Changeset 90504 in vbox for trunk/src/VBox/VMM

Timestamp:

Aug 3, 2021 9:24:16 PM (4 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

146108

Message:

VMM/PDM: Rewroted the PDMCritSectLeave code to try avoid going to ring-3 when there is contention (partially disabled). bugref:6695

Location:

trunk/src/VBox/VMM

Files:

• VMMAll/PDMAllCritSect.cpp (modified) (11 diffs)
• include/PDMInternal.h (modified) (2 diffs)

trunk/src/VBox/VMM/VMMAll/PDMAllCritSect.cpp

@@ -35 +35 @@
 #ifdef IN_RING3
 # include <iprt/lockvalidator.h>
+#endif
+#if defined(IN_RING3) || defined(IN_RING0)
 # include <iprt/semaphore.h>
 #endif
@@ -88 +90 @@
 
 
+#ifdef IN_RING0
+/**
+ * Marks the critical section as corrupted.
+ */
+DECL_NO_INLINE(static, int) pdmCritSectCorrupted(PPDMCRITSECT pCritSect, const char *pszMsg)
+{
+    ASMAtomicWriteU32(&pCritSect->s.Core.u32Magic, PDMCRITSECT_MAGIC_CORRUPTED);
+    LogRel(("PDMCritSect: %s pCritSect=%p\n", pszMsg, pCritSect));
+    return VERR_PDM_CRITSECT_IPE;
+}
+#endif
+
+
 /**
  * Tail code called when we've won the battle for the lock.
@@ -155 +170 @@
      * This handles VERR_TIMEOUT and VERR_INTERRUPTED.
      */
-    STAM_REL_PROFILE_START(&pCritSect->s.StatWait, a);
+    STAM_REL_PROFILE_START(&pCritSect->s.CTX_MID_Z(StatContention,Wait), a);
     PSUPDRVSESSION const    pSession    = pVM->pSession;
     SUPSEMEVENT const       hEvent      = (SUPSEMEVENT)pCritSect->s.Core.EventSem;
@@ -224 +239 @@
         if (rc == VINF_SUCCESS)
         {
-            STAM_REL_PROFILE_STOP(&pCritSect->s.StatContentionWait, a);
+            STAM_REL_PROFILE_STOP(&pCritSect->s.CTX_MID_Z(StatContention,Wait), a);
             return pdmCritSectEnterFirst(pCritSect, hNativeSelf, pSrcPos);
         }
@@ -330 +345 @@
                             {
                                 STAM_REL_COUNTER_INC(&pVM->pdm.s.StatCritSectEntersWhileAborting);
-                                STAM_REL_PROFILE_STOP(&pCritSect->s.StatContentionWait, a);
+                                STAM_REL_PROFILE_STOP(&pCritSect->s.CTX_MID_Z(StatContention,Wait), a);
                                 return pdmCritSectEnterFirst(pCritSect, hNativeSelf, pSrcPos);
                             }
@@ -392 +407 @@
     Assert(pCritSect->s.Core.cNestings < 8);  /* useful to catch incorrect locking */
     Assert(pCritSect->s.Core.cNestings >= 0);
+#if defined(VBOX_STRICT) && defined(IN_RING0)
+    /* Hope we're not messing with critical sections while in the no-block
+       zone, that would complicate things a lot. */
+    PVMCPUCC pVCpuAssert = VMMGetCpu(pVM);
+    Assert(pVCpuAssert && VMMRZCallRing3IsEnabled(pVCpuAssert));
+#endif
 
     /*
@@ -739 +760 @@
  * @param   pVM         The cross context VM structure.
  * @param   pCritSect   The PDM critical section to leave.
+ *
+ * @remarks Can be called from no-ring-3-call context in ring-0 (TM/VirtualSync)
+ *          where we'll queue leaving operation for ring-3 processing.
  */
 VMMDECL(int) PDMCritSectLeave(PVMCC pVM, PPDMCRITSECT pCritSect)
@@ -745 +769 @@
     Assert(pCritSect->s.Core.u32Magic == RTCRITSECT_MAGIC);
 
-    /* Check for NOP sections before asserting ownership. */
+    /*
+     * Check for NOP sections before asserting ownership.
+     */
     if (!(pCritSect->s.Core.fFlags & RTCRITSECT_FLAGS_NOP))
     { /* We're more likely to end up here with real critsects than a NOP one. */ }
@@ -768 +794 @@
     if (cNestings > 1)
     {
-# ifdef PDMCRITSECT_WITH_LESS_ATOMIC_STUFF
+#ifdef PDMCRITSECT_WITH_LESS_ATOMIC_STUFF
         pCritSect->s.Core.cNestings = cNestings - 1;
-# else
+#else
         ASMAtomicWriteS32(&pCritSect->s.Core.cNestings, cNestings - 1);
-# endif
+#endif
         ASMAtomicDecS32(&pCritSect->s.Core.cLockers);
         Assert(pCritSect->s.Core.cLockers >= 0);
@@ -778 +804 @@
     }
 
-#ifdef IN_RING0
-# if 0 /** @todo Make SUPSemEventSignal interrupt safe (handle table++) and enable this for: defined(RT_OS_LINUX) || defined(RT_OS_OS2) */
-    if (1) /* SUPSemEventSignal is safe */
-# else
-    if (ASMIntAreEnabled())
-# endif
-#endif
-#if defined(IN_RING3) || defined(IN_RING0)
-    {
-        /*
-         * Leave for real.
-         */
-        /* update members. */
-        SUPSEMEVENT hEventToSignal  = pCritSect->s.hEventToSignal;
-        pCritSect->s.hEventToSignal = NIL_SUPSEMEVENT;
+
+#ifdef IN_RING3
+    /*
+     * Ring-3: Leave for real.
+     */
+    SUPSEMEVENT const hEventToSignal = pCritSect->s.hEventToSignal;
+    pCritSect->s.hEventToSignal = NIL_SUPSEMEVENT;
+
 # ifdef IN_RING3
 #  if defined(PDMCRITSECT_STRICT)
-        if (pCritSect->s.Core.pValidatorRec->hThread != NIL_RTTHREAD)
-            RTLockValidatorRecExclReleaseOwnerUnchecked(pCritSect->s.Core.pValidatorRec);
+    if (pCritSect->s.Core.pValidatorRec->hThread != NIL_RTTHREAD)
+        RTLockValidatorRecExclReleaseOwnerUnchecked(pCritSect->s.Core.pValidatorRec);
 #  endif
-        Assert(!pCritSect->s.Core.pValidatorRec || pCritSect->s.Core.pValidatorRec->hThread == NIL_RTTHREAD);
-# endif
+    Assert(!pCritSect->s.Core.pValidatorRec || pCritSect->s.Core.pValidatorRec->hThread == NIL_RTTHREAD);
+# endif
+
+# ifdef PDMCRITSECT_WITH_LESS_ATOMIC_STUFF
+    //pCritSect->s.Core.cNestings = 0; /* not really needed */
+    pCritSect->s.Core.NativeThreadOwner = NIL_RTNATIVETHREAD;
+# else
+    ASMAtomicWriteS32(&pCritSect->s.Core.cNestings, 0);
+    ASMAtomicWriteHandle(&pCritSect->s.Core.NativeThreadOwner, NIL_RTNATIVETHREAD);
+# endif
+    ASMAtomicAndU32(&pCritSect->s.Core.fFlags, ~PDMCRITSECT_FLAGS_PENDING_UNLOCK);
+
+    /* Stop profiling and decrement lockers. */
+    STAM_PROFILE_ADV_STOP(&pCritSect->s.StatLocked, l);
+    ASMCompilerBarrier();
+    int32_t const cLockers = ASMAtomicDecS32(&pCritSect->s.Core.cLockers);
+    if (cLockers < 0)
+        AssertMsg(cLockers == -1, ("cLockers=%d\n", cLockers));
+    else
+    {
+        /* Someone is waiting, wake up one of them. */
+        Assert(cLockers < _8K);
+        SUPSEMEVENT hEvent = (SUPSEMEVENT)pCritSect->s.Core.EventSem;
+        int rc = SUPSemEventSignal(pVM->pSession, hEvent);
+        AssertRC(rc);
+    }
+
+    /* Signal exit event. */
+    if (RT_LIKELY(hEventToSignal == NIL_SUPSEMEVENT))
+    { /* likely */ }
+    else
+    {
+        Log8(("Signalling %#p\n", hEventToSignal));
+        int rc = SUPSemEventSignal(pVM->pSession, hEventToSignal);
+        AssertRC(rc);
+    }
+
+    return VINF_SUCCESS;
+
+
+#elif defined(IN_RING0)
+    /*
+     * Ring-0: Try leave for real, depends on host and context.
+     */
+    SUPSEMEVENT const hEventToSignal = pCritSect->s.hEventToSignal;
+    pCritSect->s.hEventToSignal = NIL_SUPSEMEVENT;
+    PVMCPUCC pVCpu           = VMMGetCpu(pVM);
+    bool     fQueueOnTrouble = true;
+    if (   pVCpu == NULL /* non-EMT access, if we implement it must be able to block */
+        || VMMRZCallRing3IsEnabled(pVCpu)
+        || RTSemEventIsSignalSafe()
+        || (fQueueOnTrouble = (   hEventToSignal == NIL_SUPSEMEVENT
+                               && ASMAtomicUoReadS32(&pCritSect->s.Core.cLockers) == 0)) )
+    {
+        pCritSect->s.hEventToSignal = NIL_SUPSEMEVENT;
+
 # ifdef PDMCRITSECT_WITH_LESS_ATOMIC_STUFF
         //pCritSect->s.Core.cNestings = 0; /* not really needed */
@@ -809 +882 @@
         ASMAtomicAndU32(&pCritSect->s.Core.fFlags, ~PDMCRITSECT_FLAGS_PENDING_UNLOCK);
 
