From: "Michael S. Tsirkin" <mst@redhat.com>
To: Rusty Russell <rusty@rustcorp.com.au>
Cc: "Sjur Brændeland" <sjurbren@gmail.com>,
"Linus Walleij" <linus.walleij@linaro.org>,
linux-kernel@vger.kernel.org,
virtualization@lists.linux-foundation.org,
"Amit Shah" <amit.shah@redhat.com>
Subject: Re: [RFC 1/2] virtio_console: Add support for DMA memory allocation
Date: Tue, 11 Sep 2012 01:11:11 +0300 [thread overview]
Message-ID: <20120910221111.GA21854@redhat.com> (raw)
In-Reply-To: <20120906052735.GB17656@redhat.com>
On Thu, Sep 06, 2012 at 08:27:35AM +0300, Michael S. Tsirkin wrote:
> On Thu, Sep 06, 2012 at 11:34:25AM +0930, Rusty Russell wrote:
> > "Michael S. Tsirkin" <mst@redhat.com> writes:
> > > On Tue, Sep 04, 2012 at 06:58:47PM +0200, Sjur Brændeland wrote:
> > >> Hi Michael,
> > >>
> > >> > Exactly. Though if we just fail load it will be much less code.
> > >> >
> > >> > Generally, using a feature bit for this is a bit of a problem though:
> > >> > normally driver is expected to be able to simply ignore
> > >> > a feature bit. In this case driver is required to
> > >> > do something so a feature bit is not a good fit.
> > >> > I am not sure what the right thing to do is.
> > >>
> > >> I see - so in order to avoid the binding between driver and device
> > >> there are two options I guess. Either make virtio_dev_match() or
> > >> virtcons_probe() fail. Neither of them seems like the obvious choice.
> > >>
> > >> Maybe adding a check for VIRTIO_CONSOLE_F_DMA_MEM match
> > >> between device and driver in virtcons_probe() is the lesser evil?
> > >>
> > >> Regards,
> > >> Sjur
> > >
> > > A simplest thing to do is change dev id. rusty?
> >
> > For generic usage, this is correct. But my opinion is that fallback on
> > feature non-ack is quality-of-implementation issue: great to have, but
> > there are cases where you just want to fail with "you're too old".
> >
> > And in this case, an old system simply will never work. So it's a
> > question of how graceful the failure is.
> >
> > Can your userspace loader can refuse to proceed if the driver doesn't
> > ack the bits? If so, it's simpler than a whole new ID.
> >
> > Cheers,
> > Rusty.
>
> Yes but how can it signal guest that it will never proceed?
>
> Also grep for BUG_ON in core found this:
>
> drv->remove(dev);
>
> /* Driver should have reset device. */
> BUG_ON(dev->config->get_status(dev));
>
> I think below is what Sjur refers to.
> I think below is a good idea for 3.6. Thoughts?
>
> --->
>
> virtio: don't crash when device is buggy
>
> Because of a sanity check in virtio_dev_remove, a buggy device can crash
> kernel. And in case of rproc it's userspace so it's not a good idea.
> We are unloading a driver so how bad can it be?
> Be less aggressive in handling this error: if it's a driver bug,
> warning once should be enough.
>
> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
>
> --
Rusty?
> diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
> index c3b3f7f..1e8659c 100644
> --- a/drivers/virtio/virtio.c
> +++ b/drivers/virtio/virtio.c
> @@ -159,7 +159,7 @@ static int virtio_dev_remove(struct device *_d)
> drv->remove(dev);
>
> /* Driver should have reset device. */
> - BUG_ON(dev->config->get_status(dev));
> + WARN_ON_ONCE(dev->config->get_status(dev));
>
> /* Acknowledge the device's existence again. */
> add_status(dev, VIRTIO_CONFIG_S_ACKNOWLEDGE);
>
> --
> MST
WARNING: multiple messages have this Message-ID (diff)
From: "Michael S. Tsirkin" <mst@redhat.com>
To: Rusty Russell <rusty@rustcorp.com.au>
Cc: "Sjur Brændeland" <sjurbren@gmail.com>,
"Amit Shah" <amit.shah@redhat.com>,
linux-kernel@vger.kernel.org, "Ohad Ben-Cohen" <ohad@wizery.com>,
"Linus Walleij" <linus.walleij@linaro.org>,
virtualization@lists.linux-foundation.org
Subject: Re: [RFC 1/2] virtio_console: Add support for DMA memory allocation
Date: Tue, 11 Sep 2012 01:11:11 +0300 [thread overview]
Message-ID: <20120910221111.GA21854@redhat.com> (raw)
In-Reply-To: <20120906052735.GB17656@redhat.com>
On Thu, Sep 06, 2012 at 08:27:35AM +0300, Michael S. Tsirkin wrote:
> On Thu, Sep 06, 2012 at 11:34:25AM +0930, Rusty Russell wrote:
> > "Michael S. Tsirkin" <mst@redhat.com> writes:
> > > On Tue, Sep 04, 2012 at 06:58:47PM +0200, Sjur Brændeland wrote:
> > >> Hi Michael,
> > >>
> > >> > Exactly. Though if we just fail load it will be much less code.
> > >> >
> > >> > Generally, using a feature bit for this is a bit of a problem though:
> > >> > normally driver is expected to be able to simply ignore
> > >> > a feature bit. In this case driver is required to
> > >> > do something so a feature bit is not a good fit.
> > >> > I am not sure what the right thing to do is.
> > >>
> > >> I see - so in order to avoid the binding between driver and device
> > >> there are two options I guess. Either make virtio_dev_match() or
> > >> virtcons_probe() fail. Neither of them seems like the obvious choice.
