2011-03-15 08:06:18 +08:00
|
|
|
/*
|
|
|
|
* Network-device interface management.
|
|
|
|
*
|
|
|
|
* Copyright (c) 2004-2005, Keir Fraser
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License version 2
|
|
|
|
* as published by the Free Software Foundation; or, when distributed
|
|
|
|
* separately from the Linux kernel or incorporated into other
|
|
|
|
* software packages, subject to the following license:
|
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
* of this source file (the "Software"), to deal in the Software without
|
|
|
|
* restriction, including without limitation the rights to use, copy, modify,
|
|
|
|
* merge, publish, distribute, sublicense, and/or sell copies of the Software,
|
|
|
|
* and to permit persons to whom the Software is furnished to do so, subject to
|
|
|
|
* the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be included in
|
|
|
|
* all copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
|
|
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
|
|
|
* IN THE SOFTWARE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "common.h"
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
#include <linux/kthread.h>
|
2011-03-15 08:06:18 +08:00
|
|
|
#include <linux/ethtool.h>
|
|
|
|
#include <linux/rtnetlink.h>
|
|
|
|
#include <linux/if_vlan.h>
|
2014-01-05 23:24:01 +08:00
|
|
|
#include <linux/vmalloc.h>
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
#include <xen/events.h>
|
|
|
|
#include <asm/xen/hypercall.h>
|
2014-03-07 05:48:26 +08:00
|
|
|
#include <xen/balloon.h>
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
#define XENVIF_QUEUE_LENGTH 32
|
2013-08-26 19:59:38 +08:00
|
|
|
#define XENVIF_NAPI_WEIGHT 64
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
int xenvif_schedulable(struct xenvif *vif)
|
|
|
|
{
|
|
|
|
return netif_running(vif->dev) && netif_carrier_ok(vif->dev);
|
|
|
|
}
|
|
|
|
|
2013-05-22 14:34:45 +08:00
|
|
|
static irqreturn_t xenvif_tx_interrupt(int irq, void *dev_id)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
struct xenvif *vif = dev_id;
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
if (RING_HAS_UNCONSUMED_REQUESTS(&vif->tx))
|
|
|
|
napi_schedule(&vif->napi);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-05-22 14:34:45 +08:00
|
|
|
return IRQ_HANDLED;
|
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
static int xenvif_poll(struct napi_struct *napi, int budget)
|
|
|
|
{
|
|
|
|
struct xenvif *vif = container_of(napi, struct xenvif, napi);
|
|
|
|
int work_done;
|
|
|
|
|
2014-04-01 19:46:12 +08:00
|
|
|
/* This vif is rogue, we pretend we've there is nothing to do
|
|
|
|
* for this vif to deschedule it from NAPI. But this interface
|
|
|
|
* will be turned off in thread context later.
|
|
|
|
*/
|
|
|
|
if (unlikely(vif->disabled)) {
|
|
|
|
napi_complete(napi);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
work_done = xenvif_tx_action(vif, budget);
|
2013-08-26 19:59:38 +08:00
|
|
|
|
|
|
|
if (work_done < budget) {
|
2014-05-16 19:26:04 +08:00
|
|
|
napi_complete(napi);
|
|
|
|
xenvif_napi_schedule_or_enable_events(vif);
|
2013-08-26 19:59:38 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return work_done;
|
|
|
|
}
|
|
|
|
|
2013-05-22 14:34:45 +08:00
|
|
|
static irqreturn_t xenvif_rx_interrupt(int irq, void *dev_id)
|
|
|
|
{
|
|
|
|
struct xenvif *vif = dev_id;
|
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
xenvif_kick_thread(vif);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
return IRQ_HANDLED;
|
|
|
|
}
|
|
|
|
|
2013-05-22 14:34:45 +08:00
|
|
|
static irqreturn_t xenvif_interrupt(int irq, void *dev_id)
|
|
|
|
{
|
|
|
|
xenvif_tx_interrupt(irq, dev_id);
|
|
|
|
xenvif_rx_interrupt(irq, dev_id);
|
|
|
|
|
|
|
|
return IRQ_HANDLED;
|
|
|
|
}
|
|
|
|
|
2014-03-07 05:48:30 +08:00
|
|
|
static void xenvif_wake_queue(unsigned long data)
|
|
|
|
{
|
|
|
|
struct xenvif *vif = (struct xenvif *)data;
|
|
|
|
|
|
|
|
if (netif_queue_stopped(vif->dev)) {
|
|
|
|
netdev_err(vif->dev, "draining TX queue\n");
|
|
|
|
vif->rx_queue_purge = true;
|
|
|
|
xenvif_kick_thread(vif);
|
|
|
|
netif_wake_queue(vif->dev);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
static int xenvif_start_xmit(struct sk_buff *skb, struct net_device *dev)
|
|
|
|
{
|
|
|
|
struct xenvif *vif = netdev_priv(dev);
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
int min_slots_needed;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
BUG_ON(skb->dev != dev);
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
/* Drop the packet if vif is not ready */
|
2014-03-07 05:48:26 +08:00
|
|
|
if (vif->task == NULL ||
|
|
|
|
vif->dealloc_task == NULL ||
|
|
|
|
!xenvif_schedulable(vif))
|
2011-03-15 08:06:18 +08:00
|
|
|
goto drop;
|
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
/* At best we'll need one slot for the header and one for each
|
|
|
|
* frag.
|
|
|
|
*/
|
|
|
|
min_slots_needed = 1 + skb_shinfo(skb)->nr_frags;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
/* If the skb is GSO then we'll also need an extra slot for the
|
|
|
|
* metadata.
|
|
|
|
*/
|
2014-03-11 20:45:32 +08:00
|
|
|
if (skb_is_gso(skb))
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
min_slots_needed++;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
/* If the skb can't possibly fit in the remaining slots
|
|
|
|
* then turn off the queue to give the ring a chance to
|
|
|
|
* drain.
|
|
|
|
*/
|
2014-03-07 05:48:30 +08:00
|
|
|
if (!xenvif_rx_ring_slots_available(vif, min_slots_needed)) {
|
|
|
|
vif->wake_queue.function = xenvif_wake_queue;
|
|
|
|
vif->wake_queue.data = (unsigned long)vif;
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
xenvif_stop_queue(vif);
|
2014-03-07 05:48:30 +08:00
|
|
|
mod_timer(&vif->wake_queue,
|
|
|
|
jiffies + rx_drain_timeout_jiffies);
|
|
|
|
}
|
2011-03-15 08:06:18 +08:00
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
skb_queue_tail(&vif->rx_queue, skb);
|
|
|
|
xenvif_kick_thread(vif);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
return NETDEV_TX_OK;
|
|
|
|
|
|
|
|
drop:
|
|
|
|
vif->dev->stats.tx_dropped++;
|
|
|
|
dev_kfree_skb(skb);
|
|
|
|
return NETDEV_TX_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
static struct net_device_stats *xenvif_get_stats(struct net_device *dev)
|
|
|
|
{
|
|
|
|
struct xenvif *vif = netdev_priv(dev);
|
|
|
|
return &vif->dev->stats;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void xenvif_up(struct xenvif *vif)
|
|
|
|
{
|
2013-08-26 19:59:38 +08:00
|
|
|
napi_enable(&vif->napi);
|
2013-05-22 14:34:45 +08:00
|
|
|
enable_irq(vif->tx_irq);
|
|
|
|
if (vif->tx_irq != vif->rx_irq)
|
|
|
|
enable_irq(vif->rx_irq);
|
2014-05-16 19:26:04 +08:00
|
|
|
xenvif_napi_schedule_or_enable_events(vif);
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void xenvif_down(struct xenvif *vif)
|
|
|
|
{
|
2013-08-26 19:59:38 +08:00
|
|
|
napi_disable(&vif->napi);
|
2013-05-22 14:34:45 +08:00
|
|
|
disable_irq(vif->tx_irq);
|
|
|
|
if (vif->tx_irq != vif->rx_irq)
|
|
|
|
disable_irq(vif->rx_irq);
|
2013-02-14 11:18:58 +08:00
|
|
|
del_timer_sync(&vif->credit_timeout);
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static int xenvif_open(struct net_device *dev)
|
|
|
|
{
|
|
|
|
struct xenvif *vif = netdev_priv(dev);
|
|
|
|
if (netif_carrier_ok(dev))
|
|
|
|
xenvif_up(vif);
|
|
|
|
netif_start_queue(dev);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int xenvif_close(struct net_device *dev)
|
|
|
|
{
|
|
|
|
struct xenvif *vif = netdev_priv(dev);
|
|
|
|
if (netif_carrier_ok(dev))
|
|
|
|
xenvif_down(vif);
|
|
|
|
netif_stop_queue(dev);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int xenvif_change_mtu(struct net_device *dev, int mtu)
|
|
|
|
{
|
|
|
|
struct xenvif *vif = netdev_priv(dev);
|
|
|
|
int max = vif->can_sg ? 65535 - VLAN_ETH_HLEN : ETH_DATA_LEN;
|
|
|
|
|
|
|
|
if (mtu > max)
|
|
|
|
return -EINVAL;
|
|
|
|
dev->mtu = mtu;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2011-11-15 23:29:55 +08:00
