From: Stewart Hildebrand <stewart.hildebrand@amd.com>
To: <xen-devel@lists.xenproject.org>
Cc: "Volodymyr Babchuk" <Volodymyr_Babchuk@epam.com>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"George Dunlap" <george.dunlap@citrix.com>,
"Jan Beulich" <jbeulich@suse.com>,
"Julien Grall" <julien@xen.org>,
"Stefano Stabellini" <sstabellini@kernel.org>,
"Wei Liu" <wl@xen.org>, "Paul Durrant" <paul@xen.org>,
"Roger Pau Monné" <roger.pau@citrix.com>,
"Kevin Tian" <kevin.tian@intel.com>,
"Volodymyr Babchuk" <volodymyr_babchuk@epam.com>,
"Stewart Hildebrand" <stewart.hildebrand@amd.com>
Subject: [PATCH v11.5 2/17] pci: introduce per-domain PCI rwlock
Date: Wed, 20 Dec 2023 16:46:53 -0500 [thread overview]
Message-ID: <20231220214658.431526-1-stewart.hildebrand@amd.com> (raw)
In-Reply-To: <20231202012556.2012281-3-volodymyr_babchuk@epam.com>
From: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
Add per-domain d->pci_lock that protects access to
d->pdev_list. Purpose of this lock is to give guarantees to VPCI code
that underlying pdev will not disappear under feet. This is a rw-lock,
but this patch adds only write_lock()s. There will be read_lock()
users in the next patches.
This lock should be taken in write mode every time d->pdev_list is
altered. All write accesses also should be protected by pcidevs_lock()
as well. Idea is that any user that wants read access to the list or
to the devices stored in the list should use either this new
d->pci_lock or old pcidevs_lock(). Usage of any of this two locks will
ensure only that pdev of interest will not disappear from under feet
and that the pdev still will be assigned to the same domain. Of
course, any new users should use pcidevs_lock() when it is
appropriate (e.g. when accessing any other state that is protected by
the said lock). In case both the newly introduced per-domain rwlock
and the pcidevs lock is taken, the latter must be acquired first.
Suggested-by: Roger Pau Monné <roger.pau@citrix.com>
Suggested-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Signed-off-by: Stewart Hildebrand <stewart.hildebrand@amd.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: Stefano Stabellini <sstabellini@kernel.org>
---
Changes in v11.5:
- Add Stefano's A-b
- Add Stewart's S-o-b
- Add in-code comment about locking order in sched.h
Changes in v10:
- pdev->domain is assigned after removing from source domain but
before adding to target domain in reassign_device() functions.
Changes in v9:
- returned back "pdev->domain = target;" in AMD IOMMU code
- used "source" instead of pdev->domain in IOMMU functions
- added comment about lock ordering in the commit message
- reduced locked regions
- minor changes non-functional changes in various places
Changes in v8:
- New patch
Changes in v8 vs RFC:
- Removed all read_locks after discussion with Roger in #xendevel
- pci_release_devices() now returns the first error code
- extended commit message
- added missing lock in pci_remove_device()
- extended locked region in pci_add_device() to protect list_del() calls
---
xen/common/domain.c | 1 +
xen/drivers/passthrough/amd/pci_amd_iommu.c | 9 ++-
xen/drivers/passthrough/pci.c | 71 +++++++++++++++++----
xen/drivers/passthrough/vtd/iommu.c | 9 ++-
xen/include/xen/sched.h | 22 +++++++
5 files changed, 99 insertions(+), 13 deletions(-)
diff --git a/xen/common/domain.c b/xen/common/domain.c
index c5954cdb1ac2..f6f557499660 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -651,6 +651,7 @@ struct domain *domain_create(domid_t domid,
#ifdef CONFIG_HAS_PCI
INIT_LIST_HEAD(&d->pdev_list);
+ rwlock_init(&d->pci_lock);
#endif
/* All error paths can depend on the above setup. */
diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c
index 6bc73dc21052..5cd208bbefee 100644
--- a/xen/drivers/passthrough/amd/pci_amd_iommu.c
+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c
@@ -481,8 +481,15 @@ static int cf_check reassign_device(
if ( devfn == pdev->devfn && pdev->domain != target )
{
- list_move(&pdev->domain_list, &target->pdev_list);
+ write_lock(&source->pci_lock);
+ list_del(&pdev->domain_list);
+ write_unlock(&source->pci_lock);
+
pdev->domain = target;
+
+ write_lock(&target->pci_lock);
+ list_add(&pdev->domain_list, &target->pdev_list);
+ write_unlock(&target->pci_lock);
}
/*
diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c
index 28ed8ea8172a..1439d1ef2b26 100644
--- a/xen/drivers/passthrough/pci.c
+++ b/xen/drivers/passthrough/pci.c
@@ -453,7 +453,9 @@ static void __init _pci_hide_device(struct pci_dev *pdev)
if ( pdev->domain )
return;
pdev->domain = dom_xen;
+ write_lock(&dom_xen->pci_lock);
list_add(&pdev->domain_list, &dom_xen->pdev_list);
+ write_unlock(&dom_xen->pci_lock);
}
int __init pci_hide_device(unsigned int seg, unsigned int bus,
@@ -746,7 +748,9 @@ int pci_add_device(u16 seg, u8 bus, u8 devfn,
if ( !pdev->domain )
{
pdev->domain = hardware_domain;
+ write_lock(&hardware_domain->pci_lock);
list_add(&pdev->domain_list, &hardware_domain->pdev_list);
+ write_unlock(&hardware_domain->pci_lock);
/*
* For devices not discovered by Xen during boot, add vPCI handlers
@@ -756,7 +760,9 @@ int pci_add_device(u16 seg, u8 bus, u8 devfn,
if ( ret )
{
printk(XENLOG_ERR "Setup of vPCI failed: %d\n", ret);
+ write_lock(&hardware_domain->pci_lock);
list_del(&pdev->domain_list);
+ write_unlock(&hardware_domain->pci_lock);
pdev->domain = NULL;
goto out;
}
@@ -764,7 +770,9 @@ int pci_add_device(u16 seg, u8 bus, u8 devfn,
if ( ret )
{
vpci_remove_device(pdev);
+ write_lock(&hardware_domain->pci_lock);
list_del(&pdev->domain_list);
+ write_unlock(&hardware_domain->pci_lock);
pdev->domain = NULL;
goto out;
}
@@ -814,7 +822,11 @@ int pci_remove_device(u16 seg, u8 bus, u8 devfn)
pci_cleanup_msi(pdev);
ret = iommu_remove_device(pdev);
if ( pdev->domain )
+ {
+ write_lock(&pdev->domain->pci_lock);
list_del(&pdev->domain_list);
+ write_unlock(&pdev->domain->pci_lock);
+ }
printk(XENLOG_DEBUG "PCI remove device %pp\n", &pdev->sbdf);
free_pdev(pseg, pdev);
break;
@@ -885,26 +897,61 @@ static int deassign_device(struct domain *d, uint16_t seg, uint8_t bus,
int pci_release_devices(struct domain *d)
{
- struct pci_dev *pdev, *tmp;
- u8 bus, devfn;
- int ret;
+ int combined_ret;
+ LIST_HEAD(failed_pdevs);
pcidevs_lock();
- ret = arch_pci_clean_pirqs(d);
- if ( ret )
+
+ combined_ret = arch_pci_clean_pirqs(d);
+ if ( combined_ret )
{
pcidevs_unlock();
- return ret;
+ return combined_ret;
}
- list_for_each_entry_safe ( pdev, tmp, &d->pdev_list, domain_list )
+
+ write_lock(&d->pci_lock);
+
+ while ( !list_empty(&d->pdev_list) )
{
- bus = pdev->bus;
- devfn = pdev->devfn;
- ret = deassign_device(d, pdev->seg, bus, devfn) ?: ret;
+ struct pci_dev *pdev = list_first_entry(&d->pdev_list,
+ struct pci_dev,
+ domain_list);
+ uint16_t seg = pdev->seg;
+ uint8_t bus = pdev->bus;
+ uint8_t devfn = pdev->devfn;
+ int ret;
+
+ write_unlock(&d->pci_lock);
+ ret = deassign_device(d, seg, bus, devfn);
+ write_lock(&d->pci_lock);
+ if ( ret )
+ {
+ const struct pci_dev *tmp;
+
+ /*
+ * We need to check if deassign_device() left our pdev in
+ * domain's list. As we dropped the lock, we can't be sure
+ * that list wasn't permutated in some random way, so we
+ * need to traverse the whole list.
