Jason Wang
2014-Nov-18 03:23 UTC
[PATCH V3 1/2] virtio: introduce methods of sanitizing device features
On 11/17/2014 06:11 PM, Michael S. Tsirkin wrote:> On Mon, Nov 17, 2014 at 10:44:30AM +0100, Cornelia Huck wrote: >> On Mon, 17 Nov 2014 11:37:01 +0200 >> "Michael S. Tsirkin" <mst at redhat.com> wrote: >> >>> On Mon, Nov 17, 2014 at 05:17:17PM +0800, Jason Wang wrote: >>>> Buggy host may advertised buggy host features (a usual case is that host >>>> advertise a feature whose dependencies were missed). In this case, driver >>>> should detect and disable the buggy features by itself. >>>> >>>> This patch introduces driver specific sanitize_features() method which is >>>> called just before features finalizing to detect and disable buggy features >>>> advertised by host. >>>> >>>> Virtio-net will be the first user. >>>> >>>> Cc: Rusty Russell <rusty at rustcorp.com.au> >>>> Cc: Michael S. Tsirkin <mst at redhat.com> >>>> Cc: Cornelia Huck <cornelia.huck at de.ibm.com> >>>> Cc: Wanlong Gao <gaowanlong at cn.fujitsu.com> >>>> Signed-off-by: Jason Wang <jasowang at redhat.com> >>> Hmm this conflicts with virtio 1.0 work: we drop >>> features as bitmap there. >> But that's an implementation detail, no? We'll still need a way for the >> driver to sanitize features, and I think this interface works just fine. > Now that you mention it, I don't think we do. > > The spec is quite explicit that devices must not expose invalid > combinations of features. > > Admittedly, BUG_ON isn't very friendly to hypervisors. > > But e.g. failing probe seems better than trying to work around > hypervisor bugs - otherwise we'll be stuck maintaining compatibility > with hypervisors forever. >I'm ok with failing the probe. But it won't cost big effort to workaround only features dependencies issue. I don't see how this block any further features implementation. Looking at virtio-net, it also depends on network core to fix NETIF_F_* dependencies. There seems no way to get rid of maintaining compatibility, e.g the workarounds for the buggy hypervisor without VIRTIO_F_ANY_LAYOUT support.
Michael S. Tsirkin
2014-Nov-18 11:04 UTC
[PATCH V3 1/2] virtio: introduce methods of sanitizing device features
On Tue, Nov 18, 2014 at 11:23:49AM +0800, Jason Wang wrote:> On 11/17/2014 06:11 PM, Michael S. Tsirkin wrote: > > On Mon, Nov 17, 2014 at 10:44:30AM +0100, Cornelia Huck wrote: > >> On Mon, 17 Nov 2014 11:37:01 +0200 > >> "Michael S. Tsirkin" <mst at redhat.com> wrote: > >> > >>> On Mon, Nov 17, 2014 at 05:17:17PM +0800, Jason Wang wrote: > >>>> Buggy host may advertised buggy host features (a usual case is that host > >>>> advertise a feature whose dependencies were missed). In this case, driver > >>>> should detect and disable the buggy features by itself. > >>>> > >>>> This patch introduces driver specific sanitize_features() method which is > >>>> called just before features finalizing to detect and disable buggy features > >>>> advertised by host. > >>>> > >>>> Virtio-net will be the first user. > >>>> > >>>> Cc: Rusty Russell <rusty at rustcorp.com.au> > >>>> Cc: Michael S. Tsirkin <mst at redhat.com> > >>>> Cc: Cornelia Huck <cornelia.huck at de.ibm.com> > >>>> Cc: Wanlong Gao <gaowanlong at cn.fujitsu.com> > >>>> Signed-off-by: Jason Wang <jasowang at redhat.com> > >>> Hmm this conflicts with virtio 1.0 work: we drop > >>> features as bitmap there. > >> But that's an implementation detail, no? We'll still need a way for the > >> driver to sanitize features, and I think this interface works just fine. > > Now that you mention it, I don't think we do. > > > > The spec is quite explicit that devices must not expose invalid > > combinations of features. > > > > Admittedly, BUG_ON isn't very friendly to hypervisors. > > > > But e.g. failing probe seems better than trying to work around > > hypervisor bugs - otherwise we'll be stuck maintaining compatibility > > with hypervisors forever. > > > > I'm ok with failing the probe. > > But it won't cost big effort to workaround only features dependencies > issue.