-        /* stop and decrement lockers. */
+        /*
+         * Stop profiling and decrement lockers.
+         */
         STAM_PROFILE_ADV_STOP(&pCritSect->s.StatLocked, l);
         ASMCompilerBarrier();
-        if (ASMAtomicDecS32(&pCritSect->s.Core.cLockers) < 0)
-        { /* hopefully likely */ }
+
+        bool    fQueueIt = false;
+        int32_t cLockers;
+        if (!fQueueOnTrouble)
+            cLockers = ASMAtomicDecS32(&pCritSect->s.Core.cLockers);
         else
         {
-            /* Someone is waiting, wake up one of them. */
-            SUPSEMEVENT     hEvent   = (SUPSEMEVENT)pCritSect->s.Core.EventSem;
-            PSUPDRVSESSION  pSession = pVM->pSession;
-            int rc = SUPSemEventSignal(pSession, hEvent);
-            AssertRC(rc);
+            cLockers = -1;
+            if (!ASMAtomicCmpXchgS32(&pCritSect->s.Core.cLockers, -1, 0))
+                fQueueIt = true;
         }
-
-        /* Signal exit event. */
-        if (RT_LIKELY(hEventToSignal == NIL_SUPSEMEVENT))
-        { /* likely */ }
-        else
+        if (!fQueueIt)
         {
-            Log8(("Signalling %#p\n", hEventToSignal));
-            int rc = SUPSemEventSignal(pVM->pSession, hEventToSignal);
-            AssertRC(rc);
+            VMMR0EMTBLOCKCTX    Ctx;
+            bool                fLeaveCtx = false;
+            if (cLockers < 0)
+                AssertMsg(cLockers == -1, ("cLockers=%d\n", cLockers));
+            else
+            {
+                /* Someone is waiting, wake up one of them. */
+                Assert(cLockers < _8K);
+                SUPSEMEVENT hEvent = (SUPSEMEVENT)pCritSect->s.Core.EventSem;
+                if (!RTSemEventIsSignalSafe() && (pVCpu = VMMGetCpu(pVM)) != NULL)
+                {
+                    int rc = VMMR0EmtPrepareToBlock(pVCpu, VINF_SUCCESS, __FUNCTION__, pCritSect, &Ctx);
+                    AssertReleaseRCReturn(rc, rc);
+                    fLeaveCtx = true;
+                }
+                int rc = SUPSemEventSignal(pVM->pSession, hEvent);
+                AssertRC(rc);
+            }
+
+            /*
+             * Signal exit event.
+             */
+            if (RT_LIKELY(hEventToSignal == NIL_SUPSEMEVENT))
+            { /* likely */ }
+            else
+            {
+                if (!fLeaveCtx && pVCpu != NULL && !RTSemEventIsSignalSafe() && (pVCpu = VMMGetCpu(pVM)) != NULL)
+                {
+                    int rc = VMMR0EmtPrepareToBlock(pVCpu, VINF_SUCCESS, __FUNCTION__, pCritSect, &Ctx);
+                    AssertReleaseRCReturn(rc, rc);
+                    fLeaveCtx = true;
+                }
+                Log8(("Signalling %#p\n", hEventToSignal));
+                int rc = SUPSemEventSignal(pVM->pSession, hEventToSignal);
+                AssertRC(rc);
+            }
+
+            /*
+             * Restore HM context if needed.
+             */
+            if (!fLeaveCtx)
+            { /* contention should be unlikely */ }
+            else
+                VMMR0EmtResumeAfterBlocking(pVCpu, &Ctx);
+
+# ifdef DEBUG_bird
+            VMMTrashVolatileXMMRegs();
+# endif
+            return VINF_SUCCESS;
         }
 
-# if defined(DEBUG_bird) && defined(IN_RING0)
-        VMMTrashVolatileXMMRegs();
-# endif
+        /*
+         * Darn, someone raced in on us.  Restore the state (this works only
+         * because the semaphore is effectively controlling ownership).
+         */
+        bool fRc;
+        RTNATIVETHREAD hMessOwner = NIL_RTNATIVETHREAD;
+        ASMAtomicCmpXchgExHandle(&pCritSect->s.Core.NativeThreadOwner, hNativeSelf, NIL_RTNATIVETHREAD, fRc, &hMessOwner);
+        AssertLogRelMsgReturn(fRc, ("pCritSect=%p hMessOwner=%p\n", pCritSect, hMessOwner),
+                              pdmCritSectCorrupted(pCritSect, "owner race"));
+        STAM_PROFILE_ADV_START(&pCritSect->s.StatLocked, l);
+# ifdef PDMCRITSECT_WITH_LESS_ATOMIC_STUFF
+        //pCritSect->s.Core.cNestings = 1;
+        Assert(pCritSect->s.Core.cNestings == 1);
+# else
+        //Assert(pCritSect->s.Core.cNestings == 0);
+        ASMAtomicWriteS32(&pCritSect->s.Core.cNestings, 1);
+# endif
+        Assert(hEventToSignal == NIL_SUPSEMEVENT);
     }
-#endif  /* IN_RING3 || IN_RING0 */
-#ifdef IN_RING0
-    else
-#endif
-#if defined(IN_RING0) || defined(IN_RC)
+
+
+#else /* IN_RC */
+    /*
+     * Raw-mode: Try leave it.
+     */
+# error "This context is not use..."
+    if (pCritSect->s.Core.cLockers == 0)
     {
+# ifdef PDMCRITSECT_WITH_LESS_ATOMIC_STUFF
+        //pCritSect->s.Core.cNestings = 0; /* not really needed */
+# else
+        ASMAtomicWriteS32(&pCritSect->s.Core.cNestings, 0);
+# endif
+        ASMAtomicAndU32(&pCritSect->s.Core.fFlags, ~PDMCRITSECT_FLAGS_PENDING_UNLOCK);
+        STAM_PROFILE_ADV_STOP(&pCritSect->s.StatLocked, l);
+
+        ASMAtomicWriteHandle(&pCritSect->s.Core.NativeThreadOwner, NIL_RTNATIVETHREAD);
+        if (ASMAtomicCmpXchgS32(&pCritSect->s.Core.cLockers, -1, 0))
+            return VINF_SUCCESS;
+
         /*
-         * Try leave it.
+         * Darn, someone raced in on us.  Restore the state (this works only
+         * because the semaphore is effectively controlling ownership).
          */
-        if (pCritSect->s.Core.cLockers == 0)
-        {
+        bool fRc;
+        RTNATIVETHREAD hMessOwner = NIL_RTNATIVETHREAD;
+        ASMAtomicCmpXchgExHandle(&pCritSect->s.Core.NativeThreadOwner, hNativeSelf, NIL_RTNATIVETHREAD, fRc, &hMessOwner);
+        AssertLogRelMsgReturn(fRc, ("pCritSect=%p hMessOwner=%p\n", pCritSect, hMessOwner),
+                              pdmCritSectCorrupted(pCritSect, "owner race"));
+        STAM_PROFILE_ADV_START(&pCritSect->s.StatLocked, l);
 # ifdef PDMCRITSECT_WITH_LESS_ATOMIC_STUFF
-            //pCritSect->s.Core.cNestings = 0; /* not really needed */
+        //pCritSect->s.Core.cNestings = 1;
+        Assert(pCritSect->s.Core.cNestings == 1);
 # else
-            ASMAtomicWriteS32(&pCritSect->s.Core.cNestings, 0);
