From: Juergen Gross <juergen.gross@ts.fujitsu.com>
To: "Jiang, Yunhong" <yunhong.jiang@intel.com>
Cc: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>,
Keir Fraser <keir.fraser@eu.citrix.com>,
"Yu, Ke" <ke.yu@intel.com>
Subject: Re: [Patch] continue_hypercall_on_cpu rework using tasklets
Date: Fri, 16 Apr 2010 08:55:51 +0200 [thread overview]
Message-ID: <4BC809F7.8080907@ts.fujitsu.com> (raw)
In-Reply-To: <789F9655DD1B8F43B48D77C5D30659731D79778B@shsmsx501.ccr.corp.intel.com>
Jiang, Yunhong wrote:
>
>> -----Original Message-----
>> From: Keir Fraser [mailto:keir.fraser@eu.citrix.com]
>> Sent: Thursday, April 15, 2010 7:07 PM
>> To: Jiang, Yunhong; Juergen Gross
>> Cc: xen-devel@lists.xensource.com; Yu, Ke
>> Subject: Re: [Xen-devel] [Patch] continue_hypercall_on_cpu rework using tasklets
>>
>> On 15/04/2010 10:59, "Jiang, Yunhong" <yunhong.jiang@intel.com> wrote:
>>
>>>> Actually that's a good example because it now won't work, but for other
>>>> reasons! The hypercall continuation can interrupt another vcpu's execution,
>>>> and then try to synchronously pause that vcpu. Which will deadlock.
>>>>
>>>> Luckily I think we can re-jig this code to freeze_domains() before doing the
>>>> continue_hypercall_on_cpu(). I've cc'ed one of the CPU RAS guys. :-)
>>> Hmm, I have cc'ed one of the PM guys because it is enter_state :-)
>>> Can we add check in vcpu_sleep_sync() for current? It is meaningless to
>>> cpu_relax for current vcpu in that situation, especially if we are not in irq
>>> context.
>>> I'm not sure why in freeze_domains it only checkes dom0's vcpu for current,
>>> instead of all domains.
>> Well actually pausing any vcpu from within the hypercall continuation is
>> dangerous. The softirq handler running the hypercall continuation may have
>> interrupted some running VCPU X. And the VCPU Y that the continuation is
>> currently trying to pause may itself be trying to pause X. So we can get a
>> deadlock that way. The freeze_domains() *has* to be pulled outside of the
>> hypercall continuation.
>>
>> It's a little bit similar to the super-subtle stop_machine_run deadlock
>> possibility I just emailed to you a second ago. :-)
>
> Thanks for pointing out the stop_machine_run deadlock issue.
>
> After more consideration and internally discussion, seems the key point is, the tasklet softirq is something like getting a lock for the current vcpu's state(i.e. no one else could change that state unless this softirq is finished). So any block action in softirq context, not just vcpu_pause_sync, is dangerous and should be avoided (we can't get a lock and do block action per my understanding).
> This is because vcpu's state can only be changed by schedule softirq (am I right on this?), while schedule softirq can't prempt other softirq. So, more generally, anything that will be updated by a softirq context, and will be syncrhozed/blocking waitied in xen's vcpu context is in fact a implicit lock held by the softirq.
>
> To the tricky bug on the stop_machine_run(), I think it is in fact similar to the cpu_add_remove_lock. The stop_machine_run() is a block action, so we must make sure no one will be blocking to get the lock that is held by stop_machine_run() already. At that time, we change all components that try to get the cpu_add_remove_lock to be try_lock.
>
> The changes caused by the tasklet is, a new implicit lock is added, i.e. the vcpu's state.
> The straightforward method is like the cpu_add_remove_lock: make everything that waiting for the vcpu state change to do softirq between the checking. Maybe the cleaner way is your previous suggestion, that is, put the stop_machine_run() in the idle_vcpu(), another way is, turn back to the original method, i.e. do it in the schedule_tail.