+ */
+ for_each_pdev ( d, tmp )
+ {
+ if ( tmp == pdev )
+ {
+ list_move_tail(&pdev->domain_list, &failed_pdevs);
+ break;
+ }
+ }
+
+ combined_ret = combined_ret ?: ret;
+ }
}
+
+ list_splice(&failed_pdevs, &d->pdev_list);
+ write_unlock(&d->pci_lock);
pcidevs_unlock();
- return ret;
+ return combined_ret;
}
#define PCI_CLASS_BRIDGE_HOST 0x0600
@@ -1124,7 +1171,9 @@ static int __hwdom_init cf_check _setup_hwdom_pci_devices(
if ( !pdev->domain )
{
pdev->domain = ctxt->d;
+ write_lock(&ctxt->d->pci_lock);
list_add(&pdev->domain_list, &ctxt->d->pdev_list);
+ write_unlock(&ctxt->d->pci_lock);
setup_one_hwdom_device(ctxt, pdev);
}
else if ( pdev->domain == dom_xen )
diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c
index bc6181c9f911..99b642f12ef9 100644
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -2816,8 +2816,15 @@ static int cf_check reassign_device_ownership(
if ( devfn == pdev->devfn && pdev->domain != target )
{
- list_move(&pdev->domain_list, &target->pdev_list);
+ write_lock(&source->pci_lock);
+ list_del(&pdev->domain_list);
+ write_unlock(&source->pci_lock);
+
pdev->domain = target;
+
+ write_lock(&target->pci_lock);
+ list_add(&pdev->domain_list, &target->pdev_list);
+ write_unlock(&target->pci_lock);
}
if ( !has_arch_pdevs(source) )
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index 3609ef88c4ff..9da91e0e6244 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -461,6 +461,28 @@ struct domain
#ifdef CONFIG_HAS_PCI
struct list_head pdev_list;
+ /*
+ * pci_lock protects access to pdev_list.
+ *
+ * Any user *reading* from pdev_list, or from devices stored in pdev_list,
+ * should hold either pcidevs_lock() or pci_lock in read mode. Optionally,
+ * both locks may be held for reads as long as the locking order is
+ * observed.
+ *
+ * Any user *writing* to pdev_list, or to devices stored in pdev_list,
+ * should hold both pcidevs_lock() and pci_lock in write mode, and observe
+ * the locking order.
+ *
+ * The locking order is:
+ * 1. pcidevs_lock()
+ * 2. d->pci_lock
+ *
+ * Additionally, users of both pci_lock and vpci->lock should observe the
+ * following locking order:
+ * 1. d->pci_lock
+ * 2. pdev->vpci->lock
+ */
+ rwlock_t pci_lock;
#endif
#ifdef CONFIG_HAS_PASSTHROUGH
--
2.43.0
next prev parent reply other threads:[~2023-12-20 21:47 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-02 1:27 [PATCH v11 00/17] PCI devices passthrough on Arm, part 3 Volodymyr Babchuk
2023-12-02 1:27 ` [PATCH v11 01/17] pci: msi: pass pdev to pci_enable_msi() function Volodymyr Babchuk
2023-12-20 2:10 ` Stefano Stabellini
2023-12-20 8:49 ` Jan Beulich
2023-12-20 8:52 ` Jan Beulich
2023-12-20 21:46 ` [PATCH v11.5 1/17] " Stewart Hildebrand
2023-12-21 8:21 ` Jan Beulich
2023-12-02 1:27 ` [PATCH v11 02/17] pci: introduce per-domain PCI rwlock Volodymyr Babchuk
2023-12-20 2:11 ` Stefano Stabellini
2023-12-20 11:04 ` Jan Beulich
