* [PATCH] xen: fix ring resize of /dev/evtchn
@ 2016-05-04 13:02 Jan Beulich
2016-05-04 13:30 ` [Xen-devel] " David Vrabel
0 siblings, 1 reply; 4+ messages in thread
From: Jan Beulich @ 2016-05-04 13:02 UTC (permalink / raw)
To: David Vrabel, Boris Ostrovsky, Juergen Gross
Cc: xen-devel, Konrad Rzeszutek Wilk, linux-kernel
The copying of ring data was wrong for two cases: For a full ring
nothing got copied at all (as in that case the canonicalized producer
and consumer indexes are identical). And in case one or both of the
canonicalized (after the resize) indexes would point into the second
half of the buffer, the copied data ended up in the wrong (free) part
of the new buffer. In both cases uninitialized data would get passed
back to the caller.
Fix this by simply copying the old ring contents twice: Once to the
low half of the new buffer, and a second time to the high half.
This addresses the inability to boot a HVM guest with 64 or more
vCPU-s, which was reported by Konrad Rzeszutek Wilk
<konrad.wilk@oracle.com>.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
drivers/xen/evtchn.c | 22 ++++++----------------
1 file changed, 6 insertions(+), 16 deletions(-)
--- 4.6-rc6/drivers/xen/evtchn.c
+++ 4.6-rc6-xen-dev-evtchn-resize/drivers/xen/evtchn.c
@@ -316,7 +316,6 @@ static int evtchn_resize_ring(struct per
{
unsigned int new_size;
evtchn_port_t *new_ring, *old_ring;
- unsigned int p, c;
/*
* Ensure the ring is large enough to capture all possible
@@ -344,22 +343,13 @@ static int evtchn_resize_ring(struct per
spin_lock_irq(&u->ring_prod_lock);
/*
- * Copy the old ring contents to the new ring.
- *
- * If the ring contents crosses the end of the current ring,
- * it needs to be copied in two chunks.
- *
- * +---------+ +------------------+
- * |34567 12| -> | 1234567 |
- * +-----p-c-+ +------------------+
+ * Copy the old ring contents to the new ring. To take care of
+ * wrapping, a full ring, and the new canonicalized index pointing
+ * into the second half, simply copy the old contents twice.
*/
- p = evtchn_ring_offset(u, u->ring_prod);
- c = evtchn_ring_offset(u, u->ring_cons);
- if (p < c) {
- memcpy(new_ring + c, u->ring + c, (u->ring_size - c) * sizeof(*u->ring));
- memcpy(new_ring + u->ring_size, u->ring, p * sizeof(*u->ring));
- } else
- memcpy(new_ring + c, u->ring + c, (p - c) * sizeof(*u->ring));
+ memcpy(new_ring, old_ring, u->ring_size * sizeof(*u->ring));
+ memcpy(new_ring + u->ring_size, old_ring,
+ u->ring_size * sizeof(*u->ring));
u->ring = new_ring;
u->ring_size = new_size;
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [Xen-devel] [PATCH] xen: fix ring resize of /dev/evtchn
2016-05-04 13:02 [PATCH] xen: fix ring resize of /dev/evtchn Jan Beulich
@ 2016-05-04 13:30 ` David Vrabel
2016-05-04 15:34 ` David Vrabel
0 siblings, 1 reply; 4+ messages in thread
From: David Vrabel @ 2016-05-04 13:30 UTC (permalink / raw)
To: Jan Beulich, David Vrabel, Boris Ostrovsky, Juergen Gross
Cc: xen-devel, linux-kernel
On 04/05/16 14:02, Jan Beulich wrote:
> The copying of ring data was wrong for two cases: For a full ring
> nothing got copied at all (as in that case the canonicalized producer
> and consumer indexes are identical). And in case one or both of the
> canonicalized (after the resize) indexes would point into the second
> half of the buffer, the copied data ended up in the wrong (free) part
> of the new buffer. In both cases uninitialized data would get passed
> back to the caller.
>
> Fix this by simply copying the old ring contents twice: Once to the
> low half of the new buffer, and a second time to the high half.
>
> This addresses the inability to boot a HVM guest with 64 or more
> vCPU-s, which was reported by Konrad Rzeszutek Wilk
> <konrad.wilk@oracle.com>.
[...]
Can you include the commit that introduced this regression and which
kernel versions it affects as this is a stable candidate.
> @@ -344,22 +343,13 @@ static int evtchn_resize_ring(struct per
> spin_lock_irq(&u->ring_prod_lock);
>
> /*
> - * Copy the old ring contents to the new ring.
> - *
> - * If the ring contents crosses the end of the current ring,
> - * it needs to be copied in two chunks.
> - *
> - * +---------+ +------------------+
> - * |34567 12| -> | 1234567 |
> - * +-----p-c-+ +------------------+
> + * Copy the old ring contents to the new ring. To take care of
> + * wrapping, a full ring, and the new canonicalized index pointing
> + * into the second half, simply copy the old contents twice.
Could you keep the ascii art?
e.g.,
* +---------+ +------------------+
* |34567 12| -> |34567 1234567 12|
* +-----p-c-+ +-------c------p---+
So it is obvious that the double copy does the right thing.
Thanks.
David
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Xen-devel] [PATCH] xen: fix ring resize of /dev/evtchn
2016-05-04 13:30 ` [Xen-devel] " David Vrabel
@ 2016-05-04 15:34 ` David Vrabel
2016-05-04 15:42 ` Jan Beulich
0 siblings, 1 reply; 4+ messages in thread
From: David Vrabel @ 2016-05-04 15:34 UTC (permalink / raw)
To: David Vrabel, Jan Beulich, Boris Ostrovsky, Juergen Gross
Cc: xen-devel, linux-kernel
On 04/05/16 14:30, David Vrabel wrote:
> On 04/05/16 14:02, Jan Beulich wrote:
>> The copying of ring data was wrong for two cases: For a full ring
>> nothing got copied at all (as in that case the canonicalized producer
>> and consumer indexes are identical). And in case one or both of the
>> canonicalized (after the resize) indexes would point into the second
>> half of the buffer, the copied data ended up in the wrong (free) part
>> of the new buffer. In both cases uninitialized data would get passed
>> back to the caller.
>>
>> Fix this by simply copying the old ring contents twice: Once to the
>> low half of the new buffer, and a second time to the high half.
>>
>> This addresses the inability to boot a HVM guest with 64 or more
>> vCPU-s, which was reported by Konrad Rzeszutek Wilk
>> <konrad.wilk@oracle.com>.
> [...]
>
> Can you include the commit that introduced this regression and which
> kernel versions it affects as this is a stable candidate.
>
>> @@ -344,22 +343,13 @@ static int evtchn_resize_ring(struct per
>> spin_lock_irq(&u->ring_prod_lock);
>>
>> /*
>> - * Copy the old ring contents to the new ring.
>> - *
>> - * If the ring contents crosses the end of the current ring,
>> - * it needs to be copied in two chunks.
>> - *
>> - * +---------+ +------------------+
>> - * |34567 12| -> | 1234567 |
>> - * +-----p-c-+ +------------------+
>> + * Copy the old ring contents to the new ring. To take care of
>> + * wrapping, a full ring, and the new canonicalized index pointing
>> + * into the second half, simply copy the old contents twice.
>
> Could you keep the ascii art?
>
> e.g.,
>
> * +---------+ +------------------+
> * |34567 12| -> |34567 1234567 12|
> * +-----p-c-+ +-------c------p---+
>
> So it is obvious that the double copy does the right thing.
Never mind, I wanted to send a pull request so I've fixed this up myself.
David
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Xen-devel] [PATCH] xen: fix ring resize of /dev/evtchn
2016-05-04 15:34 ` David Vrabel
@ 2016-05-04 15:42 ` Jan Beulich
0 siblings, 0 replies; 4+ messages in thread
From: Jan Beulich @ 2016-05-04 15:42 UTC (permalink / raw)
To: David Vrabel; +Cc: xen-devel, Boris Ostrovsky, Juergen Gross, linux-kernel
>>> On 04.05.16 at 17:34, <david.vrabel@citrix.com> wrote:
> On 04/05/16 14:30, David Vrabel wrote:
>> On 04/05/16 14:02, Jan Beulich wrote:
>>> The copying of ring data was wrong for two cases: For a full ring
>>> nothing got copied at all (as in that case the canonicalized producer
>>> and consumer indexes are identical). And in case one or both of the
>>> canonicalized (after the resize) indexes would point into the second
>>> half of the buffer, the copied data ended up in the wrong (free) part
>>> of the new buffer. In both cases uninitialized data would get passed
>>> back to the caller.
>>>
>>> Fix this by simply copying the old ring contents twice: Once to the
>>> low half of the new buffer, and a second time to the high half.
>>>
>>> This addresses the inability to boot a HVM guest with 64 or more
>>> vCPU-s, which was reported by Konrad Rzeszutek Wilk
>>> <konrad.wilk@oracle.com>.
>> [...]
>>
>> Can you include the commit that introduced this regression and which
>> kernel versions it affects as this is a stable candidate.
>>
>>> @@ -344,22 +343,13 @@ static int evtchn_resize_ring(struct per
>>> spin_lock_irq(&u->ring_prod_lock);
>>>
>>> /*
>>> - * Copy the old ring contents to the new ring.
>>> - *
>>> - * If the ring contents crosses the end of the current ring,
>>> - * it needs to be copied in two chunks.
>>> - *
>>> - * +---------+ +------------------+
>>> - * |34567 12| -> | 1234567 |
>>> - * +-----p-c-+ +------------------+
>>> + * Copy the old ring contents to the new ring. To take care of
>>> + * wrapping, a full ring, and the new canonicalized index pointing
>>> + * into the second half, simply copy the old contents twice.
>>
>> Could you keep the ascii art?
>>
>> e.g.,
>>
>> * +---------+ +------------------+
>> * |34567 12| -> |34567 1234567 12|
>> * +-----p-c-+ +-------c------p---+
>>
>> So it is obvious that the double copy does the right thing.
>
> Never mind, I wanted to send a pull request so I've fixed this up myself.
Oh, sorry, I had it ready but didn't want to send a v2 a few minutes
after the v1. Thanks for taking care of it!
Jan
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-05-04 15:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-05-04 13:02 [PATCH] xen: fix ring resize of /dev/evtchn Jan Beulich
2016-05-04 13:30 ` [Xen-devel] " David Vrabel
2016-05-04 15:34 ` David Vrabel
2016-05-04 15:42 ` Jan Beulich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox