On Mon, Jun 22, 2009 at 08:13:48AM -0400, Gregory Haskins wrote: > >> + * notification when the memory has been touched. > >> + * -------------------------------------------------------------------- > >> + */ > >> + > >> +/* > >> + * Design note: We create one PIO/MMIO device (iosignalfd_group) which > >> + * aggregates one or more iosignalfd_items. Each item points to exactly one ^^ ^^ > >> + * eventfd, and can be registered to trigger on any write to the group > >> + * (wildcard), or to a write of a specific value. If more than one item is to ^^ > >> + * be supported, the addr/len ranges must all be identical in the group. If a ^^ > >> + * trigger value is to be supported on a particular item, the group range must > >> + * be exactly the width of the trigger. > >> > > > > Some duplicate spaces in the text above, apparently at random places. > > > > > > -ENOPARSE ;) > > Can you elaborate? Marked with ^^ > > >> + */ > >> + > >> +struct _iosignalfd_item { > >> + struct list_head list; > >> + struct file *file; > >> + u64 match; > >> + struct rcu_head rcu; > >> + int wildcard:1; > >> +}; > >> + > >> +struct _iosignalfd_group { > >> + struct list_head list; > >> + u64 addr; > >> + size_t length; > >> + size_t count; > >> + struct list_head items; > >> + struct kvm_io_device dev; > >> + struct rcu_head rcu; > >> +}; > >> + > >> +static inline struct _iosignalfd_group * > >> +to_group(struct kvm_io_device *dev) > >> +{ > >> + return container_of(dev, struct _iosignalfd_group, dev); > >> +} > >> + > >> +static void > >> +iosignalfd_item_free(struct _iosignalfd_item *item) > >> +{ > >> + fput(item->file); > >> + kfree(item); > >> +} > >> + > >> +static void > >> +iosignalfd_item_deferred_free(struct rcu_head *rhp) > >> +{ > >> + struct _iosignalfd_item *item; > >> + > >> + item = container_of(rhp, struct _iosignalfd_item, rcu); > >> + > >> + iosignalfd_item_free(item); > >> +} > >> + > >> +static void > >> +iosignalfd_group_deferred_free(struct rcu_head *rhp) > >> +{ > >> + struct _iosignalfd_group *group; > >> + > >> + group = container_of(rhp, struct _iosignalfd_group, rcu); > >> + > >> + kfree(group); > >> +} > >> + > >> +static int > >> +iosignalfd_group_in_range(struct kvm_io_device *this, gpa_t addr, int len, > >> + int is_write) > >> +{ > >> + struct _iosignalfd_group *p = to_group(this); > >> + > >> + return ((addr >= p->addr && (addr < p->addr + p->length))); > >> +} > >> > > > > What does this test? len is ignored ... > > > > > Yeah, I was following precedent with other IO devices. However, this > *is* sloppy, I agree. Will fix. > > >> + > >> +static int > >> > > > > This seems to be returning bool ... > > > > Ack > > > >> +iosignalfd_is_match(struct _iosignalfd_group *group, > >> + struct _iosignalfd_item *item, > >> + const void *val, > >> + int len) > >> +{ > >> + u64 _val; > >> + > >> + if (len != group->length) > >> + /* mis-matched length is always a miss */ > >> + return false; > >> > > > > Why is that? what if there's 8 byte write which covers > > a 4 byte group? > > > > v7 and earlier used to allow that for wildcards, actually. It of > course would never make sense to allow mis-matched writes for > non-wildcards, since the idea is to match the value exactly. However, > the feedback I got from Avi was that we should make the wildcard vs > non-wildcard access symmetrical and ensure they both conform to the size. > > > >> + > >> + if (item->wildcard) > >> + /* wildcard is always a hit */ > >> + return true; > >> + > >> + /* otherwise, we have to actually compare the data */ > >> + > >> + if (!IS_ALIGNED((unsigned long)val, len)) > >> + /* protect against this request causing a SIGBUS */ > >> + return false; > >> > > > > Could you explain what this does please? > > > Sure: item->match is a fixed u64 to represent all group->length > values. So it might have a 1, 2, 4, or 8 byte value in it. When I > write arrives, we need to cast the data-register (in this case > represented by (void*)val) into a u64 so the equality check (see [A], > below) can be done. However, you can't cast an unaligned pointer, or it > will SIGBUS on many (most?) architectures. I mean guest access. Does it have to be aligned? You could memcpy