Add a debugfs function to the migration driver in VFIO to provide
a step-by-step test function for the migration driver.
When the execution of live migration fails, the user can view the
status and data during the migration process separately from the
source and the destination, which is convenient for users to analyze
and locate problems.
Changes v11 -> v12
Update loading conditions of vfio debugfs.
Changes v10 -> v11
Delete the device restore function in debugfs.
Changes v9 -> v10
Update the debugfs file of the live migration driver.
Changes v8 -> v9
Update the debugfs directory structure of vfio.
Changes v7 -> v8
Add support for platform devices.
Changes v6 -> v7
Fix some code style issues.
Changes v5 -> v6
Control the creation of debugfs through the CONFIG_DEBUG_FS.
Changes v4 -> v5
Remove the newly added vfio_migration_ops and use seq_printf
to optimize the implementation of debugfs.
Changes v3 -> v4
Change the migration_debug_operate interface to debug_root file.
Changes v2 -> v3
Extend the debugfs function from hisilicon device to vfio.
Changes v1 -> v2
Change the registration method of root_debugfs to register
with module initialization.
Longfang Liu (4):
vfio/migration: Add debugfs to live migration driver
hisi_acc_vfio_pci: extract public functions for container_of
hisi_acc_vfio_pci: register debugfs for hisilicon migration driver
Documentation: add debugfs description for vfio
.../ABI/testing/debugfs-hisi-migration | 36 ++++
Documentation/ABI/testing/debugfs-vfio | 25 +++
MAINTAINERS | 2 +
drivers/vfio/Makefile | 1 +
.../vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 199 +++++++++++++++++-
.../vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 3 +
drivers/vfio/vfio.h | 14 ++
drivers/vfio/vfio_debugfs.c | 80 +++++++
drivers/vfio/vfio_main.c | 5 +-
include/linux/vfio.h | 7 +
10 files changed, 361 insertions(+), 11 deletions(-)
create mode 100644 Documentation/ABI/testing/debugfs-hisi-migration
create mode 100644 Documentation/ABI/testing/debugfs-vfio
create mode 100644 drivers/vfio/vfio_debugfs.c
--
2.24.0
From: Longfang Liu <[email protected]>
In the current driver, vdev is obtained from struct
hisi_acc_vf_core_device through the container_of function.
This method is used in many places in the driver. In order to
reduce this repetitive operation, I extracted a public function
to replace it.
Signed-off-by: Longfang Liu <[email protected]>
Reviewed-by: Jason Gunthorpe <[email protected]>
---
.../vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 21 ++++++++++---------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c
index b2f9778c8366..242ad319932a 100644
--- a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c
+++ b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c
@@ -630,6 +630,12 @@ static void hisi_acc_vf_disable_fds(struct hisi_acc_vf_core_device *hisi_acc_vde
}
}
+static struct hisi_acc_vf_core_device *hisi_acc_get_vf_dev(struct vfio_device *vdev)
+{
+ return container_of(vdev, struct hisi_acc_vf_core_device,
+ core_device.vdev);
+}
+
/*
* This function is called in all state_mutex unlock cases to
* handle a 'deferred_reset' if exists.
@@ -1042,8 +1048,7 @@ static struct file *
hisi_acc_vfio_pci_set_device_state(struct vfio_device *vdev,
enum vfio_device_mig_state new_state)
{
- struct hisi_acc_vf_core_device *hisi_acc_vdev = container_of(vdev,
- struct hisi_acc_vf_core_device, core_device.vdev);
+ struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(vdev);
enum vfio_device_mig_state next_state;
struct file *res = NULL;
int ret;
@@ -1084,8 +1089,7 @@ static int
hisi_acc_vfio_pci_get_device_state(struct vfio_device *vdev,
enum vfio_device_mig_state *curr_state)
{
- struct hisi_acc_vf_core_device *hisi_acc_vdev = container_of(vdev,
- struct hisi_acc_vf_core_device, core_device.vdev);
+ struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(vdev);
mutex_lock(&hisi_acc_vdev->state_mutex);
*curr_state = hisi_acc_vdev->mig_state;
@@ -1301,8 +1305,7 @@ static long hisi_acc_vfio_pci_ioctl(struct vfio_device *core_vdev, unsigned int
static int hisi_acc_vfio_pci_open_device(struct vfio_device *core_vdev)
{
- struct hisi_acc_vf_core_device *hisi_acc_vdev = container_of(core_vdev,
- struct hisi_acc_vf_core_device, core_device.vdev);
+ struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(core_vdev);
struct vfio_pci_core_device *vdev = &hisi_acc_vdev->core_device;
int ret;
@@ -1325,8 +1328,7 @@ static int hisi_acc_vfio_pci_open_device(struct vfio_device *core_vdev)
static void hisi_acc_vfio_pci_close_device(struct vfio_device *core_vdev)
{
- struct hisi_acc_vf_core_device *hisi_acc_vdev = container_of(core_vdev,
- struct hisi_acc_vf_core_device, core_device.vdev);
+ struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(core_vdev);
struct hisi_qm *vf_qm = &hisi_acc_vdev->vf_qm;
iounmap(vf_qm->io_base);
@@ -1341,8 +1343,7 @@ static const struct vfio_migration_ops hisi_acc_vfio_pci_migrn_state_ops = {
static int hisi_acc_vfio_pci_migrn_init_dev(struct vfio_device *core_vdev)
{
- struct hisi_acc_vf_core_device *hisi_acc_vdev = container_of(core_vdev,
- struct hisi_acc_vf_core_device, core_device.vdev);
+ struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(core_vdev);
struct pci_dev *pdev = to_pci_dev(core_vdev->dev);
struct hisi_qm *pf_qm = hisi_acc_get_pf_qm(pdev);
--
2.24.0
From: Longfang Liu <[email protected]>
On the debugfs framework of VFIO, if the CONFIG_DEBUG_FS macro is
enabled, the debug function is registered for the live migration driver
of the HiSilicon accelerator device.
