[v3,13/15] x86/IRQ: tighten vector checks

Message ID	5CDE927002000078002300BA@prv1-mh.provo.novell.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <xen-devel-bounces@lists.xenproject.org> Message-Id: <5CDE927002000078002300BA@prv1-mh.provo.novell.com> Date: Fri, 17 May 2019 04:52:32 -0600 From: "Jan Beulich" <JBeulich@suse.com> To: "xen-devel" <xen-devel@lists.xenproject.org> References: <5CC6DD090200007800229E80@prv1-mh.provo.novell.com> <5CDE8F5B020000780023005F@prv1-mh.provo.novell.com> In-Reply-To: <5CDE8F5B020000780023005F@prv1-mh.provo.novell.com> Mime-Version: 1.0 Content-Disposition: inline Subject: [Xen-devel] [PATCH v3 13/15] x86/IRQ: tighten vector checks Precedence: list Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Wei Liu <wei.liu2@citrix.com>, Roger Pau Monne <roger.pau@citrix.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Series	x86: IRQ management adjustments \| expand [v3,00/15] x86: IRQ management adjustments [v3,01/15] x86/IRQ: deal with move-in-progress state in fixup_irqs() [v3,02/15] x86/IRQ: deal with move cleanup count state in fixup_irqs() [v3,03/15] x86/IRQ: improve dump_irqs() [v3,04/15] x86/IRQ: desc->affinity should strictly represent the requested value [v3,05/15] x86/IRQ: consolidate use of ->arch.cpu_mask [v3,06/15] x86/IRQ: fix locking around vector management [v3,07/15] x86/IRQ: target online CPUs when binding guest IRQ [v3,08/15] x86/IRQs: correct/tighten vector check in _clear_irq_vector() [v3,09/15] x86/IRQ: make fixup_irqs() skip unconnected internally used interrupts [v3,10/15] x86/IRQ: drop redundant cpumask_empty() from move_masked_irq() [v3,11/15] x86/IRQ: simplify and rename pirq_acktype() [v3,12/15] x86/IRQ: add explicit tracing-enabled check to trace_irq_mask() [v3,13/15] x86/IRQ: tighten vector checks [v3,14/15] x86/IRQ: eliminate some on-stack cpumask_t instances [v3,15/15] x86/IRQ: move {,_}clear_irq_vector()

Message ID

5CDE927002000078002300BA@prv1-mh.provo.novell.com (mailing list archive)

State

New, archived

Headers

Message-Id: <5CDE927002000078002300BA@prv1-mh.provo.novell.com>
Date: Fri, 17 May 2019 04:52:32 -0600
From: "Jan Beulich" <JBeulich@suse.com>
To: "xen-devel" <xen-devel@lists.xenproject.org>
References: <5CC6DD090200007800229E80@prv1-mh.provo.novell.com>
 <5CDE8F5B020000780023005F@prv1-mh.provo.novell.com>
In-Reply-To: <5CDE8F5B020000780023005F@prv1-mh.provo.novell.com>
Mime-Version: 1.0
Content-Disposition: inline
Subject: [Xen-devel] [PATCH v3 13/15] x86/IRQ: tighten vector checks
Precedence: list
Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Wei Liu <wei.liu2@citrix.com>,
 Roger Pau Monne <roger.pau@citrix.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

Series

x86: IRQ management adjustments | expand

Comments

Roger Pau Monne May 20, 2019, 2:04 p.m. UTC | #1

On Fri, May 17, 2019 at 04:52:32AM -0600, Jan Beulich wrote:
> Use valid_irq_vector() rather than "> 0".
> 
> Also replace an open-coded use of IRQ_VECTOR_UNASSIGNED.
> 
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>

The question I have below is not directly related to the usage of
valid_irq_vector, but rather with the existing code.

> ---
> v3: New.
> 
> --- a/xen/arch/x86/irq.c
> +++ b/xen/arch/x86/irq.c
> @@ -342,7 +342,7 @@ void clear_irq_vector(int irq)
>  
>  int irq_to_vector(int irq)
>  {
> -    int vector = -1;
> +    int vector = IRQ_VECTOR_UNASSIGNED;
>  
>      BUG_ON(irq >= nr_irqs || irq < 0);
>  
> @@ -452,15 +452,18 @@ static vmask_t *irq_get_used_vector_mask
>              int vector;
>              
>              vector = irq_to_vector(irq);
> -            if ( vector > 0 )
> +            if ( valid_irq_vector(vector) )
>              {
> -                printk(XENLOG_INFO "IRQ %d already assigned vector %d\n",
> +                printk(XENLOG_INFO "IRQ%d already assigned vector %02x\n",
>                         irq, vector);
>                  
>                  ASSERT(!test_bit(vector, ret));
>  
>                  set_bit(vector, ret);
>              }
> +            else if ( vector != IRQ_VECTOR_UNASSIGNED )
> +                printk(XENLOG_WARNING "IRQ%d mapped to bogus vector %02x\n",
> +                       irq, vector);

Maybe add an assert_unreachable here? It seems really bogus to call
irq_get_used_vector_mask with an unassigned vector.