>
> Also We are not sure why the continue_hypercall_on_cpu is changed to use tasklet. What's the benifit for it? At least I think this is quite confusing, because per our understanding, usually hypercall is assumed to execut in current context, while this change break the assumption. So any hypercall that may use this _c_h_o_c, and any function called by that hypercall, should be aware of this, I'm not sure if this is really so correct, at least it may cause trouble if someone use this without realize the limitation. From Juergen Gross's mail, it seems for cpupool, but I have no idea of the cpupool :-(
Cpupools introduce something like "scheduling domains" in xen. Each cpupool
owns a set of physical cpus and has an own scheduler. Each domain is member
of a cpupool.
It is possible to move cpus or domains between pools, but a domain is always
limited to the physical cpus being in the cpupool of the domain.
This limitation makes it impossible to use continue_hypercall_on_cpu with
cpupools for any physical cpu without changing it. My original solution
temporarily moved the target cpu into the cpupool of the issuing domain,
but this was regarded as an ugly hack.
Juergen
--
Juergen Gross Principal Developer Operating Systems
TSP ES&S SWE OS6 Telephone: +49 (0) 89 3222 2967
Fujitsu Technology Solutions e-mail: juergen.gross@ts.fujitsu.com
Domagkstr. 28 Internet: ts.fujitsu.com
D-80807 Muenchen Company details: ts.fujitsu.com/imprint.html
next prev parent reply other threads:[~2010-04-16 6:55 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-13 13:19 [Patch] continue_hypercall_on_cpu rework using tasklets Juergen Gross
2010-04-13 13:40 ` Jan Beulich
2010-04-13 13:49 ` Juergen Gross
2010-04-13 15:08 ` Keir Fraser
2010-04-14 6:54 ` Juergen Gross
2010-04-13 14:41 ` Keir Fraser
2010-04-14 4:26 ` Juergen Gross
2010-04-14 6:46 ` Keir Fraser
2010-04-14 6:58 ` Juergen Gross
2010-04-14 7:15 ` Keir Fraser
2010-04-14 7:25 ` Juergen Gross
2010-04-14 7:35 ` Keir Fraser
2010-04-14 8:04 ` Juergen Gross
2010-04-14 10:30 ` Keir Fraser
2010-04-15 6:31 ` Juergen Gross
2010-04-15 6:39 ` Keir Fraser
2010-04-15 7:57 ` Juergen Gross
2010-04-15 8:13 ` Keir Fraser
2010-04-15 8:22 ` Keir Fraser
2010-04-15 9:59 ` Jiang, Yunhong
2010-04-15 11:06 ` Keir Fraser
2010-04-15 11:22 ` Keir Fraser
2010-04-16 9:20 ` Yu, Ke
2010-04-16 17:51 ` Keir Fraser
2010-04-19 10:50 ` Keir Fraser
2010-04-19 12:04 ` Yu, Ke
2010-04-20 5:35 ` Wei, Gang
2010-04-20 12:51 ` Keir Fraser
2010-04-20 14:10 ` Wei, Gang
2010-04-21 6:47 ` Wei, Gang
2010-04-16 6:42 ` Jiang, Yunhong
2010-04-16 6:55 ` Juergen Gross [this message]
2010-04-16 8:30 ` Jiang, Yunhong
2010-04-16 7:13 ` Keir Fraser
2010-04-16 8:16 ` Jiang, Yunhong
2010-04-16 17:57 ` Keir Fraser
2010-04-19 5:53 ` Jiang, Yunhong
2010-04-19 6:48 ` Keir Fraser
2010-04-16 6:45 ` Jiang, Yunhong
2010-04-15 8:29 ` Juergen Gross
2010-04-15 9:08 ` Keir Fraser
-- strict thread matches above, loose matches on Subject: below --
2009-12-30 13:46 Juergen Gross
2009-12-30 13:57 ` Keir Fraser
2009-12-30 13:59 ` Juergen Gross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BC809F7.8080907@ts.fujitsu.com \
--to=juergen.gross@ts.fujitsu.com \
--cc=ke.yu@intel.com \
--cc=keir.fraser@eu.citrix.com \
--cc=xen-devel@lists.xensource.com \
--cc=yunhong.jiang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.