The number of slots per page being 511 (i.e. not a power of two) means
that the (32-bit) read and write indexes going beyond 2^32 will likely
disturb operation. The hypervisor side gets I/O req server creation
extended so we can indicate that we're using suitable atomic accesses
where needed, allowing it to atomically canonicalize both pointers when
both have gone through at least one cycle.
The Xen side counterpart (which is not a functional prereq to this
change, albeit a build one) went in already (commit b7007bc6f9).
Signed-off-by: Jan Beulich <jbeul...@suse.com>
---
v2: Adjust description.
--- a/xen-hvm.c
+++ b/xen-hvm.c
@@ -957,19 +957,30 @@ static void handle_ioreq(XenIOState *sta
static int handle_buffered_iopage(XenIOState *state)
{
+ buffered_iopage_t *buf_page = state->buffered_io_page;
buf_ioreq_t *buf_req = NULL;
ioreq_t req;
int qw;
- if (!state->buffered_io_page) {
+ if (!buf_page) {
return 0;
}
memset(&req, 0x00, sizeof(req));
- while (state->buffered_io_page->read_pointer !=
state->buffered_io_page->write_pointer) {
- buf_req = &state->buffered_io_page->buf_ioreq[
- state->buffered_io_page->read_pointer % IOREQ_BUFFER_SLOT_NUM];
+ for (;;) {
+ uint32_t rdptr = buf_page->read_pointer, wrptr;
+
+ xen_rmb();
+ wrptr = buf_page->write_pointer;
+ xen_rmb();
+ if (rdptr != buf_page->read_pointer) {
+ continue;
+ }
+ if (rdptr == wrptr) {
+ break;
+ }
+ buf_req = &buf_page->buf_ioreq[rdptr % IOREQ_BUFFER_SLOT_NUM];
req.size = 1UL << buf_req->size;
req.count = 1;
req.addr = buf_req->addr;
@@ -981,15 +992,14 @@ static int handle_buffered_iopage(XenIOS
req.data_is_ptr = 0;
qw = (req.size == 8);
if (qw) {
- buf_req = &state->buffered_io_page->buf_ioreq[
- (state->buffered_io_page->read_pointer + 1) %
IOREQ_BUFFER_SLOT_NUM];
+ buf_req = &buf_page->buf_ioreq[(rdptr + 1) %
+ IOREQ_BUFFER_SLOT_NUM];
req.data |= ((uint64_t)buf_req->data) << 32;
}
handle_ioreq(state, &req);
- xen_mb();
- state->buffered_io_page->read_pointer += qw ? 2 : 1;
+ atomic_add(&buf_page->read_pointer, qw + 1);
}
return req.count;
--- unstable.orig/qemu/upstream/include/hw/xen/xen_common.h 2015-03-31
15:58:04.000000000 +0200
+++ unstable/qemu/upstream/include/hw/xen/xen_common.h 2015-06-15
08:24:28.000000000 +0200
@@ -370,7 +370,8 @@ static inline void xen_unmap_pcidev(XenX
static inline int xen_create_ioreq_server(XenXC xc, domid_t dom,
ioservid_t *ioservid)
{
- int rc = xc_hvm_create_ioreq_server(xc, dom, 1, ioservid);
+ int rc = xc_hvm_create_ioreq_server(xc, dom, HVM_IOREQSRV_BUFIOREQ_ATOMIC,
+ ioservid);
if (rc == 0) {
trace_xen_ioreq_server_create(*ioservid);
xen/HVM: atomically access pointers in bufioreq handling
The number of slots per page being 511 (i.e. not a power of two) means
that the (32-bit) read and write indexes going beyond 2^32 will likely
disturb operation. The hypervisor side gets I/O req server creation
extended so we can indicate that we're using suitable atomic accesses
where needed, allowing it to atomically canonicalize both pointers when
both have gone through at least one cycle.
The Xen side counterpart (which is not a functional prereq to this
change, albeit a build one) went in already (commit b7007bc6f9).
Signed-off-by: Jan Beulich <jbeul...@suse.com>
---
v2: Adjust description.
--- a/xen-hvm.c
+++ b/xen-hvm.c
@@ -957,19 +957,30 @@ static void handle_ioreq(XenIOState *sta
static int handle_buffered_iopage(XenIOState *state)
{
+ buffered_iopage_t *buf_page = state->buffered_io_page;
buf_ioreq_t *buf_req = NULL;
ioreq_t req;
int qw;
- if (!state->buffered_io_page) {
+ if (!buf_page) {
return 0;
}
memset(&req, 0x00, sizeof(req));
- while (state->buffered_io_page->read_pointer !=
state->buffered_io_page->write_pointer) {
- buf_req = &state->buffered_io_page->buf_ioreq[
- state->buffered_io_page->read_pointer % IOREQ_BUFFER_SLOT_NUM];
+ for (;;) {
+ uint32_t rdptr = buf_page->read_pointer, wrptr;
+
+ xen_rmb();
+ wrptr = buf_page->write_pointer;
+ xen_rmb();
+ if (rdptr != buf_page->read_pointer) {
+ continue;
+ }
+ if (rdptr == wrptr) {
+ break;
+ }
+ buf_req = &buf_page->buf_ioreq[rdptr % IOREQ_BUFFER_SLOT_NUM];
req.size = 1UL << buf_req->size;
req.count = 1;
req.addr = buf_req->addr;
@@ -981,15 +992,14 @@ static int handle_buffered_iopage(XenIOS
req.data_is_ptr = 0;
qw = (req.size == 8);
if (qw) {
- buf_req = &state->buffered_io_page->buf_ioreq[
- (state->buffered_io_page->read_pointer + 1) %
IOREQ_BUFFER_SLOT_NUM];
+ buf_req = &buf_page->buf_ioreq[(rdptr + 1) %
+ IOREQ_BUFFER_SLOT_NUM];
req.data |= ((uint64_t)buf_req->data) << 32;
}
handle_ioreq(state, &req);
- xen_mb();
- state->buffered_io_page->read_pointer += qw ? 2 : 1;
+ atomic_add(&buf_page->read_pointer, qw + 1);
}
return req.count;
--- unstable.orig/qemu/upstream/include/hw/xen/xen_common.h 2015-03-31
15:58:04.000000000 +0200
+++ unstable/qemu/upstream/include/hw/xen/xen_common.h 2015-06-15
08:24:28.000000000 +0200
@@ -370,7 +370,8 @@ static inline void xen_unmap_pcidev(XenX
static inline int xen_create_ioreq_server(XenXC xc, domid_t dom,
ioservid_t *ioservid)
{
- int rc = xc_hvm_create_ioreq_server(xc, dom, 1, ioservid);
+ int rc = xc_hvm_create_ioreq_server(xc, dom, HVM_IOREQSRV_BUFIOREQ_ATOMIC,
+ ioservid);
if (rc == 0) {
trace_xen_ioreq_server_create(*ioservid);
