From: Tamas K Lengyel <tamas.k.lengyel@gmail.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: Julien Grall <julien@xen.org>,
Andrew Cooper <andrew.cooper3@citrix.com>,
George Dunlap <George.Dunlap@eu.citrix.com>,
Ian Jackson <iwj@xenproject.org>, Wei Liu <wl@xen.org>,
Stefano Stabellini <sstabellini@kernel.org>,
Tamas K Lengyel <lengyelt@ainfosec.com>,
Petre Ovidiu PIRCALABU <ppircalabu@bitdefender.com>,
Alexandru Isaila <aisaila@bitdefender.com>,
"xen-devel@lists.xenproject.org"
<xen-devel@lists.xenproject.org>
Subject: Re: [PATCH v3 5/5] evtchn: don't call Xen consumer callback with per-channel lock held
Date: Thu, 3 Dec 2020 09:40:34 -0500 [thread overview]
Message-ID: <CABfawh=t+TK+Bm3JUee+ZZ7SSPRLtgnq162Sk17cKNKqJMRreA@mail.gmail.com> (raw)
In-Reply-To: <7a768bcd-80c1-d193-8796-7fb6720fa22a@suse.com>
On Thu, Dec 3, 2020 at 5:09 AM Jan Beulich <jbeulich@suse.com> wrote:
>
> On 02.12.2020 22:10, Julien Grall wrote:
> > On 23/11/2020 13:30, Jan Beulich wrote:
> >> While there don't look to be any problems with this right now, the lock
> >> order implications from holding the lock can be very difficult to follow
> >> (and may be easy to violate unknowingly). The present callbacks don't
> >> (and no such callback should) have any need for the lock to be held.
> >>
> >> However, vm_event_disable() frees the structures used by respective
> >> callbacks and isn't otherwise synchronized with invocations of these
> >> callbacks, so maintain a count of in-progress calls, for evtchn_close()
> >> to wait to drop to zero before freeing the port (and dropping the lock).
> >
> > AFAICT, this callback is not the only place where the synchronization is
> > missing in the VM event code.
> >
> > For instance, vm_event_put_request() can also race against
> > vm_event_disable().
> >
> > So shouldn't we handle this issue properly in VM event?
>
> I suppose that's a question to the VM event folks rather than me?
IMHO it would obviously be better if the Xen side could handle
situations like these gracefully. OTOH it is also reasonable to expect
the privileged toolstack to perform its own sanity checks before
disabling. Like right now for disabling vm_event we first pause the
VM, process all remaining events that were on the ring, and only then
disable the interface. This avoids the race condition mentioned above
(among other issues). It's not perfect - we ran into problems where
event replies don't have the desired effect because the VM is paused -
but for the most part doing this is sufficient. So I don't consider
this to be a priority at the moment. That said, if anyone is so
inclined to fix this up, I would be happy to review & ack.
Tamas
next prev parent reply other threads:[~2020-12-03 14:46 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-23 13:26 [PATCH v3 0/5] evtchn: (not so) recent XSAs follow-on Jan Beulich
2020-11-23 13:28 ` [PATCH v3 1/5] evtchn: drop acquiring of per-channel lock from send_guest_{global,vcpu}_virq() Jan Beulich
2020-12-02 19:03 ` Julien Grall
2020-12-03 9:46 ` Jan Beulich
2020-12-09 9:53 ` Julien Grall
2020-12-09 14:24 ` Jan Beulich
2020-11-23 13:28 ` [PATCH v3 2/5] evtchn: avoid access tearing for ->virq_to_evtchn[] accesses Jan Beulich
2020-12-02 21:14 ` Julien Grall
2020-11-23 13:28 ` [PATCH v3 3/5] evtchn: convert vIRQ lock to an r/w one Jan Beulich
2020-12-09 11:16 ` Julien Grall
2020-11-23 13:29 ` [PATCH v3 4/5] evtchn: convert domain event " Jan Beulich
2020-12-09 11:54 ` Julien Grall
2020-12-11 10:32 ` Jan Beulich
2020-12-11 10:57 ` Julien Grall
2020-12-14 9:40 ` Jan Beulich
2020-12-21 17:45 ` Julien Grall
2020-12-22 9:46 ` Jan Beulich
2020-12-23 11:22 ` Julien Grall
2020-12-23 12:57 ` Jan Beulich
2020-12-23 13:19 ` Julien Grall
2020-12-23 13:36 ` Jan Beulich
2020-11-23 13:30 ` [PATCH v3 5/5] evtchn: don't call Xen consumer callback with per-channel lock held Jan Beulich
2020-11-30 10:39 ` Isaila Alexandru
2020-12-02 21:10 ` Julien Grall
2020-12-03 10:09 ` Jan Beulich
2020-12-03 14:40 ` Tamas K Lengyel [this message]
2020-12-04 11:28 ` Julien Grall
2020-12-04 11:48 ` Jan Beulich
2020-12-04 11:51 ` Julien Grall
2020-12-04 12:01 ` Jan Beulich
2020-12-04 15:09 ` Julien Grall
2020-12-07 8:02 ` Jan Beulich
2020-12-07 17:22 ` Julien Grall
2020-12-04 15:21 ` Tamas K Lengyel
2020-12-04 15:29 ` Julien Grall
2020-12-04 19:15 ` Tamas K Lengyel
2020-12-04 19:22 ` Julien Grall
2020-12-04 21:23 ` Tamas K Lengyel
2020-12-07 15:28 ` Jan Beulich
2020-12-07 17:30 ` Julien Grall
2020-12-07 17:35 ` Tamas K Lengyel
2020-12-23 13:12 ` Jan Beulich
2020-12-23 13:33 ` Julien Grall
2020-12-23 13:41 ` Jan Beulich
2020-12-23 14:44 ` Julien Grall
2020-12-23 14:56 ` Jan Beulich
2020-12-23 15:08 ` Julien Grall
2020-12-23 15:15 ` Tamas K Lengyel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CABfawh=t+TK+Bm3JUee+ZZ7SSPRLtgnq162Sk17cKNKqJMRreA@mail.gmail.com' \
--to=tamas.k.lengyel@gmail.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=aisaila@bitdefender.com \
--cc=andrew.cooper3@citrix.com \
--cc=iwj@xenproject.org \
--cc=jbeulich@suse.com \
--cc=julien@xen.org \
--cc=lengyelt@ainfosec.com \
--cc=ppircalabu@bitdefender.com \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.