From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@cloudius-systems.com>
Subject: Re: [Qemu-devel] [RFC] create a single workqueue for each vm to update
 vm irq routing table
Date: Thu, 28 Nov 2013 11:49:00 +0200
Message-ID: <5297118C.3050104@cloudius-systems.com>
References: <52949847.6020908@redhat.com> <CAEbWaipAnmoa=gMbB1aNb=btU6LgYXhcnmQWHJ_89m4yvw6Dug@mail.gmail.com> <5294A68F.6060301@redhat.com> <CAF950W+-UiX6xv4vYmnxji9aWDU8ds2rnx7JugnbHQWJdCCD-Q@mail.gmail.com> <5294B461.5000405@redhat.com> <5294B634.4050801@cloudius-systems.com> <20131126150357.GA20352@redhat.com> <5294BC3B.6070902@redhat.com> <D3E216785288A145B7BC975F83A2ED10448BBAB3@SZXEMA510-MBS.china.huawei.com> <5297050E.6000700@redhat.com> <20131128091903.GA4609@kernel.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "Zhanghaoyu (A)" <haoyu.zhang@huawei.com>,
	Gleb Natapov <gleb@redhat.com>,
	Avi Kivity <avi.kivity@gmail.com>,
	"Huangweidong (C)" <weidong.huang@huawei.com>,
	KVM <kvm@vger.kernel.org>, "Michael S. Tsirkin" <mst@redhat.com>,
	"Jinxin (F)" <jinxin712@huawei.com>,
	Luonengjun <luonengjun@huawei.com>,
	"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
	Zanghongyong <zanghongyong@huawei.com>
To: Gleb Natapov <gleb@minantech.com>,
	Paolo Bonzini <pbonzini@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail-bk0-f52.google.com ([209.85.214.52]:41896 "EHLO
	mail-bk0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750935Ab3K1JtG (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 28 Nov 2013 04:49:06 -0500
Received: by mail-bk0-f52.google.com with SMTP id u14so3663711bkz.39
        for <kvm@vger.kernel.org>; Thu, 28 Nov 2013 01:49:04 -0800 (PST)
In-Reply-To: <20131128091903.GA4609@kernel.org>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 11/28/2013 11:19 AM, Gleb Natapov wrote:
> On Thu, Nov 28, 2013 at 09:55:42AM +0100, Paolo Bonzini wrote:
>> Il 28/11/2013 07:27, Zhanghaoyu (A) ha scritto:
>>>>> Without synchronize_rcu you could have
>>>>>
>>>>>     VCPU writes to routing table
>>>>>                                        e = entry from IRQ routing table
>>>>>     kvm_irq_routing_update(kvm, new);
>>>>>     VCPU resumes execution
>>>>>                                        kvm_set_msi_irq(e, &irq);
>>>>>                                        kvm_irq_delivery_to_apic_fast();
>>>>>
>>>>> where the entry is stale but the VCPU has already resumed execution.
>>>>>
>>> If we use call_rcu()(Not consider the problem that Gleb pointed out temporarily) instead of synchronize_rcu(), should we still ensure this?
>> The problem is that we should ensure this, so using call_rcu is not
>> possible (even not considering the memory allocation problem).
>>
>   
> Not changing current behaviour is certainly safer, but I am still not 100%
> convinced we have to ensure this.
>
> Suppose guest does:
>
> 1: change msi interrupt by writing to pci register
> 2: read the pci register to flush the write
> 3: zero idt
>
> I am pretty certain that this code can get interrupt after step 2 on real HW,
> but I cannot tell if guest can rely on it to be delivered exactly after
> read instruction or it can be delayed by couple of instructions. Seems to me
> it would be fragile for an OS to depend on this behaviour. AFAIK Linux does not.
>

Linux is safe, it does interrupt migration from within the interrupt 
handler.  If you do that before the device-specific EOI, you won't get 
another interrupt until programming the MSI is complete.

Is virtio safe? IIRC it can post multiple interrupts without guest acks.

Using call_rcu() is a better solution than srcu IMO.  Less code changes, 
consistently faster.