| Message ID | 20240430153423.80875-1-roger.pau@citrix.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [for-4.19] ppc/riscv: fix arch_acquire_resource_check() | expand |
On 30.04.2024 17:34, Roger Pau Monne wrote: > None of the implementations support set_foreign_p2m_entry() yet, neither they > have a p2m walk in domain_relinquish_resources() in order to remove the foreign > mappings from the p2m and thus drop the extra refcounts. While I don't mind the cod adjustment into the more safe direction, I find this justification odd: RISC-V has no domain_relinquish_resources() at all right now, and PPC has it properly as a stub only. Judgement on what there is (or not) can only be made one non-stub implementations exist. IOW provided PPC and RISC-V people agree, I'm fine putting this in, but preferably with an adjusted description. To be honest with how you put it, it's not even really clear to me what (practical) problem, if any, you're trying to address. Jan > Adjust the arch helpers to return false and introduce a comment that clearly > states it is not only taking extra refcounts that's needed, but also dropping > them on domain teardown. > > Fixes: 4988704e00d8 ('xen/riscv: introduce p2m.h') > Fixes: 4a2f68f90930 ('xen/ppc: Define minimal stub headers required for full build') > Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> > --- > xen/arch/ppc/include/asm/p2m.h | 7 ++++--- > xen/arch/riscv/include/asm/p2m.h | 7 ++++--- > 2 files changed, 8 insertions(+), 6 deletions(-) > > diff --git a/xen/arch/ppc/include/asm/p2m.h b/xen/arch/ppc/include/asm/p2m.h > index 25ba05466853..f144ef8e1a54 100644 > --- a/xen/arch/ppc/include/asm/p2m.h > +++ b/xen/arch/ppc/include/asm/p2m.h > @@ -81,10 +81,11 @@ static inline mfn_t gfn_to_mfn(struct domain *d, gfn_t gfn) > static inline bool arch_acquire_resource_check(struct domain *d) > { > /* > - * The reference counting of foreign entries in set_foreign_p2m_entry() > - * is supported on PPC. > + * Requires refcounting the foreign mappings and walking the p2m on > + * teardown in order to remove foreign pages from the p2m and drop the > + * extra reference counts. > */ > - return true; > + return false; > } > > static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) > diff --git a/xen/arch/riscv/include/asm/p2m.h b/xen/arch/riscv/include/asm/p2m.h > index 87b13f897926..387f372b5d26 100644 > --- a/xen/arch/riscv/include/asm/p2m.h > +++ b/xen/arch/riscv/include/asm/p2m.h > @@ -79,10 +79,11 @@ static inline mfn_t gfn_to_mfn(struct domain *d, gfn_t gfn) > static inline bool arch_acquire_resource_check(struct domain *d) > { > /* > - * The reference counting of foreign entries in set_foreign_p2m_entry() > - * is supported on RISCV. > + * Requires refcounting the foreign mappings and walking the p2m on > + * teardown in order to remove foreign pages from the p2m and drop the > + * extra reference counts. > */ > - return true; > + return false; > } > > static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx)
On Thu, May 02, 2024 at 09:23:30AM +0200, Jan Beulich wrote: > On 30.04.2024 17:34, Roger Pau Monne wrote: > > None of the implementations support set_foreign_p2m_entry() yet, neither they > > have a p2m walk in domain_relinquish_resources() in order to remove the foreign > > mappings from the p2m and thus drop the extra refcounts. > > While I don't mind the cod adjustment into the more safe direction, I find > this justification odd: RISC-V has no domain_relinquish_resources() at all > right now, and PPC has it properly as a stub only. Judgement on what there > is (or not) can only be made one non-stub implementations exist. Right, hence stating that foreign mappings are properly handled (arch_acquire_resource_check() returning true) is bogus to me because there's no code yet. > IOW provided PPC and RISC-V people agree, I'm fine putting this in, but > preferably with an adjusted description. To be honest with how you put it, > it's not even really clear to me what (practical) problem, if any, you're > trying to address. The current statement is at best misleading, because there's no implementation of set_foreign_p2m_entry() or domain_relinquish_resources(), and hence making claims that future implementation of them will properly handle foreign mappings could lead to the special requirements of those mappings not being taken into account when implementing those functions just because arch_acquire_resource_check() already returns true. IMO arch_acquire_resource_check() can only return true once the code is in place, and mappings are properly handled. Making claims about yet to be implemented code is wrong. Thanks, Roger.
