Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
MIME-Version: 1.0
References: <20220406083538.16274-1-jasowang@redhat.com> <20220406083538.16274-5-jasowang@redhat.com>
 <20220406075952-mutt-send-email-mst@kernel.org> <87wng2e527.fsf@redhat.com>
 <20220406112858-mutt-send-email-mst@kernel.org> <7e99abbf-f68d-4aa5-71b6-9d1d71b2d25b@redhat.com>
 <87r169ba90.fsf@redhat.com>
In-Reply-To: <87r169ba90.fsf@redhat.com>
From:   Jason Wang <jasowang@redhat.com>
Date:   Thu, 7 Apr 2022 16:04:18 +0800
Message-ID: <CACGkMEu-V3NwSmzJciwa1z_P94McirZaxbm26gNgM-8A9J2emg@mail.gmail.com>
Subject: Re: [PATCH V2 4/5] virtio-pci: implement synchronize_vqs()
To:     Cornelia Huck <cohuck@redhat.com>
Cc:     "Michael S. Tsirkin" <mst@redhat.com>,
        "Paul E. McKenney" <paulmck@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Marc Zyngier <maz@kernel.org>,
        linux-kernel <linux-kernel@vger.kernel.org>,
        virtualization <virtualization@lists.linux-foundation.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Halil Pasic <pasic@linux.ibm.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Precedence: bulk

On Thu, Apr 7, 2022 at 3:53 PM Cornelia Huck <cohuck@redhat.com> wrote:
>
> On Thu, Apr 07 2022, Jason Wang <jasowang@redhat.com> wrote:
>
> > =E5=9C=A8 2022/4/6 =E4=B8=8B=E5=8D=8811:31, Michael S. Tsirkin =E5=86=
=99=E9=81=93:
> >> On Wed, Apr 06, 2022 at 03:04:32PM +0200, Cornelia Huck wrote:
> >>> On Wed, Apr 06 2022, "Michael S. Tsirkin" <mst@redhat.com> wrote:
> >>>
> >>>> On Wed, Apr 06, 2022 at 04:35:37PM +0800, Jason Wang wrote:
> >>>>> This patch implements PCI version of synchronize_vqs().
> >>>>>
> >>>>> Cc: Thomas Gleixner <tglx@linutronix.de>
> >>>>> Cc: Peter Zijlstra <peterz@infradead.org>
> >>>>> Cc: "Paul E. McKenney" <paulmck@kernel.org>
> >>>>> Cc: Marc Zyngier <maz@kernel.org>
> >>>>> Signed-off-by: Jason Wang <jasowang@redhat.com>
> >>>> Please add implementations at least for ccw and mmio.
> >>> I'm not sure what (if anything) can/should be done for ccw...
> >>>
> >>>>> ---
> >>>>>   drivers/virtio/virtio_pci_common.c | 14 ++++++++++++++
> >>>>>   drivers/virtio/virtio_pci_common.h |  2 ++
> >>>>>   drivers/virtio/virtio_pci_legacy.c |  1 +
> >>>>>   drivers/virtio/virtio_pci_modern.c |  2 ++
> >>>>>   4 files changed, 19 insertions(+)
> >>>>>
> >>>>> diff --git a/drivers/virtio/virtio_pci_common.c b/drivers/virtio/vi=
rtio_pci_common.c
> >>>>> index d724f676608b..b78c8bc93a97 100644
> >>>>> --- a/drivers/virtio/virtio_pci_common.c
> >>>>> +++ b/drivers/virtio/virtio_pci_common.c
> >>>>> @@ -37,6 +37,20 @@ void vp_synchronize_vectors(struct virtio_device=
 *vdev)
> >>>>>                   synchronize_irq(pci_irq_vector(vp_dev->pci_dev, i=
));
> >>>>>   }
> >>>>>
> >>>>> +void vp_synchronize_vqs(struct virtio_device *vdev)
> >>>>> +{
> >>>>> + struct virtio_pci_device *vp_dev =3D to_vp_device(vdev);
> >>>>> + int i;
> >>>>> +
> >>>>> + if (vp_dev->intx_enabled) {
> >>>>> +         synchronize_irq(vp_dev->pci_dev->irq);
> >>>>> +         return;
> >>>>> + }
> >>>>> +
> >>>>> + for (i =3D 0; i < vp_dev->msix_vectors; ++i)
> >>>>> +         synchronize_irq(pci_irq_vector(vp_dev->pci_dev, i));
> >>>>> +}
> >>>>> +
> >>> ...given that this seems to synchronize threaded interrupt handlers?
> >> No, any handlers at all. The point is to make sure any memory changes
> >> made prior to this op are visible to callbacks.
> >>
> >> Jason, maybe add that to the documentation?
> >
> >
> > Sure.
> >
> >
> >>
> >>> Halil, do you think ccw needs to do anything? (AFAICS, we only have o=
ne
> >>> 'irq' for channel devices anyway, and the handler just calls the
> >>> relevant callbacks directly.)
> >> Then you need to synchronize with that.
> >
> >
> > Have a quick glance at the codes, it looks to me we can synchronize wit=
h
> > the IO_INTERRUPT. (Assuming all callbacks are triggered via
> > ccw_device_irq()).
>
> Not quite, adapter interrupts are device-independent, but they are
> relevant for vring interrupts.
>
> That would mean that we would need to synchronize _all_ channel I/O
> interrupts, which looks like a huge hammer. But do we really need that
> at all?

We don't, we only need to synchronize with the vring callbacks, to make sur=
e:

1) the memory changes that is done before this op is visible to the
callbacks that came after this op
2) the memory changes that is done after this op is not visible to
callbacks that came before this op

>
> The last patch in this series seems to be concerned with the "no vring
> interrupts if the device is not ready" case, so it needs to synchronize
> vring interrupts with device reset and setting the device status to
> ready. For virtio-ccw, both reset and setting the status are channel I/O
> operations, i.e. starting a program and waiting for the final device
> interrupt for it, so synchronization (on a device level) is already
> happening in a way. So I'm not sure if any extra synchronization is
> actually needed in this case, but maybe I'm misunderstanding.
>
> Do you have further use cases in mind?

Its goal is to prevent the buggy or malicus device/host from attacking
the driver/guest. One use case is the confidential computing where
guest memory is encrypted and the guest doesn't trust the hypervisor.

In that case, the device can try to raise the interrupt after
request_irq but before DRIVER_OK, which tries to trigger the vq
callbacks when the device is not fully initialized:

request_irq()
virtio_specific_setup() // vq callbacks to be triggered in the middle
virtio_device_ready()

Thanks

>