[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH 08/10] xen: pci: remove pcidev_[un]lock[ed] calls

  • To: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 21 Feb 2023 10:50:36 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Rg9JZTbZxVv7hSuO3g4tt46XZ2qFvoAKhZUvz3x4I+I=; b=B3kfz1rmwoUjdQEaMJNHagRYQsBb7gk0ctyNELUZTps4G4SgF/M0b19yZOAVU7SvPHi+hwkSCQq2Kk73FBoxnY0x58Ov7NueoQH03zlnZaG0xg9UE1gtaVedjDijJ9YYceq63KvZLfsD8nBcYUUSDoldL8eNtDsY5a7c80VC6YGK1NXXu86MHxigprKi49X7OlX+7dtbhoYzCVULKUAGOxlUY2UUFLmZMEy1D0QS+UEogDiPWU4WkDkT4ghXB36aFF7EOEsjK0xaLkCSRibPn/dxOCnquO626C4yhF4BguUeljUej/aUptE5BopXomWTvn6yfVz6S2jam0KOADP+5A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MWqMZoFDczvzwYRNvZRXmb635uv+5NQvrgmbAOknveB4l4WKTkJXBXGfUCUkqKcm91td3diLqAULF+FLI/5j/wyGS0XLhhsIvyH6WEZ80B2FfQ7h+smTPArkAvbPrhEUNxzFgyIsmVO0Rt3q9y7kHBKuYPZ27CYW8qMYTlabJ3A4QfOxvFMJOwn0ajAsAHXmkkSCjDlYPQDSJRg35hOTCzZJNTS2zIMOr+N2khItazRCKKS3wvJTxBbd1+y3GZO8wVAXcgSk3qDyv/jxls8uIfBzBZDUZeMBKQJ8U+WA6y6lkB4oBo1NSWNR3WI67hRlqAH/l1O29jguZ1juTiG3zg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Paul Durrant <paul@xxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • Delivery-date: Tue, 21 Feb 2023 09:51:05 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 21.02.2023 00:13, Volodymyr Babchuk wrote:
> Stefano Stabellini <sstabellini@xxxxxxxxxx> writes:
>> On Wed, 31 Aug 2022, Volodymyr Babchuk wrote:
>>> As pci devices are refcounted now and all list that store them are
>>> protected by separate locks, we can safely drop global pcidevs_lock.
>>>
>>> Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>
>>
>> Up until this patch this patch series introduces:
>> - d->pdevs_lock to protect d->pdev_list
>> - pci_seg->alldevs_lock to protect pci_seg->alldevs_list
>> - iommu->ats_list_lock to protect iommu->ats_devices
>> - pdev refcounting to detect a pdev in-use and when to free it
>> - pdev->lock to protect pdev->msi_list
>>
>> They cover a lot of ground.  Are they collectively covering everything
>> pcidevs_lock() was protecting?
> 
> Well, that is the question. Those patch are in RFC stage because I can't
> fully answer your question. I tried my best to introduce proper locking,
> but apparently missed couple of places, like
> 
>> deassign_device is not protected by pcidevs_lock anymore.
>> deassign_device accesses a number of pdev fields, including quarantine,
>> phantom_stride and fault.count.
>>
>> deassign_device could run at the same time as assign_device who sets
>> quarantine and other fields.
>>
> 
> I hope this is all, but problem is that PCI subsystem is old, large and
> complex. Fo example, as I wrote earlier, there are places that are
> protected with pcidevs_lock(), but do nothing with PCI. I just don't
> know what to do with such places. I have a hope that x86 maintainers
> would review my changes and give feedback on missed spots.

At the risk of it sounding unfair, at least initially: While review may
spot issues, you will want to keep in mind that none of the people who
originally wrote that code are around anymore. And even if they were,
it would be uncertain - just like for the x86 maintainers - that they
would recall (if they were aware at some time in the first place) all
the corner cases. Therefore I'm afraid that proving correctness and
safety of the proposed transformations can only be done by properly
auditing all involved code paths. Yet that's something that imo wants
to already have been done by the time patches are submitted for review.
Reviewers would then "merely" (hard enough perhaps) check the results
of that audit.

I might guess that this locking situation is one of the reasons why
Andrew in particular thinks (afaik) that the IOMMU code we have would
better be re-written almost from scratch. I assume it's clear to him
(it certainly is to me) that this is something that could only be
expected to happen in an ideal work: I see no-one taking on such an
exercise. We already have too little bandwidth.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.