From: Igor Mammedov <imammedo@redhat.com>
To: bibo mao <maobibo@loongson.cn>
Cc: Markus Armbruster <armbru@redhat.com>,
Song Gao <gaosong@loongson.cn>,
Jiaxun Yang <jiaxun.yang@flygoat.com>,
qemu-devel@nongnu.org, Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH v6 3/6] hw/loongarch/virt: Fix error handling in cpu unplug
Date: Fri, 4 Apr 2025 13:59:01 +0200 [thread overview]
Message-ID: <20250404135901.2f102a66@imammedo.users.ipa.redhat.com> (raw)
In-Reply-To: <ff30bac6-9004-0ba2-505a-3406e66623da@loongson.cn>
On Fri, 21 Mar 2025 15:35:37 +0800
bibo mao <maobibo@loongson.cn> wrote:
> On 2025/3/21 下午3:21, Markus Armbruster wrote:
> > bibo mao <maobibo@loongson.cn> writes:
> >
> >> +Igor
> >>
> >>
> >> On 2025/3/21 下午2:47, Markus Armbruster wrote:
> >>> Bibo Mao <maobibo@loongson.cn> writes:
> >>>
> >>>> In function virt_cpu_unplug(), it will send cpu unplug message to
> >>>> interrupt controller extioi and ipi irqchip. If there is problem in
> >>>> this function, system should continue to run and keep state the same
> >>>> before cpu is removed.
> >>>>
> >>>> If error happends in cpu unplug stage, send cpu plug message to extioi
> >>>> and ipi irqchip to restore to previous stage, and then return immediately.
> >>>>
> >>>> Fixes: 2cd6857f6f5b (hw/loongarch/virt: Implement cpu unplug interface)
> >>>> Signed-off-by: Bibo Mao <maobibo@loongson.cn>
> >>>> ---
> >>>> hw/loongarch/virt.c | 6 ++++++
> >>>> 1 file changed, 6 insertions(+)
> >>>>
> >>>> diff --git a/hw/loongarch/virt.c b/hw/loongarch/virt.c
> >>>> index 8563967c8b..503362a69e 100644
> >>>> --- a/hw/loongarch/virt.c
> >>>> +++ b/hw/loongarch/virt.c
> >>>> @@ -958,6 +958,8 @@ static void virt_cpu_unplug(HotplugHandler *hotplug_dev,
> >>>> hotplug_handler_unplug(HOTPLUG_HANDLER(lvms->extioi), dev, &err);
> >>>> if (err) {
> >>>> error_propagate(errp, err);
> >>>> + hotplug_handler_plug(HOTPLUG_HANDLER(lvms->ipi), dev,
> >>>> + &error_abort);
> >>>> return;
> >>>> }
> >>>>
> >>>> @@ -965,6 +967,10 @@ static void virt_cpu_unplug(HotplugHandler *hotplug_dev,
> >>>> hotplug_handler_unplug(HOTPLUG_HANDLER(lvms->acpi_ged), dev, &err);
> >>>> if (err) {
> >>>> error_propagate(errp, err);
> >>>> + hotplug_handler_plug(HOTPLUG_HANDLER(lvms->ipi), dev,
> >>>> + &error_abort);
> >>>> + hotplug_handler_plug(HOTPLUG_HANDLER(lvms->extioi), dev,
> >>>> + &error_abort);
> >>>> return;
> >>>> }
> >>>
> >>> virt_cpu_unplug() calls hotplug_handler_unplug() three times to notify
> >>> ipi, extioi, and acpi_get. If any notification fails, virt_cpu_unplug()
> >>> calls hotplug_handler_plug() to "un-notify" the preceeding ones, if any.
> >>> This must not fail.
> >>>
> >>> virt_cpu_plug() does it the other way round (see previous patch).
> >>>
> >>> So, hotplug_handler_plug() must not fail in virt_cpu_unplug(), yet we
> >>> check for it to fail in virt_cpu_plug().
> >>>
> >>> Can it really fail in virt_cpu_plug()?
> >>>
> >>> If yes, why can't it fail in virt_cpu_unplug()?
> >> you can check function acpi_cpu_plug_cb()/loongarch_ipi_cpu_plug(), that
> >> is cpuplug callback for acpi_ged and ipi. it will not fail.
> >>
> >> If *virt_cpu_pre_plug()* pass, it will succeed.
