[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH RFC 10/10] common: convert vCPU info area registration

  • To: Julien Grall <julien@xxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 19 Dec 2022 16:01:59 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WlcFXuq1g/XlJtfiZffwTl43JILP6Xj6tBc7eakquRY=; b=lguJcK1j9yxBy/ZVIJ4wGGApYGtF4IdVy1vWYJCBR6QfHAyOdGvtOxPASrO/RKE3yYkOhsg1yOw1h2fopBFctA7w9WVyFDae5ANI74OwSG6q5Z5X+52iXOJiueR5fY1ifRtOdrpIkWi6CdLQuT/aSuHUTN0ZzPhZ79vhVQ6sdyXGjPQ5HgK9U5ONsz43MzK7Ma/pWZzmIHjD3jh8NPAehXpmRJdNZvMPb/MfUB+u4xq7APkwrNU0dMCTsiK+7jW16UmFVAZhWJIMFb7k7wCqXLWk60jCqp13ApR0qOrHFUbKi4Ap7NNMO0uvc/W8a32r20UGe8Iucr8z7CAwIBSHaw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LQ8EYyTBXCTzMHy+VB9TYLzevQe+N37pZUD50ny1du46wXCEwrR+pQOdrChvw73AZmCwy/h8Seg+gJFgAmm0JZc5bg1MkjiBoJ5B24dMvdrkBXFCxuINenTjN+9e16aBJ6+QPj59iAMvzBq32owjH6zkRFiwFhxE8mMEb1RNidiZCF6MdzDHoaX0O0Hpkjd8XqfmYzyqa4shtRrTii4+IvEjAH6be/jvKoSb6MqkC3MKuzAMsSfAMfQgWySZoS5CSQQJ4B2cRrl4TlrAn9x4MwF0sriVz650jgo3iUTTMNEyHLwmvua11C6keY7PV1HsXHt+2C2um7ImGVpqE3GKZg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 19 Dec 2022 15:02:11 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 17.12.2022 16:53, Julien Grall wrote:
> On 19/10/2022 08:45, Jan Beulich wrote:
>> Switch to using map_guest_area(). Noteworthy differences from
>> map_vcpu_info():
>> - remote vCPU-s are paused rather than checked for being down (which in
>>    principle can change right after the check),
>> - the domain lock is taken for a much smaller region,
>> - areas could now be registered more than once, if we want this,
>> - as a corner case registering the area at GFN 0 offset 0 is no longer
>>    possible (this is considered an invalid de-registration request).
>>
>> Note that this eliminates a bug in copy_vcpu_settings(): The function
>> did allocate a new page regardless of the GFN already having a mapping,
>> thus in particular breaking the case of two vCPU-s having their info
>> areas on the same page.
>>
>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>> ---
>> RFC: While the "no re-registration" check is retained, it is now racy.
>>       If we really think it needs retaining _and_ properly enforcing,
>>       then locking will be needed, but I don't think we can hold the
>>       domain lock around a call to map_guest_area(), first and foremost
>>       because of its use of vcpu_pause().
> 
> function like evtchn_2l_unmask() may access vcpu_info that is not the 
> current one.
> 
> So I believe the check needs to be reatined and properly enforced. 
> Otherwise, the old structure may still be used for a short time even if 
> it has been freed.

Good point, I'll try to come up with something suitable.

>> RFC: Is the GFN 0 offset 0 behavioral change deemed acceptable?
> 
> I would say n  (See the previous discussion for more details).

Of course - with 0 going to be replaced in map_guest_area(), the check
there needs to be adjusted accordingly. And ~0 was already invalid to
pass in here, due to the alignment check.

>> RFC: To have just a single instance of casts to vcpu_info_t *,
>>       introducing a macro (or inline function if header dependencies
>>       permit) might be nice. However, the only sensible identifier for it
>>       would imo be vcpu_info(). Yet we already have a macro of that name.
>>       With some trickery it might be possible to overload the macro
>>       (making the "field" argument optional), but this may not be
>>       desirable for other reasons (it could e.g. be deemed confusing).
> 
> You might be able to reduce the number of cast by using local variables.
> 
> But it is not entirely clear why we can't use the existing vcpu_info() 
> in many of the cases. For instance...
> 
> 
>>
>> --- a/xen/arch/x86/include/asm/shared.h
>> +++ b/xen/arch/x86/include/asm/shared.h
>> @@ -27,16 +27,16 @@ static inline void arch_set_##field(stru
>>   static inline type arch_get_##field(const struct vcpu *v)       \
>>   {                                                               \
>>       return !has_32bit_shinfo(v->domain) ?                       \
>> -           v->vcpu_info->native.arch.field :                    \
>> -           v->vcpu_info->compat.arch.field;                     \
>> +           ((const vcpu_info_t *)v->vcpu_info_area.map)->native.arch.field 
>> : \
>> +           ((const vcpu_info_t *)v->vcpu_info_area.map)->compat.arch.field; 
>>  \
> 
> ... here.

vcpu_info() has a property which gets in the way of using the macro
here. Since __vcpu_info() wants to return something which can also
be used as lvalue, the 2nd and 3rd operands of the conditional
operator need to resolve to the same pointer type. Hence the smaller
(compat) type is the only one which is safe to use. See the comment
next to __shared_info()'s definition (which is the one __vcpu_info()'s
refers to).

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.