[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/2] xen/ioapic: Don't use local_irq_restore() to disable irqs

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 22 Feb 2023 10:33:22 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8/T6Dg7QHblN9sHPTSrT66ZFu1n2VLTRFa9wx5/oY7w=; b=OPSefJA/BKjhTa+nhsuKkLdHD8J3IkTRpwzoTMNh0nVbMEuWJ/pwHXawUmr44WxGUH+RsLlq3EouIiXKpZq2vKGA+Eh6kQtGzLJFeo1faobO8dYXcCE/+OPfNapmJ/TWMZhWrLejN/xP3puWiF5VMoovxFZqEN2rLp6WYQ8omrsN1DCM+cCYZygMSsNwMIjIMVOO14p8MKqyxi1iswp9krTz04lSzBBLudpIKHjQBFbxw1zxJH7sxNs8Erfq4CFjPRFXU3nSBx0X1IAoV96RgwFGY2cX/9BDTTL/QKvkTGQ/wKskSiT5TUZ0Aw57v7OBkpS8Y0lMA39hFqzKvxbrhg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mGeRGAKNDePP0MOKYv4g6/oNP0WzMpZ+EAy9DcH1GqHj9xoQVWgeKmg5yXjXbuwImIk1QSRYCFP8qjMgGgF1x68oVwQi6oDyqXBZYkGR6ZuxbTr9Q2SKL5mX1X1kiP08P1M0/B3TFvw5dZXBbgwoCn0PsIrucBfudd2xZd8cGsSpcXCPoqwFkzgEt0bEYnsdHXAMkQESgACYY58rCQBwH02mF0nAhvOS1/A+d/vkxKod989LWCMoJwkcnbNTz6IXIPSXgT04QZMOpN/UFIHDgAlPgbi/2Qxf1KPDNS8KynjURnn/x9rdCDP99oNZeiGWf5t+DjJVqBJS0tabI2qbGw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 22 Feb 2023 09:33:36 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 21.02.2023 19:14, Andrew Cooper wrote:
> On 21/02/2023 1:40 pm, Jan Beulich wrote:
>> On 20.02.2023 20:47, Andrew Cooper wrote:
>>> Despite its name, the irq{save,restore}() APIs are only intended to
>>> conditionally disable and re-enable interrupts.
>> Are they?
> 
> Yes, absolutely.
> 
> And as said before, the potentially dubious naming does not give us
> permission or the right to interpret the behaviour differently.

When I started to work with Linux, I seem to recall there were more uses
of this nature, not considered dubious at the time. Views change, and if
such views aren't expressed in the function names, then it is even more
so important that this is spelled out in some other prominent way. So ...

>>  Maybe nowadays they indeed are, but I couldn't spot any wording
>> to this effect in Linux'es Documentation/ (and I don't think we have
>> anywhere such could be put). Yet I'd expect such a statement to be backed
>> by something.
> 
> It is backed by the rude words the owners of this API had to say on
> discovering this particular use.

... have those rude words found their way into documentation, in a
place I simply didn't spot?

> Conditionally enabling with a construct like this is bogus everywhere. 
> It is only ever safe to enable irqs if you know exactly why they were
> disabled previously, and that can never be the case with a construct
> like this.
> 
> It only reason this one example doesn't explode is because its an init
> path not nested within an irq/irqsave lock or other critical region.

Which is why, I assume, it was deemed fine to code that way back then.

>>> IO-APIC's timer_irq_works() violates this intention.  As it is init code,
>>> switch to simple irq enable/disable().
>> If all callers of the function obviously did have interrupts off, I might
>> agree. But the last of them sits _after_ local_irq_restore(), and all of
>> this is called from underneath smp_prepare_cpus()
> 
> Which do you mean "the last of them" ?

Is "last" ambiguous here in any way? If so, this code fragment is the one:

    unlock_ExtINT_logic();

    local_irq_restore(flags);

    if (timer_irq_works()) {
        printk(" works.\n");
        return;
    }
    printk(" failed :(.\n");
    panic("IO-APIC + timer doesn't work!  Boot with apic_verbosity=debug and 
send a report\n");
}

Besides aspects one may deem benign and/or pre-existing, your change leads
to the "works" path now running (returning) with IRQs off, when the caller
expects them on.

> There is a large amount of genuinely dead logic here.

Possibly.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.