From: Alex Williamson <alex.williamson@redhat.com>
To: Avi Kivity <avi@redhat.com>
Cc: Jan Kiszka <jan.kiszka@web.de>,
"Michael S. Tsirkin" <mst@redhat.com>,
kvm@vger.kernel.org, jbaron@redhat.com
Subject: Re: [PATCH v2] kvm: Disable MSI/MSI-X in assigned device reset path
Date: Tue, 10 Apr 2012 10:55:45 -0600 [thread overview]
Message-ID: <1334076945.3799.328.camel@bling.home> (raw)
In-Reply-To: <4F829F6C.3060100@redhat.com>
On Mon, 2012-04-09 at 11:35 +0300, Avi Kivity wrote:
> On 04/08/2012 08:37 PM, Jan Kiszka wrote:
> > The core problem is not the ordering. The problem is that the kernel is
> > susceptible to ordering mistakes of userspace. And that is because the
> > kernel panics on PCI errors of devices that are in user hands - a
> > critical kernel bug IMHO.
>
> Certainly. But this userspace patch won't fix it.
No, it won't in general and I don't think it makes sense to mangle
pci-sysfs config space support to the nuances of a user space driver.
We really need a userspace driver interface that limits the config space
interactions and provides a channel to support error reporting and
userspace recovery. This type of thing can be done with VFIO if we
could ever get off the ground and get some consensus around it. Please
feel free to contribute to that discussion if you ever want to get away
from this clunky device assignment interface we have now.
> > Proper reset of MSI or even the whole PCI
> > config space is another issue, but one the kernel should not worry about
> > - still, it should be fixed (therefore this patch).
>
> And I was asking what is the right way to do it. Reset the device and
> read back the register values, or do an emulated reset and push down the
> register values.
Reading back the register values is currently a noop since the kernel
restores the config space to the incoming state after reset. KVM does
stash away the original config space of the device to be restored prior
to releasing the device. We could restore to that each time, but that
would mean implementing a device reset ioctl in kvm, and we'd still need
this patch for compatibility and we still have the issues Michael brings
up with the config restore updating things like MSI that we need to then
manually sync with kvm. I fear suggesting it, but perhaps another way
to achieve this result would be to de-assign and re-assign the device in
reset.
> > But even if we disallowed userland to disable MMIO and PIO access to the
> > device, we would be be able to exclude that there are secrete channels
> > in the device's interface having the same effect. So we likely need to
> > enhance PCI error handling to catch and handle faults for certain
> > devices differently - those we cannot trust to behave properly while
> > they are under userland/guest control.
>
> Why not all of them?
I think Jan is probably suggesting that we do need user space error
handling for all userland/guest controlled devices, but some classes of
errors on certain devices may be handled automatically by the userspace
interface layer... which we could do with VFIO (well, assuming the APEI
spec let's us nak the bios reporting a fatal error). So do we want to
invent new solutions for each of these or do we want to move to a new
interface? Thanks,
Alex
next prev parent reply other threads:[~2012-04-10 16:55 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-05 3:42 [PATCH v2] kvm: Disable MSI/MSI-X in assigned device reset path Alex Williamson
2012-04-05 7:28 ` Jan Kiszka
2012-04-05 9:34 ` Michael S. Tsirkin
2012-04-05 14:42 ` Alex Williamson
2012-04-05 15:04 ` Michael S. Tsirkin
2012-04-08 13:14 ` Avi Kivity
2012-04-08 13:17 ` Michael S. Tsirkin
2012-04-08 13:18 ` Avi Kivity
2012-04-08 13:21 ` Michael S. Tsirkin
2012-04-08 13:24 ` Avi Kivity
2012-04-08 13:30 ` Michael S. Tsirkin
2012-04-08 13:41 ` Avi Kivity
2012-04-08 13:53 ` Michael S. Tsirkin
2012-04-08 14:01 ` Avi Kivity
2012-04-08 14:42 ` Michael S. Tsirkin
2012-04-08 15:26 ` Avi Kivity
2012-04-08 15:46 ` Michael S. Tsirkin
2012-04-08 15:50 ` Avi Kivity
2012-04-08 16:04 ` Michael S. Tsirkin
2012-04-08 16:08 ` Avi Kivity
2012-04-08 17:37 ` Jan Kiszka
2012-04-08 18:18 ` Michael S. Tsirkin
2012-04-08 18:39 ` Jan Kiszka
2012-04-08 20:35 ` Michael S. Tsirkin
2012-04-09 8:35 ` Avi Kivity
2012-04-10 16:55 ` Alex Williamson [this message]
2012-04-16 14:03 ` Alex Williamson
2012-04-16 14:31 ` Avi Kivity
2012-04-16 15:06 ` Michael S. Tsirkin
2012-04-16 15:10 ` Jan Kiszka
2012-04-16 16:08 ` Michael S. Tsirkin
2012-04-16 16:13 ` Jan Kiszka
2012-04-16 16:36 ` Michael S. Tsirkin
2012-04-16 16:38 ` Jan Kiszka
2012-04-16 17:12 ` Michael S. Tsirkin
2012-04-16 18:47 ` Jan Kiszka
2012-04-16 16:12 ` Jason Baron
2012-04-16 16:34 ` Michael S. Tsirkin
2012-04-16 19:07 ` Alex Williamson
2012-04-16 19:47 ` Michael S. Tsirkin
2012-04-17 0:55 ` Marcelo Tosatti
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1334076945.3799.328.camel@bling.home \
--to=alex.williamson@redhat.com \
--cc=avi@redhat.com \
--cc=jan.kiszka@web.de \
--cc=jbaron@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=mst@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox