Hi All: This is a rework on the IRQ hardening for virtio which is done previously by the following commits are reverted: 9e35276a5344 ("virtio_pci: harden MSI-X interrupts") 080cd7c3ac87 ("virtio-pci: harden INTX interrupts") The reason is that it depends on the IRQF_NO_AUTOEN which may conflict with the assumption of the affinity managed IRQ that is used by some virtio drivers. And what's more, it is only done for virtio-pci but not other transports. In this rework, I try to implement a general virtio solution which borrows the idea of the INTX hardening by re-using per virtqueue boolean vq->broken and toggle it in virtio_device_ready() and virtio_reset_device(). Then we can simply reuse the existing checks in the vring_interrupt() and return early if the driver is not ready. Note that, I only did compile test on ccw and MMIO transport. Please review. Changes since v1: - Use transport specific irq synchronization method when possible - Drop the module parameter and enable the hardening unconditonally - Tweak the barrier/ordering facilities used in the code - Reanme irq_soft_enabled to driver_ready - Avoid unnecssary IRQ synchornization (e.g during boot) Changes since V2: - add ccw and MMIO support - rename synchronize_vqs() to synchronize_cbs() - switch to re-use vq->broken instead of introducing new device attributes for the future virtqueue reset support - remove unnecssary READ_ONCE()/WRITE_ONCE() - a new patch to remove device triggerable BUG_ON() - more tweaks on the comments Jason Wang (8): virtio: use virtio_reset_device() when possible virtio: introduce config op to synchronize vring callbacks virtio-pci: implement synchronize_cbs() virtio-mmio: implement synchronize_cbs() virtio-ccw: implement synchronize_cbs() virtio: allow to unbreak virtqueue virtio: harden vring IRQ virtio: use WARN_ON() to warning illegal status value Stefano Garzarella (1): virtio: use virtio_device_ready() in virtio_device_restore() drivers/char/virtio_console.c | 2 +- drivers/crypto/virtio/virtio_crypto_core.c | 2 +- drivers/s390/virtio/virtio_ccw.c | 31 ++++++++++++++++-- drivers/virtio/virtio.c | 24 ++++++++++---- drivers/virtio/virtio_mmio.c | 9 +++++ drivers/virtio/virtio_pci_common.c | 2 +- drivers/virtio/virtio_pci_common.h | 2 ++ drivers/virtio/virtio_pci_legacy.c | 1 + drivers/virtio/virtio_pci_modern.c | 2 ++ drivers/virtio/virtio_ring.c | 15 +++++---- include/linux/virtio.h | 2 +- include/linux/virtio_config.h | 38 +++++++++++++++++++++- 12 files changed, 110 insertions(+), 20 deletions(-) -- 2.25.1
Jason Wang
2022-Apr-25 02:44 UTC
[PATCH V3 1/9] virtio: use virtio_device_ready() in virtio_device_restore()
From: Stefano Garzarella <sgarzare at redhat.com> It will allow us to do extension on virtio_device_ready() without duplicating code. Cc: Thomas Gleixner <tglx at linutronix.de> Cc: Peter Zijlstra <peterz at infradead.org> Cc: "Paul E. McKenney" <paulmck at kernel.org> Cc: Marc Zyngier <maz at kernel.org> Cc: Halil Pasic <pasic at linux.ibm.com> Cc: Cornelia Huck <cohuck at redhat.com> Signed-off-by: Stefano Garzarella <sgarzare at redhat.com> Signed-off-by: Jason Wang <jasowang at redhat.com> --- drivers/virtio/virtio.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c index 22f15f444f75..75c8d560bbd3 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c @@ -526,8 +526,9 @@ int virtio_device_restore(struct virtio_device *dev) goto err; } - /* Finally, tell the device we're all set */ - virtio_add_status(dev, VIRTIO_CONFIG_S_DRIVER_OK); + /* If restore didn't do it, mark device DRIVER_OK ourselves. */ + if (!(dev->config->get_status(dev) & VIRTIO_CONFIG_S_DRIVER_OK)) + virtio_device_ready(dev); virtio_config_enable(dev); -- 2.25.1