After registering the HiSilicon accelerator device on the debugfs
framework of live migration of vfio, a directory file "hisi_acc"
of debugfs is created, and then three debug function files are
created in this directory:
data file: used to get the migration data from the driver
attr file: used to get device attributes parameters from the driver
save file: used to read the data of the live migration device and save
it to the driver.
io_test: used to test IO read and write for the driver.
Signed-off-by: Longfang Liu <[email protected]>
---
.../vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 178 ++++++++++++++++++
.../vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 3 +
2 files changed, 181 insertions(+)
diff --git a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c
index 242ad319932a..a811dc237a29 100644
--- a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c
+++ b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c
@@ -15,6 +15,7 @@
#include <linux/anon_inodes.h>
#include "hisi_acc_vfio_pci.h"
+#include "../../vfio.h"
/* Return 0 on VM acc device ready, -ETIMEDOUT hardware timeout */
static int qm_wait_dev_not_ready(struct hisi_qm *qm)
@@ -606,6 +607,18 @@ hisi_acc_check_int_state(struct hisi_acc_vf_core_device *hisi_acc_vdev)
}
}
+static void hisi_acc_vf_migf_save(struct hisi_acc_vf_migration_file *dst_migf,
+ struct hisi_acc_vf_migration_file *src_migf)
+{
+ if (!dst_migf)
+ return;
+
+ dst_migf->disabled = false;
+ dst_migf->total_length = src_migf->total_length;
+ memcpy(&dst_migf->vf_data, &src_migf->vf_data,
+ sizeof(struct acc_vf_data));
+}
+
static void hisi_acc_vf_disable_fd(struct hisi_acc_vf_migration_file *migf)
{
mutex_lock(&migf->lock);
@@ -618,12 +631,16 @@ static void hisi_acc_vf_disable_fd(struct hisi_acc_vf_migration_file *migf)
static void hisi_acc_vf_disable_fds(struct hisi_acc_vf_core_device *hisi_acc_vdev)
{
if (hisi_acc_vdev->resuming_migf) {
+ hisi_acc_vf_migf_save(hisi_acc_vdev->debug_migf,
+ hisi_acc_vdev->resuming_migf);
hisi_acc_vf_disable_fd(hisi_acc_vdev->resuming_migf);
fput(hisi_acc_vdev->resuming_migf->filp);
hisi_acc_vdev->resuming_migf = NULL;
}
if (hisi_acc_vdev->saving_migf) {
+ hisi_acc_vf_migf_save(hisi_acc_vdev->debug_migf,
+ hisi_acc_vdev->saving_migf);
hisi_acc_vf_disable_fd(hisi_acc_vdev->saving_migf);
fput(hisi_acc_vdev->saving_migf->filp);
hisi_acc_vdev->saving_migf = NULL;
@@ -1303,6 +1320,162 @@ static long hisi_acc_vfio_pci_ioctl(struct vfio_device *core_vdev, unsigned int
return vfio_pci_core_ioctl(core_vdev, cmd, arg);
}
+static int hisi_acc_vf_debug_check(struct seq_file *seq, struct vfio_device *vdev)
+{
+ struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(vdev);
+ struct hisi_acc_vf_migration_file *migf = hisi_acc_vdev->debug_migf;
+
+ if (!vdev->mig_ops || !migf) {
+ seq_printf(seq, "%s\n", "device does not support live migration!");
+ return -EINVAL;
+ }
+
+ /* If device not opened, the debugfs operation will trigger calltrace */
+ if (!vdev->open_count) {
+ seq_printf(seq, "%s\n", "device not opened!");
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int hisi_acc_vf_debug_io(struct seq_file *seq, void *data)
+{
+ struct device *vf_dev = seq->private;
+ struct vfio_pci_core_device *core_device = dev_get_drvdata(vf_dev);
+ struct vfio_device *vdev = &core_device->vdev;
+ struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(vdev);
+ struct hisi_qm *vf_qm = &hisi_acc_vdev->vf_qm;
+ u64 value;
+ int ret;
+
+ ret = hisi_acc_vf_debug_check(seq, vdev);
+ if (ret)
+ return 0;
+
+ ret = qm_wait_dev_not_ready(vf_qm);
+ if (ret) {
+ seq_printf(seq, "%s\n", "VF device not ready!");
+ return 0;
+ }
+
+ value = readl(vf_qm->io_base + QM_MB_CMD_SEND_BASE);
+ seq_printf(seq, "%s:0x%llx\n", "debug mailbox val", value);
+
+ return 0;
+}
+
+static int hisi_acc_vf_debug_save(struct seq_file *seq, void *data)
+{
+ struct device *vf_dev = seq->private;
+ struct vfio_pci_core_device *core_device = dev_get_drvdata(vf_dev);
+ struct vfio_device *vdev = &core_device->vdev;
+ struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(vdev);
+ struct hisi_acc_vf_migration_file *migf = hisi_acc_vdev->debug_migf;
+ int ret;
+
+ ret = hisi_acc_vf_debug_check(seq, vdev);
+ if (ret)
+ return 0;
+
+ ret = vf_qm_state_save(hisi_acc_vdev, migf);
+ if (ret) {
+ seq_printf(seq, "%s\n", "failed to save device data!");
+ return 0;
+ }
+ seq_printf(seq, "%s\n", "successful to save device data!");
+
