From: Avi Kivity <avi@redhat.com>
To: liu ping fan <qemulist@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
Anthony Liguori <anthony@codemonkey.ws>,
Jan Kiszka <jan.kiszka@siemens.com>
Subject: Re: [Qemu-devel] [PATCH V3 10/11] vcpu: introduce lockmap
Date: Thu, 20 Sep 2012 12:15:00 +0300 [thread overview]
Message-ID: <505ADE94.9030101@redhat.com> (raw)
In-Reply-To: <CAJnKYQk_71uJB5tv_K6wUiKMfM-kb6h8gD-imLA2WbxS+1iEJg@mail.gmail.com>
On 09/20/2012 10:51 AM, liu ping fan wrote:
> On Wed, Sep 19, 2012 at 5:05 PM, Avi Kivity <avi@redhat.com> wrote:
>> On 09/19/2012 11:36 AM, liu ping fan wrote:
>>>>
>>>> It basically means you can't hold contents of device state in local
>>>> variables. You need to read everything again from the device. That
>>>> includes things like DMA enable bits.
>>>>
>>> I think that read everything again from the device can not work.
>>> Suppose the following scene: If the device's state contains the change
>>> of a series of internal registers (supposing partA+partB;
>>> partC+partD), after partA changed, the device's lock is broken. At
>>> this point, another access to this device, it will work on partA+partB
>>> to determine C+D, but since partB is not correctly updated yet. So C+D
>>> may be decided by broken context and be wrong.
>>
>> That's the guest's problem. Note it could have happened even before the
>> change, since the writes to A/B/C/D are unordered wrt the DMA.
>>
> Yes, agree, it is the guest's problem. So it means that ready_of(A+B)
> is not signaled to guest, the guest should not launch operations on
> (C+D). Right? But here comes the question, if ready not signaled to
> guest, how can guest launch operation on (A+B) again?
It may be evil.
> i.e. although local lock is broken, the (A+B) is still intact when
> re-acquire local lock. So need not to read everything again from the
> device. Wrong?
The device needs to perform according to its specifications. If the
specifications allow for this kind of access, we must ensure it works.
If they don't, we must ensure something sane happens, instead of a qemu
crash or exploit. This means that anything dangerous like pointers must
be revalidated. To be on the safe side, I recommend revalidating (or
reloading) everything, but it may not be necessary in all cases.
>>> What my suggestion is:
>>> lock();
>>> set_and_test(dev->busy);
>>> if busy
>>> unlock and return;
>>> changing device registers;
>>> do other things including calling to c_p_m_rw() //here,lock broken,
>>> but set_and_test() works
>>> clear(dev->busy);
>>> unlock();
>>>
>>> So changing device registers is protected, and unbreakable.
>>
>> But the changes may be legitimate. Maybe you're writing to a completely
>> unrelated register, from a different vcpu, now that write is lost.
>>
> But I think it will mean more-fine locks for each groups of unrelated
> register, and accordingly, the busy should be bitmap for each group.
It's possible. Let's defer the discussion until a concrete case is
before us. It may be that different devices will want different
solutions (though there is value in applying one solution everywhere).
--
error compiling committee.c: too many arguments to function
next prev parent reply other threads:[~2012-09-20 9:15 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-11 7:51 [Qemu-devel] [PATCH V3 0/10] prepare unplug out of protection of global lock Liu Ping Fan
2012-09-11 7:51 ` [Qemu-devel] [PATCH V3 01/11] atomic: introduce atomic operations Liu Ping Fan
2012-09-11 8:04 ` Avi Kivity
2012-09-13 6:54 ` liu ping fan
2012-09-13 8:14 ` Avi Kivity
2012-09-13 8:19 ` Paolo Bonzini
2012-09-13 8:23 ` Avi Kivity
2012-09-13 8:29 ` Paolo Bonzini
2012-09-13 8:45 ` liu ping fan
2012-09-19 13:16 ` Jamie Lokier
2012-09-19 13:32 ` Jamie Lokier
2012-09-19 14:12 ` Peter Maydell
2012-09-19 15:53 ` Jamie Lokier
2012-09-11 8:15 ` Peter Maydell
2012-09-13 6:53 ` liu ping fan
2012-09-11 7:51 ` [Qemu-devel] [PATCH V3 02/11] qom: apply atomic on object's refcount Liu Ping Fan
2012-09-11 7:51 ` [Qemu-devel] [PATCH V3 03/11] hotplug: introduce qdev_unplug_complete() to remove device from views Liu Ping Fan
2012-09-11 7:51 ` [Qemu-devel] [PATCH V3 04/11] pci: remove pci device from mem view when unplug Liu Ping Fan
2012-09-11 7:51 ` [Qemu-devel] [PATCH V3 05/11] memory: introduce ref, unref interface for MemoryRegionOps Liu Ping Fan
2012-09-11 8:08 ` Avi Kivity
2012-09-11 7:51 ` [Qemu-devel] [PATCH V3 06/11] memory: make mmio dispatch able to be out of biglock Liu Ping Fan
2012-09-11 8:25 ` Avi Kivity
2012-09-11 8:47 ` Avi Kivity
2012-09-11 7:51 ` [Qemu-devel] [PATCH V3 07/11] memory: implement e1000's MemoryRegionOps ref/unref Liu Ping Fan
2012-09-11 8:37 ` Avi Kivity
2012-09-11 7:51 ` [Qemu-devel] [PATCH V3 08/11] qom: introduce reclaimer to release obj in async Liu Ping Fan
2012-09-11 8:32 ` Avi Kivity
2012-09-11 9:32 ` liu ping fan
2012-09-11 9:37 ` Avi Kivity
2012-09-13 6:54 ` liu ping fan
2012-09-13 8:45 ` Avi Kivity
2012-09-13 9:59 ` liu ping fan
2012-09-13 10:09 ` Avi Kivity
2012-09-11 7:51 ` [Qemu-devel] [PATCH V3 09/11] vcpu: make QemuThread as tls to store thread-self info Liu Ping Fan
2012-09-11 7:51 ` [Qemu-devel] [PATCH V3 10/11] vcpu: introduce lockmap Liu Ping Fan
2012-09-11 8:35 ` Avi Kivity
2012-09-11 9:44 ` liu ping fan
2012-09-11 9:54 ` Avi Kivity
2012-09-11 10:04 ` Jan Kiszka
2012-09-11 11:03 ` Avi Kivity
2012-09-11 11:08 ` Jan Kiszka
2012-09-11 12:20 ` Avi Kivity
2012-09-11 12:25 ` Jan Kiszka
2012-09-11 12:30 ` Avi Kivity
2012-09-11 12:35 ` Jan Kiszka
2012-09-11 12:39 ` Avi Kivity
2012-09-19 4:25 ` Peter Crosthwaite
2012-09-19 4:32 ` Edgar E. Iglesias
2012-09-19 4:40 ` Peter Crosthwaite
2012-09-19 7:55 ` Avi Kivity
2012-09-19 11:46 ` Edgar E. Iglesias
2012-09-19 12:12 ` Avi Kivity
2012-09-19 12:17 ` Edgar E. Iglesias
2012-09-19 13:01 ` Igor Mitsyanko
2012-09-19 13:03 ` Avi Kivity
2012-09-19 7:57 ` Jan Kiszka
2012-09-19 13:07 ` Igor Mitsyanko
2012-09-11 9:57 ` Jan Kiszka
2012-09-11 12:24 ` Avi Kivity
2012-09-11 12:41 ` Avi Kivity
2012-09-11 14:54 ` Marcelo Tosatti
2012-09-13 6:55 ` liu ping fan
2012-09-13 6:55 ` liu ping fan
2012-09-13 8:19 ` Avi Kivity
2012-09-17 2:24 ` liu ping fan
2012-09-19 8:01 ` Avi Kivity
2012-09-19 8:36 ` liu ping fan
2012-09-19 9:05 ` Avi Kivity
2012-09-20 7:51 ` liu ping fan
2012-09-20 9:15 ` Avi Kivity [this message]
2012-09-21 7:27 ` liu ping fan
2012-09-11 7:51 ` [Qemu-devel] [PATCH V3 11/11] vcpu: push mmio dispatcher out of big lock Liu Ping Fan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=505ADE94.9030101@redhat.com \
--to=avi@redhat.com \
--cc=anthony@codemonkey.ws \
--cc=jan.kiszka@siemens.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemulist@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).