1. Patchew
  2. Xen
  3. View series

[PATCH v3] xen/sched: rtds: assert replq is empty on timer (re-)init

Oleksii Moisieiev posted 1 patch 2 weeks, 1 day ago
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/f751db3a02efa96d737235e58eb7bfb35e6218bb.1777901826.git.oleksii._5Fmoisieiev@epam.com
xen/common/sched/rt.c | 8 ++++++++
1 file changed, 8 insertions(+)
[PATCH v3] xen/sched: rtds: assert replq is empty on timer (re-)init
Posted by Oleksii Moisieiev 2 weeks, 1 day ago 
In RTDS, removing the last eligible pCPU kills repl_timer. When a pCPU
is later re-added, rt_switch_sched() reinitializes the timer object.

cpupool_unassign_cpu_start() refuses to remove the last pCPU from a
populated cpupool: if any domain is still alive while the system is
active it returns -EBUSY, otherwise all domains are first moved to
cpupool0. Consequently, by the time the killed-timer branch runs, no
units remain in the pool and replq is guaranteed to be empty.

Document this invariant by asserting list_empty(replq) right after
init_timer(). This catches any future regression in cpupool semantics
that would leave pending replenishment events behind across a
TIMER_STATUS_killed -> init_timer() transition, where the timer would
otherwise stay disarmed until an unrelated event reprogrammed it.

Signed-off-by: Oleksii Moisieiev <oleksii_moisieiev@epam.com>
---

Changes in v3:
- rework patch according to the comments. Since cpupools functionality
rejects last pCPU from removing so re-arm functionality doesn't make
sence. So patch was reworked to check that replq is empty after timer init.

Changes in v2:
- update commit description, remove unneeded paragraph

 xen/common/sched/rt.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/xen/common/sched/rt.c b/xen/common/sched/rt.c
index 7b1f64a779..4b643eda30 100644
--- a/xen/common/sched/rt.c
+++ b/xen/common/sched/rt.c
@@ -743,6 +743,14 @@ rt_switch_sched(struct scheduler *new_ops, unsigned int cpu,
     {
         init_timer(&prv->repl_timer, repl_timer_handler, (void *)new_ops, cpu);
         dprintk(XENLOG_DEBUG, "RTDS: timer initialized on cpu %u\n", cpu);
+
+        /*
+         * cpupool_unassign_cpu_start() refuses to remove the last pCPU from
+         * a populated cpupool, so by the time this path runs (timer was
+         * killed because all RTDS pCPUs were removed) the pool must have
+         * been empty of domains, which implies replq is empty too.
+         */
+        ASSERT(list_empty(rt_replq(new_ops)));
     }
 
     sched_idle_unit(cpu)->priv = vdata;
-- 
2.43.0

base-commit: 680da952ac1ddfc94f9d1cd4dfa1815badae5302
branch: amoi_rtds_rearmv3
Re: [PATCH v3] xen/sched: rtds: assert replq is empty on timer (re-)init
Posted by Jürgen Groß 2 weeks, 1 day ago 
On 04.05.26 15:40, Oleksii Moisieiev wrote:
> In RTDS, removing the last eligible pCPU kills repl_timer. When a pCPU
> is later re-added, rt_switch_sched() reinitializes the timer object.
> 
> cpupool_unassign_cpu_start() refuses to remove the last pCPU from a
> populated cpupool: if any domain is still alive while the system is
> active it returns -EBUSY, otherwise all domains are first moved to
> cpupool0. Consequently, by the time the killed-timer branch runs, no
> units remain in the pool and replq is guaranteed to be empty.
> 
> Document this invariant by asserting list_empty(replq) right after
> init_timer(). This catches any future regression in cpupool semantics
> that would leave pending replenishment events behind across a
> TIMER_STATUS_killed -> init_timer() transition, where the timer would
> otherwise stay disarmed until an unrelated event reprogrammed it.
> 
> Signed-off-by: Oleksii Moisieiev <oleksii_moisieiev@epam.com>

Reviewed-by: Juergen Gross <jgross@suse.com>


Juergen

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.