Jason Wang
2022-Apr-25 02:44 UTC
[PATCH V3 2/9] virtio: use virtio_reset_device() when possible
This allows us to do common extension without duplicating code. Cc: Thomas Gleixner <tglx at linutronix.de> Cc: Peter Zijlstra <peterz at infradead.org> Cc: "Paul E. McKenney" <paulmck at kernel.org> Cc: Marc Zyngier <maz at kernel.org> Cc: Halil Pasic <pasic at linux.ibm.com> Cc: Cornelia Huck <cohuck at redhat.com> Signed-off-by: Jason Wang <jasowang at redhat.com> --- drivers/virtio/virtio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c index 75c8d560bbd3..8dde44ea044a 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c @@ -430,7 +430,7 @@ int register_virtio_device(struct virtio_device *dev) /* We always start by resetting the device, in case a previous * driver messed it up. This also tests that code path a little. */ - dev->config->reset(dev); + virtio_reset_device(dev); /* Acknowledge that we've seen the device. */ virtio_add_status(dev, VIRTIO_CONFIG_S_ACKNOWLEDGE); @@ -496,7 +496,7 @@ int virtio_device_restore(struct virtio_device *dev) /* We always start by resetting the device, in case a previous * driver messed it up. */ - dev->config->reset(dev); + virtio_reset_device(dev); /* Acknowledge that we've seen the device. */ virtio_add_status(dev, VIRTIO_CONFIG_S_ACKNOWLEDGE); -- 2.25.1
Jason Wang
2022-Apr-25 02:44 UTC
[PATCH V3 3/9] virtio: introduce config op to synchronize vring callbacks
This patch introduces new virtio config op to vring callbacks. Transport specific method is required to make sure the write before this function is visible to the vring_interrupt() that is called after the return of this function. For the transport that doesn't provide synchronize_vqs(), use synchornize_rcu() which synchronize with IRQ implicitly as a fallback. Cc: Thomas Gleixner <tglx at linutronix.de> Cc: Peter Zijlstra <peterz at infradead.org> Cc: "Paul E. McKenney" <paulmck at kernel.org> Cc: Marc Zyngier <maz at kernel.org> Cc: Halil Pasic <pasic at linux.ibm.com> Cc: Cornelia Huck <cohuck at redhat.com> Signed-off-by: Jason Wang <jasowang at redhat.com> --- include/linux/virtio_config.h | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/include/linux/virtio_config.h b/include/linux/virtio_config.h index b341dd62aa4d..14fe89ff99c7 100644 --- a/include/linux/virtio_config.h +++ b/include/linux/virtio_config.h @@ -57,6 +57,10 @@ struct virtio_shm_region { * include a NULL entry for vqs unused by driver * Returns 0 on success or error status * @del_vqs: free virtqueues found by find_vqs(). + * @synchronize_cbs: synchronize with the virtqueue callbacks (optional) + * Make sure the writes commited before this method is visible to + * vring_interrupt() which is called after this method. + * vdev: the virtio_device * @get_features: get the array of feature bits for this device. * vdev: the virtio_device * Returns the first 64 feature bits (all we currently need). @@ -89,6 +93,7 @@ struct virtio_config_ops { const char * const names[], const bool *ctx, struct irq_affinity *desc); void (*del_vqs)(struct virtio_device *); + void (*synchronize_cbs)(struct virtio_device *); u64 (*get_features)(struct virtio_device *vdev); int (*finalize_features)(struct virtio_device *vdev); const char *(*bus_name)(struct virtio_device *vdev); @@ -217,6 +222,25 @@ int virtio_find_vqs_ctx(struct virtio_device *vdev, unsigned nvqs, desc); } +/** + * virtio_synchronize_cbs - synchronize with virtqueue callbacks + * @vdev: the device + */ +static inline +void virtio_synchronize_cbs(struct virtio_device *dev) +{ + if (dev->config->synchronize_cbs) { + dev->config->synchronize_cbs(dev); + } else { + /* + * A best effort fallback to synchronize with + * interrupts, preemption and softirq. See comment + * above synchronize_rcu(). + */ + synchronize_rcu(); + } +} + /** * virtio_device_ready - enable vq use in probe function * @vdev: the device -- 2.25.1
We can simply reuse vp_synchronize_vectors() for .synchronize_cbs(). Cc: Thomas Gleixner <tglx at linutronix.de> Cc: Peter Zijlstra <peterz at infradead.org> Cc: "Paul E. McKenney" <paulmck at kernel.org> Cc: Marc Zyngier <maz at kernel.org> Cc: Halil Pasic <pasic at linux.ibm.com> Cc: Cornelia Huck <cohuck at redhat.com> Signed-off-by: Jason Wang <jasowang at redhat.com> --- drivers/virtio/virtio_pci_common.h | 2 ++ drivers/virtio/virtio_pci_legacy.c | 1 + drivers/virtio/virtio_pci_modern.c | 2 ++ 3 files changed, 5 insertions(+) diff --git a/drivers/virtio/virtio_pci_common.h b/drivers/virtio/virtio_pci_common.h index eb17a29fc7ef..2b84d5c1b5bc 100644 --- a/drivers/virtio/virtio_pci_common.h +++ b/drivers/virtio/virtio_pci_common.h @@ -105,6 +105,8 @@ static struct virtio_pci_device *to_vp_device(struct virtio_device *vdev) void vp_synchronize_vectors(struct virtio_device *vdev); /* the notify function used when creating a virt queue */ bool vp_notify(struct virtqueue *vq); +/* synchronize with callbacks */ +void vp_synchronize_vqs(struct virtio_device *vdev); /* the config->del_vqs() implementation */ void vp_del_vqs(struct virtio_device *vdev); /* the config->find_vqs() implementation */ diff --git a/drivers/virtio/virtio_pci_legacy.c b/drivers/virtio/virtio_pci_legacy.c index 6f4e34ce96b8..207985107150 100644 --- a/drivers/virtio/virtio_pci_legacy.c +++ b/drivers/virtio/virtio_pci_legacy.c @@ -192,6 +192,7 @@ static const struct virtio_config_ops virtio_pci_config_ops = { .reset = vp_reset, .find_vqs = vp_find_vqs, .del_vqs = vp_del_vqs, + .synchronize_cbs = vp_synchronize_vectors, .get_features = vp_get_features, .finalize_features = vp_finalize_features, .bus_name = vp_bus_name, diff --git a/drivers/virtio/virtio_pci_modern.c b/drivers/virtio/virtio_pci_modern.c index a2671a20ef77..18c2190e3059 100644 --- a/drivers/virtio/virtio_pci_modern.c +++ b/drivers/virtio/virtio_pci_modern.c @@ -394,6 +394,7 @@ static const struct virtio_config_ops virtio_pci_config_nodev_ops = { .reset = vp_reset, .find_vqs = vp_modern_find_vqs, .del_vqs = vp_del_vqs, + .synchronize_cbs = vp_synchronize_vectors, .get_features = vp_get_features, .finalize_features = vp_finalize_features, .bus_name = vp_bus_name, @@ -411,6 +412,7 @@ static const struct virtio_config_ops virtio_pci_config_ops = { .reset = vp_reset, .find_vqs = vp_modern_find_vqs, .del_vqs = vp_del_vqs, + .synchronize_cbs = vp_synchronize_vectors, .get_features = vp_get_features, .finalize_features = vp_finalize_features, .bus_name = vp_bus_name, -- 2.25.1
