Xen project Mailing List

Re: [PATCH v4 02/11] vpci: cancel pending map/unmap on vpci removal

To: Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>

Date: Tue, 16 Nov 2021 15:12:54 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IyKxyp2bgnLyHxgHbqYzbTTGw+e8z5zgUCFne7TGBAA=; b=ZIduPe/9ZlANo15T0TlVumJrVQB6Ge+uPdaL5UX6Glrx7hjIqe+jVzddzSYa+ztclC+6u5VnftcGA6vOtxtDungh//cYLtQ4mB/hWfwkn010v5cDEvdQRcd1zbKF30rcq9XN0goTUaD+7gfE7yDcJ8SYKrGyKuQ7M0kxa2dr2DBgj4EXPy0gwKhVIww4kx57VfL2a7X+8oPwECwW+ILqRiOWSJTXNENPFzGILBrkEkHhYR0YMqGR39HLgtZ9e0fuev8zk6YH52OZCi/vvVylYWwN5yqgOuIDN8cMoBXPbTmJnQdAb3K+c1IKcXXrRiPgl0przz1dYPbXij49gG/Sig==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZnbZKKsu0+gA0lrY3ws05YRUJqtBPEYv9fXroeA5bfWqqt9ZPhkTmK6mK+cP/8Ce0r2XAHiilqTJT98UZt3uwGTTuERu8yFsEc/8t2nij6AMx+jQI6lm9YxakGcalLbgZJipjSZ83IT6i2f/m2w1iW2Zmr1wc9VfLRFqeyjQ1B7tyZrMG4XgK+KCdKE92JJVBiZCpLuR4EDKlxzIcyTrbQJiCTzPD0YNFqQY5llANxJzTDTErm84s9gNX9LvweX0Enwdv9aVgvuLHkWZOoO3juHPtuKYdHD3c/NvLQkyCE/vdY5UFG2fDpYGd8MkJRaZzXZMIOJl/z5s3NJ9FoOBQA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: "julien@xxxxxxx" <julien@xxxxxxx>, "sstabellini@xxxxxxxxxx" <sstabellini@xxxxxxxxxx>, Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Artem Mygaiev <Artem_Mygaiev@xxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "george.dunlap@xxxxxxxxxx" <george.dunlap@xxxxxxxxxx>, "paul@xxxxxxx" <paul@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "roger.pau@xxxxxxxxxx" <roger.pau@xxxxxxxxxx>

Delivery-date: Tue, 16 Nov 2021 14:13:08 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 16.11.2021 14:41, Oleksandr Andrushchenko wrote: > > > On 16.11.21 10:23, Oleksandr Andrushchenko wrote: >> >> On 16.11.21 10:01, Jan Beulich wrote: >>> On 16.11.2021 08:32, Oleksandr Andrushchenko wrote: >>>> On 15.11.21 18:56, Jan Beulich wrote: >>>>> On 05.11.2021 07:56, Oleksandr Andrushchenko wrote: >>>>>> From: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx> >>>>>> >>>>>> When a vPCI is removed for a PCI device it is possible that we have >>>>>> scheduled a delayed work for map/unmap operations for that device. >>>>>> For example, the following scenario can illustrate the problem: >>>>>> >>>>>> pci_physdev_op >>>>>> pci_add_device >>>>>> init_bars -> modify_bars -> defer_map -> >>>>>> raise_softirq(SCHEDULE_SOFTIRQ) >>>>>> iommu_add_device <- FAILS >>>>>> vpci_remove_device -> xfree(pdev->vpci) >>>>>> >>>>>> leave_hypervisor_to_guest >>>>>> vpci_process_pending: v->vpci.mem != NULL; v->vpci.pdev->vpci == >>>>>> NULL >>>>>> >>>>>> For the hardware domain we continue execution as the worse that >>>>>> could happen is that MMIO mappings are left in place when the >>>>>> device has been deassigned >>>>> Is continuing safe in this case? I.e. isn't there the risk of a NULL >>>>> deref? >>>> I think it is safe to continue >>> And why do you think so? I.e. why is there no race for Dom0 when there >>> is one for DomU? >> Well, then we need to use a lock to synchronize the two. >> I guess this needs to be pci devs lock unfortunately > The parties involved in deferred work and its cancellation: > > MMIO trap -> vpci_write -> vpci_cmd_write -> modify_bars -> defer_map > > Arm: leave_hypervisor_to_guest -> check_for_vcpu_work -> vpci_process_pending > > x86: two places -> hvm_do_resume -> vpci_process_pending > > So, both defer_map and vpci_process_pending need to be synchronized with > pcidevs_{lock|unlock). If I was an Arm maintainer, I'm afraid I would object to the pcidevs lock getting used in leave_hypervisor_to_guest. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.