[XEN,v11,14/20] common/device_tree: Add rwlock for dt_host

Message ID	20230901045947.32351-15-vikram.garhwal@amd.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <xen-devel-bounces@lists.xenproject.org> Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org> Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C From: Vikram Garhwal <vikram.garhwal@amd.com> To: <xen-devel@lists.xenproject.org> CC: <vikram.garhwal@amd.com>, <julien@xen.org>, <michal.orzel@amd.com>, <sstabellini@kernel.org> Subject: [XEN][PATCH v11 14/20] common/device_tree: Add rwlock for dt_host Date: Thu, 31 Aug 2023 21:59:41 -0700 Message-ID: <20230901045947.32351-15-vikram.garhwal@amd.com> In-Reply-To: <20230901045947.32351-1-vikram.garhwal@amd.com> References: <20230901045947.32351-1-vikram.garhwal@amd.com> MIME-Version: 1.0 Content-Type: text/plain
Series	dynamic node programming using overlay dtbo \| expand [XEN,v11,00/20] dynamic node programming using overlay dtbo [XEN,v11,01/20] common/device_tree: handle memory allocation failure in __unflatten_device_tree() [XEN,v11,02/20] common/device_tree.c: unflatten_device_tree() propagate errors [XEN,v11,03/20] xen/arm/device: Remove __init from function type [XEN,v11,04/20] common/device_tree: Export __unflatten_device_tree() [XEN,v11,05/20] xen/arm: Add CONFIG_OVERLAY_DTB [XEN,v11,06/20] libfdt: Keep fdt functions after init for CONFIG_OVERLAY_DTB. [XEN,v11,07/20] libfdt: overlay: change overlay_get_target() [XEN,v11,08/20] xen/device-tree: Add dt_find_node_by_path_from() to find nodes in device tree [XEN,v11,09/20] xen/iommu: Move spin_lock from iommu_dt_device_is_assigned to caller [XEN,v11,10/20] xen/iommu: protect iommu_add_dt_device() with dtdevs_lock [XEN,v11,11/20] xen/iommu: Introduce iommu_remove_dt_device() [XEN,v11,12/20] xen/smmu: Add remove_device callback for smmu_iommu ops [XEN,v11,13/20] asm/smp.h: Fix circular dependency for device_tree.h and rwlock.h [XEN,v11,14/20] common/device_tree: Add rwlock for dt_host [XEN,v11,15/20] arm/asm/setup.h: Update struct map_range_data to add rangeset. [XEN,v11,16/20] xen/arm: Implement device tree node removal functionalities [XEN,v11,17/20] xen/arm: Implement device tree node addition functionalities [XEN,v11,18/20] tools/libs/ctrl: Implement new xc interfaces for dt overlay [XEN,v11,19/20] tools/libs/light: Implement new libxl functions for device tree overlay ops [XEN,v11,20/20] tools/xl: Add new xl command overlay for device tree overlay support

Message ID

20230901045947.32351-15-vikram.garhwal@amd.com (mailing list archive)

State

Superseded

Headers

Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
From: Vikram Garhwal <vikram.garhwal@amd.com>
To: <xen-devel@lists.xenproject.org>
CC: <vikram.garhwal@amd.com>, <julien@xen.org>, <michal.orzel@amd.com>,
	<sstabellini@kernel.org>
Subject: [XEN][PATCH v11 14/20] common/device_tree: Add rwlock for dt_host
Date: Thu, 31 Aug 2023 21:59:41 -0700
Message-ID: <20230901045947.32351-15-vikram.garhwal@amd.com>
In-Reply-To: <20230901045947.32351-1-vikram.garhwal@amd.com>
References: <20230901045947.32351-1-vikram.garhwal@amd.com>
MIME-Version: 1.0
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Sep 2023 05:00:27.5267
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 27587e69-0acf-4bcb-d40b-08dbaaa85be7
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	CY4PEPF0000EE34.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR12MB9010

Series

dynamic node programming using overlay dtbo | expand

Commit Message

Vikram Garhwal Sept. 1, 2023, 4:59 a.m. UTC

Dynamic programming ops will modify the dt_host and there might be other
functions which are browsing the dt_host at the same time. To avoid the race
conditions, adding rwlock for browsing the dt_host during runtime. dt_host
writer will be added in the follow-up patch for device tree overlay
functionalities.