Simply synchronize the platform irq that is used by us. Cc: Thomas Gleixner <tglx at linutronix.de> Cc: Peter Zijlstra <peterz at infradead.org> Cc: "Paul E. McKenney" <paulmck at kernel.org> Cc: Marc Zyngier <maz at kernel.org> Cc: Halil Pasic <pasic at linux.ibm.com> Cc: Cornelia Huck <cohuck at redhat.com> Signed-off-by: Jason Wang <jasowang at redhat.com> --- drivers/virtio/virtio_mmio.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/virtio/virtio_mmio.c b/drivers/virtio/virtio_mmio.c index 56128b9c46eb..4a3b66e4e198 100644 --- a/drivers/virtio/virtio_mmio.c +++ b/drivers/virtio/virtio_mmio.c @@ -345,6 +345,14 @@ static void vm_del_vqs(struct virtio_device *vdev) free_irq(platform_get_irq(vm_dev->pdev, 0), vm_dev); } + +static void vm_synchronize_cbs(struct virtio_device *vdev) +{ + struct virtio_mmio_device *vm_dev = to_virtio_mmio_device(vdev); + + synchronize_irq(platform_get_irq(vm_dev->pdev, 0)); +} + static struct virtqueue *vm_setup_vq(struct virtio_device *vdev, unsigned index, void (*callback)(struct virtqueue *vq), const char *name, bool ctx) @@ -541,6 +549,7 @@ static const struct virtio_config_ops virtio_mmio_config_ops = { .finalize_features = vm_finalize_features, .bus_name = vm_bus_name, .get_shm_region = vm_get_shm_region, + .synchronize_cbs = vm_synchronize_cbs, }; -- 2.25.1
This patch tries to implement the synchronize_cbs() for ccw. For the vring_interrupt() that is called via virtio_airq_handler(), the synchronization is simply done via the airq_info's lock. For the vring_interrupt() that is called via virtio_ccw_int_handler(), a per device spinlock for irq is introduced ans used in the synchronization method. Cc: Thomas Gleixner <tglx at linutronix.de> Cc: Peter Zijlstra <peterz at infradead.org> Cc: "Paul E. McKenney" <paulmck at kernel.org> Cc: Marc Zyngier <maz at kernel.org> Cc: Halil Pasic <pasic at linux.ibm.com> Cc: Cornelia Huck <cohuck at redhat.com> Signed-off-by: Jason Wang <jasowang at redhat.com> --- drivers/s390/virtio/virtio_ccw.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c index d35e7a3f7067..c19f07a82d62 100644 --- a/drivers/s390/virtio/virtio_ccw.c +++ b/drivers/s390/virtio/virtio_ccw.c @@ -62,6 +62,7 @@ struct virtio_ccw_device { unsigned int revision; /* Transport revision */ wait_queue_head_t wait_q; spinlock_t lock; + spinlock_t irq_lock; struct mutex io_lock; /* Serializes I/O requests */ struct list_head virtqueues; bool is_thinint; @@ -984,6 +985,27 @@ static const char *virtio_ccw_bus_name(struct virtio_device *vdev) return dev_name(&vcdev->cdev->dev); } +static void virtio_ccw_synchronize_cbs(struct virtio_device *vdev) +{ + struct virtio_ccw_device *vcdev = to_vc_device(vdev); + struct airq_info *info = vcdev->airq_info; + + /* + * Synchronize with the vring_interrupt() called by + * virtio_ccw_int_handler(). + */ + spin_lock(&vcdev->irq_lock); + spin_unlock(&vcdev->irq_lock); + + if (info) { + /* + * Synchronize with the vring_interrupt() with airq indicator + */ + write_lock(&info->lock); + write_unlock(&info->lock); + } +} + static const struct virtio_config_ops virtio_ccw_config_ops = { .get_features = virtio_ccw_get_features, .finalize_features = virtio_ccw_finalize_features, @@ -995,6 +1017,7 @@ static const struct virtio_config_ops virtio_ccw_config_ops = { .find_vqs = virtio_ccw_find_vqs, .del_vqs = virtio_ccw_del_vqs, .bus_name = virtio_ccw_bus_name, + .synchronize_cbs = virtio_ccw_synchronize_cbs, }; @@ -1079,6 +1102,7 @@ static void virtio_ccw_int_handler(struct ccw_device *cdev, { __u32 activity = intparm & VIRTIO_CCW_INTPARM_MASK; struct virtio_ccw_device *vcdev = dev_get_drvdata(&cdev->dev); + unsigned long flags; int i; struct virtqueue *vq; @@ -1106,6 +1130,7 @@ static void virtio_ccw_int_handler(struct ccw_device *cdev, vcdev->err = -EIO; } virtio_ccw_check_activity(vcdev, activity); + spin_lock_irqsave(&vcdev->irq_lock, flags); for_each_set_bit(i, indicators(vcdev), sizeof(*indicators(vcdev)) * BITS_PER_BYTE) { /* The bit clear must happen before the vring kick. */ @@ -1114,6 +1139,7 @@ static void virtio_ccw_int_handler(struct ccw_device *cdev, vq = virtio_ccw_vq_by_ind(vcdev, i); vring_interrupt(0, vq); } + spin_unlock_irqrestore(&vcdev->irq_lock, flags); if (test_bit(0, indicators2(vcdev))) { virtio_config_changed(&vcdev->vdev); clear_bit(0, indicators2(vcdev)); @@ -1284,6 +1310,7 @@ static int virtio_ccw_online(struct ccw_device *cdev) init_waitqueue_head(&vcdev->wait_q); INIT_LIST_HEAD(&vcdev->virtqueues); spin_lock_init(&vcdev->lock); + spin_lock_init(&vcdev->irq_lock); mutex_init(&vcdev->io_lock); spin_lock_irqsave(get_ccwdev_lock(cdev), flags); -- 2.25.1
This patch allows the virtio_break_device() to accept a boolean value then we can unbreak the virtqueue. Signed-off-by: Jason Wang <jasowang at redhat.com> --- drivers/char/virtio_console.c | 2 +- drivers/crypto/virtio/virtio_crypto_core.c | 2 +- drivers/s390/virtio/virtio_ccw.c | 4 ++-- drivers/virtio/virtio_pci_common.c | 2 +- drivers/virtio/virtio_ring.c | 4 ++-- include/linux/virtio.h | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c index e3c430539a17..afede977f7b3 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c @@ -1958,7 +1958,7 @@ static void virtcons_remove(struct virtio_device *vdev) spin_unlock_irq(&pdrvdata_lock); /* Device is going away, exit any polling for buffers */ - virtio_break_device(vdev); + virtio_break_device(vdev, true); if (use_multiport(portdev)) flush_work(&portdev->control_work); else diff --git a/drivers/crypto/virtio/virtio_crypto_core.c b/drivers/crypto/virtio/virtio_crypto_core.c index c6f482db0bc0..fd17f3f2e958 100644 --- a/drivers/crypto/virtio/virtio_crypto_core.c +++ b/drivers/crypto/virtio/virtio_crypto_core.c @@ -215,7 +215,7 @@ static int virtcrypto_update_status(struct virtio_crypto *vcrypto) dev_warn(&vcrypto->vdev->dev, "Unknown status bits: 0x%x\n", status); - virtio_break_device(vcrypto->vdev); + virtio_break_device(vcrypto->vdev, true); return -EPERM; } diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c index c19f07a82d62..9a963f5af5b5 100644 --- a/drivers/s390/virtio/virtio_ccw.c +++ b/drivers/s390/virtio/virtio_ccw.c @@ -1211,7 +1211,7 @@ static void virtio_ccw_remove(struct ccw_device *cdev) if (vcdev && cdev->online) { if (vcdev->device_lost) - virtio_break_device(&vcdev->vdev); + virtio_break_device(&vcdev->vdev, true); unregister_virtio_device(&vcdev->vdev); spin_lock_irqsave(get_ccwdev_lock(cdev), flags); dev_set_drvdata(&cdev->dev, NULL); @@ -1228,7 +1228,7 @@ static int virtio_ccw_offline(struct ccw_device *cdev) if (!vcdev) return 0; if (vcdev->device_lost) - virtio_break_device(&vcdev->vdev); + virtio_break_device(&vcdev->vdev, true); unregister_virtio_device(&vcdev->vdev); spin_lock_irqsave(get_ccwdev_lock(cdev), flags); dev_set_drvdata(&cdev->dev, NULL); diff --git a/drivers/virtio/virtio_pci_common.c b/drivers/virtio/virtio_pci_common.c index d724f676608b..39a711ddff30 100644 --- a/drivers/virtio/virtio_pci_common.c +++ b/drivers/virtio/virtio_pci_common.c @@ -583,7 +583,7 @@ static void virtio_pci_remove(struct pci_dev *pci_dev) * layers can abort any ongoing operation. */ if (!pci_device_is_present(pci_dev)) - virtio_break_device(&vp_dev->vdev); + virtio_break_device(&vp_dev->vdev, true); pci_disable_sriov(pci_dev); diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c index cfb028ca238e..6da13495a70c 100644 --- a/drivers/virtio/virtio_ring.c +++ b/drivers/virtio/virtio_ring.c @@ -2382,7 +2382,7 @@ EXPORT_SYMBOL_GPL(virtqueue_is_broken); * This should prevent the device from being used, allowing drivers to * recover. You may need to grab appropriate locks to flush. */ -void virtio_break_device(struct virtio_device *dev) +void virtio_break_device(struct virtio_device *dev, bool broken) { struct virtqueue *_vq; @@ -2391,7 +2391,7 @@ void virtio_break_device(struct virtio_device *dev) struct vring_virtqueue *vq = to_vvq(_vq); /* Pairs with READ_ONCE() in virtqueue_is_broken(). */ - WRITE_ONCE(vq->broken, true); + WRITE_ONCE(vq->broken, broken); } spin_unlock(&dev->vqs_list_lock); } diff --git a/include/linux/virtio.h b/include/linux/virtio.h index 5464f398912a..24bff3b314c8 100644 --- a/include/linux/virtio.h +++ b/include/linux/virtio.h @@ -130,7 +130,7 @@ int register_virtio_device(struct virtio_device *dev); void unregister_virtio_device(struct virtio_device *dev); bool is_virtio_device(struct device *dev); -void virtio_break_device(struct virtio_device *dev); +void virtio_break_device(struct virtio_device *dev, bool broken); void virtio_config_changed(struct virtio_device *dev); #ifdef CONFIG_PM_SLEEP -- 2.25.1
This is a rework on the previous IRQ hardening that is done for virtio-pci where several drawbacks were found and were reverted: 1) try to use IRQF_NO_AUTOEN which is not friendly to affinity managed IRQ that is used by some device such as virtio-blk 2) done only for PCI transport The vq->broken is re-used in this patch for implementing the IRQ hardening. The vq->broken is set to true during both initialization and reset. And the vq->broken is set to false in virtio_device_ready(). Then vring_interrupt can check and return when vq->broken is true. And in this case, switch to return IRQ_NONE to let the interrupt core aware of such invalid interrupt to prevent IRQ storm. The reason of using a per queue variable instead of a per device one is that we may need it for per queue reset hardening in the future. Note that the hardening is only done for vring interrupt since the config interrupt hardening is already done in commit 22b7050a024d7 ("virtio: defer config changed notifications"). But the method that is used by config interrupt can't be reused by the vring interrupt handler because it uses spinlock to do the synchronization which is expensive. Cc: Thomas Gleixner <tglx at linutronix.de> Cc: Peter Zijlstra <peterz at infradead.org> Cc: "Paul E. McKenney" <paulmck at kernel.org> Cc: Marc Zyngier <maz at kernel.org> Cc: Halil Pasic <pasic at linux.ibm.com> Cc: Cornelia Huck <cohuck at redhat.com> Signed-off-by: Jason Wang <jasowang at redhat.com> --- drivers/virtio/virtio.c | 15 ++++++++++++--- drivers/virtio/virtio_ring.c | 11 +++++++---- include/linux/virtio_config.h | 12 ++++++++++++ 3 files changed, 31 insertions(+), 7 deletions(-) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c index 8dde44ea044a..f575df1f85d0 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c @@ -220,6 +220,15 @@ static int virtio_features_ok(struct virtio_device *dev) * */ void virtio_reset_device(struct virtio_device *dev) { + /* + * The below virtio_synchronize_cbs() guarantees that any + * interrupt for this line arriving after + * virtio_synchronize_vqs() has completed is guaranteed to see + * driver_ready == false. + */ + virtio_break_device(dev, true); + virtio_synchronize_cbs(dev); + dev->config->reset(dev); } EXPORT_SYMBOL_GPL(virtio_reset_device); @@ -428,6 +437,9 @@ int register_virtio_device(struct virtio_device *dev) dev->config_enabled = false; dev->config_change_pending = false; + INIT_LIST_HEAD(&dev->vqs); + spin_lock_init(&dev->vqs_list_lock); + /* We always start by resetting the device, in case a previous * driver messed it up. This also tests that code path a little. */ virtio_reset_device(dev); @@ -435,9 +447,6 @@ int register_virtio_device(struct virtio_device *dev) /* Acknowledge that we've seen the device. */ virtio_add_status(dev, VIRTIO_CONFIG_S_ACKNOWLEDGE); - INIT_LIST_HEAD(&dev->vqs); - spin_lock_init(&dev->vqs_list_lock); - /* * device_add() causes the bus infrastructure to look for a matching * driver. diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c index 6da13495a70c..12f5fe2ee8ef 100644 --- a/drivers/virtio/virtio_ring.c +++ b/drivers/virtio/virtio_ring.c @@ -1690,7 +1690,7 @@ static struct virtqueue *vring_create_virtqueue_packed( vq->we_own_ring = true; vq->notify = notify; vq->weak_barriers = weak_barriers; - vq->broken = false; + vq->broken = true; vq->last_used_idx = 0; vq->event_triggered = false; vq->num_added = 0; @@ -2136,8 +2136,11 @@ irqreturn_t vring_interrupt(int irq, void *_vq) return IRQ_NONE; } - if (unlikely(vq->broken)) - return IRQ_HANDLED; + if (unlikely(vq->broken)) { + dev_warn_once(&vq->vq.vdev->dev, + "virtio vring IRQ raised before DRIVER_OK"); + return IRQ_NONE; + } /* Just a hint for performance: so it's ok that this can be racy! */ if (vq->event) @@ -2179,7 +2182,7 @@ struct virtqueue *__vring_new_virtqueue(unsigned int index, vq->we_own_ring = false; vq->notify = notify; vq->weak_barriers = weak_barriers; - vq->broken = false; + vq->broken = true; vq->last_used_idx = 0; vq->event_triggered = false; vq->num_added = 0; diff --git a/include/linux/virtio_config.h b/include/linux/virtio_config.h index 14fe89ff99c7..3e2bc8aff51e 100644 --- a/include/linux/virtio_config.h +++ b/include/linux/virtio_config.h @@ -255,6 +255,18 @@ void virtio_device_ready(struct virtio_device *dev) unsigned status = dev->config->get_status(dev); BUG_ON(status & VIRTIO_CONFIG_S_DRIVER_OK); + + /* + * The virtio_synchronize_cbs() makes sure vring_interrupt() + * will see the driver specific setup if it sees vq->broken + * as false. + */ + virtio_synchronize_cbs(dev); + virtio_break_device(dev, false); + /* + * The transport is expected ensure the visibility of + * vq->broken before setting VIRTIO_CONFIG_S_DRIVER_OK. + */ dev->config->set_status(dev, status | VIRTIO_CONFIG_S_DRIVER_OK); } -- 2.25.1
Jason Wang
2022-Apr-25 02:44 UTC
[PATCH V3 9/9] virtio: use WARN_ON() to warning illegal status value
