From: Paolo Bonzini <pbonzini@redhat.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 02/38] pci: split exit and finalize
Date: Tue, 17 Sep 2013 11:56:08 +0200 [thread overview]
Message-ID: <52382738.70802@redhat.com> (raw)
In-Reply-To: <20130917091657.GB18186@redhat.com>
Il 17/09/2013 11:16, Michael S. Tsirkin ha scritto:
> On Tue, Sep 03, 2013 at 02:32:53PM +0200, Paolo Bonzini wrote:
>> When converting devices to use out-of-BQL memory access, destruction
>> needs to be done in two phases. First, the device is unrealized;
>> at this point, pending memory accesses can still be completed, but
>> no new accesses will be started. The second part is freeing the
>> device, which happens only after the reference count drops to zero;
>> this means that all memory accesses are complete.
>>
>> Reviewed-by: Anthony Liguori <aliguori@us.ibm.com>
>> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
>> ---
>> hw/pci/pci.c | 15 +++++++++++----
>> 1 file changed, 11 insertions(+), 4 deletions(-)
>>
>> diff --git a/hw/pci/pci.c b/hw/pci/pci.c
>> index 4c004f5..bd084c7 100644
>> --- a/hw/pci/pci.c
>> +++ b/hw/pci/pci.c
>> @@ -787,6 +787,16 @@ static void pci_config_free(PCIDevice *pci_dev)
>> g_free(pci_dev->used);
>> }
>>
>> +static void pci_device_instance_finalize(Object *obj)
>> +{
>> + PCIDevice *pci_dev = PCI_DEVICE(obj);
>> +
>> + qemu_free_irqs(pci_dev->irq);
>> +
>> + address_space_destroy(&pci_dev->bus_master_as);
>> + memory_region_destroy(&pci_dev->bus_master_enable_region);
>> +}
>> +
>> /* -1 for devfn means auto assign */
>> static PCIDevice *do_pci_register_device(PCIDevice *pci_dev, PCIBus *bus,
>> const char *name, int devfn)
>> @@ -875,12 +885,8 @@ static PCIDevice *do_pci_register_device(PCIDevice *pci_dev, PCIBus *bus,
>>
>> static void do_pci_unregister_device(PCIDevice *pci_dev)
>> {
>> - qemu_free_irqs(pci_dev->irq);
>
> I don't get this one.
> Why do we want to keep irqs about?
> If they manage to send an interrupt to guest *somehow*
> guest will hang with no way to clear.
I can leave this here for now, since IRQs are always triggered under the
BQL. But I think it's cleaner to do all freeing in instance_finalize
(actually that includes pci_config_free that I somehow missed).
>> pci_dev->bus->devices[pci_dev->devfn] = NULL;
>> pci_config_free(pci_dev);
>> -
>> - address_space_destroy(&pci_dev->bus_master_as);
>> - memory_region_destroy(&pci_dev->bus_master_enable_region);
>
> Interesting.
> So you are saying it's important to keep MMIO MRs around until finalize,
> it's not enough that that they are not a subregion of anything?
Yes. do_pci_unregister_device marks the point where the guest will not
be able to submit new requests to the device, but there may be previous
requests pending. because you could have something like this:
VCPU 1 VCPU 2
----------------------------------------------------
start asynchronous I/O
address_space_map
address_space_translate
memory_region_ref
object_ref
** releases BQL
eject device
object_unparent
my_device_exit
memory_region_del_subregion
** cannot yet destroy!!
** address_space_unmap will use it
** gets BQL again
asynchronous I/O ends
address_space_unmap
memory_region_unref
object_unref
instance_finalize
memory_region_destroy
In RCU terms, do_pci_unregister_device is "removal", while
instance_finalize is "reclamation", but this is not yet getting
RCU-based MMIO dispatch into the picture; it's all using the BQL. In
fact you could even have just one VCPU that kicks the IO and also ejects
the device, but it's more easily understood if you separate the two actions.
While it generally means the guest is buggy or malicious, of course it
must be handled correctly.
> If not, is e.g. pcie_host_mmcfg_update buggy?
