From: Julien Grall <julien.grall@linaro.org>
To: Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
xen-devel@lists.xensource.com
Cc: julien.grall@citrix.com, Ian.Campbell@citrix.com
Subject: Re: [PATCH v9 10/10] xen/arm: make accesses to desc->status flags atomic
Date: Fri, 25 Jul 2014 13:40:05 +0100 [thread overview]
Message-ID: <53D25025.4060504@linaro.org> (raw)
In-Reply-To: <1406223192-26267-10-git-send-email-stefano.stabellini@eu.citrix.com>
Hi Stefano,
On 07/24/2014 06:33 PM, Stefano Stabellini wrote:
> Using *_bit manipulation functions on desc->status is safe on arm64:
> status is an unsigned int but is the first field of a struct that
> contains pointers, therefore the alignement of the struct is at least 8
> bytes.
I would add a comment in the structure irq_desc in include/common/irq.h.
To explain this assumption.
It would avoid people breaking the structure by mistake in the future.
Also I would explain a bit more why we need to use atomic while most of
the access are protected by desc->lock.
[..]
> diff --git a/xen/arch/arm/irq.c b/xen/arch/arm/irq.c
> index 7150c7a..0097349 100644
> --- a/xen/arch/arm/irq.c
> +++ b/xen/arch/arm/irq.c
> @@ -126,7 +126,7 @@ static inline struct domain *irq_get_domain(struct irq_desc *desc)
> {
> ASSERT(spin_is_locked(&desc->lock));
>
> - if ( !(desc->status & IRQ_GUEST) )
> + if ( !test_bit(_IRQ_GUEST, &desc->status) )
> return dom_xen;
>
> ASSERT(desc->action != NULL);
> @@ -195,13 +195,13 @@ void do_IRQ(struct cpu_user_regs *regs, unsigned int irq, int is_fiq)
> goto out;
> }
>
> - if ( desc->status & IRQ_GUEST )
> + if ( test_bit(_IRQ_GUEST, &desc->status) )
> {
> struct domain *d = irq_get_domain(desc);
>
> desc->handler->end(desc);
>
> - desc->status |= IRQ_INPROGRESS;
> + set_bit(_IRQ_INPROGRESS, &desc->status);
> desc->arch.eoi_cpu = smp_processor_id();
>
> /* the irq cannot be a PPI, we only support delivery of SPIs to
> @@ -210,22 +210,23 @@ void do_IRQ(struct cpu_user_regs *regs, unsigned int irq, int is_fiq)
> goto out_no_end;
> }
>
> - desc->status |= IRQ_PENDING;
> + set_bit(_IRQ_PENDING, &desc->status);
>
> /*
> * Since we set PENDING, if another processor is handling a different
> * instance of this same irq, the other processor will take care of it.
> */
> - if ( desc->status & (IRQ_DISABLED | IRQ_INPROGRESS) )
> + if ( test_bit(_IRQ_DISABLED, &desc->status) ||
> + test_bit(_IRQ_INPROGRESS, &desc->status) )
You replaced 1 access to desc->status by 2 accesses. I think it may have
a race condition when the desc->lock it's not taken (such as in
gic_update_one_lr).
At the same time, this will never happen as a guest IRQ will never
execute this code.
If it happens for IRQ routed to Xen, the interrupt will be EOIed and
fire again as soon as we leave the IRQ exception mode.
So I think we are fine for now.
Regards,
--
Julien Grall
next prev parent reply other threads:[~2014-07-25 12:40 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-24 17:31 [PATCH v9 00/10] gic and vgic fixes and improvements Stefano Stabellini
2014-07-24 17:33 ` [PATCH v9 01/10] xen/arm: observe itargets setting in vgic_enable_irqs and vgic_disable_irqs Stefano Stabellini
2014-07-24 17:33 ` [PATCH v9 02/10] xen/arm: move setting GIC_IRQ_GUEST_QUEUED earlier Stefano Stabellini
2014-07-28 15:16 ` Julien Grall
2014-07-28 16:18 ` Stefano Stabellini
2014-07-24 17:33 ` [PATCH v9 03/10] xen/arm: inflight irqs during migration Stefano Stabellini
2014-07-24 17:33 ` [PATCH v9 04/10] xen/arm: support irq delivery to vcpu > 0 Stefano Stabellini
2014-07-28 16:16 ` Julien Grall
2014-07-24 17:33 ` [PATCH v9 05/10] xen/arm: physical irq follow virtual irq Stefano Stabellini
2014-07-28 15:47 ` Julien Grall
2014-07-28 16:20 ` Stefano Stabellini
2014-07-28 16:42 ` Julien Grall
2014-08-01 17:22 ` Stefano Stabellini
2014-08-01 17:54 ` Julien Grall
2014-08-01 17:58 ` Stefano Stabellini
2014-08-01 18:00 ` Julien Grall
2014-07-24 17:33 ` [PATCH v9 06/10] xen: introduce sched_move_irqs Stefano Stabellini
2014-07-24 17:33 ` [PATCH v9 07/10] xen: remove workaround to inject evtchn_irq on irq enable Stefano Stabellini
2014-07-25 8:12 ` Jan Beulich
2014-08-01 17:00 ` Stefano Stabellini
2014-08-04 7:15 ` Jan Beulich
2014-08-04 10:02 ` Stefano Stabellini
2014-08-04 10:18 ` Jan Beulich
2014-08-04 20:29 ` Stefano Stabellini
2014-08-05 6:25 ` Jan Beulich
2014-08-05 11:26 ` Stefano Stabellini
2014-07-24 17:33 ` [PATCH v9 08/10] xen/arm: take the rank lock before accessing ipriority Stefano Stabellini
2014-07-28 16:22 ` Julien Grall
2014-07-24 17:33 ` [PATCH v9 09/10] xen: introduce bit access macros for the IRQ line status flags Stefano Stabellini
2014-07-25 12:21 ` Julien Grall
2014-07-24 17:33 ` [PATCH v9 10/10] xen/arm: make accesses to desc->status flags atomic Stefano Stabellini
2014-07-25 12:40 ` Julien Grall [this message]
2014-07-28 16:31 ` Stefano Stabellini
2014-07-28 17:14 ` Julien Grall
2014-07-29 10:25 ` Stefano Stabellini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53D25025.4060504@linaro.org \
--to=julien.grall@linaro.org \
--cc=Ian.Campbell@citrix.com \
--cc=julien.grall@citrix.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).