We used to use BUG_ON() in virtio_device_ready() to detect illegal status value, this seems sub-optimal since the value is under the control of the device. Switch to use WARN_ON() instead. Cc: Thomas Gleixner <tglx at linutronix.de> Cc: Peter Zijlstra <peterz at infradead.org> Cc: "Paul E. McKenney" <paulmck at kernel.org> Cc: Marc Zyngier <maz at kernel.org> Cc: Halil Pasic <pasic at linux.ibm.com> Cc: Cornelia Huck <cohuck at redhat.com> Signed-off-by: Jason Wang <jasowang at redhat.com> --- include/linux/virtio_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/virtio_config.h b/include/linux/virtio_config.h index 3e2bc8aff51e..b0010b2ca7c2 100644 --- a/include/linux/virtio_config.h +++ b/include/linux/virtio_config.h @@ -254,7 +254,7 @@ void virtio_device_ready(struct virtio_device *dev) { unsigned status = dev->config->get_status(dev); - BUG_ON(status & VIRTIO_CONFIG_S_DRIVER_OK); + WARN_ON(status & VIRTIO_CONFIG_S_DRIVER_OK); /* * The virtio_synchronize_cbs() makes sure vring_interrupt() -- 2.25.1
On Mon, Apr 25, 2022 at 10:44 AM Jason Wang <jasowang at redhat.com> wrote:> > Hi All: >Forgot to add Xuan to the series. Thanks> This is a rework on the IRQ hardening for virtio which is done > previously by the following commits are reverted: > > 9e35276a5344 ("virtio_pci: harden MSI-X interrupts") > 080cd7c3ac87 ("virtio-pci: harden INTX interrupts") > > The reason is that it depends on the IRQF_NO_AUTOEN which may conflict > with the assumption of the affinity managed IRQ that is used by some > virtio drivers. And what's more, it is only done for virtio-pci but > not other transports. > > In this rework, I try to implement a general virtio solution which > borrows the idea of the INTX hardening by re-using per virtqueue > boolean vq->broken and toggle it in virtio_device_ready() and > virtio_reset_device(). Then we can simply reuse the existing checks in > the vring_interrupt() and return early if the driver is not ready. > > Note that, I only did compile test on ccw and MMIO transport. > > Please review. > > Changes since v1: > > - Use transport specific irq synchronization method when possible > - Drop the module parameter and enable the hardening unconditonally > - Tweak the barrier/ordering facilities used in the code > - Reanme irq_soft_enabled to driver_ready > - Avoid unnecssary IRQ synchornization (e.g during boot) > > Changes since V2: > > - add ccw and MMIO support > - rename synchronize_vqs() to synchronize_cbs() > - switch to re-use vq->broken instead of introducing new device > attributes for the future virtqueue reset support > - remove unnecssary READ_ONCE()/WRITE_ONCE() > - a new patch to remove device triggerable BUG_ON() > - more tweaks on the comments > > Jason Wang (8): > virtio: use virtio_reset_device() when possible > virtio: introduce config op to synchronize vring callbacks > virtio-pci: implement synchronize_cbs() > virtio-mmio: implement synchronize_cbs() > virtio-ccw: implement synchronize_cbs() > virtio: allow to unbreak virtqueue > virtio: harden vring IRQ > virtio: use WARN_ON() to warning illegal status value > > Stefano Garzarella (1): > virtio: use virtio_device_ready() in virtio_device_restore() > > drivers/char/virtio_console.c | 2 +- > drivers/crypto/virtio/virtio_crypto_core.c | 2 +- > drivers/s390/virtio/virtio_ccw.c | 31 ++++++++++++++++-- > drivers/virtio/virtio.c | 24 ++++++++++---- > drivers/virtio/virtio_mmio.c | 9 +++++ > drivers/virtio/virtio_pci_common.c | 2 +- > drivers/virtio/virtio_pci_common.h | 2 ++ > drivers/virtio/virtio_pci_legacy.c | 1 + > drivers/virtio/virtio_pci_modern.c | 2 ++ > drivers/virtio/virtio_ring.c | 15 +++++---- > include/linux/virtio.h | 2 +- > include/linux/virtio_config.h | 38 +++++++++++++++++++++- > 12 files changed, 110 insertions(+), 20 deletions(-) > > -- > 2.25.1 > >