2023-12-20 21:46 ` Stewart Hildebrand [this message]
2023-12-02 1:27 ` [PATCH v11 03/17] vpci: use per-domain PCI lock to protect vpci structure Volodymyr Babchuk
2023-12-21 14:05 ` Roger Pau Monné
2024-01-02 17:13 ` Stewart Hildebrand
2023-12-02 1:27 ` [PATCH v11 04/17] vpci: restrict unhandled read/write operations for guests Volodymyr Babchuk
2023-12-02 1:27 ` [PATCH v11 05/17] vpci: add hooks for PCI device assign/de-assign Volodymyr Babchuk
2023-12-21 15:21 ` Roger Pau Monné
2024-01-02 17:59 ` Stewart Hildebrand
2023-12-22 8:52 ` Jan Beulich
2024-01-02 17:58 ` Stewart Hildebrand
2023-12-02 1:27 ` [PATCH v11 09/17] rangeset: add rangeset_empty() function Volodymyr Babchuk
2023-12-04 8:36 ` Jan Beulich
2023-12-05 0:52 ` Volodymyr Babchuk
2023-12-21 15:45 ` Roger Pau Monné
2023-12-02 1:27 ` [PATCH v11 07/17] vpci/header: implement guest BAR register handlers Volodymyr Babchuk
2023-12-21 15:43 ` Roger Pau Monné
2024-01-02 21:09 ` Stewart Hildebrand
2023-12-02 1:27 ` [PATCH v11 06/17] vpci/header: rework exit path in init_bars Volodymyr Babchuk
2023-12-04 8:30 ` Jan Beulich
2023-12-05 0:53 ` Volodymyr Babchuk
2023-12-05 7:42 ` Jan Beulich
2023-12-05 15:58 ` Stewart Hildebrand
2023-12-02 1:27 ` [PATCH v11 08/17] rangeset: add RANGESETF_no_print flag Volodymyr Babchuk
2023-12-02 1:27 ` [PATCH v11 10/17] vpci/header: handle p2m range sets per BAR Volodymyr Babchuk
2024-01-02 21:31 ` Stewart Hildebrand
2023-12-02 1:27 ` [PATCH v11 11/17] vpci/header: program p2m with guest BAR view Volodymyr Babchuk
2023-12-21 15:59 ` Roger Pau Monné
2024-01-04 16:55 ` Stewart Hildebrand
2023-12-02 1:27 ` [PATCH v11 12/17] vpci/header: emulate PCI_COMMAND register for guests Volodymyr Babchuk
2023-12-05 2:45 ` Stewart Hildebrand
2023-12-02 1:27 ` [PATCH v11 14/17] xen/arm: translate virtual PCI bus topology " Volodymyr Babchuk
2023-12-02 1:27 ` [PATCH v11 13/17] vpci: add initial support for virtual PCI bus topology Volodymyr Babchuk
2023-12-02 1:27 ` [PATCH v11 17/17] arm/vpci: honor access size when returning an error Volodymyr Babchuk
2023-12-02 1:27 ` [PATCH v11 16/17] xen/arm: vpci: permit access to guest vpci space Volodymyr Babchuk
2023-12-04 8:29 ` Jan Beulich
2023-12-04 16:16 ` Stewart Hildebrand
2023-12-04 16:18 ` [PATCH v11.1 " Stewart Hildebrand
2023-12-05 2:55 ` Stewart Hildebrand
2023-12-05 2:57 ` [PATCH v11.2 " Stewart Hildebrand
2023-12-02 1:27 ` [PATCH v11 15/17] xen/arm: account IO handlers for emulated PCI MSI-X Volodymyr Babchuk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231220214658.431526-1-stewart.hildebrand@amd.com \
--to=stewart.hildebrand@amd.com \
--cc=Volodymyr_Babchuk@epam.com \
--cc=andrew.cooper3@citrix.com \
--cc=george.dunlap@citrix.com \
--cc=jbeulich@suse.com \
--cc=julien@xen.org \
--cc=kevin.tian@intel.com \
--cc=paul@xen.org \
--cc=roger.pau@citrix.com \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.