From mboxrd@z Thu Jan 1 00:00:00 1970 From: Boris Ostrovsky Subject: Re: [PATCH v2 for 4.5] x86/VPMU: Clear last_vcpu when destroying VPMU Date: Tue, 16 Dec 2014 10:12:01 -0500 Message-ID: <54904BC1.10604@oracle.com> References: <1418682275-2505-1-git-send-email-boris.ostrovsky@oracle.com> <549009F9020000780004FCB3@mail.emea.novell.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <549009F9020000780004FCB3@mail.emea.novell.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Jan Beulich Cc: keir@xen.org, xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org On 12/16/2014 04:31 AM, Jan Beulich wrote: >>>> On 15.12.14 at 23:24, wrote: >> We need to make sure that last_vcpu is not pointing to VCPU whose >> VPMU is being destroyed. Otherwise we may try to dereference it in >> the future, when VCPU is gone. >> >> We have to do this via IPI since otherwise there is a (somewheat >> theoretical) chance that between test and subsequent clearing >> of last_vcpu the remote processor (i.e. vpmu->last_pcpu) might do >> both load_vpmu() and then save_vpmu() for another VCPU. The former >> will clear last_vcpu and the latter will set it to something else. > Apart from the question of using cmpxchg instead of the IPI (I can > see with the current model that using an IPI is the only clean way, > i.e. the alternative - if usable - would mean altering existing logic > too), You mean something like struct vcpu **last = &per_cpu(last_vcpu, vpmu->last_pcpu); cmpxchg(last, v, NULL); Yes, that could work. -boris