On 10/01/17 23:56, Boris Ostrovsky wrote: > > > >> diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c >> index ebc768f..ebdfbee 100644 >> --- a/drivers/xen/xenbus/xenbus_xs.c >> +++ b/drivers/xen/xenbus/xenbus_xs.c > > >> - >> -static struct xs_handle xs_state; >> +/* >> + * Framework to protect suspend/resume handling against normal Xenstore >> + * message handling: >> + * During suspend/resume there must be no open transaction and no pending >> + * Xenstore request. >> + * New watch events happening in this time can be ignored by firing all >> watches >> + * after resume. >> + */ >> +/* Lock protecting enter/exit critical region. */ >> +static DEFINE_SPINLOCK(xs_state_lock); >> +/* Wait queue for all callers waiting for critical region to become usable. >> */ >> +static DECLARE_WAIT_QUEUE_HEAD(xs_state_enter_wq); >> +/* Wait queue for suspend handling waiting for critical region being empty. >> */ >> +static DECLARE_WAIT_QUEUE_HEAD(xs_state_exit_wq); >> +/* Number of users in critical region. */ >> +static unsigned int xs_state_users; >> +/* Suspend handler waiting or already active? */ >> +static int xs_suspend_active; > > I think these two should be declared next to xs_state _lock since they > are protected by it. Or maybe even put them into some sort of a state > struct.
I think placing them near the lock and adding a comment is enough. >> + >> + >> +static bool test_reply(struct xb_req_data *req) >> +{ >> + if (req->state == xb_req_state_got_reply || !xenbus_ok()) >> + return true; >> + >> + /* Make sure to reread req->state each time. */ >> + cpu_relax(); > > I don't think I understand why this is needed. I need a compiler barrier. Otherwise the compiler read req->state only once outside the while loop. >> + >> + return false; >> +} >> + > > >> +static void xs_send(struct xb_req_data *req, struct xsd_sockmsg *msg) >> { >> - mutex_lock(&xs_state.transaction_mutex); >> - atomic_inc(&xs_state.transaction_count); >> - mutex_unlock(&xs_state.transaction_mutex); >> -} >> + bool notify; >> >> -static void transaction_end(void) >> -{ >> - if (atomic_dec_and_test(&xs_state.transaction_count)) >> - wake_up(&xs_state.transaction_wq); >> -} >> + req->msg = *msg; >> + req->err = 0; >> + req->state = xb_req_state_queued; >> + init_waitqueue_head(&req->wq); >> >> -static void transaction_suspend(void) >> -{ >> - mutex_lock(&xs_state.transaction_mutex); >> - wait_event(xs_state.transaction_wq, >> - atomic_read(&xs_state.transaction_count) == 0); >> -} >> + xs_request_enter(req); >> >> -static void transaction_resume(void) >> -{ >> - mutex_unlock(&xs_state.transaction_mutex); >> + req->msg.req_id = xs_request_id++; > > Is it safe to do this without a lock? You are right: I should move this to xs_request_enter() inside the lock. I think I'll let return xs_request_enter() the request id. >> + >> +int xenbus_dev_request_and_reply(struct xsd_sockmsg *msg, void *par) >> +{ >> + struct xb_req_data *req; >> + struct kvec *vec; >> + >> + req = kmalloc(sizeof(*req) + sizeof(*vec), GFP_KERNEL); > > Is there a reason why you are using different flags here? Yes. This function is always called in user context. No need to be more restrictive. >> @@ -263,11 +295,20 @@ static void *xs_talkv(struct xenbus_transaction t, >> unsigned int num_vecs, >> unsigned int *len) >> { >> + struct xb_req_data *req; >> struct xsd_sockmsg msg; >> void *ret = NULL; >> unsigned int i; >> int err; >> >> + req = kmalloc(sizeof(*req), GFP_NOIO | __GFP_HIGH); >> + if (!req) >> + return ERR_PTR(-ENOMEM); >> + >> + req->vec = iovec; >> + req->num_vecs = num_vecs; >> + req->cb = xs_wake_up; >> + >> msg.tx_id = t.id; >> msg.req_id = 0; > > Is this still needed? You are assigning it in xs_send(). Right. Can be removed. >> +static int xs_reboot_notify(struct notifier_block *nb, >> + unsigned long code, void *unused) >> { >> - struct xs_stored_msg *msg; > > > >> + struct xb_req_data *req; >> + >> + mutex_lock(&xb_write_mutex); >> + list_for_each_entry(req, &xs_reply_list, list) >> + wake_up(&req->wq); >> + list_for_each_entry(req, &xb_write_list, list) >> + wake_up(&req->wq); > > We are waking up waiters here but there is not guarantee that waiting > threads will have a chance to run, is there? You are right. But this isn't the point. We want to avoid blocking a reboot due to some needed thread waiting for xenstore. And this task is being accomplished here. Juergen