+ return 0;
+}
+
+static int hisi_acc_vf_data_read(struct seq_file *seq, void *data)
+{
+ struct device *vf_dev = seq->private;
+ struct vfio_pci_core_device *core_device = dev_get_drvdata(vf_dev);
+ struct vfio_device *vdev = &core_device->vdev;
+ struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(vdev);
+ struct hisi_acc_vf_migration_file *debug_migf = hisi_acc_vdev->debug_migf;
+ size_t vf_data_sz = offsetofend(struct acc_vf_data, padding);
+
+ if (debug_migf && debug_migf->total_length)
+ seq_hex_dump(seq, "Mig Data:", DUMP_PREFIX_OFFSET, 16, 1,
+ (unsigned char *)&debug_migf->vf_data,
+ vf_data_sz, false);
+ else
+ seq_printf(seq, "%s\n", "device not migrated!");
+
+ return 0;
+}
+
+static int hisi_acc_vf_attr_read(struct seq_file *seq, void *data)
+{
+ struct device *vf_dev = seq->private;
+ struct vfio_pci_core_device *core_device = dev_get_drvdata(vf_dev);
+ struct vfio_device *vdev = &core_device->vdev;
+ struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(vdev);
+ struct hisi_acc_vf_migration_file *debug_migf = hisi_acc_vdev->debug_migf;
+
+ if (debug_migf && debug_migf->total_length) {
+ seq_printf(seq,
+ "acc device:\n"
+ "device state: %d\n"
+ "device ready: %u\n"
+ "data valid: %d\n"
+ "data size: %lu\n",
+ hisi_acc_vdev->mig_state,
+ hisi_acc_vdev->vf_qm_state,
+ debug_migf->disabled,
+ debug_migf->total_length);
+ } else {
+ seq_printf(seq, "%s\n", "device not migrated!");
+ }
+
+ return 0;
+}
+
+static int hisi_acc_vfio_debug_init(struct hisi_acc_vf_core_device *hisi_acc_vdev)
+{
+ struct vfio_device *vdev = &hisi_acc_vdev->core_device.vdev;
+ struct dentry *vfio_dev_migration = NULL;
+ struct dentry *vfio_hisi_acc = NULL;
+ struct device *dev = vdev->dev;
+ void *migf = NULL;
+
+ if (!debugfs_initialized())
+ return 0;
+
+ migf = kzalloc(sizeof(struct hisi_acc_vf_migration_file), GFP_KERNEL);
+ if (!migf)
+ return -ENOMEM;
+ hisi_acc_vdev->debug_migf = migf;
+
+ vfio_dev_migration = debugfs_lookup("migration", vdev->debug_root);
+ if (!vfio_dev_migration) {
+ dev_err(dev, "failed to lookup migration debugfs file!\n");
+ return -ENODEV;
+ }
+
+ vfio_hisi_acc = debugfs_create_dir("hisi_acc", vfio_dev_migration);
+ debugfs_create_devm_seqfile(dev, "data", vfio_hisi_acc,
+ hisi_acc_vf_data_read);
+ debugfs_create_devm_seqfile(dev, "attr", vfio_hisi_acc,
+ hisi_acc_vf_attr_read);
+ debugfs_create_devm_seqfile(dev, "io_test", vfio_hisi_acc,
+ hisi_acc_vf_debug_io);
+ debugfs_create_devm_seqfile(dev, "save", vfio_hisi_acc,
+ hisi_acc_vf_debug_save);
+
+ return 0;
+}
+
+static void hisi_acc_vf_debugfs_exit(struct hisi_acc_vf_core_device *hisi_acc_vdev)
+{
+ if (!debugfs_initialized())
+ return;
+
+ kfree(hisi_acc_vdev->debug_migf);
+}
+
static int hisi_acc_vfio_pci_open_device(struct vfio_device *core_vdev)
{
struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(core_vdev);
@@ -1323,6 +1496,7 @@ static int hisi_acc_vfio_pci_open_device(struct vfio_device *core_vdev)
}
vfio_pci_core_finish_enable(vdev);
+
return 0;
}
@@ -1422,6 +1596,9 @@ static int hisi_acc_vfio_pci_probe(struct pci_dev *pdev, const struct pci_device
ret = vfio_pci_core_register_device(&hisi_acc_vdev->core_device);
if (ret)
goto out_put_vdev;
+
+ if (ops == &hisi_acc_vfio_pci_migrn_ops)
+ hisi_acc_vfio_debug_init(hisi_acc_vdev);
return 0;
out_put_vdev:
@@ -1433,6 +1610,7 @@ static void hisi_acc_vfio_pci_remove(struct pci_dev *pdev)
{
struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_drvdata(pdev);
+ hisi_acc_vf_debugfs_exit(hisi_acc_vdev);
vfio_pci_core_unregister_device(&hisi_acc_vdev->core_device);
vfio_put_device(&hisi_acc_vdev->core_device.vdev);
}
diff --git a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h
index dcabfeec6ca1..93f44bcf53ee 100644
--- a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h
+++ b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h
@@ -113,5 +113,8 @@ struct hisi_acc_vf_core_device {
spinlock_t reset_lock;
struct hisi_acc_vf_migration_file *resuming_migf;
struct hisi_acc_vf_migration_file *saving_migf;
+
+ /* For debugfs */
+ struct hisi_acc_vf_migration_file *debug_migf;
};
#endif /* HISI_ACC_VFIO_PCI_H */
--
2.24.0
On Fri, 28 Jul 2023 15:21:03 +0800
liulongfang <[email protected]> wrote:
> From: Longfang Liu <[email protected]>
>
> On the debugfs framework of VFIO, if the CONFIG_DEBUG_FS macro is
> enabled, the debug function is registered for the live migration driver
> of the HiSilicon accelerator device.