Reason behind adding rwlock instead of spinlock:
    For now, dynamic programming is the sole modifier of dt_host in Xen during
    run time. All other access functions like iommu_release_dt_device() are
    just reading the dt_host during run-time. So, there is a need to protect
    others from browsing the dt_host while dynamic programming is modifying
    it. rwlock is better suitable for this task as spinlock won't be able to
    differentiate between read and write access.

Signed-off-by: Vikram Garhwal <vikram.garhwal@amd.com>
Reviewed-by: Michal Orzel <michal.orzel@amd.com>
---
Changes from v10:
    Add ASSERT for iommu_assign_dt_device() and iommu_add_dt_device().
Changes from v9:
    Update commit message and fix indentation.
    Add ASSERT() for iommu_deassign_dt_device() and iommu_remove_dt_device().
    Fix code styles.
    Remove rwlock_init in unflatten_device_tree() and do DEFINE_RWLOCK in
        device-tree.c
Changes from v7:
    Keep one lock for dt_host instead of lock for each node under dt_host.
---
---
 xen/common/device_tree.c              |  1 +
 xen/drivers/passthrough/device_tree.c | 28 +++++++++++++++++++++++++--
 xen/include/xen/device_tree.h         |  7 +++++++
 3 files changed, 34 insertions(+), 2 deletions(-)

Comments

Michal Orzel Sept. 4, 2023, 11:09 a.m. UTC | #1

On 01/09/2023 06:59, Vikram Garhwal wrote:
> Dynamic programming ops will modify the dt_host and there might be other
> functions which are browsing the dt_host at the same time. To avoid the race
> conditions, adding rwlock for browsing the dt_host during runtime. dt_host
> writer will be added in the follow-up patch for device tree overlay
> functionalities.
> 
> Reason behind adding rwlock instead of spinlock:
>     For now, dynamic programming is the sole modifier of dt_host in Xen during
>     run time. All other access functions like iommu_release_dt_device() are
>     just reading the dt_host during run-time. So, there is a need to protect
>     others from browsing the dt_host while dynamic programming is modifying
>     it. rwlock is better suitable for this task as spinlock won't be able to
>     differentiate between read and write access.
> 
> Signed-off-by: Vikram Garhwal <vikram.garhwal@amd.com>
> Reviewed-by: Michal Orzel <michal.orzel@amd.com>
> ---
> Changes from v10:
>     Add ASSERT for iommu_assign_dt_device() and iommu_add_dt_device().
> Changes from v9:
>     Update commit message and fix indentation.
>     Add ASSERT() for iommu_deassign_dt_device() and iommu_remove_dt_device().
>     Fix code styles.
>     Remove rwlock_init in unflatten_device_tree() and do DEFINE_RWLOCK in
>         device-tree.c
> Changes from v7:
>     Keep one lock for dt_host instead of lock for each node under dt_host.
> ---
> ---
>  xen/common/device_tree.c              |  1 +
>  xen/drivers/passthrough/device_tree.c | 28 +++++++++++++++++++++++++--
>  xen/include/xen/device_tree.h         |  7 +++++++
>  3 files changed, 34 insertions(+), 2 deletions(-)
> 
> diff --git a/xen/common/device_tree.c b/xen/common/device_tree.c
> index f38f51ec0b..b1c2952951 100644
> --- a/xen/common/device_tree.c
> +++ b/xen/common/device_tree.c
> @@ -31,6 +31,7 @@ dt_irq_xlate_func dt_irq_xlate;
>  struct dt_device_node *dt_host;
>  /* Interrupt controller node*/
>  const struct dt_device_node *dt_interrupt_controller;
> +DEFINE_RWLOCK(dt_host_lock);
>  
>  /**
>   * struct dt_alias_prop - Alias property in 'aliases' node
> diff --git a/xen/drivers/passthrough/device_tree.c b/xen/drivers/passthrough/device_tree.c
> index 80f6efc606..1f9cfccf95 100644
> --- a/xen/drivers/passthrough/device_tree.c
> +++ b/xen/drivers/passthrough/device_tree.c
> @@ -31,6 +31,8 @@ int iommu_assign_dt_device(struct domain *d, struct dt_device_node *dev)
>      int rc = -EBUSY;
>      struct domain_iommu *hd = dom_iommu(d);
>  
> +    ASSERT(system_state <= SYS_STATE_active || rw_is_locked(&dt_host_lock));
This looks not right (I know Julien suggested this). The second part will be checked only if state > active i.e. suspend/resume.
I think this wants to be:
ASSERT(system_state < SYS_STATE_active || rw_is_locked(&dt_host_lock));
so that once the state is >= active, we require dt_host_lock to be locked.