> > >>
> > >> Maybe adding a check for VIRTIO_CONSOLE_F_DMA_MEM match
> > >> between device and driver in virtcons_probe() is the lesser evil?
> > >>
> > >> Regards,
> > >> Sjur
> > >
> > > A simplest thing to do is change dev id. rusty?
> >
> > For generic usage, this is correct. But my opinion is that fallback on
> > feature non-ack is quality-of-implementation issue: great to have, but
> > there are cases where you just want to fail with "you're too old".
> >
> > And in this case, an old system simply will never work. So it's a
> > question of how graceful the failure is.
> >
> > Can your userspace loader can refuse to proceed if the driver doesn't
> > ack the bits? If so, it's simpler than a whole new ID.
> >
> > Cheers,
> > Rusty.
>
> Yes but how can it signal guest that it will never proceed?
>
> Also grep for BUG_ON in core found this:
>
> drv->remove(dev);
>
> /* Driver should have reset device. */
> BUG_ON(dev->config->get_status(dev));
>
> I think below is what Sjur refers to.
> I think below is a good idea for 3.6. Thoughts?
>
> --->
>
> virtio: don't crash when device is buggy
>
> Because of a sanity check in virtio_dev_remove, a buggy device can crash
> kernel. And in case of rproc it's userspace so it's not a good idea.
> We are unloading a driver so how bad can it be?
> Be less aggressive in handling this error: if it's a driver bug,
> warning once should be enough.
>
> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
>
> --
Rusty?
> diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
> index c3b3f7f..1e8659c 100644
> --- a/drivers/virtio/virtio.c
> +++ b/drivers/virtio/virtio.c
> @@ -159,7 +159,7 @@ static int virtio_dev_remove(struct device *_d)
> drv->remove(dev);
>
> /* Driver should have reset device. */
> - BUG_ON(dev->config->get_status(dev));
> + WARN_ON_ONCE(dev->config->get_status(dev));
>
> /* Acknowledge the device's existence again. */
> add_status(dev, VIRTIO_CONFIG_S_ACKNOWLEDGE);
>
> --
> MST
next prev parent reply other threads:[~2012-09-10 22:11 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-03 13:51 [RFC 1/2] virtio_console: Add support for DMA memory allocation sjur.brandeland
2012-09-03 13:51 ` [RFC 2/2] virtio_console: Add feature to disable console port sjur.brandeland
2012-09-03 13:51 ` sjur.brandeland
2012-09-03 14:30 ` [RFC 1/2] virtio_console: Add support for DMA memory allocation Michael S. Tsirkin
2012-09-03 14:30 ` Michael S. Tsirkin
2012-09-03 14:57 ` Sjur Brændeland
2012-09-03 14:57 ` Sjur Brændeland
2012-09-03 20:27 ` Michael S. Tsirkin
2012-09-03 20:27 ` Michael S. Tsirkin
2012-09-04 6:07 ` Rusty Russell
2012-09-04 6:07 ` Rusty Russell
2012-09-05 13:00 ` Sjur Brændeland
2012-09-05 13:00 ` Sjur Brændeland
2012-09-05 14:35 ` Michael S. Tsirkin
2012-09-05 14:35 ` Michael S. Tsirkin
2012-09-05 18:15 ` Sjur Brændeland
2012-09-05 18:15 ` Sjur Brændeland
2012-09-05 19:16 ` Michael S. Tsirkin
2012-09-05 19:16 ` Michael S. Tsirkin
2012-09-07 9:24 ` Sjur Brændeland
2012-09-07 9:24 ` Sjur Brændeland
2012-09-04 11:28 ` Sjur Brændeland
2012-09-04 11:28 ` Sjur Brændeland
2012-09-04 13:50 ` Michael S. Tsirkin
2012-09-04 13:50 ` Michael S. Tsirkin
2012-09-04 16:58 ` Sjur Brændeland
2012-09-04 16:58 ` Sjur Brændeland
2012-09-04 18:55 ` Michael S. Tsirkin
2012-09-04 18:55 ` Michael S. Tsirkin
2012-09-06 2:04 ` Rusty Russell
2012-09-06 2:04 ` Rusty Russell
2012-09-06 5:27 ` Michael S. Tsirkin
2012-09-06 5:27 ` Michael S. Tsirkin
2012-09-10 22:11 ` Michael S. Tsirkin [this message]
2012-09-10 22:11 ` Michael S. Tsirkin
2012-09-12 6:24 ` Rusty Russell
2012-09-12 6:24 ` Rusty Russell
2012-09-07 8:35 ` Sjur Brændeland
2012-09-07 8:35 ` Sjur Brændeland
2012-09-16 9:44 ` [PATCH repost] virtio: don't crash when device is buggy Michael S. Tsirkin
2012-09-16 9:44 ` Michael S. Tsirkin
2012-09-17 4:27 ` Rusty Russell
2012-09-17 4:27 ` Rusty Russell
2012-09-18 22:24 ` Michael S. Tsirkin
2012-09-18 22:24 ` Michael S. Tsirkin
2012-09-19 4:10 ` Rusty Russell
2012-09-19 4:10 ` Rusty Russell
-- strict thread matches above, loose matches on Subject: below --
2012-09-03 13:51 [RFC 1/2] virtio_console: Add support for DMA memory allocation sjur.brandeland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120910221111.GA21854@redhat.com \
--to=mst@redhat.com \
--cc=amit.shah@redhat.com \
--cc=linus.walleij@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
--cc=sjurbren@gmail.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.