Re: [XEN][PATCH v9 09/19] xen/iommu: Move spin_lock from iommu_dt_device_is_assigned to caller

Tue, 22 Aug 2023 12:43:41 -0700 

Hi Vikram,

On 19/08/2023 01:28, Vikram Garhwal wrote:

Rename iommu_dt_device_is_assigned() to iommu_dt_device_is_assigned_locked().
Remove static type so this can also be used by SMMU drivers to check if the
device is being used before removing.



I have commented on v8. But I will comment here to make easier to keep 
track of comment.



I don't think iommu_dt_device_is_assigned_locked() should be called from 
the SMMU. If you want to check a device is assigned then it would be 
best to use the internal state of the SMMU.


This has two benefits:
  * This avoids what I view as a layer of violation
  * This confirmed that the internal state match with what we expect



Moving spin_lock to caller was done to prevent the concurrent access to
iommu_dt_device_is_assigned while doing add/remove/assign/deassign. Follow-up
patches in this series introduces node add/remove feature.

Also, caller is required hold the correct lock so moved the function prototype
to a private header.



I don't understand how requiring the caller to hold the correct lock 
means you need to move the protype in a private header. Can you clarify?




Signed-off-by: Vikram Garhwal <vikram.garh...@amd.com>

---
Changes from v7:
     Update commit message.
     Add ASSERT().
---
---
  xen/drivers/passthrough/device_tree.c | 26 +++++++++++++++++++++----
  xen/include/xen/iommu-private.h       | 28 +++++++++++++++++++++++++++
  2 files changed, 50 insertions(+), 4 deletions(-)
  create mode 100644 xen/include/xen/iommu-private.h

diff --git a/xen/drivers/passthrough/device_tree.c 
b/xen/drivers/passthrough/device_tree.c
index 1c32d7b50c..5796ee1f93 100644
--- a/xen/drivers/passthrough/device_tree.c
+++ b/xen/drivers/passthrough/device_tree.c
@@ -18,6 +18,7 @@
  #include <xen/device_tree.h>
  #include <xen/guest_access.h>
  #include <xen/iommu.h>
+#include <xen/iommu-private.h>
  #include <xen/lib.h>
  #include <xen/sched.h>
  #include <xsm/xsm.h>
@@ -83,16 +84,16 @@ fail:
      return rc;
  }

  
-static bool_t iommu_dt_device_is_assigned(const struct dt_device_node *dev)

+bool_t iommu_dt_device_is_assigned_locked(const struct dt_device_node *dev)
  {
      bool_t assigned = 0;

  
+    ASSERT(spin_is_locked(&dtdevs_lock));

+
      if ( !dt_device_is_protected(dev) )
          return 0;

  
-    spin_lock(&dtdevs_lock);

      assigned = !list_empty(&dev->domain_list);
-    spin_unlock(&dtdevs_lock);

  
      return assigned;

  }
@@ -213,27 +214,44 @@ int iommu_do_dt_domctl(struct xen_domctl *domctl, struct 
domain *d,
          if ( (d && d->is_dying) || domctl->u.assign_device.flags )
              break;

  
+        /*

+         * To ensure that the dev doesn't disappear between the time we look it
+         * up with dt_find_node_by_gpath() and we check the assignment later.
+         */
+        spin_lock(&dtdevs_lock);



This change doesn't look to be explained in the commit message. But 
looking at the code after this series is applied, you justified the 
addition of read_lock(&dt_host_lock) to protect access to the 
device-tree. This will be held longer than dtdevs_lock. So is it 
actually necessary to move the locking earlier?



+
          ret = dt_find_node_by_gpath(domctl->u.assign_device.u.dt.path,
                                      domctl->u.assign_device.u.dt.size,
                                      &dev);
          if ( ret )
+        {
+            spin_unlock(&dtdevs_lock);
              break;
+        }

  
          ret = xsm_assign_dtdevice(XSM_HOOK, d, dt_node_full_name(dev));

          if ( ret )
+        {
+            spin_unlock(&dtdevs_lock);
              break;
+        }

  
          if ( domctl->cmd == XEN_DOMCTL_test_assign_device )

          {
-            if ( iommu_dt_device_is_assigned(dev) )
+
+            if ( iommu_dt_device_is_assigned_locked(dev) )
              {
                  printk(XENLOG_G_ERR "%s already assigned.\n",
                         dt_node_full_name(dev));
                  ret = -EINVAL;
              }
+
+            spin_unlock(&dtdevs_lock);
              break;
          }

  
+        spin_unlock(&dtdevs_lock);

+
          if ( d == dom_io )
              return -EINVAL;

  
diff --git a/xen/include/xen/iommu-private.h b/xen/include/xen/iommu-private.h

new file mode 100644
index 0000000000..bb5c94e7a6
--- /dev/null
+++ b/xen/include/xen/iommu-private.h
@@ -0,0 +1,28 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * xen/iommu-private.h
+ */
+#ifndef __XEN_IOMMU_PRIVATE_H__
+#define __XEN_IOMMU_PRIVATE_H__
+
+#ifdef CONFIG_HAS_DEVICE_TREE
+#include <xen/device_tree.h>
+
+/*
+ * Checks if dt_device_node is assigned to a domain or not. This function
+ * expects to be called with dtdevs_lock acquired by caller.
+ */
+bool_t iommu_dt_device_is_assigned_locked(const struct dt_device_node *dev);
+#endif
+
+#endif /* __XEN_IOMMU_PRIVATE_H__ */
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */


Cheers,

--
Julien Grall
























					Reply via email to