~Michal

Vikram Garhwal Sept. 5, 2023, 3:38 p.m. UTC | #2

Hi,
On Mon, Sep 04, 2023 at 01:09:52PM +0200, Michal Orzel wrote:
> 
> 
> On 01/09/2023 06:59, Vikram Garhwal wrote:
> > Dynamic programming ops will modify the dt_host and there might be other
> > functions which are browsing the dt_host at the same time. To avoid the race
> > conditions, adding rwlock for browsing the dt_host during runtime. dt_host
> > writer will be added in the follow-up patch for device tree overlay
> > functionalities.
> > 
> > Reason behind adding rwlock instead of spinlock:
> >     For now, dynamic programming is the sole modifier of dt_host in Xen during
> >     run time. All other access functions like iommu_release_dt_device() are
> >     just reading the dt_host during run-time. So, there is a need to protect
> >     others from browsing the dt_host while dynamic programming is modifying
> >     it. rwlock is better suitable for this task as spinlock won't be able to
> >     differentiate between read and write access.
> > 
> > Signed-off-by: Vikram Garhwal <vikram.garhwal@amd.com>
> > Reviewed-by: Michal Orzel <michal.orzel@amd.com>
> > ---
> > Changes from v10:
> >     Add ASSERT for iommu_assign_dt_device() and iommu_add_dt_device().
> > Changes from v9:
> >     Update commit message and fix indentation.
> >     Add ASSERT() for iommu_deassign_dt_device() and iommu_remove_dt_device().
> >     Fix code styles.
> >     Remove rwlock_init in unflatten_device_tree() and do DEFINE_RWLOCK in
> >         device-tree.c
> > Changes from v7:
> >     Keep one lock for dt_host instead of lock for each node under dt_host.
> > ---
> > ---
> >  xen/common/device_tree.c              |  1 +
> >  xen/drivers/passthrough/device_tree.c | 28 +++++++++++++++++++++++++--
> >  xen/include/xen/device_tree.h         |  7 +++++++
> >  3 files changed, 34 insertions(+), 2 deletions(-)
> > 
> > diff --git a/xen/common/device_tree.c b/xen/common/device_tree.c
> > index f38f51ec0b..b1c2952951 100644
> > --- a/xen/common/device_tree.c
> > +++ b/xen/common/device_tree.c
> > @@ -31,6 +31,7 @@ dt_irq_xlate_func dt_irq_xlate;
> >  struct dt_device_node *dt_host;
> >  /* Interrupt controller node*/
> >  const struct dt_device_node *dt_interrupt_controller;
> > +DEFINE_RWLOCK(dt_host_lock);
> >  
> >  /**
> >   * struct dt_alias_prop - Alias property in 'aliases' node
> > diff --git a/xen/drivers/passthrough/device_tree.c b/xen/drivers/passthrough/device_tree.c
> > index 80f6efc606..1f9cfccf95 100644
> > --- a/xen/drivers/passthrough/device_tree.c
> > +++ b/xen/drivers/passthrough/device_tree.c
> > @@ -31,6 +31,8 @@ int iommu_assign_dt_device(struct domain *d, struct dt_device_node *dev)
> >      int rc = -EBUSY;
> >      struct domain_iommu *hd = dom_iommu(d);
> >  
> > +    ASSERT(system_state <= SYS_STATE_active || rw_is_locked(&dt_host_lock));
> This looks not right (I know Julien suggested this). The second part will be checked only if state > active i.e. suspend/resume.
> I think this wants to be:
> ASSERT(system_state < SYS_STATE_active || rw_is_locked(&dt_host_lock));
> so that once the state is >= active, we require dt_host_lock to be locked.
I rechecked this, you are right! Will update it to check the lock only for
>= active.
> 
> ~Michal