> >>
> >> Regards
> >> Bibo Mao
> >>
> >>>
> >>> Same questions for hotplug_handler_unplug().
> >
> > Let me restate my argument.
> >
> > We call hotplug_handler_plug() on the happy path, and on error recovery
> > paths. Four cases:
> >
> > 1. Can fail on the happy path
> >
> > Error recovery is required.
> >
> > 1.1 Can fail on the error recovery path
> >
> > Error recovery is required, but broken.
> >
> > 1.2 Can't fail on the error recovery path
> >
> > Error recovery is required and works, but why it works is not
> > obvious. Deserves a comment explaining why hotplug_handler_plug()
> > can't fail here even though it can fail on the happy path next door.
> >
> > 2. Can't fail on the happy path
> >
> > Error recovery is unreachable.
> >
> > 2.1 Can fail on the error recovery path
> >
> > Error recovery is unreachable and broken. Possibly a time bomb, and
> > possibly misleading readers.
> >
> > 2.2 Can't fail on the error recovery path
> >
> > Error recovery is unreachable and would work, but why it would work
> > is again a not obvious.
> >
> > Which of the four cases is it?
> By my understanding, it is "2. Can't fail on the happy path", and Error
> recovery is unreachable.
>
> I have said that it is impossible and recovery is only for future use.
_plug() handler can't fail hence error_abort.
the same likely goes for _unplug() though I haven't audited it's usage so I won't bet here.
In cpu/mem cases it shall not fail, but there were cases where device_del bypasses
_unplug_request and calls _unplug directly (and those should be re-checked)
handlers that can fail and require graceful recovery are _pre and _request variants.
wrt: _plug() handler, we shall drop errp argument across the tree so
it won't confuse anyone, smth like this:
hotplug_handler_plug(otplugHandler *hotplug_dev, DeviceState *dev)
and then fixup callers to do the same.
Bibo,
can you take care of that?
Perhaps also check _unplug path and if it shall not fail either, clean it up as well.
>
> do you mean recovery should be removed? And directly &error_abort is
> used in virt_cpu_plug() such as:
> static void virt_cpu_plug(HotplugHandler *hotplug_dev,
> DeviceState *dev, Error **errp)
> {
> if (lvms->ipi) {
> hotplug_handler_plug(HOTPLUG_HANDLER(lvms->ipi), dev, &error_abort);
>
> Regards
> Bibo Mao
>
next prev parent reply other threads:[~2025-04-04 12:00 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-21 3:12 [PATCH v6 0/6] target/loongarch: Fix some issues reported from coccinelle Bibo Mao
2025-03-21 3:12 ` [PATCH v6 1/6] target/loongarch: Fix error handling of KVM feature checks Bibo Mao
2025-03-21 3:12 ` [PATCH v6 2/6] hw/loongarch/virt: Fix error handling in cpu plug Bibo Mao
2025-04-04 12:06 ` Igor Mammedov
2025-03-21 3:12 ` [PATCH v6 3/6] hw/loongarch/virt: Fix error handling in cpu unplug Bibo Mao
2025-03-21 6:47 ` Markus Armbruster
2025-03-21 7:00 ` bibo mao
2025-03-21 7:21 ` Markus Armbruster
2025-03-21 7:35 ` bibo mao
2025-03-21 8:08 ` Markus Armbruster
2025-03-21 8:21 ` bibo mao
2025-04-04 11:59 ` Igor Mammedov [this message]
2025-04-08 2:07 ` bibo mao
2025-03-21 7:09 ` bibo mao
2025-04-04 12:08 ` Igor Mammedov
2025-03-21 3:12 ` [PATCH v6 4/6] hw/loongarch/virt: Eliminate error_propagate() Bibo Mao
2025-03-21 3:12 ` [PATCH v6 5/6] target/loongarch: Remove unnecessary temporary variable assignment Bibo Mao
2025-03-21 3:12 ` [PATCH v6 6/6] target/loongarch: Clean up virt_cpu_irq_init() error handling Bibo Mao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250404135901.2f102a66@imammedo.users.ipa.redhat.com \
--to=imammedo@redhat.com \
--cc=armbru@redhat.com \
--cc=gaosong@loongson.cn \
--cc=jiaxun.yang@flygoat.com \
--cc=maobibo@loongson.cn \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).