Re: [PATCH 4/5] virtio: introduce a vDPA based transport
On 2020/1/17 下午10:00, Jason Gunthorpe wrote: On Fri, Jan 17, 2020 at 05:32:35PM +0800, Jason Wang wrote: + const struct vdpa_config_ops *ops = vdpa->config; + struct virtio_vdpa_device *vd_dev; + int rc; + + vd_dev = devm_kzalloc(dev, sizeof(*vd_dev), GFP_KERNEL); + if (!vd_dev) + return -ENOMEM; This is not right, the struct device lifetime is controled by a kref, not via devm. If you want to use a devm unwind then the unwind is put_device, not devm_kfree. I'm not sure I get the point here. The lifetime is bound to underlying vDPA device and devres allow to be freed before the vpda device is released. But I agree using devres of underlying vdpa device looks wired. Once device_initialize is called the only way to free a struct device is via put_device, while here you have a devm trigger that will unconditionally do kfree on a struct device without respecting the reference count. reference counted memory must never be allocated with devm. Right, fixed. + vd_dev->vdev.dev.release = virtio_vdpa_release_dev; + vd_dev->vdev.config = &virtio_vdpa_config_ops; + vd_dev->vdpa = vdpa; + INIT_LIST_HEAD(&vd_dev->virtqueues); + spin_lock_init(&vd_dev->lock); + + vd_dev->vdev.id.device = ops->get_device_id(vdpa); + if (vd_dev->vdev.id.device == 0) + return -ENODEV; + + vd_dev->vdev.id.vendor = ops->get_vendor_id(vdpa); + rc = register_virtio_device(&vd_dev->vdev); + if (rc) + put_device(dev); And a ugly unwind like this is why you want to have device_initialize() exposed to the driver, In this context, which "driver" did you mean here? (Note, virtio-vdpa is the driver for vDPA bus here). 'driver' is the thing using the 'core' library calls to implement a device, so here the 'vd_dev' is the driver and 'register_virtio_device' is the core Ok. Where is the various THIS_MODULE's I expect to see in a scheme like this? All function pointers must be protected by a held module reference count, ie the above probe/remove and all the pointers in ops. Will double check, since I don't see this in other virtio transport drivers (PCI or MMIO). pci_register_driver is a macro that provides a THIS_MODULE, and the pci core code sets driver.owner, then the rest of the stuff related to driver ops is supposed to work against that to protect the driver ops. For the device module refcounting you either need to ensure that 'unregister' is a strong fence and guanentees that no device ops are called past unregister (noting that this is impossible for release), or you need to hold the module lock until release. It is common to see non-core subsystems get this stuff wrong. Jason Ok. I see. Thanks ___ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
Re: [PATCH 4/5] virtio: introduce a vDPA based transport
On Fri, Jan 17, 2020 at 05:32:35PM +0800, Jason Wang wrote: > > > > > + const struct vdpa_config_ops *ops = vdpa->config; > > > + struct virtio_vdpa_device *vd_dev; > > > + int rc; > > > + > > > + vd_dev = devm_kzalloc(dev, sizeof(*vd_dev), GFP_KERNEL); > > > + if (!vd_dev) > > > + return -ENOMEM; > > This is not right, the struct device lifetime is controled by a kref, > > not via devm. If you want to use a devm unwind then the unwind is > > put_device, not devm_kfree. > > I'm not sure I get the point here. The lifetime is bound to underlying vDPA > device and devres allow to be freed before the vpda device is released. But > I agree using devres of underlying vdpa device looks wired. Once device_initialize is called the only way to free a struct device is via put_device, while here you have a devm trigger that will unconditionally do kfree on a struct device without respecting the reference count. reference counted memory must never be allocated with devm. > > > + vd_dev->vdev.dev.release = virtio_vdpa_release_dev; > > > + vd_dev->vdev.config = &virtio_vdpa_config_ops; > > > + vd_dev->vdpa = vdpa; > > > + INIT_LIST_HEAD(&vd_dev->virtqueues); > > > + spin_lock_init(&vd_dev->lock); > > > + > > > + vd_dev->vdev.id.device = ops->get_device_id(vdpa); > > > + if (vd_dev->vdev.id.device == 0) > > > + return -ENODEV; > > > + > > > + vd_dev->vdev.id.vendor = ops->get_vendor_id(vdpa); > > > + rc = register_virtio_device(&vd_dev->vdev); > > > + if (rc) > > > + put_device(dev); > > And a ugly unwind like this is why you want to have device_initialize() > > exposed to the driver, > > In this context, which "driver" did you mean here? (Note, virtio-vdpa is the > driver for vDPA bus here). 'driver' is the thing using the 'core' library calls to implement a device, so here the 'vd_dev' is the driver and 'register_virtio_device' is the core > > > > Where is the various THIS_MODULE's I expect to see in a scheme like > > this? > > > > All function pointers must be protected by a held module reference > > count, ie the above probe/remove and all the pointers in ops. > > Will double check, since I don't see this in other virtio transport drivers > (PCI or MMIO). pci_register_driver is a macro that provides a THIS_MODULE, and the pci core code sets driver.owner, then the rest of the stuff related to driver ops is supposed to work against that to protect the driver ops. For the device module refcounting you either need to ensure that 'unregister' is a strong fence and guanentees that no device ops are called past unregister (noting that this is impossible for release), or you need to hold the module lock until release. It is common to see non-core subsystems get this stuff wrong. Jason ___ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
Re: [PATCH 4/5] virtio: introduce a vDPA based transport
On 2020/1/16 下午11:38, Jason Gunthorpe wrote: On Thu, Jan 16, 2020 at 08:42:30PM +0800, Jason Wang wrote: diff --git a/drivers/virtio/virtio_vdpa.c b/drivers/virtio/virtio_vdpa.c new file mode 100644 index ..86936e5e7ec3 +++ b/drivers/virtio/virtio_vdpa.c @@ -0,0 +1,400 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * VIRTIO based driver for vDPA device + * + * Copyright (c) 2020, Red Hat. All rights reserved. + * Author: Jason Wang + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define MOD_VERSION "0.1" +#define MOD_AUTHOR "Jason Wang " +#define MOD_DESC "vDPA bus driver for virtio devices" +#define MOD_LICENSE "GPL v2" + +#define to_virtio_vdpa_device(dev) \ + container_of(dev, struct virtio_vdpa_device, vdev) Should be a static function Ok. +struct virtio_vdpa_device { + struct virtio_device vdev; + struct vdpa_device *vdpa; + u64 features; + + /* The lock to protect virtqueue list */ + spinlock_t lock; + /* List of virtio_vdpa_vq_info */ + struct list_head virtqueues; +}; + +struct virtio_vdpa_vq_info { + /* the actual virtqueue */ + struct virtqueue *vq; + + /* the list node for the virtqueues list */ + struct list_head node; +}; + +static struct vdpa_device *vd_get_vdpa(struct virtio_device *vdev) +{ + struct virtio_vdpa_device *vd_dev = to_virtio_vdpa_device(vdev); + struct vdpa_device *vdpa = vd_dev->vdpa; + + return vdpa; Bit of a long way to say return to_virtio_vdpa_device(vdev)->vdpa ? Right. +err_vq: + vring_del_virtqueue(vq); +error_new_virtqueue: + ops->set_vq_ready(vdpa, index, 0); + WARN_ON(ops->get_vq_ready(vdpa, index)); A warn_on during error unwind? Sketchy, deserves a comment I think Yes, it's a hint of bug in the vDPA driver. Will add a comment. +static void virtio_vdpa_release_dev(struct device *_d) +{ + struct virtio_device *vdev = + container_of(_d, struct virtio_device, dev); + struct virtio_vdpa_device *vd_dev = + container_of(vdev, struct virtio_vdpa_device, vdev); + struct vdpa_device *vdpa = vd_dev->vdpa; + + devm_kfree(&vdpa->dev, vd_dev); +} It is unusual for the release function to not be owned by the subsystem, through the class. This is how virtio_pci and virtio_mmio work now. Virtio devices may have different transports which require different release functions. I