Stefano Stabellini Sept. 6, 2023, 12:53 a.m. UTC | #3

On Mon, 4 Sep 2023, Michal Orzel wrote:
> On 01/09/2023 06:59, Vikram Garhwal wrote:
> > Dynamic programming ops will modify the dt_host and there might be other
> > functions which are browsing the dt_host at the same time. To avoid the race
> > conditions, adding rwlock for browsing the dt_host during runtime. dt_host
> > writer will be added in the follow-up patch for device tree overlay
> > functionalities.
> > 
> > Reason behind adding rwlock instead of spinlock:
> >     For now, dynamic programming is the sole modifier of dt_host in Xen during
> >     run time. All other access functions like iommu_release_dt_device() are
> >     just reading the dt_host during run-time. So, there is a need to protect
> >     others from browsing the dt_host while dynamic programming is modifying
> >     it. rwlock is better suitable for this task as spinlock won't be able to
> >     differentiate between read and write access.
> > 
> > Signed-off-by: Vikram Garhwal <vikram.garhwal@amd.com>
> > Reviewed-by: Michal Orzel <michal.orzel@amd.com>
> > ---
> > Changes from v10:
> >     Add ASSERT for iommu_assign_dt_device() and iommu_add_dt_device().
> > Changes from v9:
> >     Update commit message and fix indentation.
> >     Add ASSERT() for iommu_deassign_dt_device() and iommu_remove_dt_device().
> >     Fix code styles.
> >     Remove rwlock_init in unflatten_device_tree() and do DEFINE_RWLOCK in
> >         device-tree.c
> > Changes from v7:
> >     Keep one lock for dt_host instead of lock for each node under dt_host.
> > ---
> > ---
> >  xen/common/device_tree.c              |  1 +
> >  xen/drivers/passthrough/device_tree.c | 28 +++++++++++++++++++++++++--
> >  xen/include/xen/device_tree.h         |  7 +++++++
> >  3 files changed, 34 insertions(+), 2 deletions(-)
> > 
> > diff --git a/xen/common/device_tree.c b/xen/common/device_tree.c
> > index f38f51ec0b..b1c2952951 100644
> > --- a/xen/common/device_tree.c
> > +++ b/xen/common/device_tree.c
> > @@ -31,6 +31,7 @@ dt_irq_xlate_func dt_irq_xlate;
> >  struct dt_device_node *dt_host;
> >  /* Interrupt controller node*/
> >  const struct dt_device_node *dt_interrupt_controller;
> > +DEFINE_RWLOCK(dt_host_lock);
> >  
> >  /**
> >   * struct dt_alias_prop - Alias property in 'aliases' node
> > diff --git a/xen/drivers/passthrough/device_tree.c b/xen/drivers/passthrough/device_tree.c
> > index 80f6efc606..1f9cfccf95 100644
> > --- a/xen/drivers/passthrough/device_tree.c
> > +++ b/xen/drivers/passthrough/device_tree.c
> > @@ -31,6 +31,8 @@ int iommu_assign_dt_device(struct domain *d, struct dt_device_node *dev)
> >      int rc = -EBUSY;
> >      struct domain_iommu *hd = dom_iommu(d);
> >  
> > +    ASSERT(system_state <= SYS_STATE_active || rw_is_locked(&dt_host_lock));
> This looks not right (I know Julien suggested this). The second part will be checked only if state > active i.e. suspend/resume.
> I think this wants to be:
> ASSERT(system_state < SYS_STATE_active || rw_is_locked(&dt_host_lock));
> so that once the state is >= active, we require dt_host_lock to be locked.

Well spotted!

diff --git a/xen/common/device_tree.c b/xen/common/device_tree.c
index f38f51ec0b..b1c2952951 100644
--- a/xen/common/device_tree.c
+++ b/xen/common/device_tree.c
@@ -31,6 +31,7 @@  dt_irq_xlate_func dt_irq_xlate;
 struct dt_device_node *dt_host;
 /* Interrupt controller node*/
 const struct dt_device_node *dt_interrupt_controller;
+DEFINE_RWLOCK(dt_host_lock);
 
 /**
  * struct dt_alias_prop - Alias property in 'aliases' node
diff --git a/xen/drivers/passthrough/device_tree.c b/xen/drivers/passthrough/device_tree.c
index 80f6efc606..1f9cfccf95 100644
--- a/xen/drivers/passthrough/device_tree.c
+++ b/xen/drivers/passthrough/device_tree.c
@@ -31,6 +31,8 @@  int iommu_assign_dt_device(struct domain *d, struct dt_device_node *dev)
     int rc = -EBUSY;
     struct domain_iommu *hd = dom_iommu(d);
 
