From: "Roger Pau Monné" <roger.pau@citrix.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
Andrew Cooper <andrew.cooper3@citrix.com>,
George Dunlap <george.dunlap@citrix.com>,
Julien Grall <julien@xen.org>,
Stefano Stabellini <sstabellini@kernel.org>, Wei Liu <wl@xen.org>
Subject: Re: [PATCH v3 1/8] domain: GADDR based shared guest area registration alternative - teardown
Date: Wed, 27 Sep 2023 10:51:47 +0200 [thread overview]
Message-ID: <ZRPtI9UfgpCfQ4HU@MacBookPdeRoger> (raw)
In-Reply-To: <68cdb299-c41c-b6a5-c9ce-bd915508ecf2@suse.com>
On Wed, May 03, 2023 at 05:54:47PM +0200, Jan Beulich wrote:
> In preparation of the introduction of new vCPU operations allowing to
> register the respective areas (one of the two is x86-specific) by
> guest-physical address, add the necessary domain cleanup hooks.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> Reviewed-by: Julien Grall <jgrall@amazon.com>
> ---
> RFC: Zapping the areas in pv_shim_shutdown() may not be strictly
> necessary: Aiui unmap_vcpu_info() is called only because the vCPU
> info area cannot be re-registered. Beyond that I guess the
> assumption is that the areas would only be re-registered as they
> were before. If that's not the case I wonder whether the guest
> handles for both areas shouldn't also be zapped.
IIRC the reason was to unset v->vcpu_info_mfn so that it could be set
again on resume from suspension, or else the hypercall will return an
error.
I guess we should also zap the runstate handlers, or else we might
corrupt guest state.
> ---
> v2: Add assertion in unmap_guest_area().
>
> --- a/xen/arch/x86/domain.c
> +++ b/xen/arch/x86/domain.c
> @@ -1019,7 +1019,10 @@ int arch_domain_soft_reset(struct domain
> }
>
> for_each_vcpu ( d, v )
> + {
> set_xen_guest_handle(v->arch.time_info_guest, NULL);
> + unmap_guest_area(v, &v->arch.time_guest_area);
> + }
>
> exit_put_gfn:
> put_gfn(d, gfn_x(gfn));
> @@ -2356,6 +2359,8 @@ int domain_relinquish_resources(struct d
> if ( ret )
> return ret;
>
> + unmap_guest_area(v, &v->arch.time_guest_area);
> +
> vpmu_destroy(v);
> }
>
> --- a/xen/arch/x86/include/asm/domain.h
> +++ b/xen/arch/x86/include/asm/domain.h
> @@ -669,6 +669,7 @@ struct arch_vcpu
>
> /* A secondary copy of the vcpu time info. */
> XEN_GUEST_HANDLE(vcpu_time_info_t) time_info_guest;
> + struct guest_area time_guest_area;
>
> struct arch_vm_event *vm_event;
>
> --- a/xen/arch/x86/pv/shim.c
> +++ b/xen/arch/x86/pv/shim.c
> @@ -382,8 +382,10 @@ int pv_shim_shutdown(uint8_t reason)
>
> for_each_vcpu ( d, v )
> {
> - /* Unmap guest vcpu_info pages. */
> + /* Unmap guest vcpu_info page and runstate/time areas. */
> unmap_vcpu_info(v);
> + unmap_guest_area(v, &v->runstate_guest_area);
> + unmap_guest_area(v, &v->arch.time_guest_area);
>
> /* Reset the periodic timer to the default value. */
> vcpu_set_periodic_timer(v, MILLISECS(10));
> --- a/xen/common/domain.c
> +++ b/xen/common/domain.c
> @@ -963,7 +963,10 @@ int domain_kill(struct domain *d)
> if ( cpupool_move_domain(d, cpupool0) )
> return -ERESTART;
> for_each_vcpu ( d, v )
> + {
> unmap_vcpu_info(v);
> + unmap_guest_area(v, &v->runstate_guest_area);
> + }
> d->is_dying = DOMDYING_dead;
> /* Mem event cleanup has to go here because the rings
> * have to be put before we call put_domain. */
> @@ -1417,6 +1420,7 @@ int domain_soft_reset(struct domain *d,
> {
> set_xen_guest_handle(runstate_guest(v), NULL);
> unmap_vcpu_info(v);
> + unmap_guest_area(v, &v->runstate_guest_area);
> }
>
> rc = arch_domain_soft_reset(d);
> @@ -1568,6 +1572,19 @@ void unmap_vcpu_info(struct vcpu *v)
> put_page_and_type(mfn_to_page(mfn));
> }
>
> +/*
> + * This is only intended to be used for domain cleanup (or more generally only
> + * with at least the respective vCPU, if it's not the current one, reliably
> + * paused).
