From: "Jan Beulich" <JBeulich@suse.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>,
Chao Peng <chao.p.peng@linux.intel.com>
Cc: keir@xen.org, Ian.Campbell@citrix.com,
stefano.stabellini@eu.citrix.com, George.Dunlap@eu.citrix.com,
Ian.Jackson@eu.citrix.com, xen-devel@lists.xen.org,
dgdegra@tycho.nsa.gov
Subject: Re: [PATCH v15 01/11] multicall: add no preemption ability between two calls
Date: Tue, 09 Sep 2014 14:15:59 +0100 [thread overview]
Message-ID: <540F19AF0200007800032AD1@mail.emea.novell.com> (raw)
In-Reply-To: <540EF624.4020200@citrix.com>
>>> On 09.09.14 at 14:44, <andrew.cooper3@citrix.com> wrote:
> On 09/09/14 12:51, Jan Beulich wrote:
>>>>> On 09.09.14 at 12:51, <andrew.cooper3@citrix.com> wrote:
>>> On 09/09/14 11:39, Jan Beulich wrote:
>>>>>>> On 09.09.14 at 08:43, <chao.p.peng@linux.intel.com> wrote:
>>>>> On Fri, Sep 05, 2014 at 11:46:20AM +0100, Andrew Cooper wrote:
>>>>>> On 05/09/14 09:37, Chao Peng wrote:
>>>>>>> Add a flag to indicate if the execution can be preempted between two
>>>>>>> calls. If not specified, stay preemptable.
>>>>>>>
>>>>>>> Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com>
>>>>>>> ---
>>>>>>> xen/common/multicall.c | 5 ++++-
>>>>>>> xen/include/public/xen.h | 4 ++++
>>>>>>> 2 files changed, 8 insertions(+), 1 deletion(-)
>>>>>>>
>>>>>>> diff --git a/xen/common/multicall.c b/xen/common/multicall.c
>>>>>>> index fa9d910..83b96eb 100644
>>>>>>> --- a/xen/common/multicall.c
>>>>>>> +++ b/xen/common/multicall.c
>>>>>>> @@ -40,6 +40,7 @@ do_multicall(
>>>>>>> struct mc_state *mcs = ¤t->mc_state;
>>>>>>> uint32_t i;
>>>>>>> int rc = 0;
>>>>>>> + bool_t preemptable = 0;
>>>>>>>
>>>>>>> if ( unlikely(__test_and_set_bit(_MCSF_in_multicall, &mcs->flags)) )
>>>>>>> {
>>>>>>> @@ -52,7 +53,7 @@ do_multicall(
>>>>>>>
>>>>>>> for ( i = 0; !rc && i < nr_calls; i++ )
>>>>>>> {
>>>>>>> - if ( i && hypercall_preempt_check() )
>>>>>>> + if ( preemptable && hypercall_preempt_check() )
>>>>>>> goto preempted;
>>>>>>>
>>>>>>> if ( unlikely(__copy_from_guest(&mcs->call, call_list, 1)) )
>>>>>>> @@ -61,6 +62,8 @@ do_multicall(
>>>>>>> break;
>>>>>>> }
>>>>>>>
>>>>>>> + preemptable = mcs->call.flags & MC_NO_PREEMPT;
>>>>>>> +
>>>>>> Please consider what would happen if a malicious guest set NO_PREEMPT on
>>>>>> every multicall entry.
>>>>> OK, I see. My direct purpose here is to support batch operations for
>>>>> XENPF_resource_op added in next patch. Recall what Jan suggested in v14
>>>>> comments, we have 3 possible ways to support XENPF_resource_op batch:
>>>>> 1) Add a field in the xenpf_resource_op to indicate the iteration;
>>>>> 2) Fiddle multicall mechanism, just like this patch;
>>>>> 3) Add a brand new hypercall.
>>>>>
>>>>> So perhaps I will give up option 2) before I can see any improvement
>>>>> here. While option 3) is aggressive, so I'd go option 1) through I also
>>>>> don't quite like it (Totally because the iteration is transparent for user).
>>>> The I suppose you didn't really understand Andrew's comment: I
>>>> don't think he was suggesting to drop the approach, but instead
>>>> to implement it properly (read: securely).
>>> That is certainly one part of it.
>>>
>>> However, there is the other open question (dropped from this context) of
>>> how to deal with a multicall which has NO_PREEMT set, which itself
>>> preempts, and I don't have a good answer for this.
>> The pretty natural answer to this is - the specific handler knows
>> best what to do.
>
> Given our past history at retrofitting preempting into existing
> hypercalls, the multicaller has no idea whether the ops they have
> selected will preempt or not, and no way to guarentee that the behaviour
> will stay the same in future.
>
> The multicall dispatches to the regular hypercall handlers, which
> (cant?)
They can - current->mc_state.flags has _MCSF_in_multicall
set.
> and certainly shouldn't distinguish between a regular hypercall
> and multicall.
I agree with this. Yet it's a bug in the caller to request no
preemption at this layer for a constituent hypercall that can itself
preempt. But that's only a problem for the caller, not for the
hypervisor.
> As I have been looking through this code, I have noticed that the NDEBUG
> parameter corruption will break half of our existing preemption logic,
> which does use some of the parameters to hold preemption information.
Certainly not - call_list is being copied over a second time a few
lines after that NDEBUG section.
Jan
next prev parent reply other threads:[~2014-09-09 13:15 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-05 8:37 [PATCH v15 00/11] enable Cache QoS Monitoring (CQM) feature Chao Peng
2014-09-05 8:37 ` [PATCH v15 01/11] multicall: add no preemption ability between two calls Chao Peng
2014-09-05 10:46 ` Andrew Cooper
2014-09-09 6:43 ` Chao Peng
2014-09-09 10:39 ` Jan Beulich
2014-09-09 10:51 ` Andrew Cooper
2014-09-09 11:51 ` Jan Beulich
2014-09-09 12:44 ` Andrew Cooper
2014-09-09 13:15 ` Jan Beulich [this message]
2014-09-10 1:32 ` Chao Peng
2014-09-10 9:43 ` Andrew Cooper
2014-09-10 10:07 ` Jan Beulich
2014-09-10 10:15 ` Andrew Cooper
2014-09-10 10:25 ` Jan Beulich
2014-09-10 11:12 ` Andrew Cooper
2014-09-12 2:55 ` Chao Peng
2014-09-17 9:22 ` Chao Peng
2014-09-17 9:44 ` Jan Beulich
2014-09-18 13:45 ` Chao Peng
2014-09-18 14:22 ` Jan Beulich
2014-09-05 8:37 ` [PATCH v15 02/11] x86: add generic resource (e.g. MSR) access hypercall Chao Peng
2014-09-05 10:59 ` Andrew Cooper
2014-09-05 11:49 ` Jan Beulich
2014-09-10 2:55 ` Chao Peng
2014-09-29 18:52 ` Konrad Rzeszutek Wilk
2014-09-30 7:45 ` Jan Beulich
2014-09-05 8:37 ` [PATCH v15 03/11] xsm: add resource operation related xsm policy Chao Peng
2014-09-05 8:37 ` [PATCH v15 04/11] tools: provide interface for generic resource access Chao Peng
2014-09-05 8:37 ` [PATCH v15 05/11] x86: detect and initialize Platform QoS Monitoring feature Chao Peng
2014-09-05 11:05 ` Andrew Cooper
2014-09-05 8:37 ` [PATCH v15 06/11] x86: dynamically attach/detach QoS monitoring service for a guest Chao Peng
2014-09-05 8:37 ` [PATCH v15 07/11] x86: collect global QoS monitoring information Chao Peng
2014-09-05 8:37 ` [PATCH v15 08/11] x86: enable QoS monitoring for each domain RMID Chao Peng
2014-09-05 8:37 ` [PATCH v15 09/11] x86: add QoS monitoring related MSRs in allowed list Chao Peng
2014-09-05 8:37 ` [PATCH v15 10/11] xsm: add platform QoS related xsm policies Chao Peng
2014-09-05 8:37 ` [PATCH v15 11/11] tools: CMDs and APIs for Platform QoS Monitoring Chao Peng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=540F19AF0200007800032AD1@mail.emea.novell.com \
--to=jbeulich@suse.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=chao.p.peng@linux.intel.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=keir@xen.org \
--cc=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).