Xen project Mailing List

Re: [PATCH v13.2 01/14] vpci: use per-domain PCI lock to protect vpci structure

From: Stewart Hildebrand <stewart.hildebrand@xxxxxxx>

Date: Mon, 19 Feb 2024 07:47:45 -0500

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ACzMdtvp0ucmPu0SShkobBEMb/WPAruvaj5zOLYY+5c=; b=PqNmYwIy54Me/6RLBbBPZM9GBr8cuRHDYILJ7uIug50878y1NF/Ktmc8Tv+gXI2uyd5ht5r+cx30EsvBOoUgb6KT8LU5fXQxdDO4p/lti46h/YKJOJffnsMpdT1t9NaXkwj50UFnlyIZfEEiD6EYze7WrOSrnS8C8tqkyWde2UCrNZl4wQU7qNoxLlRJ95U0n8Q2gkbXnuSHNLnc/o4Z+GCya2/zmKkxUHys6G53sq469SXVkySKWSJV3hUb9jlQcnR2c6lJX0HHtopdEnGUllF69/FTzeLEXU4rxVD8TY6RF/G8OkCH60q+cOOhmNNVvVb41f8zWWghcJYsdSz/8Q==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fMuR+2AZnfmgzS3BtBU3TOimf4Jxfb/Tpa9gJPXqjoizct+h0r0neAgMdYjCFYIApsbWEiNUnwjxAoRFLYhkhHz91cayQa9gswln0JtTsz9UP2p9sOLJU7NlRB2Us7Pw2Grwq6iHgwb5N6YAAxWK3w0oOlFMHnwoCjiT136jGqfPIQjdcz90voy5Yrgb0mWoWyFn0WZDCMpV4r58rp0PWBDu2OWRt48AxiuZdwJ/+1r+Cj6oft9uSgqqoqoKQqrJjunILur+RlUnrI6UkFHP7/t+3wCQj8uW2KX8Zo0qA24sDz6FX7nRr8ODzY5yv6HPwapjAH/LMwPTUv1v4hAfcA==

Cc: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 19 Feb 2024 12:48:09 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 2/19/24 07:10, Jan Beulich wrote: > On 19.02.2024 12:47, Stewart Hildebrand wrote: >> @@ -895,6 +891,15 @@ int vpci_msix_arch_print(const struct vpci_msix *msix) >> { >> unsigned int i; >> >> + /* >> + * Assert that d->pdev_list doesn't change. >> ASSERT_PDEV_LIST_IS_READ_LOCKED >> + * is not suitable here because it may allow either pcidevs_lock() or >> + * d->pci_lock to be held, but here we rely on d->pci_lock being held, >> not >> + * pcidevs_lock(). >> + */ >> + ASSERT(rw_is_locked(&msix->pdev->domain->pci_lock)); >> + ASSERT(spin_is_locked(&msix->pdev->vpci->lock)); > > There's no "d" in sight here, so it's a little odd that "d" is being talked > about. But I guess people can infer what's meant without too much trouble. I can s/d->pci_lock/msix->pdev->domain->pci_lock/ for the next rev. > >> @@ -313,17 +316,36 @@ void vpci_dump_msi(void) >> { >> /* >> * On error vpci_msix_arch_print will always return >> without >> - * holding the lock. >> + * holding the locks. >> */ >> printk("unable to print all MSI-X entries: %d\n", rc); >> - process_pending_softirqs(); >> - continue; >> + goto pdev_done; >> } >> } >> >> + /* >> + * Unlock locks to process pending softirqs. This is >> + * potentially unsafe, as d->pdev_list can be changed in >> + * meantime. >> + */ >> spin_unlock(&pdev->vpci->lock); >> + read_unlock(&d->pci_lock); >> + pdev_done: >> process_pending_softirqs(); >> + if ( !read_trylock(&d->pci_lock) ) >> + { >> + printk("unable to access other devices for the domain\n"); >> + goto domain_done; >> + } >> } >> + read_unlock(&d->pci_lock); >> + domain_done: >> + /* >> + * We need this label at the end of the loop, but some >> + * compilers might not be happy about label at the end of the >> + * compound statement so we adding an empty statement here. >> + */ >> + ; > > As to "some compilers": Are there any which accept a label not followed > by a statement? Depending on the answer, this comment may be viewed as > superfluous. Or else I'd ask about wording: Besides a grammar issue I > also don't view it as appropriate that a comment talks about "adding" > something when its adjacent code that is meant. That something is there > when the comment is there, hence respective wording should imo be used. It seems like hit or miss whether gcc would accept it or not (prior discussion at [1]). I agree the comment is rather lengthy for what it's trying to convey. I'd be happy to either remove the comment or reduce it to: domain_done: ; /* Empty statement to make some compilers happy */ [1] https://lore.kernel.org/xen-devel/98b8c131-b0b9-f46c-5f46-c2136f2e3b4e@xxxxxxx/ > >> --- a/xen/include/xen/pci.h >> +++ b/xen/include/xen/pci.h >> @@ -171,6 +171,19 @@ void pcidevs_lock(void); >> void pcidevs_unlock(void); >> bool __must_check pcidevs_locked(void); >> >> +#ifndef NDEBUG >> +/* >> + * Check to ensure there will be no changes to the entries in d->pdev_list >> (but >> + * not the contents of each entry). >> + * This check is not suitable for protecting other state or critical >> regions. >> + */ >> +#define ASSERT_PDEV_LIST_IS_READ_LOCKED(d) \ >> + /* NB: d may be evaluated multiple times, or not at all */ \ >> + ASSERT(pcidevs_locked() || ((d) && rw_is_locked(&(d)->pci_lock))) > > Is there actually any case where d can be NULL here? Yes, when called from ns16550 driver, if the driver failed to make the device RO. > >> +#else >> +#define ASSERT_PDEV_LIST_IS_READ_LOCKED(d) ({ (void)(d); }) > > Evaluating d here isn't very useful when the assertion expression doesn't > guarantee single evaluation. Plus even if it needed evaluating, there would > be no need to use a compiler extension here: > > #define ASSERT_PDEV_LIST_IS_READ_LOCKED(d) ((void)(d)) OK, I can make this change.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.