RFD: virtio balloon API use (was Re: [PATCH 5 of 5] virtio: expose added descriptors immediately)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Michael S. Tsirkin" <mst@redhat.com>
To: Rusty Russell <rusty@rustcorp.com.au>
Cc: virtualization <virtualization@lists.linux-foundation.org>,
	Rafael Aquini <aquini@redhat.com>,
	kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: RFD: virtio balloon API use (was Re: [PATCH 5 of 5] virtio: expose added descriptors immediately)
Date: Sun, 1 Jul 2012 12:20:51 +0300	[thread overview]
Message-ID: <20120701092051.GA4515@redhat.com> (raw)
In-Reply-To: <f3831c1617c86a51d875.1320306173@localhost6.localdomain6>

On Thu, Nov 03, 2011 at 06:12:53PM +1030, Rusty Russell wrote:
> A virtio driver does virtqueue_add_buf() multiple times before finally
> calling virtqueue_kick(); previously we only exposed the added buffers
> in the virtqueue_kick() call.  This means we don't need a memory
> barrier in virtqueue_add_buf(), but it reduces concurrency as the
> device (ie. host) can't see the buffers until the kick.
> 
> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

Looking at recent mm compaction patches made me look at locking
in balloon closely. And I noticed the referenced patch (commit
ee7cd8981e15bcb365fc762afe3fc47b8242f630 upstream) interacts strangely
with virtio balloon; balloon currently does:

static void tell_host(struct virtio_balloon *vb, struct virtqueue *vq)
{
        struct scatterlist sg;

        sg_init_one(&sg, vb->pfns, sizeof(vb->pfns[0]) * vb->num_pfns);

        init_completion(&vb->acked);

        /* We should always be able to add one buffer to an empty queue. */
        if (virtqueue_add_buf(vq, &sg, 1, 0, vb, GFP_KERNEL) < 0)
                BUG();
        virtqueue_kick(vq);

        /* When host has read buffer, this completes via balloon_ack */
        wait_for_completion(&vb->acked);
}

While vq callback does:

static void balloon_ack(struct virtqueue *vq)
{
        struct virtio_balloon *vb;
        unsigned int len;

        vb = virtqueue_get_buf(vq, &len);
        if (vb)
                complete(&vb->acked);
}

So virtqueue_get_buf might now run concurrently with virtqueue_kick.
I audited both and this seems safe in practice but I think
we need to either declare this legal at the API level
or add locking in driver.

Further, is there a guarantee that we never get
spurious callbacks? We currently check ring not empty
but esp for non shared MSI this might not be needed.
If a spurious callback triggers, virtqueue_get_buf can run
concurrently with virtqueue_add_buf which is known to be racy.
Again I think this is currently safe as no spurious callbacks in
practice but should we guarantee no spurious callbacks at the API level
or add locking in driver?

-- 
MST

WARNING: multiple messages have this Message-ID (diff)

From: "Michael S. Tsirkin" <mst@redhat.com>
To: Rusty Russell <rusty@rustcorp.com.au>
Cc: Rafael Aquini <aquini@redhat.com>,
	linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
	virtualization <virtualization@lists.linux-foundation.org>
Subject: RFD: virtio balloon API use (was Re: [PATCH 5 of 5] virtio: expose added descriptors immediately)
Date: Sun, 1 Jul 2012 12:20:51 +0300	[thread overview]
Message-ID: <20120701092051.GA4515@redhat.com> (raw)
In-Reply-To: <f3831c1617c86a51d875.1320306173@localhost6.localdomain6>

On Thu, Nov 03, 2011 at 06:12:53PM +1030, Rusty Russell wrote:
> A virtio driver does virtqueue_add_buf() multiple times before finally
> calling virtqueue_kick(); previously we only exposed the added buffers
> in the virtqueue_kick() call.  This means we don't need a memory
> barrier in virtqueue_add_buf(), but it reduces concurrency as the
> device (ie. host) can't see the buffers until the kick.
> 
> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

Looking at recent mm compaction patches made me look at locking
in balloon closely. And I noticed the referenced patch (commit
ee7cd8981e15bcb365fc762afe3fc47b8242f630 upstream) interacts strangely
with virtio balloon; balloon currently does:

static void tell_host(struct virtio_balloon *vb, struct virtqueue *vq)
{
        struct scatterlist sg;

        sg_init_one(&sg, vb->pfns, sizeof(vb->pfns[0]) * vb->num_pfns);

        init_completion(&vb->acked);

        /* We should always be able to add one buffer to an empty queue. */
        if (virtqueue_add_buf(vq, &sg, 1, 0, vb, GFP_KERNEL) < 0)
                BUG();
        virtqueue_kick(vq);

        /* When host has read buffer, this completes via balloon_ack */
        wait_for_completion(&vb->acked);
}

While vq callback does:

static void balloon_ack(struct virtqueue *vq)
{
        struct virtio_balloon *vb;
        unsigned int len;

        vb = virtqueue_get_buf(vq, &len);
        if (vb)
                complete(&vb->acked);
}

So virtqueue_get_buf might now run concurrently with virtqueue_kick.
I audited both and this seems safe in practice but I think
we need to either declare this legal at the API level
or add locking in driver.

