qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: Peter Maydell <peter.maydell@linaro.org>
To: Akihiko Odaki <akihiko.odaki@gmail.com>
Cc: "Philippe Mathieu-Daudé" <philmd@linaro.org>,
	"Emanuele Giuseppe Esposito" <eesposit@redhat.com>,
	"Volker Rümelin" <vr_qemu@t-online.de>,
	"Marc-André Lureau" <marcandre.lureau@redhat.com>,
	"Mark Cave-Ayland" <mark.cave-ayland@ilande.co.uk>,
	"Vivek Kasireddy" <vivek.kasireddy@intel.com>,
	"BALATON Zoltan" <balaton@eik.bme.hu>,
	"QEMU Developers" <qemu-devel@nongnu.org>,
	"Gerd Hoffmann" <kraxel@redhat.com>,
	"Paolo Bonzini" <pbonzini@redhat.com>,
	"Richard Henderson" <richard.henderson@linaro.org>
Subject: Re: UI layer threading and locking strategy; memory_region_snapshot_and_clear_dirty() races
Date: Tue, 22 Nov 2022 11:52:10 +0000	[thread overview]
Message-ID: <CAFEAcA8KAbhbZp8ZVJAGcfkbONAKtGV4TYCfi2eZ-VEJSZcacg@mail.gmail.com> (raw)
In-Reply-To: <6e8844bb-9880-a504-1fc2-f5a43a363241@gmail.com>

On Tue, 22 Nov 2022 at 08:04, Akihiko Odaki <akihiko.odaki@gmail.com> wrote:
>
> Hi,
>
> On 2022/11/22 7:37, Philippe Mathieu-Daudé wrote:
> > Cc'ing more UI/display contributors.
> >
> > On 17/11/22 14:05, Peter Maydell wrote:
> >> On Tue, 1 Nov 2022 at 14:17, Peter Maydell <peter.maydell@linaro.org>
> >> wrote:
> >>>
> >>> Hi; I'm trying to find out what the UI layer's threading and
> >>> locking strategy is, at least as far as it applies to display
> >>> device models.
> >>
> >> Ping! :-) I'm still looking for information about this,
> >> and about what threads call_rcu() callbacks might be run on...
>
> I briefly checked the code, and it looks like rcu has its own thread.
> Search for "thread" in util/rcu.c. Looking at call_rcu_thread() in the
> file will tell what kind of context the callbacks will be ran on.

Yes, I can read the code to find out what it does currently.
I'm hoping for an authoritative answer from the designer
about what the API guarantees are...

> >>> My tentative idea for a fix is a bit of an upheaval:
> >>>   * have the display devices set gfx_update_async = true
> >>>   * instead of doing everything synchronously in their gfx_update
> >>>     method, they do the initial setup and call an 'async' version
> >>>     of memory_region_snapshot_and_clear_dirty()
> >>>   * that async version of the function will do what it does today,
> >>>     but without trying to wait for TCG vCPUs
> >>>   * instead the caller arranges (via call_rcu(), probably) a
> >>>     callback that will happen once all the TCG CPUs have finished
> >>>     executing their current TB
> >>>   * that callback does the actual copy-from-guest-ram-to-display
> >>>     and then calls graphic_hw_update_done()
> >>>
> >>> This seems like an awful pain in the neck but I couldn't see
> >>> anything better :-(
>
> Converting memory_region_snapshot_and_clear_dirty() asynchronous is
> nice, but also don't forget about reordering things in
> framebuffer_update_display() so that the DisplaySurface reference
> happens after memory_region_snapshot_and_clear_dirty(). Even if you make
> memory_region_snapshot_and_clear_dirty() asynchronous, the bug will
> remain if you keep the stale reference of the DisplaySurface and pass it
> to the asynchronous callback.

Yes, it would need to either rearrange things, or else just take
a reference to the DisplaySurface and hold on to it until it's
done (which might result in a harmless write to a surface that's
no longer being actively used and will be thrown away when we
drop our reference). I think you probably need to take the reference,
because to identify the right arguments to take the memory snapshot
you need to know various properties of the DisplaySurface (eg its
size), so you need the DS both before and after the snapshot call.

thanks
-- PMM


      reply	other threads:[~2022-11-22 11:53 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-01 14:17 UI layer threading and locking strategy; memory_region_snapshot_and_clear_dirty() races Peter Maydell
2022-11-17 13:05 ` Peter Maydell
2022-11-21 22:37   ` Philippe Mathieu-Daudé
2022-11-22  8:04     ` Akihiko Odaki
2022-11-22 11:52       ` Peter Maydell [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAFEAcA8KAbhbZp8ZVJAGcfkbONAKtGV4TYCfi2eZ-VEJSZcacg@mail.gmail.com \
    --to=peter.maydell@linaro.org \
    --cc=akihiko.odaki@gmail.com \
    --cc=balaton@eik.bme.hu \
    --cc=eesposit@redhat.com \
    --cc=kraxel@redhat.com \
    --cc=marcandre.lureau@redhat.com \
    --cc=mark.cave-ayland@ilande.co.uk \
    --cc=pbonzini@redhat.com \
    --cc=philmd@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=richard.henderson@linaro.org \
    --cc=vivek.kasireddy@intel.com \
    --cc=vr_qemu@t-online.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).