the value... > > I thought misaligned accesses are allowed. > > > If thats true, we are in trouble ;) I think it works at least on x86: http://en.wikipedia.org/wiki/Packed#x86_and_x86-64 > > > >> + > >> + switch (len) { > >> + case 1: > >> + _val = *(u8 *)val; > >> + break; > >> + case 2: > >> + _val = *(u16 *)val; > >> + break; > >> + case 4: > >> + _val = *(u32 *)val; > >> + break; > >> + case 8: > >> + _val = *(u64 *)val; > >> + break; > >> + default: > >> + return false; > >> + } > >> > > > > So legal values for len are 1,2,4 and 8? > > Might be a good idea to document this. > > > > > Ack > > >> + > >> + return _val == item->match; > >> > > [A] > > >> +} > >> + > >> +/* > >> + * MMIO/PIO writes trigger an event (if the data matches). > >> + * > >> + * This is invoked by the io_bus subsystem in response to an address match > >> + * against the group. We must then walk the list of individual items to check > >> + * for a match and, if applicable, to send the appropriate signal. If the item > >> + * in question does not have a "match" pointer, it is considered a wildcard > >> + * and will always generate a signal. There can be an arbitrary number > >> + * of distinct matches or wildcards per group. > >> + */ > >> +static void > >> +iosignalfd_group_write(struct kvm_io_device *this, gpa_t addr, int len, > >> + const void *val) > >> +{ > >> + struct _iosignalfd_group *group = to_group(this); > >> + struct _iosignalfd_item *item; > >> + > >> + rcu_read_lock(); > >> + > >> + list_for_each_entry_rcu(item, &group->items, list) { > >> + if (iosignalfd_is_match(group, item, val, len)) > >> + eventfd_signal(item->file, 1); > >> + } > >> + > >> + rcu_read_unlock(); > >> +} > >> + > >> +/* > >> + * MMIO/PIO reads against the group indiscriminately return all zeros > >> + */ > >> > > > > Does it have to be so? It would be better to bounce reads to > > userspace... > > > > > Good idea. I can set is_write = false and I should never get this > function called. > > >> +static void > >> +iosignalfd_group_read(struct kvm_io_device *this, gpa_t addr, int len, > >> + void *val) > >> +{ > >> + memset(val, 0, len); > >> +} > >> + > >> +/* > >> + * This function is called as KVM is completely shutting down. We do not > >> + * need to worry about locking or careful RCU dancing...just nuke anything > >> + * we have as quickly as possible > >> + */ > >> +static void > >> +iosignalfd_group_destructor(struct kvm_io_device *this) > >> +{ > >> + struct _iosignalfd_group *group = to_group(this); > >> + struct _iosignalfd_item *item, *tmp; > >> + > >> + list_for_each_entry_safe(item, tmp, &group->items, list) { > >> + list_del(&item->list); > >> + iosignalfd_item_free(item); > >> + } > >> + > >> + list_del(&group->list); > >> + kfree(group); > >> +} > >> + > >> +static const struct kvm_io_device_ops iosignalfd_ops = { > >> + .read = iosignalfd_group_read, > >> + .write = iosignalfd_group_write, > >> + .in_range = iosignalfd_group_in_range, > >> + .destructor = iosignalfd_group_destructor, > >> +}; > >> + > >> +/* assumes kvm->lock held */ > >> +static struct _iosignalfd_group * > >> +iosignalfd_group_find(struct kvm *kvm, u64 addr) > >> +{ > >> + struct _iosignalfd_group *group; > >> + > >> + list_for_each_entry(group, &kvm->iosignalfds, list) { > >> > > > > {} not needed here > > > > Ack > > > >> + if (group->addr == addr) > >> + return group; > >> + } > >> + > >> + return NULL; > >> +} > >> + > >> +/* assumes kvm->lock is held */ > >> +static struct _iosignalfd_group * > >> +iosignalfd_group_create(struct kvm *kvm, struct kvm_io_bus *bus, > >> + u64 addr, size_t len) > >> +{ > >> + struct _iosignalfd_group *group; > >> + int ret; > >> + > >> + group = kzalloc(sizeof(*group), GFP_KERNEL); > >> + if (!group) > >> + return ERR_PTR(-ENOMEM); > >> + > >> + INIT_LIST_HEAD(&group->list); > >> + INIT_LIST_HEAD(&group->items); > >> + group->addr = addr; > >> + group->length = len; > >> + kvm_iodevice_init(&group->dev, &iosignalfd_ops); > >> + > >> + ret = kvm_io_bus_register_dev(kvm, bus, &group->dev); > >> + if (ret < 0) { > >> + kfree(group); > >> + return ERR_PTR(ret); > >> + } > >> + > >> + list_add_tail(&group->list, &kvm->iosignalfds); > >> + > >> + return