Further, is there a guarantee that we never get
spurious callbacks? We currently check ring not empty
but esp for non shared MSI this might not be needed.
If a spurious callback triggers, virtqueue_get_buf can run
concurrently with virtqueue_add_buf which is known to be racy.
Again I think this is currently safe as no spurious callbacks in
practice but should we guarantee no spurious callbacks at the API level
or add locking in driver?

-- 
MST

next prev parent reply	other threads:[~2012-07-01  9:20 UTC|newest]

Thread overview: 60+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <patchbomb.1320306168@localhost6.localdomain6>
2011-11-03  7:42 ` [PATCH 1 of 5] virtio: document functions better Rusty Russell
2011-11-03  7:42   ` Rusty Russell
2011-11-03  7:49   ` Christoph Hellwig
2011-11-03  7:49     ` Christoph Hellwig
2011-11-03  7:42 ` [PATCH 2 of 5] virtio: rename virtqueue_add_buf_gfp to virtqueue_add_buf Rusty Russell
2011-11-03  7:42   ` Rusty Russell
2011-11-03  7:50   ` Christoph Hellwig
2011-11-03  7:50     ` Christoph Hellwig
2011-11-03  7:42 ` [PATCH 3 of 5] virtio: support unlocked queue kick Rusty Russell
2011-11-03  7:42   ` Rusty Russell
2011-11-03  7:52   ` Christoph Hellwig
2011-11-03  7:52   ` Christoph Hellwig
2011-11-04 10:09     ` Stefan Hajnoczi
2011-11-04 10:09       ` Stefan Hajnoczi
2011-11-04 10:36     ` Rusty Russell
2011-11-04 10:36       ` Rusty Russell
2011-11-04 10:36       ` Rusty Russell
2011-11-03  7:42 ` [PATCH 4 of 5] virtio: avoid modulus operation Rusty Russell
2011-11-03  7:42   ` Rusty Russell
2011-11-03  7:51   ` Pekka Enberg
2011-11-03  7:51   ` Pekka Enberg
2011-11-03 10:18     ` Rusty Russell
2011-11-03 10:18     ` Rusty Russell
2011-11-03  7:42 ` [PATCH 5 of 5] virtio: expose added descriptors immediately Rusty Russell
2011-11-03  7:42   ` Rusty Russell
2011-11-13 21:03   ` Michael S. Tsirkin
2011-11-13 21:03     ` Michael S. Tsirkin
2011-11-14  0:43     ` Rusty Russell
2011-11-14  0:43       ` Rusty Russell
2011-11-14  0:43       ` Rusty Russell
2011-11-14  6:56     ` Michael S. Tsirkin
2011-11-16  0:21       ` Rusty Russell
2011-11-16  7:18         ` Michael S. Tsirkin
2011-11-21  1:48           ` Rusty Russell
2011-11-21 11:57             ` Michael S. Tsirkin
2011-11-22  0:33               ` Rusty Russell
2011-11-22  6:29                 ` Michael S. Tsirkin
2011-11-23  1:19                   ` Rusty Russell
2011-11-23  8:30                     ` Michael S. Tsirkin
2012-07-01  9:20   ` Michael S. Tsirkin [this message]
2012-07-01  9:20     ` RFD: virtio balloon API use (was Re: [PATCH 5 of 5] virtio: expose added descriptors immediately) Michael S. Tsirkin
2012-07-02  1:05     ` Rusty Russell
2012-07-02  1:05       ` Rusty Russell
2012-07-02  7:25       ` Michael S. Tsirkin
2012-07-02  7:25         ` Michael S. Tsirkin
2012-07-02 16:08         ` Rafael Aquini
2012-07-02 16:08           ` Rafael Aquini
2012-07-03  0:47           ` Rusty Russell
2012-07-03 16:26             ` Rafael Aquini
2012-07-03 16:26             ` Rafael Aquini
2012-07-04 10:55             ` Michael S. Tsirkin
2012-07-04 10:55               ` Michael S. Tsirkin
2012-07-08 23:39               ` Rusty Russell
2012-07-08 23:39                 ` Rusty Russell
2012-07-04 10:55           ` Michael S. Tsirkin
2012-07-04 10:55             ` Michael S. Tsirkin
2012-07-02  7:33       ` [PATCH RFC] virtio-balloon: fix add/get API use Michael S. Tsirkin
2012-07-02  7:33         ` Michael S. Tsirkin
2012-07-04  3:27         ` Rusty Russell
2012-07-04  3:27           ` Rusty Russell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120701092051.GA4515@redhat.com \
    --to=mst@redhat.com \
    --cc=aquini@redhat.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=rusty@rustcorp.com.au \
    --cc=virtualization@lists.linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.