[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Locking on vm-event operations (monitor)

To: Corneliu ZUZU <czuzu@xxxxxxxxxxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Fri, 22 Jul 2016 10:51:35 +0100
Cc: Xen-devel <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Fri, 22 Jul 2016 09:51:44 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 22/07/16 10:27, Corneliu ZUZU wrote:

Hi,
I've been inspecting vm-event code parts to try and understand whenand why domain pausing/locking is done. If I understood correctly,domain pausing is done solely to force all the vCPUs of that domain tosee a configuration update and act upon it (e.g. in the case of aXEN_DOMCTL_MONITOR_EVENT_WRITE_CTRLREG that enables CR3 monitoring,domain pausing/unpausing ensures immediate enabling of CR3load-exiting for all vCPUs), not to synchronize concurrent operations(lock-behavior).

Correct. Without the vcpu/domain pause, a vcpu could be midway througha vmexit path with the monitor configuration changing under its feet.OTOH, it could be running in guest context, and only receive the updateone scheduling timeslice later.

As for locking, I see that for example vm_event_init_domain(),vm_event_cleanup_domain() and monitor_domctl() are all protected bythe domctl-lock, but I don't think that's enough.
Here are a few code-paths that led me to believe that:
* do_hvm_op()->monitor_guest_request() reads d.monitor.guest_request_*resources, but it doesn't seem to take the domctl lock, so it seemspossible for that to happen _while_ those resources areinitialized/cleaned-up* monitor_guest_request() also callsmonitor_traps()->...->vm_event_wait_slot()->...->vm_event_grab_slot()which attempts a vm_event_ring_lock(ved), which could also be called_while_ that's initialized (vm_event_enable()) or cleaned-up(vm_event_disable())* hvm_monitor_cr() - e.g. on the code-pathvmx_vmexit_handler(EXIT_REASON_CR_ACCESS)->vmx_cr_access(VMX_CONTROL_REG_ACCESS_TYPE_MOV_TO_CR)->hvm_mov_to_cr()->hvm_set_cr0()->hvm_monitor_crX()there doesn't seem to be taken into account the possibility of aconcurrent monitor_init_domain()/monitor_cleanup_domain()
Am I missing something with these conclusions?
As a resolution for this, I've been thinking of adding a 'subsys_lock'field in the vm_event_domain structure, either spinlock or rw-lock,which would be initialised/uninitialised when d.vm_event isallocated/freed (domain_create()/complete_domain_destroy()).

I don't think you are missing anything. It seems like a monitor lock isneeded.

FWIW, the domctl lock is only used at the moment because it was easy,and worked when everything was a domctl. Being a global spinlock, it isa severe bottlekneck for concurrent domain management, which I need tofind some time to break apart, so the less reliance on it the betterfrom my point of view.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] Locking on vm-event operations (monitor)
  - From: Corneliu ZUZU

References:
- [Xen-devel] Locking on vm-event operations (monitor)
  - From: Corneliu ZUZU

Prev by Date: Re: [Xen-devel] [XTF PATCH v2 4/4] xtf-runner: regularise runner exit code
Next by Date: Re: [Xen-devel] [XTF PATCH v2 4/4] xtf-runner: regularise runner exit code
Previous by thread: [Xen-devel] Locking on vm-event operations (monitor)
Next by thread: Re: [Xen-devel] Locking on vm-event operations (monitor)
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.