But I'm not sure I fully understand this piece of code, neither why a
vector without a IRQ assigned can have a vector assigned. Is this
covering up for the lack of cleanup elsewhere?

Thanks, Roger.

Jan Beulich May 20, 2019, 3:26 p.m. UTC | #2

>>> On 20.05.19 at 16:04, <roger.pau@citrix.com> wrote:
> On Fri, May 17, 2019 at 04:52:32AM -0600, Jan Beulich wrote:
>> Use valid_irq_vector() rather than "> 0".
>> 
>> Also replace an open-coded use of IRQ_VECTOR_UNASSIGNED.
>> 
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> 
> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>

Thanks.

> The question I have below is not directly related to the usage of
> valid_irq_vector, but rather with the existing code.
> 
>> @@ -452,15 +452,18 @@ static vmask_t *irq_get_used_vector_mask
>>              int vector;
>>              
>>              vector = irq_to_vector(irq);
>> -            if ( vector > 0 )
>> +            if ( valid_irq_vector(vector) )
>>              {
>> -                printk(XENLOG_INFO "IRQ %d already assigned vector %d\n",
>> +                printk(XENLOG_INFO "IRQ%d already assigned vector %02x\n",
>>                         irq, vector);
>>                  
>>                  ASSERT(!test_bit(vector, ret));
>>  
>>                  set_bit(vector, ret);
>>              }
>> +            else if ( vector != IRQ_VECTOR_UNASSIGNED )
>> +                printk(XENLOG_WARNING "IRQ%d mapped to bogus vector %02x\n",
>> +                       irq, vector);
> 
> Maybe add an assert_unreachable here? It seems really bogus to call
> irq_get_used_vector_mask with an unassigned vector.

How that? This would e.g. get called the very first time a vector
is to be assigned. But I'm afraid I'm a little confused anyway by
the wording you use - after all this is the code path dealing with
an IRQ _not_ being marked as having no vector assigned, but
also not having a valid vector.

> But I'm not sure I fully understand this piece of code, neither why a
> vector without a IRQ assigned can have a vector assigned. Is this
> covering up for the lack of cleanup elsewhere?

I don't think so, no. However, users of irq_to_vector() need to
be careful: The function can legitimately return 0 (besides
IRQ_VECTOR_UNASSIGNED) as an error indication. I've tried to
do away with this, but quickly realized I'd better not do so. I've
not seen the printk() trigger, but I'd rather see the printk() log
a message telling us that we also need to exclude vector 0 than
a wrong assertion to fire.

Jan

Roger Pau Monne May 22, 2019, 4:42 p.m. UTC | #3

On Mon, May 20, 2019 at 09:26:37AM -0600, Jan Beulich wrote:
> >>> On 20.05.19 at 16:04, <roger.pau@citrix.com> wrote:
> > On Fri, May 17, 2019 at 04:52:32AM -0600, Jan Beulich wrote:
> >> Use valid_irq_vector() rather than "> 0".
> >> 
> >> Also replace an open-coded use of IRQ_VECTOR_UNASSIGNED.
> >> 
> >> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> > 
> > Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
> 
> Thanks.
> 
> > The question I have below is not directly related to the usage of
> > valid_irq_vector, but rather with the existing code.
> > 
> >> @@ -452,15 +452,18 @@ static vmask_t *irq_get_used_vector_mask
> >>              int vector;
> >>              
> >>              vector = irq_to_vector(irq);
> >> -            if ( vector > 0 )
> >> +            if ( valid_irq_vector(vector) )
> >>              {
> >> -                printk(XENLOG_INFO "IRQ %d already assigned vector %d\n",
> >> +                printk(XENLOG_INFO "IRQ%d already assigned vector %02x\n",
> >>                         irq, vector);
> >>                  
> >>                  ASSERT(!test_bit(vector, ret));
> >>  
> >>                  set_bit(vector, ret);
> >>              }
> >> +            else if ( vector != IRQ_VECTOR_UNASSIGNED )
> >> +                printk(XENLOG_WARNING "IRQ%d mapped to bogus vector %02x\n",
> >> +                       irq, vector);
> > 
> > Maybe add an assert_unreachable here? It seems really bogus to call
> > irq_get_used_vector_mask with an unassigned vector.
> 
> How that? This would e.g. get called the very first time a vector
> is to be assigned. But I'm afraid I'm a little confused anyway by
> the wording you use - after all this is the code path dealing with
> an IRQ _not_ being marked as having no vector assigned, but
> also not having a valid vector.

Thanks for the clarification, by the name of the function I assumed it
must be called with an irq that has a vector assigned, if that's not
the case then I think it's fine.

Roger.

Jan Beulich May 23, 2019, 8:36 a.m. UTC | #4

>>> On 22.05.19 at 18:42, <roger.pau@citrix.com> wrote:
> On Mon, May 20, 2019 at 09:26:37AM -0600, Jan Beulich wrote:
>> >>> On 20.05.19 at 16:04, <roger.pau@citrix.com> wrote:
>> > On Fri, May 17, 2019 at 04:52:32AM -0600, Jan Beulich wrote:
>> >> @@ -452,15 +452,18 @@ static vmask_t *irq_get_used_vector_mask
>> >>              int vector;
>> >>              
>> >>              vector = irq_to_vector(irq);
>> >> -            if ( vector > 0 )
>> >> +            if ( valid_irq_vector(vector) )
>> >>              {
>> >> -                printk(XENLOG_INFO "IRQ %d already assigned vector %d\n",
>> >> +                printk(XENLOG_INFO "IRQ%d already assigned vector %02x\n",
>> >>                         irq, vector);
>> >>                  
>> >>                  ASSERT(!test_bit(vector, ret));
>> >>  
>> >>                  set_bit(vector, ret);
>> >>              }
>> >> +            else if ( vector != IRQ_VECTOR_UNASSIGNED )
>> >> +                printk(XENLOG_WARNING "IRQ%d mapped to bogus vector %02x\n",
>> >> +                       irq, vector);
>> > 
>> > Maybe add an assert_unreachable here? It seems really bogus to call
>> > irq_get_used_vector_mask with an unassigned vector.
>> 
>> How that? This would e.g. get called the very first time a vector
>> is to be assigned. But I'm afraid I'm a little confused anyway by
>> the wording you use - after all this is the code path dealing with
>> an IRQ _not_ being marked as having no vector assigned, but
>> also not having a valid vector.
> 
> Thanks for the clarification, by the name of the function I assumed it
> must be called with an irq that has a vector assigned, if that's not
> the case then I think it's fine.
> 
> Roger.

Well, the names means "get the object where used vectors are to
be tracked for this IRQ", which has no implication on whether a
vector was already assigned.

Jan

Andrew Cooper July 3, 2019, 6:42 p.m. UTC | #5

On 17/05/2019 11:52, Jan Beulich wrote:
> Use valid_irq_vector() rather than "> 0".
>
> Also replace an open-coded use of IRQ_VECTOR_UNASSIGNED.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

--- a/xen/arch/x86/irq.c
+++ b/xen/arch/x86/irq.c
@@ -342,7 +342,7 @@  void clear_irq_vector(int irq)
 
 int irq_to_vector(int irq)
 {
-    int vector = -1;
+    int vector = IRQ_VECTOR_UNASSIGNED;
 
     BUG_ON(irq >= nr_irqs || irq < 0);
 
@@ -452,15 +452,18 @@  static vmask_t *irq_get_used_vector_mask
             int vector;
             
             vector = irq_to_vector(irq);
-            if ( vector > 0 )
+            if ( valid_irq_vector(vector) )
             {
-                printk(XENLOG_INFO "IRQ %d already assigned vector %d\n",
+                printk(XENLOG_INFO "IRQ%d already assigned vector %02x\n",
                        irq, vector);
                 
                 ASSERT(!test_bit(vector, ret));
 
                 set_bit(vector, ret);
             }
+            else if ( vector != IRQ_VECTOR_UNASSIGNED )
+                printk(XENLOG_WARNING "IRQ%d mapped to bogus vector %02x\n",
+                       irq, vector);
         }
     }
     else if ( IO_APIC_IRQ(irq) &&
@@ -491,7 +494,7 @@  static int _assign_irq_vector(struct irq
     vmask_t *irq_used_vectors = NULL;
 
     old_vector = irq_to_vector(irq);
-    if ( old_vector > 0 )
+    if ( valid_irq_vector(old_vector) )
     {
         cpumask_t tmp_mask;
 
@@ -555,7 +558,7 @@  next:
         current_vector = vector;
         current_offset = offset;
 
-        if ( old_vector > 0 )
+        if ( valid_irq_vector(old_vector) )
         {
             cpumask_and(desc->arch.old_cpu_mask, desc->arch.cpu_mask,
                         &cpu_online_map);

[v3,13/15] x86/IRQ: tighten vector checks

Commit Message

Comments

Patch