>
> After registering the HiSilicon accelerator device on the debugfs
> framework of live migration of vfio, a directory file "hisi_acc"
> of debugfs is created, and then three debug function files are
> created in this directory:
>
> data file: used to get the migration data from the driver
> attr file: used to get device attributes parameters from the driver
> save file: used to read the data of the live migration device and save
> it to the driver.
> io_test: used to test IO read and write for the driver.
>
> Signed-off-by: Longfang Liu <[email protected]>
> ---
> .../vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 178 ++++++++++++++++++
> .../vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 3 +
> 2 files changed, 181 insertions(+)
>
> diff --git a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c
> index 242ad319932a..a811dc237a29 100644
> --- a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c
> +++ b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c
> @@ -15,6 +15,7 @@
> #include <linux/anon_inodes.h>
>
> #include "hisi_acc_vfio_pci.h"
> +#include "../../vfio.h"
>
> /* Return 0 on VM acc device ready, -ETIMEDOUT hardware timeout */
> static int qm_wait_dev_not_ready(struct hisi_qm *qm)
> @@ -606,6 +607,18 @@ hisi_acc_check_int_state(struct hisi_acc_vf_core_device *hisi_acc_vdev)
> }
> }
>
> +static void hisi_acc_vf_migf_save(struct hisi_acc_vf_migration_file *dst_migf,
> + struct hisi_acc_vf_migration_file *src_migf)
> +{
> + if (!dst_migf)
> + return;
> +
> + dst_migf->disabled = false;
> + dst_migf->total_length = src_migf->total_length;
> + memcpy(&dst_migf->vf_data, &src_migf->vf_data,
> + sizeof(struct acc_vf_data));
> +}
> +
> static void hisi_acc_vf_disable_fd(struct hisi_acc_vf_migration_file *migf)
> {
> mutex_lock(&migf->lock);
> @@ -618,12 +631,16 @@ static void hisi_acc_vf_disable_fd(struct hisi_acc_vf_migration_file *migf)
> static void hisi_acc_vf_disable_fds(struct hisi_acc_vf_core_device *hisi_acc_vdev)
> {
> if (hisi_acc_vdev->resuming_migf) {
> + hisi_acc_vf_migf_save(hisi_acc_vdev->debug_migf,
> + hisi_acc_vdev->resuming_migf);
> hisi_acc_vf_disable_fd(hisi_acc_vdev->resuming_migf);
> fput(hisi_acc_vdev->resuming_migf->filp);
> hisi_acc_vdev->resuming_migf = NULL;
> }
>
> if (hisi_acc_vdev->saving_migf) {
> + hisi_acc_vf_migf_save(hisi_acc_vdev->debug_migf,
> + hisi_acc_vdev->saving_migf);
> hisi_acc_vf_disable_fd(hisi_acc_vdev->saving_migf);
> fput(hisi_acc_vdev->saving_migf->filp);
> hisi_acc_vdev->saving_migf = NULL;
> @@ -1303,6 +1320,162 @@ static long hisi_acc_vfio_pci_ioctl(struct vfio_device *core_vdev, unsigned int
> return vfio_pci_core_ioctl(core_vdev, cmd, arg);
> }
>
> +static int hisi_acc_vf_debug_check(struct seq_file *seq, struct vfio_device *vdev)
> +{
> + struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(vdev);
> + struct hisi_acc_vf_migration_file *migf = hisi_acc_vdev->debug_migf;
> +
> + if (!vdev->mig_ops || !migf) {
> + seq_printf(seq, "%s\n", "device does not support live migration!");
> + return -EINVAL;
> + }
> +
> + /* If device not opened, the debugfs operation will trigger calltrace */
> + if (!vdev->open_count) {
> + seq_printf(seq, "%s\n", "device not opened!");
> + return -EINVAL;
> + }
Following up on the previous reply:
https://lore.kernel.org/all/[email protected]/
>> What prevents this from racing release of the device?
>>
> Now there are only read operations for debugfs. The open_count here only needs
> to be used to prevent read operations when the device is not opened.
> There is no need to deal with competition issues.
The explanation doesn't make sense to me, if we're not protecting that
open_count remains elevated for the code path alluded to in the
comment, then this test is useless. If the calltrace can happen when
the device is not open then it can happen when the device is closed
immediately after this test is performed.
> +
> + return 0;
> +}
> +
> +static int hisi_acc_vf_debug_io(struct seq_file *seq, void *data)
> +{
> + struct device *vf_dev = seq->private;
> + struct vfio_pci_core_device *core_device = dev_get_drvdata(vf_dev);
> + struct vfio_device *vdev = &core_device->vdev;
> + struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(vdev);
> + struct hisi_qm *vf_qm = &hisi_acc_vdev->vf_qm;
> + u64 value;
> + int ret;
> +
> + ret = hisi_acc_vf_debug_check(seq, vdev);
> + if (ret)
> + return 0;
> +
For example, open_count can can be zero here regardless of the test in
the previous function.