> + */
> +void unmap_guest_area(struct vcpu *v, struct guest_area *area)
vcpu param could be const given the current code, but I assume this
will be changed by future patches. Same could be said about
guest_area but I'm confident that will change.
> +{
> + struct domain *d = v->domain;
> +
> + if ( v != current )
> + ASSERT(atomic_read(&v->pause_count) | atomic_read(&d->pause_count));
Isn't this racy? What guarantees that the vcpu won't be kicked just
after the check has been performed?
Thanks, Roger.
next prev parent reply other threads:[~2023-09-27 8:52 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-03 15:53 [PATCH v3 0/8] runstate/time area registration by (guest) physical address Jan Beulich
2023-05-03 15:54 ` [PATCH v3 1/8] domain: GADDR based shared guest area registration alternative - teardown Jan Beulich
2023-09-27 8:51 ` Roger Pau Monné [this message]
2023-09-27 9:55 ` Jan Beulich
2023-09-27 10:42 ` Roger Pau Monné
2023-09-27 10:46 ` Jan Beulich
2023-09-27 10:50 ` Roger Pau Monné
2023-09-27 11:44 ` Jan Beulich
2023-05-03 15:55 ` [PATCH v3 2/8] domain: update GADDR based runstate guest area Jan Beulich
2023-09-27 9:44 ` Roger Pau Monné
2023-09-27 10:19 ` Jan Beulich
2023-05-03 15:55 ` [PATCH v3 3/8] x86: update GADDR based secondary time area Jan Beulich
2023-09-27 10:14 ` Roger Pau Monné
2023-05-03 15:56 ` [PATCH v3 4/8] x86/mem-sharing: copy GADDR based shared guest areas Jan Beulich
2023-05-03 17:14 ` Tamas K Lengyel
2023-05-04 7:44 ` Jan Beulich
2023-05-04 12:50 ` Tamas K Lengyel
2023-05-04 14:25 ` Jan Beulich
2023-09-27 11:08 ` Roger Pau Monné
2023-09-27 12:06 ` Jan Beulich
2023-09-27 14:05 ` Roger Pau Monné
2023-09-27 15:11 ` Jan Beulich
[not found] ` <CABfawhkn1xXA+qEjB4-HtOVUZHONDE6ngMJZPe3fSPtoAtmg+Q@mail.gmail.com>
2023-09-27 13:54 ` Roger Pau Monné
2023-05-03 15:57 ` [PATCH v3 5/8] domain: map/unmap " Jan Beulich
2023-09-27 14:53 ` Roger Pau Monné
2023-09-27 15:29 ` Jan Beulich
2023-05-03 15:57 ` [PATCH v3 6/8] domain: introduce GADDR based runstate area registration alternative Jan Beulich
2023-09-27 15:24 ` Roger Pau Monné
2023-09-27 15:36 ` Jan Beulich
2023-05-03 15:58 ` [PATCH v3 7/8] x86: introduce GADDR based secondary time " Jan Beulich
2023-09-27 15:50 ` Roger Pau Monné
2023-09-27 16:12 ` Jan Beulich
2023-05-03 15:58 ` [PATCH v3 8/8] common: convert vCPU info area registration Jan Beulich
2023-09-28 8:24 ` Roger Pau Monné
2023-09-28 9:53 ` Jan Beulich
2023-09-28 10:15 ` Roger Pau Monné
2023-09-28 10:35 ` Jan Beulich
2023-09-28 11:24 ` Roger Pau Monné
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZRPtI9UfgpCfQ4HU@MacBookPdeRoger \
--to=roger.pau@citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=george.dunlap@citrix.com \
--cc=jbeulich@suse.com \
--cc=julien@xen.org \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.