group; > >> +} > >> + > >> +static int > >> +kvm_assign_iosignalfd(struct kvm *kvm, struct kvm_iosignalfd *args) > >> +{ > >> + int pio = args->flags & KVM_IOSIGNALFD_FLAG_PIO; > >> + struct kvm_io_bus *bus = pio ? &kvm->pio_bus : &kvm->mmio_bus; > >> + struct _iosignalfd_group *group = NULL; > >> > > > > why does group need to be initialized? > > > > > >> + struct _iosignalfd_item *item = NULL; > >> > > > > Why does item need to be initialized? > > > > > > Probably leftover from versions prior to v8. Will fix. > > >> + struct file *file; > >> + int ret; > >> + > >> + if (args->len > sizeof(u64)) > >> > > > > Is e.g. value 3 legal? > > > > Ack. Will check against legal values. > > > > >> + return -EINVAL; > >> > > > > > >> + > >> + file = eventfd_fget(args->fd); > >> + if (IS_ERR(file)) > >> + return PTR_ERR(file); > >> + > >> + item = kzalloc(sizeof(*item), GFP_KERNEL); > >> + if (!item) { > >> + ret = -ENOMEM; > >> + goto fail; > >> + } > >> + > >> + INIT_LIST_HEAD(&item->list); > >> + item->file = file; > >> + > >> + /* > >> + * A trigger address is optional, otherwise this is a wildcard > >> + */ > >> + if (args->flags & KVM_IOSIGNALFD_FLAG_TRIGGER) > >> + item->match = args->trigger; > >> + else > >> + item->wildcard = true; > >> + > >> + mutex_lock(&kvm->lock); > >> + > >> + /* > >> + * Put an upper limit on the number of items we support > >> + */ > >> > > > > Groups and items, actually, right? > > > > > > Yeah, though technically that is implicit when you say "items", since > each group always has at least one item. I will try to make this > clearer, though. > > >> + if (kvm->io_device_count >= CONFIG_KVM_MAX_IO_DEVICES) { > >> + ret = -ENOSPC; > >> + goto unlock_fail; > >> + } > >> + > >> + group = iosignalfd_group_find(kvm, args->addr); > >> + if (!group) { > >> + > >> + group = iosignalfd_group_create(kvm, bus, > >> + args->addr, args->len); > >> + if (IS_ERR(group)) { > >> + ret = PTR_ERR(group); > >> + goto unlock_fail; > >> + } > >> + > >> + /* > >> + * Note: We do not increment io_device_count for the first item, > >> + * as this is represented by the group device that we just > >> + * registered. Make sure we handle this properly when we > >> + * deassign the last item > >> + */ > >> + } else { > >> + > >> + if (group->length != args->len) { > >> + /* > >> + * Existing groups must have the same addr/len tuple > >> + * or we reject the request > >> + */ > >> + ret = -EINVAL; > >> + goto unlock_fail; > >> > > > > Most errors seem to trigger EINVAL. Applications will be > > easier to debug if different errors are returned on > > different mistakes. > > Yeah, agreed. Will try to differentiate some errors here. > > > E.g. here EBUSY might be good. And same > > in other places. > > > > > > Actually, I think EBUSY is supposed to be a transitory error, and would > not be appropriate to use here. That said, your point is taken: Find > more appropriate and descriptive errors. > > >> + } > >> + > >> + kvm->io_device_count++; > >> + } > >> + > >> + /* > >> + * Note: We are committed to succeed at this point since we have > >> + * (potentially) published a new group-device. Any failure handling > >> + * added in the future after this point will need to be carefully > >> + * considered. > >> + */ > >> + > >> + list_add_tail_rcu(&item->list, &group->items); > >> + group->count++; > >> + > >> + mutex_unlock(&kvm->lock); > >> + > >> + return 0; > >> + > >> +unlock_fail: > >> + mutex_unlock(&kvm->lock); > >> +fail: > >> + if (item) > >> + /* > >> + * it would have never made it to the group->items list > >> + * in the failure path, so we dont need to worry about removing > >> + * it > >> + */ > >> + kfree(item); > >> + > >> + fput(file); > >> + > >> + return ret; > >> +} > >> + > >> + > >> +static int > >> +kvm_deassign_iosignalfd(struct kvm *kvm, struct kvm_iosignalfd *args) > >> +{ > >> + int pio = args->flags & KVM_IOSIGNALFD_FLAG_PIO; > >> + struct kvm_io_bus *bus = pio ? &kvm->pio_bus : &kvm->mmio_bus; > >> + struct _iosignalfd_group *group; > >> + struct _iosignalfd_item *item, *tmp; > >> + struct file *file; > >> + int ret = 0; > >> + > >> + file = eventfd_fget(args->fd); > >> + if (IS_ERR(file)) > >> + return