> + ret = qm_wait_dev_not_ready(vf_qm);
> + if (ret) {
> + seq_printf(seq, "%s\n", "VF device not ready!");
> + return 0;
> + }
> +
> + value = readl(vf_qm->io_base + QM_MB_CMD_SEND_BASE);
> + seq_printf(seq, "%s:0x%llx\n", "debug mailbox val", value);
> +
> + return 0;
> +}
I still don't understand why the debugfs file is called "io_test" for
reading the mailbox.
> +
> +static int hisi_acc_vf_debug_save(struct seq_file *seq, void *data)
> +{
> + struct device *vf_dev = seq->private;
> + struct vfio_pci_core_device *core_device = dev_get_drvdata(vf_dev);
> + struct vfio_device *vdev = &core_device->vdev;
> + struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(vdev);
> + struct hisi_acc_vf_migration_file *migf = hisi_acc_vdev->debug_migf;
> + int ret;
> +
> + ret = hisi_acc_vf_debug_check(seq, vdev);
> + if (ret)
> + return 0;
Nothing requires that open_count is still elevated here.
> +
> + ret = vf_qm_state_save(hisi_acc_vdev, migf);
> + if (ret) {
> + seq_printf(seq, "%s\n", "failed to save device data!");
> + return 0;
> + }
> + seq_printf(seq, "%s\n", "successful to save device data!");
> +
> + return 0;
> +}
> +
> +static int hisi_acc_vf_data_read(struct seq_file *seq, void *data)
> +{
> + struct device *vf_dev = seq->private;
> + struct vfio_pci_core_device *core_device = dev_get_drvdata(vf_dev);
> + struct vfio_device *vdev = &core_device->vdev;
> + struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(vdev);
> + struct hisi_acc_vf_migration_file *debug_migf = hisi_acc_vdev->debug_migf;
> + size_t vf_data_sz = offsetofend(struct acc_vf_data, padding);
> +
> + if (debug_migf && debug_migf->total_length)
> + seq_hex_dump(seq, "Mig Data:", DUMP_PREFIX_OFFSET, 16, 1,
> + (unsigned char *)&debug_migf->vf_data,
> + vf_data_sz, false);
The previous save function attempts to make sure the device is open,
but there's no attempt to drop the debug_migf data when the device is
closed, so we can read the save data regardless of the device being
opened or opened within the same instance where the data was saved. Is
this intentional?
> + else
> + seq_printf(seq, "%s\n", "device not migrated!");
> +
> + return 0;
> +}
> +
> +static int hisi_acc_vf_attr_read(struct seq_file *seq, void *data)
> +{
> + struct device *vf_dev = seq->private;
> + struct vfio_pci_core_device *core_device = dev_get_drvdata(vf_dev);
> + struct vfio_device *vdev = &core_device->vdev;
> + struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(vdev);
> + struct hisi_acc_vf_migration_file *debug_migf = hisi_acc_vdev->debug_migf;
> +
> + if (debug_migf && debug_migf->total_length) {
> + seq_printf(seq,
> + "acc device:\n"
> + "device state: %d\n"
> + "device ready: %u\n"
> + "data valid: %d\n"
> + "data size: %lu\n",
> + hisi_acc_vdev->mig_state,
> + hisi_acc_vdev->vf_qm_state,
> + debug_migf->disabled,
This is only ever false?
> + debug_migf->total_length);
> + } else {
> + seq_printf(seq, "%s\n", "device not migrated!");
> + }
> +
> + return 0;
> +}
> +
> +static int hisi_acc_vfio_debug_init(struct hisi_acc_vf_core_device *hisi_acc_vdev)
> +{
> + struct vfio_device *vdev = &hisi_acc_vdev->core_device.vdev;
> + struct dentry *vfio_dev_migration = NULL;
> + struct dentry *vfio_hisi_acc = NULL;
> + struct device *dev = vdev->dev;
> + void *migf = NULL;
> +
> + if (!debugfs_initialized())
> + return 0;
> +
> + migf = kzalloc(sizeof(struct hisi_acc_vf_migration_file), GFP_KERNEL);
> + if (!migf)
> + return -ENOMEM;
> + hisi_acc_vdev->debug_migf = migf;
> +
> + vfio_dev_migration = debugfs_lookup("migration", vdev->debug_root);
> + if (!vfio_dev_migration) {
> + dev_err(dev, "failed to lookup migration debugfs file!\n");
> + return -ENODEV;
The allocation of debug_migf is rather wasted if we get here.
> + }
> +
> + vfio_hisi_acc = debugfs_create_dir("hisi_acc", vfio_dev_migration);
> + debugfs_create_devm_seqfile(dev, "data", vfio_hisi_acc,
> + hisi_acc_vf_data_read);
> + debugfs_create_devm_seqfile(dev, "attr", vfio_hisi_acc,
> + hisi_acc_vf_attr_read);
Why do we want separate debugfs files for meta data vs data? ie. why
isn't the hex dump just another line of output along with the meta data?
> + debugfs_create_devm_seqfile(dev, "io_test", vfio_hisi_acc,
> + hisi_acc_vf_debug_io);
> + debugfs_create_devm_seqfile(dev, "save", vfio_hisi_acc,
> + hisi_acc_vf_debug_save);
> +
> + return 0;
> +}
> +
> +static void hisi_acc_vf_debugfs_exit(struct hisi_acc_vf_core_device *hisi_acc_vdev)
> +{
> + if (!debugfs_initialized())
> + return;
> +
> + kfree(hisi_acc_vdev->debug_migf);
> +}
> +
> static int hisi_acc_vfio_pci_open_device(struct vfio_device *core_vdev)
> {
> struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(core_vdev);
> @@ -1323,6 +1496,7 @@ static int hisi_acc_vfio_pci_open_device(struct vfio_device *core_vdev)
> }
>
> vfio_pci_core_finish_enable(vdev);
> +
> return 0;
> }
>
> @@ -1422,6 +1596,9 @@ static int hisi_acc_vfio_pci_probe(struct pci_dev *pdev, const struct pci_device
> ret = vfio_pci_core_register_device(&hisi_acc_vdev->core_device);
> if (ret)
> goto out_put_vdev;
> +
> + if (ops == &hisi_acc_vfio_pci_migrn_ops)
> + hisi_acc_vfio_debug_init(hisi_acc_vdev);
> return 0;
>
> out_put_vdev:
> @@ -1433,6 +1610,7 @@ static void hisi_acc_vfio_pci_remove(struct pci_dev *pdev)
> {
> struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_drvdata(pdev);
>
> + hisi_acc_vf_debugfs_exit(hisi_acc_vdev);
This frees debug_migf
> vfio_pci_core_unregister_device(&hisi_acc_vdev->core_device);
This triggers the recursive removal of the debugfs seqfiles. There's a
use-after-free race here where we can dump the contents of the freed
buffer. Thanks,
Alex
> vfio_put_device(&hisi_acc_vdev->core_device.vdev);
> }
> diff --git a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h
> index dcabfeec6ca1..93f44bcf53ee 100644
> --- a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h
> +++ b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h
> @@ -113,5 +113,8 @@ struct hisi_acc_vf_core_device {
> spinlock_t reset_lock;
> struct hisi_acc_vf_migration_file *resuming_migf;
> struct hisi_acc_vf_migration_file *saving_migf;
> +
> + /* For debugfs */
> + struct hisi_acc_vf_migration_file *debug_migf;
> };
> #endif /* HISI_ACC_VFIO_PCI_H */
On 2023/8/8 5:43, Alex Williamson wrote:
> On Fri, 28 Jul 2023 15:21:03 +0800
> liulongfang <[email protected]> wrote:
>
>> From: Longfang Liu <[email protected]>
>>
>> On the debugfs framework of VFIO, if the CONFIG_DEBUG_FS macro is
>> enabled, the debug function is registered for the live migration driver
>> of the HiSilicon accelerator device.
>>
>> After registering the HiSilicon accelerator device on the debugfs
>> framework of live migration of vfio, a directory file "hisi_acc"
>> of debugfs is created, and then three debug function files are
>> created in this directory:
>>
>> data file: used to get the migration data from the driver
>> attr file: used to get device attributes parameters from the driver
>> save file: used to read the data of the live migration device and save
>> it to the driver.
>> io_test: used to test IO read and write for the driver.
>>
>> Signed-off-by: Longfang Liu <[email protected]>
>> ---
>> .../vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 178 ++++++++++++++++++
>> .../vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 3 +
>> 2 files changed, 181 insertions(+)
>>
>> diff --git a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c
>> index 242ad319932a..a811dc237a29 100644
>> --- a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c
>> +++ b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c
>> @@ -15,6 +15,7 @@
>> #include <linux/anon_inodes.h>
>>
>> #include "hisi_acc_vfio_pci.h"
>> +#include "../../vfio.h"
>>
>> /* Return 0 on VM acc device ready, -ETIMEDOUT hardware timeout */
>> static int qm_wait_dev_not_ready(struct hisi_qm *qm)
>> @@ -606,6 +607,18 @@ hisi_acc_check_int_state(struct hisi_acc_vf_core_device *hisi_acc_vdev)
>> }
>> }
>>
>> +static void hisi_acc_vf_migf_save(struct hisi_acc_vf_migration_file *dst_migf,
>> + struct hisi_acc_vf_migration_file *src_migf)
>> +{
>> + if (!dst_migf)
>> + return;
>> +
>> + dst_migf->disabled = false;
>> + dst_migf->total_length = src_migf->total_length;
>> + memcpy(&dst_migf->vf_data, &src_migf->vf_data,
>> + sizeof(struct acc_vf_data));
>> +}
>> +
>> static void hisi_acc_vf_disable_fd(struct hisi_acc_vf_migration_file *migf)
>> {
>> mutex_lock(&migf->lock);
>> @@ -618,12 +631,16 @@ static void hisi_acc_vf_disable_fd(struct hisi_acc_vf_migration_file *migf)
>> static void hisi_acc_vf_disable_fds(struct hisi_acc_vf_core_device *hisi_acc_vdev)
>> {
>> if (hisi_acc_vdev->resuming_migf) {
>> + hisi_acc_vf_migf_save(hisi_acc_vdev->debug_migf,
>> + hisi_acc_vdev->resuming_migf);
>> hisi_acc_vf_disable_fd(hisi_acc_vdev->resuming_migf);
>> fput(hisi_acc_vdev->resuming_migf->filp);
>> hisi_acc_vdev->resuming_migf = NULL;
>> }
>>
>> if (hisi_acc_vdev->saving_migf) {
>> + hisi_acc_vf_migf_save(hisi_acc_vdev->debug_migf,
>> + hisi_acc_vdev->saving_migf);
>> hisi_acc_vf_disable_fd(hisi_acc_vdev->saving_migf);
>> fput(hisi_acc_vdev->saving_migf->filp);
>> hisi_acc_vdev->saving_migf = NULL;
>> @@ -1303,6 +1320,162 @@ static long hisi_acc_vfio_pci_ioctl(struct vfio_device *core_vdev, unsigned int
>> return vfio_pci_core_ioctl(core_vdev, cmd, arg);
>> }
>>
>> +static int hisi_acc_vf_debug_check(struct seq_file *seq, struct vfio_device *vdev)
>> +{
>> + struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(vdev);
>> + struct hisi_acc_vf_migration_file *migf = hisi_acc_vdev->debug_migf;
>> +
>> + if (!vdev->mig_ops || !migf) {
>> + seq_printf(seq, "%s\n", "device does not support live migration!");
>> + return -EINVAL;
>> + }
>> +
>> + /* If device not opened, the debugfs operation will trigger calltrace */
>> + if (!vdev->open_count) {
>> + seq_printf(seq, "%s\n", "device not opened!");
>> + return -EINVAL;
>> + }
>
> Following up on the previous reply:
>
> https://lore.kernel.org/all/[email protected]/
>
>>> What prevents this from racing release of the device?
