On 03.05.2024 09:45, Jens Wiklander wrote: > Hi Xen maintainers, > > In my patch series [XEN PATCH v4 0/5] FF-A notifications [1] I need to > get a reference to a domain struct from a domain ID and keep it from > being destroyed while using it in the interrupt handler > notif_irq_handler() (introduced in the last patch "[XEN PATCH v4 5/5] > xen/arm: ffa: support notification"). In my previous patch set [2] I > used get_domain_by_id(), but from the following discussion > rcu_lock_live_remote_domain_by_id() seems to be a better choice so > that's what I'm using now in the v4 patch set. The domain lock is held > during a call to vgic_inject_irq() and unlocked right after. > > While we're reviewing the patch set in [1] I'd like to check the > approach with rcu_lock_live_remote_domain_by_id() here. > > What do you think? Is using rcu_lock_live_remote_domain_by_id() the > best approach?
Is it guaranteed that the IRQ handler won't ever run in the context of a vCPU belonging to the domain in question? If not, why the "remote" form of the function? Furthermore, is it guaranteed that the IRQ handler won't interrupt code fiddling with the domain list? I don't think it is, since domlist_update_lock isn't acquired in an IRQ-safe manner. Looks like you need to defer the operation on the domain until softirq or tasklet context. Jan > [1] > https://patchew.org/Xen/20240502145645.1201613-1-jens.wiklan...@linaro.org/ > [2] > https://patchew.org/Xen/20240426084723.4149648-1-jens.wiklan...@linaro.org/ > > Thanks, > Jens