On Tue, 2024-04-30 at 17:34 +0200, Roger Pau Monne wrote: > None of the implementations support set_foreign_p2m_entry() yet, > neither they > have a p2m walk in domain_relinquish_resources() in order to remove > the foreign > mappings from the p2m and thus drop the extra refcounts. > > Adjust the arch helpers to return false and introduce a comment that > clearly > states it is not only taking extra refcounts that's needed, but also > dropping > them on domain teardown. I am okay with such adjustment for now as it is more safe and nothing will be missed during implementation of p2m, but I am curious how then Arm handles that, their implementation is also just returns true. ( I planned to have p2m implementation similar to Arm ) Anyway, based on that it safer for RISC-V: Reviewed-by: Oleksii Kurochko <oleksii.kurochko@gmail.com> > > Fixes: 4988704e00d8 ('xen/riscv: introduce p2m.h') > Fixes: 4a2f68f90930 ('xen/ppc: Define minimal stub headers required > for full build') > Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> > --- > xen/arch/ppc/include/asm/p2m.h | 7 ++++--- > xen/arch/riscv/include/asm/p2m.h | 7 ++++--- > 2 files changed, 8 insertions(+), 6 deletions(-) > > diff --git a/xen/arch/ppc/include/asm/p2m.h > b/xen/arch/ppc/include/asm/p2m.h > index 25ba05466853..f144ef8e1a54 100644 > --- a/xen/arch/ppc/include/asm/p2m.h > +++ b/xen/arch/ppc/include/asm/p2m.h > @@ -81,10 +81,11 @@ static inline mfn_t gfn_to_mfn(struct domain *d, > gfn_t gfn) > static inline bool arch_acquire_resource_check(struct domain *d) > { > /* > - * The reference counting of foreign entries in > set_foreign_p2m_entry() > - * is supported on PPC. > + * Requires refcounting the foreign mappings and walking the p2m > on > + * teardown in order to remove foreign pages from the p2m and > drop the > + * extra reference counts. > */ > - return true; > + return false; > } > > static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) > diff --git a/xen/arch/riscv/include/asm/p2m.h > b/xen/arch/riscv/include/asm/p2m.h > index 87b13f897926..387f372b5d26 100644 > --- a/xen/arch/riscv/include/asm/p2m.h > +++ b/xen/arch/riscv/include/asm/p2m.h > @@ -79,10 +79,11 @@ static inline mfn_t gfn_to_mfn(struct domain *d, > gfn_t gfn) > static inline bool arch_acquire_resource_check(struct domain *d) > { > /* > - * The reference counting of foreign entries in > set_foreign_p2m_entry() > - * is supported on RISCV. > + * Requires refcounting the foreign mappings and walking the p2m > on > + * teardown in order to remove foreign pages from the p2m and > drop the > + * extra reference counts. > */ > - return true; > + return false; > } > > static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx)
On Thu, May 02, 2024 at 10:46:12AM +0200, Oleksii wrote: > On Tue, 2024-04-30 at 17:34 +0200, Roger Pau Monne wrote: > > None of the implementations support set_foreign_p2m_entry() yet, > > neither they > > have a p2m walk in domain_relinquish_resources() in order to remove > > the foreign > > mappings from the p2m and thus drop the extra refcounts. > > > > Adjust the arch helpers to return false and introduce a comment that > > clearly > > states it is not only taking extra refcounts that's needed, but also > > dropping > > them on domain teardown. > I am okay with such adjustment for now as it is more safe and nothing > will be missed during implementation of p2m, but I am curious how then > Arm handles that, their implementation is also just returns true. ( I > planned to have p2m implementation similar to Arm ) Arm does have an implementation of set_foreign_p2m_entry() and domain_relinquish_resources() that handle foreign mappings correctly. > > Anyway, based on that it safer for RISC-V: > Reviewed-by: Oleksii Kurochko <oleksii.kurochko@gmail.com> Thanks, Roger.
Hi Roger, On 4/30/24 10:34 AM, Roger Pau Monne wrote: > None of the implementations support set_foreign_p2m_entry() yet, neither they > have a p2m walk in domain_relinquish_resources() in order to remove the foreign > mappings from the p2m and thus drop the extra refcounts. > > Adjust the arch helpers to return false and introduce a comment that clearly > states it is not only taking extra refcounts that's needed, but also dropping > them on domain teardown. > > Fixes: 4988704e00d8 ('xen/riscv: introduce p2m.h') > Fixes: 4a2f68f90930 ('xen/ppc: Define minimal stub headers required for full build') > Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> > --- This makes sense to me. This stub implementation was definitely an oversight on my part. Acked-by: Shawn Anastasio <sanastasio@raptorengineering.com> Thanks, Shawn
diff --git a/xen/arch/ppc/include/asm/p2m.h b/xen/arch/ppc/include/asm/p2m.h index 25ba05466853..f144ef8e1a54 100644 --- a/xen/arch/ppc/include/asm/p2m.h +++ b/xen/arch/ppc/include/asm/p2m.h @@ -81,10 +81,11 @@ static inline mfn_t gfn_to_mfn(struct domain *d, gfn_t gfn) static inline bool arch_acquire_resource_check(struct domain *d) { /* - * The reference counting of foreign entries in set_foreign_p2m_entry() - * is supported on PPC. + * Requires refcounting the foreign mappings and walking the p2m on + * teardown in order to remove foreign pages from the p2m and drop the + * extra reference counts. */ - return true; + return false; } static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx) diff --git a/xen/arch/riscv/include/asm/p2m.h b/xen/arch/riscv/include/asm/p2m.h index 87b13f897926..387f372b5d26 100644 --- a/xen/arch/riscv/include/asm/p2m.h +++ b/xen/arch/riscv/include/asm/p2m.h @@ -79,10 +79,11 @@ static inline mfn_t gfn_to_mfn(struct domain *d, gfn_t gfn) static inline bool arch_acquire_resource_check(struct domain *d) { /* - * The reference counting of foreign entries in set_foreign_p2m_entry() - * is supported on RISCV. + * Requires refcounting the foreign mappings and walking the p2m on + * teardown in order to remove foreign pages from the p2m and drop the + * extra reference counts. */ - return true; + return false; } static inline void p2m_altp2m_check(struct vcpu *v, uint16_t idx)
None of the implementations support set_foreign_p2m_entry() yet, neither they have a p2m walk in domain_relinquish_resources() in order to remove the foreign mappings from the p2m and thus drop the extra refcounts. Adjust the arch helpers to return false and introduce a comment that clearly states it is not only taking extra refcounts that's needed, but also dropping them on domain teardown. Fixes: 4988704e00d8 ('xen/riscv: introduce p2m.h') Fixes: 4a2f68f90930 ('xen/ppc: Define minimal stub headers required for full build') Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> --- xen/arch/ppc/include/asm/p2m.h | 7 ++++--- xen/arch/riscv/include/asm/p2m.h | 7 ++++--- 2 files changed, 8 insertions(+), 6 deletions(-)