>>>
>> Now there are only read operations for debugfs. The open_count here only needs
>> to be used to prevent read operations when the device is not opened.
>> There is no need to deal with competition issues.
>
> The explanation doesn't make sense to me, if we're not protecting that
> open_count remains elevated for the code path alluded to in the
> comment, then this test is useless. If the calltrace can happen when
> the device is not open then it can happen when the device is closed
> immediately after this test is performed.
>
Yes, a solution is really needed here to ensure that the debugfs operation will
not be performed after device close.
The root cause of whether the device can be operated is whether the io_base of
the device has been mapped.
So, my solution is to use the mutex lock in vfio_device_set of vfio_device.
This mutex lock is used to ensure that this problem will not occur.
Thanks
Longfang.
>> +
>> + return 0;
>> +}
>> +
>> +static int hisi_acc_vf_debug_io(struct seq_file *seq, void *data)
>> +{
>> + struct device *vf_dev = seq->private;
>> + struct vfio_pci_core_device *core_device = dev_get_drvdata(vf_dev);
>> + struct vfio_device *vdev = &core_device->vdev;
>> + struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(vdev);
>> + struct hisi_qm *vf_qm = &hisi_acc_vdev->vf_qm;
>> + u64 value;
>> + int ret;
>> +
>> + ret = hisi_acc_vf_debug_check(seq, vdev);
>> + if (ret)
>> + return 0;
>> +
>
> For example, open_count can can be zero here regardless of the test in
> the previous function.
>
OK
>> + ret = qm_wait_dev_not_ready(vf_qm);
>> + if (ret) {
>> + seq_printf(seq, "%s\n", "VF device not ready!");
>> + return 0;
>> + }
>> +
>> + value = readl(vf_qm->io_base + QM_MB_CMD_SEND_BASE);
>> + seq_printf(seq, "%s:0x%llx\n", "debug mailbox val", value);
>> +
>> + return 0;
>> +}
>
> I still don't understand why the debugfs file is called "io_test" for
> reading the mailbox.
>
Yes, it can be changed to io_state here.
>> +
>> +static int hisi_acc_vf_debug_save(struct seq_file *seq, void *data)
>> +{
>> + struct device *vf_dev = seq->private;
>> + struct vfio_pci_core_device *core_device = dev_get_drvdata(vf_dev);
>> + struct vfio_device *vdev = &core_device->vdev;
>> + struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(vdev);
>> + struct hisi_acc_vf_migration_file *migf = hisi_acc_vdev->debug_migf;
>> + int ret;
>> +
>> + ret = hisi_acc_vf_debug_check(seq, vdev);
>> + if (ret)
>> + return 0;
>
> Nothing requires that open_count is still elevated here.
>
OK
>> +
>> + ret = vf_qm_state_save(hisi_acc_vdev, migf);
>> + if (ret) {
>> + seq_printf(seq, "%s\n", "failed to save device data!");
>> + return 0;
>> + }
>> + seq_printf(seq, "%s\n", "successful to save device data!");
>> +
>> + return 0;
>> +}
>> +
>> +static int hisi_acc_vf_data_read(struct seq_file *seq, void *data)
>> +{
>> + struct device *vf_dev = seq->private;
>> + struct vfio_pci_core_device *core_device = dev_get_drvdata(vf_dev);
>> + struct vfio_device *vdev = &core_device->vdev;
>> + struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(vdev);
>> + struct hisi_acc_vf_migration_file *debug_migf = hisi_acc_vdev->debug_migf;
>> + size_t vf_data_sz = offsetofend(struct acc_vf_data, padding);
>> +
>> + if (debug_migf && debug_migf->total_length)
>> + seq_hex_dump(seq, "Mig Data:", DUMP_PREFIX_OFFSET, 16, 1,
>> + (unsigned char *)&debug_migf->vf_data,
>> + vf_data_sz, false);
>
> The previous save function attempts to make sure the device is open,
> but there's no attempt to drop the debug_migf data when the device is
> closed, so we can read the save data regardless of the device being
> opened or opened within the same instance where the data was saved. Is
> this intentional?
>
I have understood what you said. The current save operation needs to have
a lock to ensure that the device is not closed when it reads.