think this is the reason why virtio I'm not sure there are enough module ref counts to ensure that this function is not unloaded? Let me double check this. Usually to make this all work sanely the subsytem provides some allocation function vdpa_dev = vdpa_alloc_dev(parent, ops, sizeof(struct virtio_vdpa_device)) struct virtio_vdpa_device *priv = vdpa_priv(vdpa_dev) Then the subsystem naturally owns all the memory. Otherwise it gets tricky to ensure that the module doesn't unload before all the krefs are put. I see. + +static int virtio_vdpa_probe(struct device *dev) +{ + struct vdpa_device *vdpa = dev_to_vdpa(dev); The probe function for a class should accept the classes type already, no casting. Right. + const struct vdpa_config_ops *ops = vdpa->config; + struct virtio_vdpa_device *vd_dev; + int rc; + + vd_dev = devm_kzalloc(dev, sizeof(*vd_dev), GFP_KERNEL); + if (!vd_dev) + return -ENOMEM; This is not right, the struct device lifetime is controled by a kref, not via devm. If you want to use a devm unwind then the unwind is put_device, not devm_kfree. I'm not sure I get the point here. The lifetime is bound to underlying vDPA device and devres allow to be freed before the vpda device is released. But I agree using devres of underlying vdpa device looks wired. In this simple situation I don't see a reason to use devm. + vd_dev->vdev.dev.parent = &vdpa->dev; + vd_dev->vdev.dev.release = virtio_vdpa_release_dev; + vd_dev->vdev.config = &virtio_vdpa_config_ops; + vd_dev->vdpa = vdpa; + INIT_LIST_HEAD(&vd_dev->virtqueues); + spin_lock_init(&vd_dev->lock); + + vd_dev->vdev.id.device = ops->get_device_id(vdpa); + if (vd_dev->vdev.id.device == 0) + return -ENODEV; + + vd_dev->vdev.id.vendor = ops->get_vendor_id(vdpa); + rc = register_virtio_device(&vd_dev->vdev); + if (rc) + put_device(dev); And a ugly unwind like this is why you want to have device_initialize() exposed to the driver, In this context, which "driver" did you mean here? (Note, virtio-vdpa is the driver for vDPA bus here). so there is a clear pairing that calling device_initialize() must be followed by put_device. This should also use the goto unwind style + else + dev_set_drvdata(dev, vd_dev); + + return rc; +} + +static void
Re: [PATCH 4/5] virtio: introduce a vDPA based transport
Hi, On 1/16/20 4:42 AM, Jason Wang wrote: > diff --git a/drivers/virtio/Kconfig b/drivers/virtio/Kconfig > index 9c4fdb64d9ac..b4276999d17d 100644 > --- a/drivers/virtio/Kconfig > +++ b/drivers/virtio/Kconfig > @@ -43,6 +43,19 @@ config VIRTIO_PCI_LEGACY > > If unsure, say Y. > > +config VIRTIO_VDPA > + tristate "vDPA driver for virtio devices" > + depends on VDPA && VIRTIO > + default n > + help > + This driver provides support for virtio based paravirtual virtio-based > + device driver over vDPA bus. For this to be useful, you need > + an appropriate vDPA device implementation that operates on a > + physical device to allow the datapath of virtio to be use tab + 2 spaces above for indentation, not lots of spaces. > + offloaded to hardware. > + > + If unsure, say M. > + > config VIRTIO_PMEM > tristate "Support for virtio pmem driver" > depends on VIRTIO -- ~Randy ___ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
Re: [PATCH 4/5] virtio: introduce a vDPA based transport
On Thu, Jan 16, 2020 at 08:42:30PM +0800, Jason Wang wrote: > diff --git a/drivers/virtio/virtio_vdpa.c b/drivers/virtio/virtio_vdpa.c > new file mode 100644 > index ..86936e5e7ec3 > +++ b/drivers/virtio/virtio_vdpa.c > @@ -0,0 +1,400 @@ > +// SPDX-License-Identifier: GPL-2.0-only > +/* > + * VIRTIO based driver for vDPA device > + * > + * Copyright (c) 2020, Red Hat. All rights reserved. > + * Author: Jason Wang > + * > + */ > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +#define MOD_VERSION "0.1" > +#define MOD_AUTHOR "Jason Wang " > +#define MOD_DESC "vDPA bus driver for virtio devices" > +#define MOD_LICENSE "GPL v2" > + > +#define to_virtio_vdpa_device(dev) \ > + container_of(dev, struct virtio_vdpa_device, vdev) Should be a static function > +struct virtio_vdpa_device { > + struct virtio_device vdev; > + struct vdpa_device *vdpa; > + u64 features; > + > + /* The lock to protect virtqueue list */ > + spinlock_t lock; > + /* List of virtio_vdpa_vq_info */ > + struct list_head virtqueues; > +}; > + > +struct virtio_vdpa_vq_info { > + /* the actual virtqueue */ > + struct virtqueue *vq; > + > + /* the list node for the virtqueues list */ > + struct list_head node; > +}; > + > +static struct vdpa_device *vd_get_vdpa(struct virtio_device *vdev) > +{ > + struct virtio_vdpa_device *vd_dev = to_virtio_vdpa_device(vdev); > + struct vdpa_device *vdpa = vd_dev->vdpa; > + > + return vdpa; Bit of a long way to say return to_virtio_vdpa_device(vdev)->vdpa ? > +err_vq: > + vring_del_virtqueue(vq); > +error_new_virtqueue: > + ops->set_vq_ready(vdpa, index, 0); > + WARN_ON(ops->get_vq_ready(vdpa, index)); A warn_on during error unwind? Sketchy, deserves a comment I think > +static void virtio_vdpa_release_dev(struct device *_d) > +{ > + struct virtio_device *vdev = > +container_of(_d, struct virtio_device, dev); > + struct virtio_vdpa_device *vd_dev = > +container_of(vdev, struct virtio_vdpa_device, vdev); > + struct vdpa_device *vdpa = vd_dev->vdpa; > + > + devm_kfree(&vdpa->dev, vd_dev); > +} It is unusual for the release function to not be owned by the subsystem, through the class. I'm not sure there are enough module ref counts to ensure that this function is not unloaded? Usually to make this all work sanely the subsytem provides some allocation function vdpa_dev = vdpa_alloc_dev(parent, ops, sizeof(struct virtio_vdpa_device)) struct virtio_vdpa_device *priv = vdpa_priv(vdpa_dev) Then the subsystem naturally owns all the memory. Otherwise it gets tricky to ensure that the module doesn't unload before all the krefs are put. > + > +static int virtio_vdpa_probe(struct device *dev) > +{ > + struct vdpa_device *vdpa = dev_to_vdpa(dev); The probe function for a class should accept the classes type already, no casting. > + const struct vdpa_config_ops *ops = vdpa->config; > + struct virtio_vdpa_device *vd_dev; > + int rc; > + > + vd_dev = devm_kzalloc(dev, sizeof(*vd_dev), GFP_KERNEL); > + if (!vd_dev) > + return -ENOMEM; This is not right, the struct device lifetime is controled by a kref, not via devm. If you want to use a devm unwind then the unwind is put_device, not devm_kfree. In this simple situation I don't see a reason to use devm. > + vd_dev->vdev.dev.parent = &vdpa->dev; > + vd_dev->vdev.dev.release = virtio_vdpa_release_dev; > + vd_dev->vdev.config = &virtio_vdpa_config_ops; > + vd_dev->vdpa = vdpa; > + INIT_LIST_HEAD(&vd_dev->virtqueues); > + spin_lock_init(&vd_dev->lock); > + > + vd_dev->vdev.id.device = ops->get_device_id(vdpa); > + if (vd_dev->vdev.id.device == 0) > + return -ENODEV; > + > + vd_dev->vdev.id.vendor = ops->get_vendor_id(vdpa); > + rc = register_virtio_device(&vd_dev->vdev); > + if (rc) > + put_device(dev); And a ugly unwind like this is why you want to have device_initialize() exposed to the driver, so there is a clear pairing that calling device_initialize() must be followed by put_device. This should also use the goto unwind style > + else > + dev_set_drvdata(dev, vd_dev); > + > + return rc; > +} > + > +static void virtio_vdpa_remove(struct device *dev) > +{ Remove should also already accept the right type > + struct virtio_vdpa_device *vd_dev = dev_get_drvdata(dev); > + > + unregister_virtio_device(&vd_dev->vdev); > +} > + > +static struct vdpa_driver virtio_vdpa_driver = { > + .drv = { > + .name = "virtio_vdpa", > + }, > + .probe = virtio_vdpa_probe, > + .remove = virtio_vdpa_remove, > +}; Still a little unclear on binding, is this supposed to bind to all vdpa devices? Where is the various THIS_MODULE's I expect to see in a scheme like this? All function pointers must be