See patch "pcie: do not recreate mmcfg I/O region, use an alias instead"
Paolo
>
>> }
>>
>> static void pci_unregister_io_regions(PCIDevice *pci_dev)
>> @@ -2252,6 +2258,7 @@ static const TypeInfo pci_device_type_info = {
>> .abstract = true,
>> .class_size = sizeof(PCIDeviceClass),
>> .class_init = pci_device_class_init,
>> + .instance_finalize = pci_device_instance_finalize,
>> };
>>
>> static void pci_register_types(void)
>> --
>> 1.8.3.1
>>
next prev parent reply other threads:[~2013-09-17 9:56 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-03 12:32 [Qemu-devel] [PATCH v2 00/38] Delay destruction of memory regions to instance_finalize Paolo Bonzini
2013-09-03 12:32 ` [Qemu-devel] [PATCH 01/38] qdev: document assumption that unrealize is followed by finalize Paolo Bonzini
2013-09-17 9:00 ` Michael S. Tsirkin
2013-09-03 12:32 ` [Qemu-devel] [PATCH 02/38] pci: split exit and finalize Paolo Bonzini
2013-09-17 9:16 ` Michael S. Tsirkin
2013-09-17 9:56 ` Paolo Bonzini [this message]
2013-09-17 10:23 ` Paolo Bonzini
2013-09-17 10:06 ` Michael S. Tsirkin
2013-09-03 12:32 ` [Qemu-devel] [PATCH 03/38] ac97: use instance_finalize instead of exit Paolo Bonzini
2013-09-03 12:32 ` [Qemu-devel] [PATCH 04/38] es1370: " Paolo Bonzini
2013-09-03 12:32 ` [Qemu-devel] [PATCH 05/38] hda: reclaim memory in " Paolo Bonzini
2013-09-03 12:32 ` [Qemu-devel] [PATCH 06/38] serial: " Paolo Bonzini
2013-09-03 12:32 ` [Qemu-devel] [PATCH 07/38] tpci200: use " Paolo Bonzini
2013-09-03 12:32 ` [Qemu-devel] [PATCH 08/38] pci-assign: reclaim memory in " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 09/38] ahci: " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 10/38] msix: split msix_free from msix_uninit Paolo Bonzini
2013-09-17 9:21 ` Michael S. Tsirkin
2013-09-17 9:56 ` Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 11/38] cmd646: use instance_finalize instead of exit Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 12/38] ide/piix: " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 13/38] ide/via: " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 14/38] ivshmem: reclaim memory in " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 15/38] pci-testdev: use " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 16/38] vfio: reclaim memory in " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 17/38] e1000: use " Paolo Bonzini
2013-09-17 9:27 ` Michael S. Tsirkin
2013-09-17 10:13 ` Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 18/38] eepro100: " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 19/38] ne2000: " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 20/38] pcnet: " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 21/38] rtl8139: " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 22/38] vmxnet3: reclaim memory in " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 23/38] shpc: split shpc_free from shpc_cleanup Paolo Bonzini
2013-09-17 9:24 ` Michael S. Tsirkin
2013-09-17 9:58 ` Paolo Bonzini
2013-09-17 10:03 ` Michael S. Tsirkin
2013-09-03 12:33 ` [Qemu-devel] [PATCH 24/38] pci_bridge: split pci_bridge_free from pci_bridge_exitfn Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 25/38] pcie_aer: pcie_aer_exit really frees stuff Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 26/38] pci_bridge: reclaim memory in instance_finalize instead of exit Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 27/38] ioh4320: " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 28/38] xio3130-downstream: " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 29/38] xio3130-upstream: " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 30/38] pcie: do not recreate mmcfg I/O region, use an alias instead Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 31/38] esp: use instance_finalize instead of exit Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 32/38] lsi: " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 33/38] pvscsi: reclaim memory in " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 34/38] usb-uhci: use " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 35/38] virtio-pci: reclaim memory in " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 36/38] wdt_i6300esb: use " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 37/38] xen_pt: reclaim memory in " Paolo Bonzini
2013-09-03 12:33 ` [Qemu-devel] [PATCH 38/38] tpm: move add/del_subregion to realize/unrealize Paolo Bonzini
2013-09-16 16:35 ` [Qemu-devel] [PATCH v2 00/38] Delay destruction of memory regions to instance_finalize Paolo Bonzini
2013-09-17 6:44 ` Wenchao Xia
2013-09-17 10:01 ` Paolo Bonzini
2013-09-20 6:16 ` Wenchao Xia
2013-09-17 9:31 ` Michael S. Tsirkin
2013-09-17 12:47 ` Michael S. Tsirkin
2013-09-17 14:41 ` Paolo Bonzini
2013-09-17 14:45 ` Michael S. Tsirkin
2013-09-17 15:41 ` Paolo Bonzini
2013-09-17 15:59 ` Michael S. Tsirkin
2013-09-17 16:13 ` Paolo Bonzini
2013-09-17 16:29 ` Michael S. Tsirkin
2013-09-17 16:58 ` Paolo Bonzini
2013-09-17 17:07 ` Michael S. Tsirkin
2013-09-17 17:16 ` Paolo Bonzini
2013-09-17 17:26 ` Michael S. Tsirkin
2013-09-17 19:07 ` Paolo Bonzini
2013-09-17 19:51 ` Michael S. Tsirkin
2013-09-17 22:02 ` Paolo Bonzini
2013-09-18 5:48 ` Michael S. Tsirkin
2013-09-18 7:40 ` Paolo Bonzini
2013-09-18 8:41 ` Michael S. Tsirkin
2013-09-18 11:26 ` Paolo Bonzini
2013-09-18 11:56 ` Peter Maydell
2013-09-18 13:11 ` Paolo Bonzini
2013-09-18 13:19 ` Peter Maydell
2013-09-18 13:28 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52382738.70802@redhat.com \
--to=pbonzini@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).