From: Rusty Russell <rusty@rustcorp.com.au>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: virtualization <virtualization@lists.linux-foundation.org>,
Rafael Aquini <aquini@redhat.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: RFD: virtio balloon API use (was Re: [PATCH 5 of 5] virtio: expose added descriptors immediately)
Date: Mon, 02 Jul 2012 10:35:47 +0930 [thread overview]
Message-ID: <87d34fx990.fsf@rustcorp.com.au> (raw)
In-Reply-To: <20120701092051.GA4515@redhat.com>
On Sun, 1 Jul 2012 12:20:51 +0300, "Michael S. Tsirkin" <mst@redhat.com> wrote:
> On Thu, Nov 03, 2011 at 06:12:53PM +1030, Rusty Russell wrote:
> > A virtio driver does virtqueue_add_buf() multiple times before finally
> > calling virtqueue_kick(); previously we only exposed the added buffers
> > in the virtqueue_kick() call. This means we don't need a memory
> > barrier in virtqueue_add_buf(), but it reduces concurrency as the
> > device (ie. host) can't see the buffers until the kick.
> >
> > Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
>
> Looking at recent mm compaction patches made me look at locking
> in balloon closely. And I noticed the referenced patch (commit
> ee7cd8981e15bcb365fc762afe3fc47b8242f630 upstream) interacts strangely
> with virtio balloon; balloon currently does:
>
> static void tell_host(struct virtio_balloon *vb, struct virtqueue *vq)
> {
> struct scatterlist sg;
>
> sg_init_one(&sg, vb->pfns, sizeof(vb->pfns[0]) * vb->num_pfns);
>
> init_completion(&vb->acked);
>
> /* We should always be able to add one buffer to an empty queue. */
> if (virtqueue_add_buf(vq, &sg, 1, 0, vb, GFP_KERNEL) < 0)
> BUG();
> virtqueue_kick(vq);
>
> /* When host has read buffer, this completes via balloon_ack */
> wait_for_completion(&vb->acked);
> }
>
>
> While vq callback does:
>
> static void balloon_ack(struct virtqueue *vq)
> {
> struct virtio_balloon *vb;
> unsigned int len;
>
> vb = virtqueue_get_buf(vq, &len);
> if (vb)
> complete(&vb->acked);
> }
>
>
> So virtqueue_get_buf might now run concurrently with virtqueue_kick.
> I audited both and this seems safe in practice but I think
Good spotting!
Agreed. Because there's only add_buf, we get away with it: the add_buf
must be almost finished by the time get_buf runs because the device has
seen the buffer.
> we need to either declare this legal at the API level
> or add locking in driver.
I wonder if we should just lock in the balloon driver, rather than
document this corner case and set a bad example. Are there other
drivers which take the same shortcut?
> Further, is there a guarantee that we never get
> spurious callbacks? We currently check ring not empty
> but esp for non shared MSI this might not be needed.
Yes, I think this saves us. A spurious interrupt won't trigger
a spurious callback.
> If a spurious callback triggers, virtqueue_get_buf can run
> concurrently with virtqueue_add_buf which is known to be racy.
> Again I think this is currently safe as no spurious callbacks in
> practice but should we guarantee no spurious callbacks at the API level
> or add locking in driver?
I think we should guarantee it, but is there a hole in the current
implementation?
Thanks,
Rusty.
next prev parent reply other threads:[~2012-07-02 1:05 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <patchbomb.1320306168@localhost6.localdomain6>
2011-11-03 7:42 ` [PATCH 1 of 5] virtio: document functions better Rusty Russell
2011-11-03 7:49 ` Christoph Hellwig
2011-11-03 7:42 ` [PATCH 2 of 5] virtio: rename virtqueue_add_buf_gfp to virtqueue_add_buf Rusty Russell
2011-11-03 7:50 ` Christoph Hellwig
2011-11-03 7:42 ` [PATCH 3 of 5] virtio: support unlocked queue kick Rusty Russell
2011-11-03 7:52 ` Christoph Hellwig
2011-11-04 10:09 ` Stefan Hajnoczi
2011-11-04 10:36 ` Rusty Russell
2011-11-03 7:42 ` [PATCH 4 of 5] virtio: avoid modulus operation Rusty Russell
2011-11-03 7:51 ` Pekka Enberg
2011-11-03 10:18 ` Rusty Russell
2011-11-03 7:42 ` [PATCH 5 of 5] virtio: expose added descriptors immediately Rusty Russell
2011-11-13 21:03 ` Michael S. Tsirkin
2011-11-14 0:43 ` Rusty Russell
2011-11-14 6:56 ` Michael S. Tsirkin
2011-11-16 0:21 ` Rusty Russell
2011-11-16 7:18 ` Michael S. Tsirkin
2011-11-21 1:48 ` Rusty Russell
2011-11-21 11:57 ` Michael S. Tsirkin
2011-11-22 0:33 ` Rusty Russell
2011-11-22 6:29 ` Michael S. Tsirkin
2011-11-23 1:19 ` Rusty Russell
2011-11-23 8:30 ` Michael S. Tsirkin
2012-07-01 9:20 ` RFD: virtio balloon API use (was Re: [PATCH 5 of 5] virtio: expose added descriptors immediately) Michael S. Tsirkin
2012-07-02 1:05 ` Rusty Russell [this message]
2012-07-02 7:25 ` Michael S. Tsirkin
2012-07-02 16:08 ` Rafael Aquini
2012-07-03 0:47 ` Rusty Russell
2012-07-03 16:26 ` Rafael Aquini
2012-07-04 10:55 ` Michael S. Tsirkin
2012-07-08 23:39 ` Rusty Russell
2012-07-04 10:55 ` Michael S. Tsirkin
2012-07-02 7:33 ` [PATCH RFC] virtio-balloon: fix add/get API use Michael S. Tsirkin
2012-07-04 3:27 ` Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d34fx990.fsf@rustcorp.com.au \
--to=rusty@rustcorp.com.au \
--cc=aquini@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).