Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2272501pxb; Tue, 23 Feb 2021 03:02:08 -0800 (PST) X-Google-Smtp-Source: ABdhPJwf2qx4WkHh9+t+0SFFVOIdAkS0JW5O+b/jCAoTqOwT3FuucMzmvbpiBHMRF2k5CkyZkRNF X-Received: by 2002:a17:906:3849:: with SMTP id w9mr7622075ejc.7.1614078127387; Tue, 23 Feb 2021 03:02:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614078127; cv=none; d=google.com; s=arc-20160816; b=OIkHXiNMGdwrlvJrqVJ75ZJoRAdLGJRPZhpoid2z3LW0lprGqGwaTZRNW0xceBldrH 682UgCwnJ0ovcfapr6K26AVTna1E2Hy6hexGF0N95pnq857qp54iqBlRuoPEsUo7PLwY rhs05r2LW7uolc69RIpT9BcDM10zbkmAJy6zgJ5BkRlZ2WVIX8iHMM8uyTrxm/PkuvIF xuBfRDD5YaDVvqN9aDZ9aSUiVSM6m4iELn05TNv+6t9qAgNbNjEuJuXKRL8pg1Yr6OPr fEOqnxbN9Z47F75hPj0mRihCEGRu/NaLgHl3EdTmwLg9Em7NJVJEI04nvnizVbiEPMsZ 4WGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:dkim-signature; bh=bkd+5jk5LHljt8qwKSET2SjckHJatWstbL8xS93DgrQ=; b=LsbA3U61pImCXBcwJFofB7SrZi0d+fA3j0P7MQ8sjwF4aWnkSRAgLc5LT7b39DckZ2 /VSUXFm2b6re37fUgNosWE4Q0e5f5NCbCEFUbg0p9e6jX9aD3WcG2Kjyt2Sw6nlUxEIG +CkEBfgvt3syIFZPCwyu/vfGsJn/WuBQIAdfGL14cesPddeEFNo7n+h5Jlc9MNLW4mn1 y2/8EdKS0G4213cueM3xYDnT/tKqQgci7y7i6xnE2KjD/roBYZP1+LpdcUOPxSn52qCK S4OiPFO3GxtGtmQy4MVoZWg3T7i/pjAXtCcnJty5kwrXBanBe3/x+naGwlrQlqyCWm6T UMaQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Va3a8j4X; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bx24si13723054ejb.98.2021.02.23.03.01.42; Tue, 23 Feb 2021 03:02:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Va3a8j4X; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232014AbhBWLAq (ORCPT + 99 others); Tue, 23 Feb 2021 06:00:46 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:33985 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231939AbhBWLAZ (ORCPT ); Tue, 23 Feb 2021 06:00:25 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1614077936; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bkd+5jk5LHljt8qwKSET2SjckHJatWstbL8xS93DgrQ=; b=Va3a8j4XSXT6eaO/YV1OFuj3RsUhBHL2Q6zW79A1Yq+Hd+t/WsymR9F6bJyhzrJrt7nqL7 0hK/oYCrge7Q3g2hlgsBfdsJBQqEVUNv7/hq78GCqeMDNLklOfha0vAkjml2gG1ru+LXkK uwDivR+SmUzTQDV31YY0oKTQaYdYGOA= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-517-PdIEnYWPPxuAwtoFU1FnbA-1; Tue, 23 Feb 2021 05:58:49 -0500 X-MC-Unique: PdIEnYWPPxuAwtoFU1FnbA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 73AD280196E; Tue, 23 Feb 2021 10:58:43 +0000 (UTC) Received: from gondolin (ovpn-113-126.ams2.redhat.com [10.36.113.126]) by smtp.corp.redhat.com (Postfix) with ESMTP id 72A567092D; Tue, 23 Feb 2021 10:58:36 +0000 (UTC) Date: Tue, 23 Feb 2021 11:58:33 +0100 From: Cornelia Huck To: Jason Wang Cc: "Michael S. Tsirkin" , Si-Wei Liu , elic@nvidia.com, linux-kernel@vger.kernel.org, virtualization@lists.linux-foundation.org, netdev@vger.kernel.org, virtio-dev@lists.oasis-open.org Subject: Re: [virtio-dev] Re: [PATCH] vdpa/mlx5: set_features should allow reset to zero Message-ID: <20210223115833.732d809c.cohuck@redhat.com> In-Reply-To: References: <1613735698-3328-1-git-send-email-si-wei.liu@oracle.com> <605e7d2d-4f27-9688-17a8-d57191752ee7@redhat.com> <20210223041740-mutt-send-email-mst@kernel.org> <788a0880-0a68-20b7-5bdf-f8150b08276a@redhat.com> <20210223110430.2f098bc0.cohuck@redhat.com> Organization: Red Hat GmbH MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 23 Feb 2021 18:31:07 +0800 Jason Wang wrote: > On 2021/2/23 6:04 =E4=B8=8B=E5=8D=88, Cornelia Huck wrote: > > On Tue, 23 Feb 2021 17:46:20 +0800 > > Jason Wang wrote: > > =20 > >> On 2021/2/23 =E4=B8=8B=E5=8D=885:25, Michael S. Tsirkin wrote: =20 > >>> On Mon, Feb 22, 2021 at 09:09:28AM -0800, Si-Wei Liu wrote: =20 > >>>> On 2/21/2021 8:14 PM, Jason Wang wrote: =20 > >>>>> On 2021/2/19 7:54 =E4=B8=8B=E5=8D=88, Si-Wei Liu wrote: =20 > >>>>>> Commit 452639a64ad8 ("vdpa: make sure set_features is invoked > >>>>>> for legacy") made an exception for legacy guests to reset > >>>>>> features to 0, when config space is accessed before features > >>>>>> are set. We should relieve the verify_min_features() check > >>>>>> and allow features reset to 0 for this case. > >>>>>> > >>>>>> It's worth noting that not just legacy guests could access > >>>>>> config space before features are set. For instance, when > >>>>>> feature VIRTIO_NET_F_MTU is advertised some modern driver > >>>>>> will try to access and validate the MTU present in the config > >>>>>> space before virtio features are set. =20 > >>>>> This looks like a spec violation: > >>>>> > >>>>> " > >>>>> > >>>>> The following driver-read-only field, mtu only exists if > >>>>> VIRTIO_NET_F_MTU is set. This field specifies the maximum MTU for t= he > >>>>> driver to use. > >>>>> " > >>>>> > >>>>> Do we really want to workaround this? =20 > >>>> Isn't the commit 452639a64ad8 itself is a workaround for legacy gues= t? > >>>> > >>>> I think the point is, since there's legacy guest we'd have to suppor= t, this > >>>> host side workaround is unavoidable. Although I agree the violating = driver > >>>> should be fixed (yes, it's in today's upstream kernel which exists f= or a > >>>> while now). =20 > >>> Oh you are right: > >>> > >>> > >>> static int virtnet_validate(struct virtio_device *vdev) > >>> { > >>> if (!vdev->config->get) { > >>> dev_err(&vdev->dev, "%s failure: config access disa= bled\n", > >>> __func__); > >>> return -EINVAL; > >>> } > >>> > >>> if (!virtnet_validate_features(vdev)) > >>> return -EINVAL; > >>> > >>> if (virtio_has_feature(vdev, VIRTIO_NET_F_MTU)) { > >>> int mtu =3D virtio_cread16(vdev, > >>> offsetof(struct virtio_net= _config, > >>> mtu)); > >>> if (mtu < MIN_MTU) > >>> __virtio_clear_bit(vdev, VIRTIO_NET_F_MTU);= =20 > >> > >> I wonder why not simply fail here? =20 > > I think both failing or not accepting the feature can be argued to make > > sense: "the device presented us with a mtu size that does not make > > sense" would point to failing, "we cannot work with the mtu size that > > the device presented us" would point to not negotiating the feature. > > =20 > >> =20 > >>> } > >>> > >>> return 0; > >>> } > >>> > >>> And the spec says: > >>> > >>> > >>> The driver MUST follow this sequence to initialize a device: > >>> 1. Reset the device. > >>> 2. Set the ACKNOWLEDGE status bit: the guest OS has noticed the devic= e. > >>> 3. Set the DRIVER status bit: the guest OS knows how to drive the dev= ice. > >>> 4. Read device feature bits, and write the subset of feature bits und= erstood by the OS and driver to the > >>> device. During this step the driver MAY read (but MUST NOT write) the= device-specific configuration > >>> fields to check that it can support the device before accepting it. > >>> 5. Set the FEATURES_OK status bit. The driver MUST NOT accept new fea= ture bits after this step. > >>> 6. Re-read device status to ensure the FEATURES_OK bit is still set: = otherwise, the device does not > >>> support our subset of features and the device is unusable. > >>> 7. Perform device-specific setup, including discovery of virtqueues f= or the device, optional per-bus setup, > >>> reading and possibly writing the device=E2=80=99s virtio configuratio= n space, and population of virtqueues. > >>> 8. Set the DRIVER_OK status bit. At this point the device is =E2=80= =9Clive=E2=80=9D. > >>> > >>> > >>> Item 4 on the list explicitly allows reading config space before > >>> FEATURES_OK. > >>> > >>> I conclude that VIRTIO_NET_F_MTU is set means "set in device features= ". =20 > >> > >> So this probably need some clarification. "is set" is used many times = in > >> the spec that has different implications. =20 > > Before FEATURES_OK is set by the driver, I guess it means "the device > > has offered the feature"; =20 >=20 >=20 > For me this part is ok since it clarify that it's the driver that set=20 > the bit. >=20 >=20 >=20 > > during normal usage, it means "the feature > > has been negotiated". =20 >=20 > /? >=20 > It looks to me the feature negotiation is done only after device set=20 > FEATURES_OK, or FEATURES_OK could be read from device status? I'd consider feature negotiation done when the driver reads FEATURES_OK back from the status. >=20 >=20 > > (This is a bit fuzzy for legacy mode.) ...because legacy does not have FEATURES_OK. =20 >=20 >=20 > The problem is the MTU description for example: >=20 > "The following driver-read-only field, mtu only exists if=20 > VIRTIO_NET_F_MTU is set." >=20 > It looks to me need to use "if VIRTIO_NET_F_MTU is set by device". "offered by the device"? I don't think it should 'disappear' from the config space if the driver won't use it. (Same for other config space fields that are tied to feature bits.) =20 > Otherwise readers (at least for me), may think the MTU is only valid > if driver set the bit. I think it would still be 'valid' in the sense that it exists and has some value in there filled in by the device, but a driver reading it without negotiating the feature would be buggy. (Like in the kernel code above; the kernel not liking the value does not make the field invalid.) Maybe a statement covering everything would be: "The following driver-read-only field mtu only exists if the device offers VIRTIO_NET_F_MTU and may be read by the driver during feature negotiation and after VIRTIO_NET_F_MTU has been successfully negotiated." >=20 >=20 > > > > Should we add a wording clarification to the spec? =20 >=20 >=20 > I think so. Some clarification would be needed for each field that depends on a feature; that would be quite verbose. Maybe we can get away with a clarifying statement? "Some config space fields may depend on a certain feature. In that case, the field exits if the device has offered the corresponding feature, and may be read by the driver during feature negotiation, and accessed by the driver after the feature has been successfully negotiated. A shorthand for this is a statement that a field only exists if a certain feature bit is set."