From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.3 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D097C6369E for ; Wed, 2 Dec 2020 21:11:03 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B8E5A20709 for ; Wed, 2 Dec 2020 21:11:02 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B8E5A20709 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=xen.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.43009.77387 (Exim 4.92) (envelope-from ) id 1kkZOg-0001F4-2y; Wed, 02 Dec 2020 21:10:46 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 43009.77387; Wed, 02 Dec 2020 21:10:46 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kkZOf-0001Ee-Tz; Wed, 02 Dec 2020 21:10:45 +0000 Received: by outflank-mailman (input) for mailman id 43009; Wed, 02 Dec 2020 21:10:44 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kkZOe-0001AX-Mk for xen-devel@lists.xenproject.org; Wed, 02 Dec 2020 21:10:44 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kkZOX-0003rS-RW; Wed, 02 Dec 2020 21:10:37 +0000 Received: from [54.239.6.185] (helo=a483e7b01a66.ant.amazon.com) by xenbits.xenproject.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1kkZOX-00039w-Hj; Wed, 02 Dec 2020 21:10:37 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Content-Transfer-Encoding:Content-Type:In-Reply-To: MIME-Version:Date:Message-ID:From:References:Cc:To:Subject; bh=Onm0xfQJVu6IWG1SCpBTJID+WxJ8YF3bI4LRL0Fd27Y=; b=h8s+qOsm38vLVaLM3L2hgfZW8/ yYlNsTpeqoJTnbiDVFEp/B94uf/dHD1wDgTygKNcvDZE+7plNxv697phqhU/RALPpSK+MFUmomO8F Zzj0HLH8JXZvNPTF7JDif8Ba+0aE+zp2LL755ihbGbmRX+ahedcn3UvdUXb5K+2pkZik=; Subject: Re: [PATCH v3 5/5] evtchn: don't call Xen consumer callback with per-channel lock held To: Jan Beulich , "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , George Dunlap , Ian Jackson , Wei Liu , Stefano Stabellini , Tamas K Lengyel , Petre Ovidiu PIRCALABU , Alexandru Isaila References: <9d7a052a-6222-80ff-cbf1-612d4ca50c2a@suse.com> From: Julien Grall Message-ID: <17c90493-b438-fbc1-ca10-3bc4d89c4e5e@xen.org> Date: Wed, 2 Dec 2020 21:10:35 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.5.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit Hi Jan, On 23/11/2020 13:30, Jan Beulich wrote: > While there don't look to be any problems with this right now, the lock > order implications from holding the lock can be very difficult to follow > (and may be easy to violate unknowingly). The present callbacks don't > (and no such callback should) have any need for the lock to be held. > > However, vm_event_disable() frees the structures used by respective > callbacks and isn't otherwise synchronized with invocations of these > callbacks, so maintain a count of in-progress calls, for evtchn_close() > to wait to drop to zero before freeing the port (and dropping the lock). AFAICT, this callback is not the only place where the synchronization is missing in the VM event code. For instance, vm_event_put_request() can also race against vm_event_disable(). So shouldn't we handle this issue properly in VM event? > > Signed-off-by: Jan Beulich > --- > Should we make this accounting optional, to be requested through a new > parameter to alloc_unbound_xen_event_channel(), or derived from other > than the default callback being requested? Aside the VM event, do you see any value for the other caller? > --- > v3: Drain callbacks before proceeding with closing. Re-base. > > --- a/xen/common/event_channel.c > +++ b/xen/common/event_channel.c > @@ -397,6 +397,7 @@ static long evtchn_bind_interdomain(evtc > > rchn->u.interdomain.remote_dom = ld; > rchn->u.interdomain.remote_port = lport; > + atomic_set(&rchn->u.interdomain.active_calls, 0); > rchn->state = ECS_INTERDOMAIN; > > /* > @@ -720,6 +721,10 @@ int evtchn_close(struct domain *d1, int > > double_evtchn_lock(chn1, chn2); > > + if ( consumer_is_xen(chn1) ) > + while ( atomic_read(&chn1->u.interdomain.active_calls) ) > + cpu_relax(); > + > evtchn_free(d1, chn1); > > chn2->state = ECS_UNBOUND; > @@ -781,9 +786,15 @@ int evtchn_send(struct domain *ld, unsig > rport = lchn->u.interdomain.remote_port; > rchn = evtchn_from_port(rd, rport); > if ( consumer_is_xen(rchn) ) > + { > + /* Don't keep holding the lock for the call below. */ > + atomic_inc(&rchn->u.interdomain.active_calls); > + evtchn_read_unlock(lchn); > xen_notification_fn(rchn)(rd->vcpu[rchn->notify_vcpu_id], rport); > - else > - evtchn_port_set_pending(rd, rchn->notify_vcpu_id, rchn); atomic_dec() doesn't contain any memory barrier, so we will want one between xen_notification_fn() and atomic_dec() to avoid re-ordering. > + atomic_dec(&rchn->u.interdomain.active_calls); > + return 0; > + } > + evtchn_port_set_pending(rd, rchn->notify_vcpu_id, rchn); > break; > case ECS_IPI: > evtchn_port_set_pending(ld, lchn->notify_vcpu_id, lchn); > --- a/xen/include/xen/sched.h > +++ b/xen/include/xen/sched.h > @@ -104,6 +104,7 @@ struct evtchn > } unbound; /* state == ECS_UNBOUND */ > struct { > evtchn_port_t remote_port; > + atomic_t active_calls; > struct domain *remote_dom; > } interdomain; /* state == ECS_INTERDOMAIN */ > struct { > Cheers, -- Julien Grall