WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [RFC] irq rate limit

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] [RFC] irq rate limit
From: Qing He <qing.he@xxxxxxxxx>
Date: Wed, 9 Sep 2009 16:48:25 +0800
Delivery-date: Wed, 09 Sep 2009 01:43:08 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.17+20080114 (2008-01-14)
This is a poc patch of guest irq ratelimit. The main motivation is
to ensure Xen's responsiveness during an irq storm, that caused by
improper hardware or drivers. If one interrupt is fired at a high
rate (>10k/10ms in the poc), it is disabled until the next periodic
timer_fn. A global generation counter is used to minimize overhead.

Printks and configurability are not included in this patch. The
configurability may be:
1. command-line param to set ratelimit_threshold
2. per irq threshold
3. dynamic reconfig, maybe a hypercall or something

For preventing irq storms, #1 is likely enough, but not sure if this
has other usages.

Any comments?

Thanks,
Qing

---
diff -r 8f81bdd57afe xen/arch/x86/irq.c
--- a/xen/arch/x86/irq.c        Thu Sep 03 09:51:37 2009 +0100
+++ b/xen/arch/x86/irq.c        Wed Sep 09 16:23:19 2009 +0800
@@ -54,6 +54,12 @@ DEFINE_PER_CPU(vector_irq_t, vector_irq)
 };
 
 DEFINE_PER_CPU(struct cpu_user_regs *, __irq_regs);
+
+static LIST_HEAD(irq_ratelimit_list);
+static DEFINE_SPINLOCK(irq_ratelimit_lock);
+static struct timer irq_ratelimit_timer;
+static unsigned int irq_ratelimit_gen;
+static unsigned int irq_ratelimit_threshold = 10000;
 
 /* Must be called when irq disabled */
 void lock_vector_lock(void)
@@ -241,6 +247,10 @@ static void init_one_irq_desc(struct irq
     desc->msi_desc = NULL;
     spin_lock_init(&desc->lock);
     cpus_setall(desc->affinity);
+
+    desc->rl_gen = 0;
+    desc->rl_cnt = 0;
+    INIT_LIST_HEAD(&desc->rl_link);
 }
 
 static void init_one_irq_status(int irq)
@@ -469,6 +479,29 @@ asmlinkage void do_IRQ(struct cpu_user_r
 
     if ( likely(desc->status & IRQ_GUEST) )
     {
+        static unsigned int last_gen;
+        last_gen = desc->rl_gen;
+        desc->rl_gen = irq_ratelimit_gen;
+        if ( last_gen != desc->rl_gen ) {
+            desc->rl_cnt = 0;
+        }
+        if ( unlikely(desc->rl_cnt++ >= irq_ratelimit_threshold) ) {
+            desc->handler->disable(irq);
+            /*
+             * If handler->disable doesn't actually mask the interrupt,
+             * a disabled irq still can fire. So if the irq is already
+             * in the ratelimit list, don't add it again. This also
+             * avoids deadlocks of two spinlocks if ratelimit_timer_fn
+             * runs at the same time.
+             */
+            if ( likely(list_empty(&desc->rl_link)) ) {
+                spin_lock(&irq_ratelimit_lock);
+                list_add(&desc->rl_link, &irq_ratelimit_list);
+                spin_unlock(&irq_ratelimit_lock);
+            }
+            goto out;
+        }
+
         irq_enter();
         tsc_in = tb_init_done ? get_cycles() : 0;
         __do_IRQ_guest(irq);
@@ -511,6 +544,35 @@ asmlinkage void do_IRQ(struct cpu_user_r
     spin_unlock(&desc->lock);
     set_irq_regs(old_regs);
 }
+
+static void irq_ratelimit_timer_fn(void *data)
+{
+    struct irq_desc *desc, *tmp;
+
+    irq_ratelimit_gen++;
+
+    spin_lock(&irq_ratelimit_lock);
+
+    list_for_each_entry_safe(desc, tmp, &irq_ratelimit_list, rl_link) {
+        spin_lock(&desc->lock);
+        desc->handler->enable(desc->irq);
+        list_del(&desc->rl_link);
+        spin_unlock(&desc->lock);
+    }
+
+    spin_unlock(&irq_ratelimit_lock);
+
+    set_timer(&irq_ratelimit_timer, NOW() + MILLISECS(10));
+}
+
+static int __init irq_ratelimit_init(void)
+{
+        init_timer(&irq_ratelimit_timer, irq_ratelimit_timer_fn, NULL, 0);
+        set_timer(&irq_ratelimit_timer, NOW() + MILLISECS(10));
+
+        return 0;
+}
+__initcall(irq_ratelimit_init);
 
 int request_irq(unsigned int irq,
         void (*handler)(int, void *, struct cpu_user_regs *),
diff -r 8f81bdd57afe xen/include/xen/irq.h
--- a/xen/include/xen/irq.h     Thu Sep 03 09:51:37 2009 +0100
+++ b/xen/include/xen/irq.h     Wed Sep 09 16:23:19 2009 +0800
@@ -74,6 +74,10 @@ typedef struct irq_desc {
     int irq;
     spinlock_t lock;
     cpumask_t affinity;
+
+    unsigned int rl_gen;    /* last update */
+    unsigned int rl_cnt;
+    struct list_head rl_link;
 } __cacheline_aligned irq_desc_t;
 
 #if defined(__ia64__)

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel