock == NULL ) return; @@ -198,6 +196,13 @@ static void vmx_pi_do_resume(struct vcpu *v) spin_unlock_irqrestore(pi_blocking_list_lock, flags); } +static void vmx_pi_do_resume(struct vcpu *v) +{ + ASSERT(!test_bit(_VPF_blocked, &v->pause_flags)); + + vmx_pi_unblock_vcpu(v); +} + /* This function is called when pcidevs_lock is held */ void vmx_pi_hooks_assign(struct domain *d) { @@ -215,11 +220,21 @@ void vmx_pi_hooks_assign(struct domain *d) /* This function is called when pcidevs_lock is held */ void vmx_pi_hooks_deassign(struct domain *d) { + struct vcpu *v; + if ( !iommu_intpost || !has_hvm_container_domain(d) ) return; ASSERT(d->arch.hvm_domain.vmx.vcpu_block); + /* + * Pausing the domain can make sure the vCPU is not + * running and hence not calling the hooks simultaneously + * when deassigning the PI hooks and removing the vCPU + * from the blocking list. + */ + domain_pause(d); + d->arch.hvm_domain.vmx.vcpu_block = NULL; d->arch.hvm_domain.vmx.pi_do_resume = NULL; d->arch.hvm_domain.vmx.pi_switch_from = NULL; @@ -229,6 +244,11 @@ void vmx_pi_hooks_deassign(struct domain *d) * is in the process of getting assigned and "from" hook is NULL. However, * it is not straightforward to find a clear solution, so just leave it here. */ + + for_each_vcpu ( d, v ) + vmx_pi_unblock_vcpu(v); + + domain_unpause(d); } static int vmx_domain_initialise(struct domain *d)
This patch handles some corner cases when the last assigned device is removed from the domain. In this case we should carefully handle pi descriptor and the per-cpu blocking list, to make sure: - all the PI descriptor are in the right state when next time a devices is assigned to the domain again. - No remaining vcpus of the domain in the per-cpu blocking list. Here we call vmx_pi_list_remove() to remove the vCPU from the blocking list if it is on the list. However, this could happen when vmx_vcpu_block() is being called, hence we might incorrectly add the vCPU to the blocking list while the last devcie is detached from the domain. Consider that the situation can only occur when detaching the last device from the domain and it is not a frequent operation, so we use domain_pause before that, which is considered as an clean and maintainable solution for the situation. Signed-off-by: Feng Wu <feng.wu@intel.com> --- v6: - Comments changes - Rename vmx_pi_list_remove() to vmx_pi_unblock_vcpu() v5: - Remove a no-op wrapper v4: - Rename some functions: vmx_pi_remove_vcpu_from_blocking_list() -> vmx_pi_list_remove() vmx_pi_blocking_cleanup() -> vmx_pi_list_cleanup() - Remove the check in vmx_pi_list_cleanup() - Comments adjustment xen/arch/x86/hvm/vmx/vmx.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-)