From: Avi Kivity <avi@redhat.com>
To: Jan Kiszka <jan.kiszka@web.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Liu Ping Fan <pingfank@linux.vnet.ibm.com>,
liu ping fan <qemulist@gmail.com>,
Anthony Liguori <anthony@codemonkey.ws>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] [PATCH 10/10] qdev: fix create in place obj's life cycle problem
Date: Sat, 01 Sep 2012 02:30:50 -0700 [thread overview]
Message-ID: <5041D5CA.5010200@redhat.com> (raw)
In-Reply-To: <5041CDEC.4070105@web.de>
On 09/01/2012 01:57 AM, Jan Kiszka wrote:
> On 2012-09-01 10:31, Avi Kivity wrote:
> > On 08/29/2012 10:49 AM, Jan Kiszka wrote:
> >>>
> >>> Let's experiment with refcounting MemoryRegion. We can move the entire
> >>> contents of MemoryRegion to MemoryRegionImpl, add a reference count (to
> >>> MemoryRegionImpl), and change MemoryRegion to contain a pointer to the
> >>> refcounted MemoryRegionImpl:
> >>>
> >>> struct MemoryRegion {
> >>> struct MemoryRegionImpl *impl;
> >>> };
> >>>
> >>> struct MemoryRegionImpl {
> >>> atomic int refs;
> >>> ...
> >>> };
> >>>
> >>> The memory core can then store MemoryRegion copies (with elevated
> >>> refcounts) instead of pointers. Devices can destroy MemoryRegions at
> >>> any time, the implementation will not go away. However, what of the
> >>> opaque stored in MemoryRegionImpl? It becomes a dangling pointer.
> >>>
> >>> One way out is to add a lock to MemoryRegionImpl. Dispatch takes the
> >>> lock, examines the ->enabled member, and bails out if it is cleared.
> >>> The (MemoryRegion, not MemoryRegionImpl) destructor also takes the lock,
> >>> clears ->enabled, releases the lock, and drops the reference.
> >>
> >> That means holding the MemoryRegionImpl lock across the handler call?
> >
> > Blech. As you said on the other side of this thread, we must not take a
> > coarse grained lock within a fine grained one, and
> > MemoryRegionImpl::lock is as fine as they get.
>
> Not sure what you compare here. MemoryRegionImpl::lock would be per
> memory region, so with finer scope than the BQL but with similar scope
> like a per-device lock.
The dispatch may acquire the bql (in fact most will, unless we convert
everything). A design that doesn't allow this is broken. Even the
device lock is more coarse grained (since it covers all regions) and is
taken in a deadlock scenario as region manipulation will be done under
the device lock. You say we can detect this, but I dislike it.
> >
> >>>
> >>> The advantage to this scheme is that all changes are localized to the
> >>> memory core, no need for a full sweep. It is a little complicated, but
> >>> we may be able to simplify it (or find another one).
> >>
> >> May work. We just need to detect if memory region tries to delete itself
> >> from its handler to prevent the deadlock.
> >
> > Those types of hacks are fragile. IMO it just demonstrates what I said
> > earlier (then tried to disprove with this): if we call an opaque's
> > method, we must refcount or otherwise lock that opaque. No way around it.
>
> But that still doesn't solve the problem that we need to lock down the
> *state* of the opaque during dispatch /wrt to memory region changes.
> Just ensuring its existence is not enough unless we declare memory
> region transactions to be asynchronous - and adapt all users.
I expect no users will need change.
Changing the region offset has no effect on dispatch (in fact the region
itself doesn't change). Changing subregions is fine. Disabling a
region concurrently with access is the only potential problem, but this
is rare, and I expect it to just work. We will have to audit all users,
yes.
> >>>> + wait for refcount(object) == 0 in deregister(object). That's what I'm
> >>>> proposing.
> >>>
> >>> Consider timer_del() called from a timer callback. It's often not doable.
> >>
> >> This is inherently synchronous already (when working against the same
> >> alarm timer backend). We can detect this in timer_del and skip waiting,
> >> as in the above scenario.
> >
> > It can always be broken. The timer callback takes the device lock to
> > update the device. The device mmio handler, holding the device lock,
> > takes the timer lock to timer_mod. Deadlock.
>
> Well, how is this solved in Linux? By waiting on the callback in
> hrtimer_cancel. Not by wait_on_magic_opaque (well, there is even no
> opaque in the hrtimer API).
I don't consider that busy loop an elegant solution.
The original proposal mirrors dcache. You can perform operations on a
dentry even after it is unlinked.
