Re: [PATCH v5 2/7] vfio/type1: Check reserve region conflict and update iova list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 21 Mar 2018 03:30:29 +0000
"Tian, Kevin" <kevin.tian@xxxxxxxxx> wrote:

> > From: Alex Williamson [mailto:alex.williamson@xxxxxxxxxx]
> > Sent: Wednesday, March 21, 2018 6:38 AM
> > 
> > On Mon, 19 Mar 2018 07:51:58 +0000
> > "Tian, Kevin" <kevin.tian@xxxxxxxxx> wrote:
> >   
> > > > From: Shameer Kolothum
> > > > Sent: Friday, March 16, 2018 12:35 AM
> > > >
> > > > This retrieves the reserved regions associated with dev group and
> > > > checks for conflicts with any existing dma mappings. Also update
> > > > the iova list excluding the reserved regions.
> > > >
> > > > Signed-off-by: Shameer Kolothum
> > > > <shameerali.kolothum.thodi@xxxxxxxxxx>
> > > > ---
> > > >  drivers/vfio/vfio_iommu_type1.c | 90
> > > > +++++++++++++++++++++++++++++++++++++++++
> > > >  1 file changed, 90 insertions(+)
> > > >
> > > > diff --git a/drivers/vfio/vfio_iommu_type1.c
> > > > b/drivers/vfio/vfio_iommu_type1.c
> > > > index 1123c74..cfe2bb2 100644
> > > > --- a/drivers/vfio/vfio_iommu_type1.c
> > > > +++ b/drivers/vfio/vfio_iommu_type1.c
> > > > @@ -1313,6 +1313,82 @@ static int vfio_iommu_aper_resize(struct
> > > > list_head *iova,
> > > >  	return 0;
> > > >  }
> > > >
> > > > +/*
> > > > + * Check reserved region conflicts with existing dma mappings
> > > > + */
> > > > +static bool vfio_iommu_resv_conflict(struct vfio_iommu *iommu,
> > > > +				struct list_head *resv_regions)
> > > > +{
> > > > +	struct iommu_resv_region *region;
> > > > +
> > > > +	/* Check for conflict with existing dma mappings */
> > > > +	list_for_each_entry(region, resv_regions, list) {
> > > > +		if (vfio_find_dma(iommu, region->start, region->length))
> > > > +			return true;
> > > > +	}
> > > > +
> > > > +	return false;
> > > > +}
> > > > +
> > > > +/*
> > > > + * Check iova region overlap with  reserved regions and
> > > > + * exclude them from the iommu iova range
> > > > + */
> > > > +static int vfio_iommu_resv_exclude(struct list_head *iova,
> > > > +					struct list_head *resv_regions)
> > > > +{
> > > > +	struct iommu_resv_region *resv;
> > > > +	struct vfio_iova *n, *next;
> > > > +
> > > > +	list_for_each_entry(resv, resv_regions, list) {
> > > > +		phys_addr_t start, end;
> > > > +
> > > > +		start = resv->start;
> > > > +		end = resv->start + resv->length - 1;
> > > > +
> > > > +		list_for_each_entry_safe(n, next, iova, list) {
> > > > +			int ret = 0;
> > > > +
> > > > +			/* No overlap */
> > > > +			if ((start > n->end) || (end < n->start))
> > > > +				continue;
> > > > +			/*
> > > > +			 * Insert a new node if current node overlaps with
> > > > the
> > > > +			 * reserve region to exlude that from valid iova
> > > > range.
> > > > +			 * Note that, new node is inserted before the
> > > > current
> > > > +			 * node and finally the current node is deleted
> > > > keeping
> > > > +			 * the list updated and sorted.
> > > > +			 */
> > > > +			if (start > n->start)
> > > > +				ret = vfio_iommu_iova_insert(&n->list,
> > > > +							n->start, start - 1);
> > > > +			if (!ret && end < n->end)
> > > > +				ret = vfio_iommu_iova_insert(&n->list,
> > > > +							end + 1, n->end);
> > > > +			if (ret)
> > > > +				return ret;  
> > >
> > > Is it safer to delete the 1st node here in case of failure of the 2nd node?
> > > There is no problem with current logic since upon error iova_copy will
> > > be released anyway. However this function alone doesn't assume the
> > > fact of a temporary list, thus it's better to keep the list clean w/o garbage
> > > left from any error handling.  
> > 
> > I don't think the proposal makes the list notably more sane on failure
> > than we have here.  If the function returns an error and the list is
> > modified in any way, how can the caller recover?  We're operating on a
> > principle of modify a copy and throw it away on error, the only
> > function level solution to the problem you're noting is to make each
> > function generate a working copy, which is clearly inefficient.  This
> > is a static function, not intended for general use, so I think a
> > sufficient approach to address your concern is to simply note the error
> > behavior in the comment above the function, the list is in an
> > unknown/inconsistent state on error.  Thanks,
> >   
> 
> 'static' doesn't mean it cannot be used for general purpose in the same
> file.

Obviously this is true, but expecting robust error handling, as might
be found in an exported general purpose function, from a static
specific purpose helper, is a bit absurd.  The strategy is therefore,
a) can we make it more general purpose without compromising the intent
of the function; probably not without adding overhead of using a local
copy of the list, b) can we modify the API, function name, arg names,
etc to make the behavior more intuitive; maybe, c) Can we at least add
a comment to make the potentially non-intuitive behavior obvious; of
course.  Thanks,

Alex



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux