From: Zhao Liu <zhao1.liu@intel.com>
To: "Paolo Bonzini" <pbonzini@redhat.com>,
"Manos Pitsidianakis" <manos.pitsidianakis@linaro.org>,
"Marc-Andr� Lureau" <marcandre.lureau@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>,
qemu-devel@nongnu.org, qemu-rust@nongnu.org,
Zhao Liu <zhao1.liu@intel.com>
Subject: Re: [PATCH 21/22] rust/hpet: Replace BqlRefCell<HPETRegisters> with Mutex<HPETRegisters>
Date: Thu, 13 Nov 2025 19:36:44 +0800 [thread overview]
Message-ID: <aRXCzNrv9d7vZHzN@intel.com> (raw)
In-Reply-To: <aRWlfgShnpNbiLAP@intel.com>
On Thu, Nov 13, 2025 at 05:31:42PM +0800, Zhao Liu wrote:
> Date: Thu, 13 Nov 2025 17:31:42 +0800
> From: Zhao Liu <zhao1.liu@intel.com>
> Subject: Re: [PATCH 21/22] rust/hpet: Replace BqlRefCell<HPETRegisters>
> with Mutex<HPETRegisters>
>
> > @@ -179,8 +180,8 @@ const fn deactivating_bit(old: u64, new: u64, shift: usize) -> bool {
> > fn timer_handler(timer_cell: &BqlRefCell<HPETTimer>) {
> > let mut t = timer_cell.borrow_mut();
> > // SFAETY: state field is valid after timer initialization.
> > - let regs = &mut unsafe { t.state.as_mut() }.regs.borrow_mut();
> > - t.callback(regs)
> > + let mut regs = unsafe { t.state.as_ref() }.regs.lock().unwrap();
> > + t.callback(&mut regs)
> > }
>
> callback()
> -> arm_timer(): access timer N register
> -> update_irq(): modify global register (int_status or "isr" in C code)
>
> So timer handler needs to lock Mutex. But this may cause deadlock:
>
> timer_hanlder -> lock BQL -> try to lock Mutex
> MMIO access -> lock Mutex -> try to lock BQL
>
> C HPET doesn't have such deadlock issue since it doesn't lock Mutex in
> timer handler.
>
> I think it seems necessay to lock Mutex in timer handler since there's
> no guarantee to avoid data race...
One possible way may be to introduce lockless timer callback, but at
Rust side, this needs to extract timers from BqlRefCell and add extra
Muetx to protect timer state.
So a simple way is to just unlock bql before acquiring Mutex in timer
handler, which give a chance for MMIO to acquire BQL. And this way could
fix locking order in timer handler.
Code example:
diff --git a/rust/hw/timer/hpet/src/device.rs b/rust/hw/timer/hpet/src/device.rs
index f96dfe1ebd06..389eb9b49eb6 100644
--- a/rust/hw/timer/hpet/src/device.rs
+++ b/rust/hw/timer/hpet/src/device.rs
@@ -178,10 +178,35 @@ const fn deactivating_bit(old: u64, new: u64, shift: usize) -> bool {
}
fn timer_handler(timer_cell: &BqlRefCell<HPETTimer>) {
- let mut t = timer_cell.borrow_mut();
- // SFAETY: state field is valid after timer initialization.
- let mut regs = unsafe { t.state.as_ref() }.regs.lock().unwrap();
- t.callback(&mut regs)
+ let state_p = {
+ let t = timer_cell.borrow();
+ t.state
+ };
+
+ // Release BQL first and acquire Mutex instead. This avoids deadlock
+ // since lockless IO will lock Mutex first and then try to acquire
+ // BQL.
+ //
+ // SAFETY: BQL free context only locks Mutex and will do nothing else.
+ unsafe {
+ bql::unlock();
+ }
+
+ // SAFETY: state_p is valid and we just access Mutex and don't touch
+ // other fields. Mutex could guarantee the registers access is safe
+ // during BQL is unlocked.
+ let mut regs = unsafe { state_p.as_ref() }.regs.lock().unwrap();
+
+ // After Mutex is locked, lock BQL again. This ensures both timer
+ // handler and MMIO have the same locking order.
