Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp4122326ybl;
        Mon, 9 Dec 2019 05:56:50 -0800 (PST)
X-Google-Smtp-Source: APXvYqzk5iHTri2Etxpjzi4Q3B/DE68bV/TsS976ePlM9SvhPoAqxCufR4kmPvVm57vGOUNhC9+H
X-Received: by 2002:aca:1c0d:: with SMTP id c13mr22914090oic.44.1575899810805;
        Mon, 09 Dec 2019 05:56:50 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1575899810; cv=none;
        d=google.com; s=arc-20160816;
        b=JOHDE6L/HkQnTSuEJDZeTi5E7NdQOIxHluAWFkWmuqqBfNuLVGine/zxgntAFeHC/+
         X6/KUsHfdKH9MuUeaiokuIn4QvEfDWIiwvg1xtRqtx8LPSG7lTwFnz4C7wVV2pj7pD7C
         ZWhQaJwAyNFqEgCyP33rPCLWHG9nrLp7MXv0AeyNcFpZV2meNEl2/SAyWd1Rec4ltQDA
         v7ZLxOf5no9bOqkJYH904j3N5FFQPQwzmm55/d4OdT5dAktjUCgMCFq5UoZVm7rgoduX
         dxSKZQXbMeUcDEl7U/tT1riekLXHEpGUm0DrmZms6vEILB6Jx3ViTBDCEBdrYvA/luIJ
         Rysw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject;
        bh=cvktvFXX05OCeStPh3nPkNt/KhVtK3YanWFs6unPMf8=;
        b=mhAuuXS7hlZ7n8ENKDWs4YSpxd5ACipceg/dXkQ98uGyTarK8X/6V+Nt/XPSglurhd
         G29WWR0mG9g5tq/3oewSW1RP5T5uMeSU8Tgm42HvvnUtNnChatzCEVpBl4b1QWafCexb
         OgxYR8Kh417RMy0MbddThMuUaaNH7vJtwqg7YGPaMNnUoPBoivXHeIZFZ6En/aM1W79i
         A1tdmnBWsE4njM0Z/5S5NMJWcRwBLNDHRKFDb73tiCtFxWeRvLzhnCZYCSOVpaYgwrRB
         Q3TmqnnGh/PXOgM4TY8AocRUDKBCg3GukYsb3hKCJ2OnS+LCCyOvWr4NfRFf2PkjL46i
         ayOg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q126si11629574oia.8.2019.12.09.05.56.38;
        Mon, 09 Dec 2019 05:56:50 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727571AbfLINzX (ORCPT <rfc822;dexuan.linux@gmail.com>
        + 99 others); Mon, 9 Dec 2019 08:55:23 -0500
Received: from mx2.suse.de ([195.135.220.15]:59704 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1727268AbfLINzX (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 9 Dec 2019 08:55:23 -0500
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id B3B57AC3F;
        Mon,  9 Dec 2019 13:55:20 +0000 (UTC)
Subject: Re: [PATCH 3/4] xen/interface: don't discard pending work in
 FRONT/BACK_RING_ATTACH
To:     Paul Durrant <pdurrant@amazon.com>, linux-kernel@vger.kernel.org,
        xen-devel@lists.xenproject.org
Cc:     Boris Ostrovsky <boris.ostrovsky@oracle.com>,
        Stefano Stabellini <sstabellini@kernel.org>
References: <20191205140123.3817-1-pdurrant@amazon.com>
 <20191205140123.3817-4-pdurrant@amazon.com>
From:   =?UTF-8?B?SsO8cmdlbiBHcm/Dnw==?= <jgross@suse.com>
Message-ID: <8a42e7a2-e1aa-69ff-32a4-f43cc5df10d9@suse.com>
Date:   Mon, 9 Dec 2019 14:55:19 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.2.1
MIME-Version: 1.0
In-Reply-To: <20191205140123.3817-4-pdurrant@amazon.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 05.12.19 15:01, Paul Durrant wrote:
> Currently these macros will skip over any requests/responses that are
> added to the shared ring whilst it is detached. This, in general, is not
> a desirable semantic since most frontend implementations will eventually
> block waiting for a response which would either never appear or never be
> processed.
> 
> NOTE: These macros are currently unused. BACK_RING_ATTACH(), however, will
>        be used in a subsequent patch.
> 
> Signed-off-by: Paul Durrant <pdurrant@amazon.com>
> ---
> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
> Cc: Juergen Gross <jgross@suse.com>
> Cc: Stefano Stabellini <sstabellini@kernel.org>
> ---
>   include/xen/interface/io/ring.h | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/include/xen/interface/io/ring.h b/include/xen/interface/io/ring.h
> index 3f40501fc60b..405adfed87e6 100644
> --- a/include/xen/interface/io/ring.h
> +++ b/include/xen/interface/io/ring.h
> @@ -143,14 +143,14 @@ struct __name##_back_ring {						\
>   #define FRONT_RING_ATTACH(_r, _s, __size) do {				\
>       (_r)->sring = (_s);							\
>       (_r)->req_prod_pvt = (_s)->req_prod;				\
> -    (_r)->rsp_cons = (_s)->rsp_prod;					\
> +    (_r)->rsp_cons = (_s)->req_prod;					\
>       (_r)->nr_ents = __RING_SIZE(_s, __size);				\
>   } while (0)
>   
>   #define BACK_RING_ATTACH(_r, _s, __size) do {				\
>       (_r)->sring = (_s);							\
>       (_r)->rsp_prod_pvt = (_s)->rsp_prod;				\
> -    (_r)->req_cons = (_s)->req_prod;					\
> +    (_r)->req_cons = (_s)->rsp_prod;					\
>       (_r)->nr_ents = __RING_SIZE(_s, __size);				\
>   } while (0)

Lets look at all possible scenarios where BACK_RING_ATTACH()
might happen:

Initially (after [FRONT|BACK]_RING_INIT(), leaving _pvt away):
req_prod=0, rsp_cons=0, rsp_prod=0, req_cons=0
Using BACK_RING_ATTACH() is fine (no change)

Request queued:
req_prod=1, rsp_cons=0, rsp_prod=0, req_cons=0
Using BACK_RING_ATTACH() is fine (no change)

and taken by backend:
req_prod=1, rsp_cons=0, rsp_prod=0, req_cons=1
Using BACK_RING_ATTACH() is resetting req_cons to 0, will result
in redoing request (for blk this is fine, other devices like SCSI
tapes will have issues with that). One possible solution would be
to ensure all taken requests are either stopped or the response
is queued already.

Response queued:
req_prod=1, rsp_cons=0, rsp_prod=1, req_cons=1
Using BACK_RING_ATTACH() is fine (no change)

Response taken:
req_prod=1, rsp_cons=1, rsp_prod=1, req_cons=1
Using BACK_RING_ATTACH() is fine (no change)

In general I believe the [FRONT|BACK]_RING_ATTACH() macros are not
fine to be used in the current state, as the *_pvt fields normally not
accessible by the other end are initialized using the (possibly
untrusted) values from the shared ring. There needs at least to be a
test for the values to be sane, and your change should not result in the
same value to be read twice, as it could have changed in between.

As this is an error which can happen in other OS's, too, I'd recommend
to add the adapted macros (plus a comment regarding the possible
problem noted above for special devices like tapes) to the Xen variant
of ring.h.


Juergen