>> + else
>> + seq_printf(seq, "%s\n", "device not migrated!");
>> +
>> + return 0;
>> +}
>> +
>> +static int hisi_acc_vf_attr_read(struct seq_file *seq, void *data)
>> +{
>> + struct device *vf_dev = seq->private;
>> + struct vfio_pci_core_device *core_device = dev_get_drvdata(vf_dev);
>> + struct vfio_device *vdev = &core_device->vdev;
>> + struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(vdev);
>> + struct hisi_acc_vf_migration_file *debug_migf = hisi_acc_vdev->debug_migf;
>> +
>> + if (debug_migf && debug_migf->total_length) {
>> + seq_printf(seq,
>> + "acc device:\n"
>> + "device state: %d\n"
>> + "device ready: %u\n"
>> + "data valid: %d\n"
>> + "data size: %lu\n",
>> + hisi_acc_vdev->mig_state,
>> + hisi_acc_vdev->vf_qm_state,
>> + debug_migf->disabled,
>
> This is only ever false?
>
It should be false when there is no error.
>> + debug_migf->total_length);
>> + } else {
>> + seq_printf(seq, "%s\n", "device not migrated!");
>> + }
>> +
>> + return 0;
>> +}
>> +
>> +static int hisi_acc_vfio_debug_init(struct hisi_acc_vf_core_device *hisi_acc_vdev)
>> +{
>> + struct vfio_device *vdev = &hisi_acc_vdev->core_device.vdev;
>> + struct dentry *vfio_dev_migration = NULL;
>> + struct dentry *vfio_hisi_acc = NULL;
>> + struct device *dev = vdev->dev;
>> + void *migf = NULL;
>> +
>> + if (!debugfs_initialized())
>> + return 0;
>> +
>> + migf = kzalloc(sizeof(struct hisi_acc_vf_migration_file), GFP_KERNEL);
>> + if (!migf)
>> + return -ENOMEM;
>> + hisi_acc_vdev->debug_migf = migf;
>> +
>> + vfio_dev_migration = debugfs_lookup("migration", vdev->debug_root);
>> + if (!vfio_dev_migration) {
>> + dev_err(dev, "failed to lookup migration debugfs file!\n");
>> + return -ENODEV;
>
> The allocation of debug_migf is rather wasted if we get here.
>
yes it should be free.
>> + }
>> +
>> + vfio_hisi_acc = debugfs_create_dir("hisi_acc", vfio_dev_migration);
>> + debugfs_create_devm_seqfile(dev, "data", vfio_hisi_acc,
>> + hisi_acc_vf_data_read);
>> + debugfs_create_devm_seqfile(dev, "attr", vfio_hisi_acc,
>> + hisi_acc_vf_attr_read);
>
> Why do we want separate debugfs files for meta data vs data? ie. why
> isn't the hex dump just another line of output along with the meta data?
>
The above data is the original data of the migration.
attr is the description attribute of migration data,
for example, total length, migration length.
>> + debugfs_create_devm_seqfile(dev, "io_test", vfio_hisi_acc,
>> + hisi_acc_vf_debug_io);
>> + debugfs_create_devm_seqfile(dev, "save", vfio_hisi_acc,
>> + hisi_acc_vf_debug_save);
>> +
>> + return 0;
>> +}
>> +
>> +static void hisi_acc_vf_debugfs_exit(struct hisi_acc_vf_core_device *hisi_acc_vdev)
>> +{
>> + if (!debugfs_initialized())
>> + return;
>> +
>> + kfree(hisi_acc_vdev->debug_migf);
>> +}
>> +
>> static int hisi_acc_vfio_pci_open_device(struct vfio_device *core_vdev)
>> {
>> struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_get_vf_dev(core_vdev);
>> @@ -1323,6 +1496,7 @@ static int hisi_acc_vfio_pci_open_device(struct vfio_device *core_vdev)
>> }
>>
>> vfio_pci_core_finish_enable(vdev);
>> +
>> return 0;
>> }
>>
>> @@ -1422,6 +1596,9 @@ static int hisi_acc_vfio_pci_probe(struct pci_dev *pdev, const struct pci_device
>> ret = vfio_pci_core_register_device(&hisi_acc_vdev->core_device);
>> if (ret)
>> goto out_put_vdev;
>> +
>> + if (ops == &hisi_acc_vfio_pci_migrn_ops)
>> + hisi_acc_vfio_debug_init(hisi_acc_vdev);
>> return 0;
>>
>> out_put_vdev:
>> @@ -1433,6 +1610,7 @@ static void hisi_acc_vfio_pci_remove(struct pci_dev *pdev)
>> {
>> struct hisi_acc_vf_core_device *hisi_acc_vdev = hisi_acc_drvdata(pdev);
>>
>> + hisi_acc_vf_debugfs_exit(hisi_acc_vdev);
>
> This frees debug_migf
>
>> vfio_pci_core_unregister_device(&hisi_acc_vdev->core_device);
>
> This triggers the recursive removal of the debugfs seqfiles. There's a
> use-after-free race here where we can dump the contents of the freed
> buffer. Thanks,
>
Yes. This problem can be avoided if debugfs is deleted first,
and then the memory of debug_migf is released.
> Alex
>
Thanks.
Longfang.
>> vfio_put_device(&hisi_acc_vdev->core_device.vdev);
>> }
>> diff --git a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h
>> index dcabfeec6ca1..93f44bcf53ee 100644
>> --- a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h
>> +++ b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h
>> @@ -113,5 +113,8 @@ struct hisi_acc_vf_core_device {
>> spinlock_t reset_lock;
>> struct hisi_acc_vf_migration_file *resuming_migf;
>> struct hisi_acc_vf_migration_file *saving_migf;
>> +
>> + /* For debugfs */
>> + struct hisi_acc_vf_migration_file *debug_migf;
>> };
>> #endif /* HISI_ACC_VFIO_PCI_H */
>
> .
>