+ //
+ // SAFETY: BQL context is expected for timer handler and now the
+ // correct locking order eliminates deadlock.
+ unsafe {
+ bql::lock();
+ }
+
+ timer_cell.borrow_mut().callback(&mut regs);
}
#[repr(C)]
Thanks,
Zhao
next prev parent reply other threads:[~2025-11-13 11:15 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-13 5:19 [PATCH 00/22] rust/hpet: Move towards lockless IO, partly Zhao Liu
2025-11-13 5:19 ` [PATCH 01/22] rust/migration: Add Sync implementation for Migratable<> Zhao Liu
2025-11-13 5:19 ` [PATCH 02/22] rust/migration: Fix missing name in the VMSD of Migratable<> Zhao Liu
2025-11-13 5:19 ` [PATCH 03/22] rust/migration: Check name field in VMStateDescriptionBuilder Zhao Liu
2025-11-13 5:19 ` [PATCH 04/22] rust/bql: Add BqlGuard to provide BQL context Zhao Liu
2025-11-13 5:19 ` [PATCH 05/22] rust/bql: Ensure BQL locked early at BqlRefCell borrowing Zhao Liu
2025-11-13 5:19 ` [PATCH 06/22] rust/memory: Add enable_lockless_io binding Zhao Liu
2025-11-13 5:19 ` [PATCH 07/22] rust/hpet: Reduce unnecessary mutable self argument Zhao Liu
2025-11-13 5:19 ` [PATCH 08/22] rust/hpet: Rename HPETRegister to DecodedRegister Zhao Liu
2025-11-13 5:19 ` [PATCH 09/22] rust/hpet: Rename decoded "reg" enumeration to "target" Zhao Liu
2025-11-13 5:19 ` [PATCH 10/22] rust/hpet: Abstract HPETTimerRegisters struct Zhao Liu
2025-11-13 11:24 ` Paolo Bonzini
2025-11-14 4:37 ` Zhao Liu
2025-11-15 7:54 ` Paolo Bonzini
2025-11-13 5:19 ` [PATCH 11/22] rust/hpet: Make timer register accessors as methods of HPETTimerRegisters Zhao Liu
2025-11-13 5:19 ` [PATCH 12/22] rust/hpet: Abstract HPETRegisters struct Zhao Liu
2025-11-13 5:19 ` [PATCH 13/22] rust/hpet: Make global register accessors as methods of HPETRegisters Zhao Liu
2025-11-13 5:19 ` [PATCH 14/22] rust/hpet: Borrow HPETState.regs once in HPETState::post_load() Zhao Liu
2025-11-13 5:19 ` [PATCH 15/22] rust/hpet: Explicitly initialize complex fields in init() Zhao Liu
2025-11-13 5:19 ` [PATCH 16/22] rust/hpet: Pass &BqlRefCell<HPETRegisters> as argument during MMIO access Zhao Liu
2025-11-13 5:19 ` [PATCH 17/22] rust/hpet: Maintain HPETTimerRegisters in HPETRegisters Zhao Liu
2025-11-13 5:19 ` [PATCH 18/22] rust/hpet: Borrow BqlRefCell<HPETRegisters> at top level Zhao Liu
2025-11-13 5:19 ` [PATCH 19/22] rust/hpet: Rename hpet_regs variables to regs Zhao Liu
2025-11-13 5:19 ` [PATCH 20/22] rust/hpet: Apply Migratable<> wrapper and ToMigrationState for HPETRegisters Zhao Liu
2025-11-13 5:19 ` [PATCH 21/22] rust/hpet: Replace BqlRefCell<HPETRegisters> with Mutex<HPETRegisters> Zhao Liu
2025-11-13 9:31 ` Zhao Liu
2025-11-13 11:36 ` Zhao Liu [this message]
2025-11-13 5:19 ` [PATCH 22/22] rust/hpet: Enable lockless IO Zhao Liu
2025-11-13 14:29 ` Paolo Bonzini
2025-11-14 6:39 ` Zhao Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aRXCzNrv9d7vZHzN@intel.com \
--to=zhao1.liu@intel.com \
--cc=imammedo@redhat.com \
--cc=manos.pitsidianakis@linaro.org \
--cc=marcandre.lureau@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-rust@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).