+    ASSERT(system_state <= SYS_STATE_active || rw_is_locked(&dt_host_lock));
+
     if ( !is_iommu_enabled(d) )
         return -EINVAL;
 
@@ -62,6 +64,8 @@  int iommu_deassign_dt_device(struct domain *d, struct dt_device_node *dev)
     const struct domain_iommu *hd = dom_iommu(d);
     int rc;
 
+    ASSERT(rw_is_locked(&dt_host_lock));
+
     if ( !is_iommu_enabled(d) )
         return -EINVAL;
 
@@ -113,6 +117,8 @@  int iommu_release_dt_devices(struct domain *d)
     if ( !is_iommu_enabled(d) )
         return 0;
 
+    read_lock(&dt_host_lock);
+
     list_for_each_entry_safe(dev, _dev, &hd->dt_devices, domain_list)
     {
         rc = iommu_deassign_dt_device(d, dev);
@@ -120,10 +126,14 @@  int iommu_release_dt_devices(struct domain *d)
         {
             dprintk(XENLOG_ERR, "Failed to deassign %s in domain %u\n",
                     dt_node_full_name(dev), d->domain_id);
+            read_unlock(&dt_host_lock);
+
             return rc;
         }
     }
 
+    read_unlock(&dt_host_lock);
+
     return 0;
 }
 
@@ -133,6 +143,8 @@  int iommu_remove_dt_device(struct dt_device_node *np)
     struct device *dev = dt_to_dev(np);
     int rc;
 
+    ASSERT(rw_is_locked(&dt_host_lock));
+
     if ( !iommu_enabled )
         return 1;
 
@@ -177,6 +189,8 @@  int iommu_add_dt_device(struct dt_device_node *np)
     struct device *dev = dt_to_dev(np);
     int rc = 1, index = 0;
 
+    ASSERT(system_state <= SYS_STATE_active || rw_is_locked(&dt_host_lock));
+
     if ( !iommu_enabled )
         return 1;
 
@@ -249,6 +263,8 @@  int iommu_do_dt_domctl(struct xen_domctl *domctl, struct domain *d,
     int ret;
     struct dt_device_node *dev;
 
+    read_lock(&dt_host_lock);
+
     switch ( domctl->cmd )
     {
     case XEN_DOMCTL_assign_device:
@@ -289,7 +305,10 @@  int iommu_do_dt_domctl(struct xen_domctl *domctl, struct domain *d,
         }
 
         if ( d == dom_io )
-            return -EINVAL;
+        {
+            ret = -EINVAL;
+            break;
+        }
 
         ret = iommu_add_dt_device(dev);
         if ( ret < 0 )
@@ -327,7 +346,10 @@  int iommu_do_dt_domctl(struct xen_domctl *domctl, struct domain *d,
             break;
 
         if ( d == dom_io )
-            return -EINVAL;
+        {
+            ret = -EINVAL;
+            break;
+        }
 
         ret = iommu_deassign_dt_device(d, dev);
 
@@ -342,5 +364,7 @@  int iommu_do_dt_domctl(struct xen_domctl *domctl, struct domain *d,
         break;
     }
 
+    read_unlock(&dt_host_lock);
+
     return ret;
 }
diff --git a/xen/include/xen/device_tree.h b/xen/include/xen/device_tree.h
index 44d315c8ba..a262bba2ed 100644
--- a/xen/include/xen/device_tree.h
+++ b/xen/include/xen/device_tree.h
@@ -18,6 +18,7 @@ 
 #include <xen/string.h>
 #include <xen/types.h>
 #include <xen/list.h>
+#include <xen/rwlock.h>
 
 #define DEVICE_TREE_MAX_DEPTH 16
 
@@ -218,6 +219,12 @@  extern struct dt_device_node *dt_host;
  */
 extern const struct dt_device_node *dt_interrupt_controller;
 
+/*
+ * Lock that protects r/w updates to unflattened device tree i.e. dt_host during
+ * runtime. Lock may not be taken for boot only code.
+ */
+extern rwlock_t dt_host_lock;
+
 /**
  * Find the interrupt controller
  * For the moment we handle only one interrupt controller: the first

[XEN,v11,14/20] common/device_tree: Add rwlock for dt_host

Commit Message

Comments

Patch