>From experience, second-guessing user always adds maintainance.> I don't see how this block any further features implementation. > Looking at virtio-net, it also depends on network core to fix NETIF_F_* > dependencies.That code is common for all drivers, so it was moved to core.> There seems no way to get rid of maintaining compatibility, e.g the > workarounds for the buggy hypervisor without VIRTIO_F_ANY_LAYOUT support.Right - because too many hypervisors shipped without it, it's too much work to fix them all. No such motivation here, right? -- MST
Jason Wang
2014-Nov-19 03:00 UTC
[PATCH V3 1/2] virtio: introduce methods of sanitizing device features
On 11/18/2014 07:04 PM, Michael S. Tsirkin wrote:> On Tue, Nov 18, 2014 at 11:23:49AM +0800, Jason Wang wrote: >> On 11/17/2014 06:11 PM, Michael S. Tsirkin wrote: >>> On Mon, Nov 17, 2014 at 10:44:30AM +0100, Cornelia Huck wrote: >>>> On Mon, 17 Nov 2014 11:37:01 +0200 >>>> "Michael S. Tsirkin" <mst at redhat.com> wrote: >>>> >>>>> On Mon, Nov 17, 2014 at 05:17:17PM +0800, Jason Wang wrote: >>>>>> Buggy host may advertised buggy host features (a usual case is that host >>>>>> advertise a feature whose dependencies were missed). In this case, driver >>>>>> should detect and disable the buggy features by itself. >>>>>> >>>>>> This patch introduces driver specific sanitize_features() method which is >>>>>> called just before features finalizing to detect and disable buggy features >>>>>> advertised by host. >>>>>> >>>>>> Virtio-net will be the first user. >>>>>> >>>>>> Cc: Rusty Russell <rusty at rustcorp.com.au> >>>>>> Cc: Michael S. Tsirkin <mst at redhat.com> >>>>>> Cc: Cornelia Huck <cornelia.huck at de.ibm.com> >>>>>> Cc: Wanlong Gao <gaowanlong at cn.fujitsu.com> >>>>>> Signed-off-by: Jason Wang <jasowang at redhat.com> >>>>> Hmm this conflicts with virtio 1.0 work: we drop >>>>> features as bitmap there. >>>> But that's an implementation detail, no? We'll still need a way for the >>>> driver to sanitize features, and I think this interface works just fine. >>> Now that you mention it, I don't think we do. >>> >>> The spec is quite explicit that devices must not expose invalid >>> combinations of features. >>> >>> Admittedly, BUG_ON isn't very friendly to hypervisors. >>> >>> But e.g. failing probe seems better than trying to work around >>> hypervisor bugs - otherwise we'll be stuck maintaining compatibility >>> with hypervisors forever. >>> >> I'm ok with failing the probe. >> >> But it won't cost big effort to workaround only features dependencies >> issue. > From experience, second-guessing user always adds maintainance. > >> I don't see how this block any further features implementation. >> Looking at virtio-net, it also depends on network core to fix NETIF_F_* >> dependencies. > That code is common for all drivers, so it was moved to core. > >> There seems no way to get rid of maintaining compatibility, e.g the >> workarounds for the buggy hypervisor without VIRTIO_F_ANY_LAYOUT support. > Right - because too many hypervisors shipped without it, it's too > much work to fix them all. > No such motivation here, right? >Right, will post the patch that just fail the probe of virtio-net. Thanks
Maybe Matching Threads
- [PATCH V3 1/2] virtio: introduce methods of sanitizing device features
- [PATCH V3 1/2] virtio: introduce methods of sanitizing device features
- [PATCH V3 1/2] virtio: introduce methods of sanitizing device features
- [PATCH V3 1/2] virtio: introduce methods of sanitizing device features
- [PATCH V3 1/2] virtio: introduce methods of sanitizing device features