|
|
|
static netdev_features_t xenvif_fix_features(struct net_device *dev,
|
|
|
|
netdev_features_t features)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
struct xenvif *vif = netdev_priv(dev);
|
|
|
|
|
2011-04-19 11:35:06 +08:00
|
|
|
if (!vif->can_sg)
|
|
|
|
features &= ~NETIF_F_SG;
|
2013-10-17 00:50:32 +08:00
|
|
|
if (~(vif->gso_mask | vif->gso_prefix_mask) & GSO_BIT(TCPV4))
|
2011-04-19 11:35:06 +08:00
|
|
|
features &= ~NETIF_F_TSO;
|
2013-10-17 00:50:32 +08:00
|
|
|
if (~(vif->gso_mask | vif->gso_prefix_mask) & GSO_BIT(TCPV6))
|
|
|
|
features &= ~NETIF_F_TSO6;
|
2013-10-17 00:50:28 +08:00
|
|
|
if (!vif->ip_csum)
|
2011-04-19 11:35:06 +08:00
|
|
|
features &= ~NETIF_F_IP_CSUM;
|
2013-10-17 00:50:28 +08:00
|
|
|
if (!vif->ipv6_csum)
|
|
|
|
features &= ~NETIF_F_IPV6_CSUM;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2011-04-19 11:35:06 +08:00
|
|
|
return features;
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static const struct xenvif_stat {
|
|
|
|
char name[ETH_GSTRING_LEN];
|
|
|
|
u16 offset;
|
|
|
|
} xenvif_stats[] = {
|
|
|
|
{
|
|
|
|
"rx_gso_checksum_fixup",
|
|
|
|
offsetof(struct xenvif, rx_gso_checksum_fixup)
|
|
|
|
},
|
2014-03-07 05:48:28 +08:00
|
|
|
/* If (sent != success + fail), there are probably packets never
|
|
|
|
* freed up properly!
|
|
|
|
*/
|
|
|
|
{
|
|
|
|
"tx_zerocopy_sent",
|
|
|
|
offsetof(struct xenvif, tx_zerocopy_sent),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"tx_zerocopy_success",
|
|
|
|
offsetof(struct xenvif, tx_zerocopy_success),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"tx_zerocopy_fail",
|
|
|
|
offsetof(struct xenvif, tx_zerocopy_fail)
|
|
|
|
},
|
2014-03-07 05:48:29 +08:00
|
|
|
/* Number of packets exceeding MAX_SKB_FRAG slots. You should use
|
|
|
|
* a guest with the same MAX_SKB_FRAG
|
|
|
|
*/
|
|
|
|
{
|
|
|
|
"tx_frag_overflow",
|
|
|
|
offsetof(struct xenvif, tx_frag_overflow)
|
|
|
|
},
|
2011-03-15 08:06:18 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
static int xenvif_get_sset_count(struct net_device *dev, int string_set)
|
|
|
|
{
|
|
|
|
switch (string_set) {
|
|
|
|
case ETH_SS_STATS:
|
|
|
|
return ARRAY_SIZE(xenvif_stats);
|
|
|
|
default:
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void xenvif_get_ethtool_stats(struct net_device *dev,
|
|
|
|
struct ethtool_stats *stats, u64 * data)
|
|
|
|
{
|
|
|
|
void *vif = netdev_priv(dev);
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < ARRAY_SIZE(xenvif_stats); i++)
|
|
|
|
data[i] = *(unsigned long *)(vif + xenvif_stats[i].offset);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void xenvif_get_strings(struct net_device *dev, u32 stringset, u8 * data)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
switch (stringset) {
|
|
|
|
case ETH_SS_STATS:
|
|
|
|
for (i = 0; i < ARRAY_SIZE(xenvif_stats); i++)
|
|
|
|
memcpy(data + i * ETH_GSTRING_LEN,
|
|
|
|
xenvif_stats[i].name, ETH_GSTRING_LEN);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-01-04 19:56:58 +08:00
|
|
|
static const struct ethtool_ops xenvif_ethtool_ops = {
|
2011-03-15 08:06:18 +08:00
|
|
|