--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.
next prev parent reply other threads:[~2012-09-01 9:30 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-24 9:49 [Qemu-devel] [PATCH 0/10] rework on hot unplug Liu Ping Fan
2012-08-24 9:49 ` [Qemu-devel] [PATCH 01/10] qom: add, remove of link property need to ref, unref its target Liu Ping Fan
2012-08-24 14:52 ` Paolo Bonzini
2012-08-24 9:49 ` [Qemu-devel] [PATCH 02/10] qdev: change iterator callback seq Liu Ping Fan
2012-08-24 9:49 ` [Qemu-devel] [PATCH 03/10] qom: export object_property_is_child, object_property_is_link Liu Ping Fan
2012-08-24 14:51 ` Paolo Bonzini
2012-08-25 7:43 ` liu ping fan
2012-08-25 8:04 ` Blue Swirl
2012-08-24 9:49 ` [Qemu-devel] [PATCH 04/10] qdev: introduce new interface to remove composite sub-tree Liu Ping Fan
2012-08-24 9:49 ` [Qemu-devel] [PATCH 05/10] qdev: finalize of qbus, qdev will not the right place to free children Liu Ping Fan
2012-08-24 14:50 ` Paolo Bonzini
2012-08-24 9:49 ` [Qemu-devel] [PATCH 06/10] qom: expose object_property_del_child Liu Ping Fan
2012-08-24 14:44 ` Paolo Bonzini
2012-08-24 9:49 ` [Qemu-devel] [PATCH 07/10] unplug: using new intf qdev_delete_subtree in acpi_piix_eject_slot Liu Ping Fan
2012-08-24 10:24 ` Paolo Bonzini
2012-08-25 7:05 ` liu ping fan
2012-08-24 9:49 ` [Qemu-devel] [PATCH 08/10] qdev: rename qdev_unplug to qdev_unplug_req Liu Ping Fan
2012-08-24 14:48 ` Paolo Bonzini
2012-08-24 9:49 ` [Qemu-devel] [PATCH 09/10] mon: release dev's ref hold by qdev_get_peripheral Liu Ping Fan
2012-08-24 9:49 ` [Qemu-devel] [PATCH 10/10] qdev: fix create in place obj's life cycle problem Liu Ping Fan
2012-08-24 14:42 ` Paolo Bonzini
2012-08-25 7:42 ` liu ping fan
2012-08-27 7:01 ` Paolo Bonzini
2012-08-27 7:47 ` Jan Kiszka
2012-08-27 8:17 ` liu ping fan
2012-08-27 8:27 ` Jan Kiszka
2012-08-27 17:09 ` Avi Kivity
2012-08-27 17:14 ` Jan Kiszka
2012-08-27 18:09 ` Avi Kivity
2012-08-27 18:17 ` Jan Kiszka
2012-08-27 18:20 ` Avi Kivity
2012-08-27 18:39 ` Jan Kiszka
2012-08-27 18:52 ` Avi Kivity
2012-08-27 19:38 ` Jan Kiszka
2012-08-27 20:53 ` Avi Kivity
2012-08-28 1:01 ` Jan Kiszka
2012-08-29 17:13 ` Avi Kivity
2012-08-29 17:21 ` Jan Kiszka
2012-08-29 17:27 ` Avi Kivity
2012-08-29 17:41 ` Jan Kiszka
2012-09-03 9:09 ` Avi Kivity
2012-08-28 3:09 ` liu ping fan
2012-08-28 3:38 ` liu ping fan
2012-08-28 9:42 ` Jan Kiszka
2012-08-28 10:05 ` Paolo Bonzini
2012-08-29 17:23 ` Avi Kivity
2012-08-29 17:30 ` Jan Kiszka
2012-08-29 17:40 ` Avi Kivity
2012-08-29 17:49 ` Jan Kiszka
2012-09-01 8:31 ` Avi Kivity
2012-09-01 8:57 ` Jan Kiszka
2012-09-01 9:30 ` Avi Kivity [this message]
2012-08-30 5:54 ` liu ping fan
2012-08-30 7:08 ` Jan Kiszka
2012-08-30 7:47 ` liu ping fan
2012-09-01 8:46 ` Avi Kivity
2012-09-03 7:44 ` liu ping fan
2012-09-03 8:52 ` Avi Kivity
2012-09-03 10:06 ` liu ping fan
2012-09-03 10:16 ` Avi Kivity
2012-09-04 2:33 ` liu ping fan
2012-09-04 2:34 ` liu ping fan
2012-09-05 8:19 ` liu ping fan
2012-09-05 9:52 ` Avi Kivity
2012-09-05 10:36 ` Jan Kiszka
2012-09-05 10:53 ` Avi Kivity
2012-09-05 11:11 ` Jan Kiszka
2012-09-05 11:25 ` Avi Kivity
2012-09-05 12:02 ` Jan Kiszka
2012-09-05 12:17 ` Avi Kivity
2012-08-27 13:19 ` Anthony Liguori
2012-08-27 15:02 ` Jan Kiszka
2012-08-27 15:14 ` Anthony Liguori
2012-08-27 15:26 ` Jan Kiszka
2012-08-27 16:24 ` Anthony Liguori
2012-08-27 16:59 ` Jan Kiszka
2012-08-27 18:35 ` Avi Kivity
2012-08-27 19:17 ` Anthony Liguori
2012-08-27 19:22 ` Jan Kiszka
2012-08-27 20:58 ` Avi Kivity
2012-08-27 21:34 ` Paolo Bonzini
2012-08-27 18:27 ` Avi Kivity
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5041D5CA.5010200@redhat.com \
--to=avi@redhat.com \
--cc=anthony@codemonkey.ws \
--cc=jan.kiszka@web.de \
--cc=pbonzini@redhat.com \
--cc=pingfank@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemulist@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.