-# endif
-            RTNATIVETHREAD hNativeThread = pCritSect->s.Core.NativeThreadOwner;
-            ASMAtomicAndU32(&pCritSect->s.Core.fFlags, ~PDMCRITSECT_FLAGS_PENDING_UNLOCK);
-            STAM_PROFILE_ADV_STOP(&pCritSect->s.StatLocked, l);
-
-            ASMAtomicWriteHandle(&pCritSect->s.Core.NativeThreadOwner, NIL_RTNATIVETHREAD);
-            if (ASMAtomicCmpXchgS32(&pCritSect->s.Core.cLockers, -1, 0))
-                return VINF_SUCCESS;
-
-            /* darn, someone raced in on us. */
-            ASMAtomicWriteHandle(&pCritSect->s.Core.NativeThreadOwner, hNativeThread);
-            STAM_PROFILE_ADV_START(&pCritSect->s.StatLocked, l);
-# ifdef PDMCRITSECT_WITH_LESS_ATOMIC_STUFF
-            //pCritSect->s.Core.cNestings = 1;
-            Assert(pCritSect->s.Core.cNestings == 1);
-# else
-            //Assert(pCritSect->s.Core.cNestings == 0);
-            ASMAtomicWriteS32(&pCritSect->s.Core.cNestings, 1);
-# endif
-        }
-        ASMAtomicOrU32(&pCritSect->s.Core.fFlags, PDMCRITSECT_FLAGS_PENDING_UNLOCK);
-
-        /*
-         * Queue the request.
-         */
-        PVMCPUCC    pVCpu = VMMGetCpu(pVM);                 AssertPtr(pVCpu);
-        uint32_t    i     = pVCpu->pdm.s.cQueuedCritSectLeaves++;
-        LogFlow(("PDMCritSectLeave: [%d]=%p => R3\n", i, pCritSect));
-        AssertFatal(i < RT_ELEMENTS(pVCpu->pdm.s.apQueuedCritSectLeaves));
-/** @todo This doesn't work any more for devices. */
-        pVCpu->pdm.s.apQueuedCritSectLeaves[i] = MMHyperCCToR3(pVM, pCritSect);
-        VMCPU_FF_SET(pVCpu, VMCPU_FF_PDM_CRITSECT);
-        VMCPU_FF_SET(pVCpu, VMCPU_FF_TO_R3);
-        STAM_REL_COUNTER_INC(&pVM->pdm.s.StatQueuedCritSectLeaves);
-        STAM_REL_COUNTER_INC(&pCritSect->s.StatContentionRZUnlock);
+        //Assert(pCritSect->s.Core.cNestings == 0);
+        ASMAtomicWriteS32(&pCritSect->s.Core.cNestings, 1);
+# endif
     }
-#endif /* IN_RING0 || IN_RC */
+#endif /* IN_RC */
+
+
+#ifndef IN_RING3
+    /*
+     * Ring-0/raw-mode: Unable to leave. Queue the leave for ring-3.
+     */
+    ASMAtomicOrU32(&pCritSect->s.Core.fFlags, PDMCRITSECT_FLAGS_PENDING_UNLOCK);
+# ifndef IN_RING0
+    PVMCPUCC    pVCpu = VMMGetCpu(pVM);
+# endif
+    uint32_t    i     = pVCpu->pdm.s.cQueuedCritSectLeaves++;
+    LogFlow(("PDMCritSectLeave: [%d]=%p => R3\n", i, pCritSect));
+    AssertFatal(i < RT_ELEMENTS(pVCpu->pdm.s.apQueuedCritSectLeaves));
+    pVCpu->pdm.s.apQueuedCritSectLeaves[i] = pCritSect->s.pSelfR3;
+    VMCPU_FF_SET(pVCpu, VMCPU_FF_PDM_CRITSECT); /** @todo handle VMCPU_FF_PDM_CRITSECT in ring-0 outside the no-call-ring-3 part. */
+    VMCPU_FF_SET(pVCpu, VMCPU_FF_TO_R3); /* unnecessary paranoia */
+    STAM_REL_COUNTER_INC(&pVM->pdm.s.StatQueuedCritSectLeaves);
+    STAM_REL_COUNTER_INC(&pCritSect->s.StatContentionRZUnlock);
 
     return VINF_SUCCESS;
+#endif /* IN_RING3 */
 }
 

trunk/src/VBox/VMM/include/PDMInternal.h

@@ -433 +433 @@
     /** Support driver event semaphore that is scheduled to be signaled upon leaving
      * the critical section. This is only for Ring-3 and Ring-0. */
-    SUPSEMEVENT                     hEventToSignal;
+    SUPSEMEVENT volatile            hEventToSignal;
     /** The lock name. */
     R3PTRTYPE(const char *)         pszName;
+    /** The ring-3 pointer to this critical section, for leave queueing. */
+    R3PTRTYPE(PPDMCRITSECT)         pSelfR3;
     /** R0/RC lock contention. */
     STAMCOUNTER                     StatContentionRZLock;
-    /** R0/RC lock contention, returning rcBusy or VERR_SEM_BUSY (try). */
+    /** R0/RC lock contention: returning rcBusy or VERR_SEM_BUSY (try). */
     STAMCOUNTER                     StatContentionRZLockBusy;
+    /** R0/RC lock contention: Profiling waiting time. */
+    STAMPROFILE                     StatContentionRZWait;
     /** R0/RC unlock contention. */
     STAMCOUNTER                     StatContentionRZUnlock;
     /** R3 lock contention. */
     STAMCOUNTER                     StatContentionR3;
-    /** Profiling waiting on the lock (all rings). */
-    STAMPROFILE                     StatContentionWait;
+    /** R3 lock contention: Profiling waiting time. */
+    STAMPROFILE                     StatContentionR3Wait;
     /** Profiling the time the section is locked. */
     STAMPROFILEADV                  StatLocked;
@@ -456 +460 @@
  * timeout, interruption or pending thread termination. */
 #define PDMCRITSECT_MAGIC_FAILED_ABORT      UINT32_C(0x0bad0326)
+/** Special magic value set if we detected data/state corruption. */
+#define PDMCRITSECT_MAGIC_CORRUPTED         UINT32_C(0x0bad2603)
 
 /** Indicates that the critical section is queued for unlock.