.get_link = ethtool_op_get_link,
|
|
|
|
|
|
|
|
.get_sset_count = xenvif_get_sset_count,
|
|
|
|
.get_ethtool_stats = xenvif_get_ethtool_stats,
|
|
|
|
.get_strings = xenvif_get_strings,
|
|
|
|
};
|
|
|
|
|
2012-01-04 19:56:58 +08:00
|
|
|
static const struct net_device_ops xenvif_netdev_ops = {
|
2011-03-15 08:06:18 +08:00
|
|
|
.ndo_start_xmit = xenvif_start_xmit,
|
|
|
|
.ndo_get_stats = xenvif_get_stats,
|
|
|
|
.ndo_open = xenvif_open,
|
|
|
|
.ndo_stop = xenvif_close,
|
|
|
|
.ndo_change_mtu = xenvif_change_mtu,
|
2011-04-19 11:35:06 +08:00
|
|
|
.ndo_fix_features = xenvif_fix_features,
|
2013-01-22 16:08:25 +08:00
|
|
|
.ndo_set_mac_address = eth_mac_addr,
|
|
|
|
.ndo_validate_addr = eth_validate_addr,
|
2011-03-15 08:06:18 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
struct xenvif *xenvif_alloc(struct device *parent, domid_t domid,
|
|
|
|
unsigned int handle)
|
|
|
|
{
|
|
|
|
int err;
|
|
|
|
struct net_device *dev;
|
|
|
|
struct xenvif *vif;
|
|
|
|
char name[IFNAMSIZ] = {};
|
2013-08-26 19:59:38 +08:00
|
|
|
int i;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
snprintf(name, IFNAMSIZ - 1, "vif%u.%u", domid, handle);
|
|
|
|
dev = alloc_netdev(sizeof(struct xenvif), name, ether_setup);
|
|
|
|
if (dev == NULL) {
|
2013-08-26 19:59:38 +08:00
|
|
|
pr_warn("Could not allocate netdev for %s\n", name);
|
2011-03-15 08:06:18 +08:00
|
|
|
return ERR_PTR(-ENOMEM);
|
|
|
|
}
|
|
|
|
|
|
|
|
SET_NETDEV_DEV(dev, parent);
|
|
|
|
|
|
|
|
vif = netdev_priv(dev);
|
2013-12-23 17:27:17 +08:00
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
vif->domid = domid;
|
|
|
|
vif->handle = handle;
|
|
|
|
vif->can_sg = 1;
|
2013-10-17 00:50:28 +08:00
|
|
|
vif->ip_csum = 1;
|
2011-03-15 08:06:18 +08:00
|
|
|
vif->dev = dev;
|
|
|
|
|
2014-04-01 19:46:12 +08:00
|
|
|
vif->disabled = false;
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
vif->credit_bytes = vif->remaining_credit = ~0UL;
|
|
|
|
vif->credit_usec = 0UL;
|
|
|
|
init_timer(&vif->credit_timeout);
|
2013-10-28 20:07:57 +08:00
|
|
|
vif->credit_window_start = get_jiffies_64();
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2014-03-07 05:48:30 +08:00
|
|
|
init_timer(&vif->wake_queue);
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
dev->netdev_ops = &xenvif_netdev_ops;
|
2013-10-17 00:50:28 +08:00
|
|
|
dev->hw_features = NETIF_F_SG |
|
|
|
|
NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM |
|
2013-10-17 00:50:32 +08:00
|
|
|
NETIF_F_TSO | NETIF_F_TSO6;
|
2013-10-17 00:50:30 +08:00
|
|
|
dev->features = dev->hw_features | NETIF_F_RXCSUM;
|
2014-05-11 08:12:32 +08:00
|
|
|
dev->ethtool_ops = &xenvif_ethtool_ops;
|
2011-03-15 08:06:18 +08:00
|
|
|
|
|
|
|
dev->tx_queue_len = XENVIF_QUEUE_LENGTH;
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
skb_queue_head_init(&vif->rx_queue);
|
|
|
|
skb_queue_head_init(&vif->tx_queue);
|
|
|
|
|
|
|
|
vif->pending_cons = 0;
|
|
|
|
vif->pending_prod = MAX_PENDING_REQS;
|
|
|
|
for (i = 0; i < MAX_PENDING_REQS; i++)
|
|
|
|
vif->pending_ring[i] = i;
|
2014-03-07 05:48:26 +08:00
|
|
|
spin_lock_init(&vif->callback_lock);
|
|
|
|
spin_lock_init(&vif->response_lock);
|
|
|
|
/* If ballooning is disabled, this will consume real memory, so you
|
|
|
|
* better enable it. The long term solution would be to use just a
|
|
|
|
* bunch of valid page descriptors, without dependency on ballooning
|
|
|
|
*/
|
|
|
|
err = alloc_xenballooned_pages(MAX_PENDING_REQS,
|
|
|
|
vif->mmap_pages,
|
|
|
|
false);
|
|
|
|
if (err) {
|
|
|
|
netdev_err(dev, "Could not reserve mmap_pages\n");
|
|
|
|
return ERR_PTR(-ENOMEM);
|
|
|
|
}
|
|
|
|
for (i = 0; i < MAX_PENDING_REQS; i++) {
|
|
|
|
vif->pending_tx_info[i].callback_struct = (struct ubuf_info)
|
|
|
|
{ .callback = xenvif_zerocopy_callback,
|
|
|
|
.ctx = NULL,
|
|
|
|
.desc = i };
|
|
|
|
vif->grant_tx_handle[i] = NETBACK_INVALID_HANDLE;
|
|
|
|
}
|
2013-08-26 19:59:38 +08:00
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
/*
|
|
|
|
* Initialise a dummy MAC address. We choose the numerically
|
|
|
|
* largest non-broadcast address to prevent the address getting
|
|
|
|
* stolen by an Ethernet bridge for STP purposes.
|
|
|
|
* (FE:FF:FF:FF:FF:FF)
|
|
|
|
*/
|
|
|
|
memset(dev->dev_addr, 0xFF, ETH_ALEN);
|
|
|
|
dev->dev_addr[0] &= ~0x01;
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
netif_napi_add(dev, &vif->napi, xenvif_poll, XENVIF_NAPI_WEIGHT);
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
netif_carrier_off(dev);
|
|
|
|
|
|
|
|
err = register_netdev(dev);
|
|
|
|
if (err) {
|
|
|
|
netdev_warn(dev, "Could not register device: err=%d\n", err);
|
|
|
|
free_netdev(dev);
|
|
|
|
return ERR_PTR(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
netdev_dbg(dev, "Successfully created xenvif\n");
|
2013-09-18 00:46:08 +08:00
|
|
|
|
|
|
|
__module_get(THIS_MODULE);
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
return vif;
|
|
|
|
}
|
|
|
|
|
|
|
|
int xenvif_connect(struct xenvif *vif, unsigned long tx_ring_ref,
|
2013-05-22 14:34:45 +08:00
|
|
|
unsigned long rx_ring_ref, unsigned int tx_evtchn,
|
|
|
|
unsigned int rx_evtchn)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
2013-12-03 22:06:25 +08:00
|
|
|
struct task_struct *task;
|
2011-03-15 08:06:18 +08:00
|
|
|
int err = -ENOMEM;
|
|
|
|
|
2013-12-03 22:06:25 +08:00
|
|
|
BUG_ON(vif->tx_irq);
|
|
|
|
BUG_ON(vif->task);
|
2014-03-07 05:48:26 +08:00
|
|
|
BUG_ON(vif->dealloc_task);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-08-26 19:59:39 +08:00
|
|
|
err = xenvif_map_frontend_rings(vif, tx_ring_ref, rx_ring_ref);
|
2011-03-15 08:06:18 +08:00
|
|
|
if (err < 0)
|
|
|
|
goto err;
|
|
|
|
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
init_waitqueue_head(&vif->wq);
|
2014-03-07 05:48:26 +08:00
|
|
|
init_waitqueue_head(&vif->dealloc_wq);
|
xen-netback: improve guest-receive-side flow control
The way that flow control works without this patch is that, in start_xmit()
the code uses xenvif_count_skb_slots() to predict how many slots
xenvif_gop_skb() will consume and then adds this to a 'req_cons_peek'
counter which it then uses to determine if the shared ring has that amount
of space available by checking whether 'req_prod' has passed that value.
If the ring doesn't have space the tx queue is stopped.
xenvif_gop_skb() will then consume slots and update 'req_cons' and issue
responses, updating 'rsp_prod' as it goes. The frontend will consume those
responses and post new requests, by updating req_prod. So, req_prod chases
req_cons which chases rsp_prod, and can never exceed that value. Thus if
xenvif_count_skb_slots() ever returns a number of slots greater than
xenvif_gop_skb() uses, req_cons_peek will get to a value that req_prod cannot
possibly achieve (since it's limited by the 'real' req_cons) and, if this
happens enough times, req_cons_peek gets more than a ring size ahead of
req_cons and the tx queue then remains stopped forever waiting for an
unachievable amount of space to become available in the ring.
Having two routines trying to calculate the same value is always going to be
fragile, so this patch does away with that. All we essentially need to do is
make sure that we have 'enough stuff' on our internal queue without letting
it build up uncontrollably. So start_xmit() makes a cheap optimistic check
of how much space is needed for an skb and only turns the queue off if that
is unachievable. net_rx_action() is the place where we could do with an
accurate predicition but, since that has proven tricky to calculate, a cheap
worse-case (but not too bad) estimate is all we really need since the only
thing we *must* prevent is xenvif_gop_skb() consuming more slots than are
available.
Without this patch I can trivially stall netback permanently by just doing
a large guest to guest file copy between two Windows Server 2008R2 VMs on a
single host.
Patch tested with frontends in:
- Windows Server 2008R2
- CentOS 6.0
- Debian Squeeze
- Debian Wheezy
- SLES11
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Annie Li <annie.li@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-12-07 00:36:07 +08:00
|
|
|
|
2013-05-22 14:34:45 +08:00
|
|
|
if (tx_evtchn == rx_evtchn) {
|
|
|
|
/* feature-split-event-channels == 0 */
|
|
|
|
err = bind_interdomain_evtchn_to_irqhandler(
|
|
|
|
vif->domid, tx_evtchn, xenvif_interrupt, 0,
|
|
|
|
vif->dev->name, vif);
|
|
|
|
if (err < 0)
|
|
|
|
goto err_unmap;
|
|
|
|
vif->tx_irq = vif->rx_irq = err;
|
|
|
|
disable_irq(vif->tx_irq);
|
|
|
|
} else {
|
|
|
|
/* feature-split-event-channels == 1 */
|
|
|
|
snprintf(vif->tx_irq_name, sizeof(vif->tx_irq_name),
|
|
|
|
"%s-tx", vif->dev->name);
|
|
|
|
err = bind_interdomain_evtchn_to_irqhandler(
|
|
|
|
vif->domid, tx_evtchn, xenvif_tx_interrupt, 0,
|
|
|
|
vif->tx_irq_name, vif);
|
|
|
|
if (err < 0)
|
|
|
|
goto err_unmap;
|
|
|
|
vif->tx_irq = err;
|
|
|
|
disable_irq(vif->tx_irq);
|
|
|
|
|
|
|
|
snprintf(vif->rx_irq_name, sizeof(vif->rx_irq_name),
|
|
|
|
"%s-rx", vif->dev->name);
|
|
|
|
err = bind_interdomain_evtchn_to_irqhandler(
|
|
|
|
vif->domid, rx_evtchn, xenvif_rx_interrupt, 0,
|
|
|
|
vif->rx_irq_name, vif);
|
|
|
|
if (err < 0)
|
|
|
|
goto err_tx_unbind;
|
|
|
|
vif->rx_irq = err;
|
|
|
|
disable_irq(vif->rx_irq);
|
|
|
|
}
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2014-03-07 05:48:24 +08:00
|
|
|
task = kthread_create(xenvif_kthread_guest_rx,
|
|
|
|
(void *)vif, "%s-guest-rx", vif->dev->name);
|
2013-12-03 22:06:25 +08:00
|
|
|
if (IS_ERR(task)) {
|
2013-08-26 19:59:38 +08:00
|
|
|
pr_warn("Could not allocate kthread for %s\n", vif->dev->name);
|
2013-12-03 22:06:25 +08:00
|
|
|
err = PTR_ERR(task);
|
2013-08-26 19:59:38 +08:00
|
|
|
goto err_rx_unbind;
|
|
|
|
}
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-12-03 22:06:25 +08:00
|
|
|
vif->task = task;
|
|
|
|
|
2014-03-07 05:48:26 +08:00
|
|
|
task = kthread_create(xenvif_dealloc_kthread,
|
|
|
|
(void *)vif, "%s-dealloc", vif->dev->name);
|
|
|
|
if (IS_ERR(task)) {
|
|
|
|
pr_warn("Could not allocate kthread for %s\n", vif->dev->name);
|
|
|
|
err = PTR_ERR(task);
|
|
|
|
goto err_rx_unbind;
|
|
|
|
}
|
|
|
|
|
|
|
|
vif->dealloc_task = task;
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
rtnl_lock();
|
2011-04-19 11:35:06 +08:00
|
|
|
if (!vif->can_sg && vif->dev->mtu > ETH_DATA_LEN)
|
|
|
|
dev_set_mtu(vif->dev, ETH_DATA_LEN);
|
|
|
|
netdev_update_features(vif->dev);
|
|
|
|
netif_carrier_on(vif->dev);
|
2011-09-30 14:37:51 +08:00
|
|
|
if (netif_running(vif->dev))
|
|
|
|
xenvif_up(vif);
|
2011-03-15 08:06:18 +08:00
|
|
|
rtnl_unlock();
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
wake_up_process(vif->task);
|
2014-03-07 05:48:26 +08:00
|
|
|
wake_up_process(vif->dealloc_task);
|
2013-08-26 19:59:38 +08:00
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
return 0;
|
2013-08-26 19:59:38 +08:00
|
|
|
|
|
|
|
err_rx_unbind:
|
|
|
|
unbind_from_irqhandler(vif->rx_irq, vif);
|
|
|
|
vif->rx_irq = 0;
|
2013-05-22 14:34:45 +08:00
|
|
|
err_tx_unbind:
|
|
|
|
unbind_from_irqhandler(vif->tx_irq, vif);
|
|
|
|
vif->tx_irq = 0;
|
2011-03-15 08:06:18 +08:00
|
|
|
err_unmap:
|
2013-08-26 19:59:39 +08:00
|
|
|
xenvif_unmap_frontend_rings(vif);
|
2011-03-15 08:06:18 +08:00
|
|
|
err:
|
2013-05-17 07:26:11 +08:00
|
|
|
module_put(THIS_MODULE);
|
2011-03-15 08:06:18 +08:00
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2013-02-07 07:41:35 +08:00
|
|
|
void xenvif_carrier_off(struct xenvif *vif)
|
2011-03-15 08:06:18 +08:00
|
|
|
{
|
|
|
|
struct net_device *dev = vif->dev;
|
2013-02-07 07:41:35 +08:00
|
|
|
|
|
|
|
rtnl_lock();
|
|
|
|
netif_carrier_off(dev); /* discard queued packets */
|
|
|
|
if (netif_running(dev))
|
|
|
|
xenvif_down(vif);
|
|
|
|
rtnl_unlock();
|
|
|
|
}
|
|
|
|
|
|
|
|
void xenvif_disconnect(struct xenvif *vif)
|
|
|
|
{
|
|
|
|
if (netif_carrier_ok(vif->dev))
|
|
|
|
xenvif_carrier_off(vif);
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-12-03 22:06:25 +08:00
|
|
|
if (vif->task) {
|
2014-03-07 05:48:30 +08:00
|
|
|
del_timer_sync(&vif->wake_queue);
|
2013-11-21 23:26:09 +08:00
|
|
|
kthread_stop(vif->task);
|
2013-12-03 22:06:25 +08:00
|
|
|
vif->task = NULL;
|
|
|
|
}
|
2013-11-21 23:26:09 +08:00
|
|
|
|
2014-03-07 05:48:26 +08:00
|
|
|
if (vif->dealloc_task) {
|
|
|
|
kthread_stop(vif->dealloc_task);
|
|
|
|
vif->dealloc_task = NULL;
|
|
|
|
}
|
|
|
|
|
2013-05-22 14:34:45 +08:00
|
|
|
if (vif->tx_irq) {
|
|
|
|
if (vif->tx_irq == vif->rx_irq)
|
|
|
|
unbind_from_irqhandler(vif->tx_irq, vif);
|
|
|
|
else {
|
|
|
|
unbind_from_irqhandler(vif->tx_irq, vif);
|
|
|
|
unbind_from_irqhandler(vif->rx_irq, vif);
|
|
|
|
}
|
2013-09-18 00:46:08 +08:00
|
|
|
vif->tx_irq = 0;
|
2013-05-17 07:26:11 +08:00
|
|
|
}
|
2011-03-15 08:06:18 +08:00
|
|
|
|
2013-09-18 00:46:08 +08:00
|
|
|
xenvif_unmap_frontend_rings(vif);
|
|
|
|
}
|
|
|
|
|
|
|
|
void xenvif_free(struct xenvif *vif)
|
|
|
|
{
|
2014-03-07 05:48:26 +08:00
|
|
|
int i, unmap_timeout = 0;
|
2014-03-25 07:59:50 +08:00
|
|
|
/* Here we want to avoid timeout messages if an skb can be legitimately
|
|
|
|
* stuck somewhere else. Realistically this could be an another vif's
|
2014-03-07 05:48:30 +08:00
|
|
|
* internal or QDisc queue. That another vif also has this
|
|
|
|
* rx_drain_timeout_msecs timeout, but the timer only ditches the
|
|
|
|
* internal queue. After that, the QDisc queue can put in worst case
|
|
|
|
* XEN_NETIF_RX_RING_SIZE / MAX_SKB_FRAGS skbs into that another vif's
|
|
|
|
* internal queue, so we need several rounds of such timeouts until we
|
|
|
|
* can be sure that no another vif should have skb's from us. We are
|
2014-03-25 07:59:50 +08:00
|
|
|
* not sending more skb's, so newly stuck packets are not interesting
|
2014-03-07 05:48:30 +08:00
|
|
|
* for us here.
|
|
|
|
*/
|
|
|
|
unsigned int worst_case_skb_lifetime = (rx_drain_timeout_msecs/1000) *
|
|
|
|
DIV_ROUND_UP(XENVIF_QUEUE_LENGTH, (XEN_NETIF_RX_RING_SIZE / MAX_SKB_FRAGS));
|
2014-03-07 05:48:26 +08:00
|
|
|
|
|
|
|
for (i = 0; i < MAX_PENDING_REQS; ++i) {
|
|
|
|
if (vif->grant_tx_handle[i] != NETBACK_INVALID_HANDLE) {
|
|
|
|
unmap_timeout++;
|
|
|
|
schedule_timeout(msecs_to_jiffies(1000));
|
2014-03-07 05:48:30 +08:00
|
|
|
if (unmap_timeout > worst_case_skb_lifetime &&
|
2014-03-07 05:48:26 +08:00
|
|
|
net_ratelimit())
|
|
|
|
netdev_err(vif->dev,
|
|
|
|
"Page still granted! Index: %x\n",
|
|
|
|
i);
|
2014-03-25 07:59:50 +08:00
|
|
|
/* If there are still unmapped pages, reset the loop to
|
|
|
|
* start checking again. We shouldn't exit here until
|
|
|
|
* dealloc thread and NAPI instance release all the
|
|
|
|
* pages. If a kernel bug causes the skbs to stall
|
|
|
|
* somewhere, the interface cannot be brought down
|
|
|
|
* properly.
|
|
|
|
*/
|
2014-03-07 05:48:26 +08:00
|
|
|
i = -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
free_xenballooned_pages(MAX_PENDING_REQS, vif->mmap_pages);
|
|
|
|
|
2013-08-26 19:59:38 +08:00
|
|
|
netif_napi_del(&vif->napi);
|
|
|
|
|
2011-03-15 08:06:18 +08:00
|
|
|
unregister_netdev(vif->dev);
|
|
|
|
|
|
|
|
free_netdev(vif->dev);
|
2013-05-17 07:26:11 +08:00
|
|
|
|
2013-09-18 00:46:08 +08:00
|
|
|
module_put(THIS_MODULE);
|
2011-03-15 08:06:18 +08:00
|
|
|
}
|