PTR_ERR(file); > >> + > >> + mutex_lock(&kvm->lock); > >> + > >> + group = iosignalfd_group_find(kvm, args->addr); > >> + if (!group) { > >> + ret = -EINVAL; > >> + goto out; > >> + } > >> + > >> + /* > >> + * Exhaustively search our group->items list for any items that might > >> + * match the specified fd, and (carefully) remove each one found. > >> + */ > >> + list_for_each_entry_safe(item, tmp, &group->items, list) { > >> + > >> + if (item->file != file) > >> + continue; > >> + > >> + list_del_rcu(&item->list); > >> + group->count--; > >> + if (group->count) > >> + /* > >> + * We only decrement the global count if this is *not* > >> + * the last item. The last item will be accounted for > >> + * by the io_bus_unregister > >> + */ > >> + kvm->io_device_count--; > >> + > >> + /* > >> + * The item may be still referenced inside our group->write() > >> + * path's RCU read-side CS, so defer the actual free to the > >> + * next grace > >> + */ > >> + call_rcu(&item->rcu, iosignalfd_item_deferred_free); > >> + } > >> + > >> + /* > >> + * Check if the group is now completely vacated as a result of > >> + * removing the items. If so, unregister/delete it > >> + */ > >> + if (!group->count) { > >> + > >> + kvm_io_bus_unregister_dev(kvm, bus, &group->dev); > >> + > >> + /* > >> + * Like the item, the group may also still be referenced as > >> + * per above. However, the kvm->iosignalfds list is not > >> + * RCU protected (its protected by kvm->lock instead) so > >> + * we can just plain-vanilla remove it. What needs to be > >> + * done carefully is the actual freeing of the group pointer > >> + * since we walk the group->items list within the RCU CS. > >> + */ > >> + list_del(&group->list); > >> + call_rcu(&group->rcu, iosignalfd_group_deferred_free); > >> > > > > This is a deferred call, is it not, with no guarantee on when it will > > run? If correct I think synchronize_rcu might be better here: > > - can the module go away while iosignalfd_group_deferred_free is > > running? > > > > Good catch. Once I go this route it will be easy to use SRCU instead of > RCU, too. So I will fix this up. > > > > - can eventfd be signalled *after* ioctl exits? If yes > > this might confuse applications if they use the eventfd > > for something else. > > > > Not by iosignalfd. Once this function completes, we synchronously > guarantee that no more IO activity will generate an event on the > affected eventfds. Of course, this has no bearing on whether some other > producer wont signal, but that is beyond the scope of iosignalfd. > > > >> + } > >> + > >> +out: > >> + mutex_unlock(&kvm->lock); > >> + > >> + fput(file); > >> + > >> + return ret; > >> +} > >> + > >> +int > >> +kvm_iosignalfd(struct kvm *kvm, struct kvm_iosignalfd *args) > >> +{ > >> + if (args->flags & KVM_IOSIGNALFD_FLAG_DEASSIGN) > >> + return kvm_deassign_iosignalfd(kvm, args); > >> + > >> + return kvm_assign_iosignalfd(kvm, args); > >> +} > >> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c > >> index 42cbea7..e6495d4 100644 > >> --- a/virt/kvm/kvm_main.c > >> +++ b/virt/kvm/kvm_main.c > >> @@ -971,7 +971,7 @@ static struct kvm *kvm_create_vm(void) > >> atomic_inc(&kvm->mm->mm_count); > >> spin_lock_init(&kvm->mmu_lock); > >> kvm_io_bus_init(&kvm->pio_bus); > >> - kvm_irqfd_init(kvm); > >> + kvm_eventfd_init(kvm); > >> mutex_init(&kvm->lock); > >> mutex_init(&kvm->irq_lock); > >> kvm_io_bus_init(&kvm->mmio_bus); > >> @@ -2227,6 +2227,15 @@ static long kvm_vm_ioctl(struct file *filp, > >> r = kvm_irqfd(kvm, data.fd, data.gsi, data.flags); > >> break; > >> } > >> + case KVM_IOSIGNALFD: { > >> + struct kvm_iosignalfd data; > >> + > >> + r = -EFAULT; > >> + if (copy_from_user(&data, argp, sizeof data)) > >> + goto out; > >> + r = kvm_iosignalfd(kvm, &data); > >> + break; > >> + } > >> #ifdef CONFIG_KVM_APIC_ARCHITECTURE > >> case KVM_SET_BOOT_CPU_ID: > >> r = 0; > >> > >> -- > >> To unsubscribe from this list: send the line "unsubscribe kvm" in > >> the body of a message to majordomo@xxxxxxxxxxxxxxx > >> More majordomo info at http://vger.kernel.org/majordomo-info.html > >> > > Thanks Michael, > -Greg > > -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html