| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Jun 2024 09:27:04 +0800
From: Jason Wang <jasowang@...hat.com>
To: "Michael S. Tsirkin" <mst@...hat.com>
Cc: xuanzhuo@...ux.alibaba.com, eperezma@...hat.com, davem@...emloft.net,
edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
virtualization@...ts.linux.dev, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, venkat.x.venkatsubra@...cle.com,
gia-khanh.nguyen@...cle.com
Subject: Re: [PATCH V2 1/3] virtio: allow nested disabling of the configure interrupt
On Mon, Jun 24, 2024 at 5:59 PM Michael S. Tsirkin <mst@...hat.com> wrote:
>
> On Mon, Jun 24, 2024 at 10:45:21AM +0800, Jason Wang wrote:
> > Somtime driver may want to enable or disable the config callback. This
> > requires a synchronization with the core. So this patch change the
> > config_enabled to be a integer counter. This allows the toggling of
> > the config_enable to be synchronized between the virtio core and the
> > virtio driver.
> >
> > The counter is not allowed to be increased greater than one, this
> > simplifies the logic where the interrupt could be disabled immediately
> > without extra synchronization between driver and core.
> >
> > Signed-off-by: Jason Wang <jasowang@...hat.com>
> > ---
> > drivers/virtio/virtio.c | 20 +++++++++++++-------
> > include/linux/virtio.h | 2 +-
> > 2 files changed, 14 insertions(+), 8 deletions(-)
> >
> > diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
> > index b968b2aa5f4d..d3aa74b8ae5d 100644
> > --- a/drivers/virtio/virtio.c
> > +++ b/drivers/virtio/virtio.c
> > @@ -127,7 +127,7 @@ static void __virtio_config_changed(struct virtio_device *dev)
> > {
> > struct virtio_driver *drv = drv_to_virtio(dev->dev.driver);
> >
> > - if (!dev->config_enabled)
> > + if (dev->config_enabled < 1)
> > dev->config_change_pending = true;
> > else if (drv && drv->config_changed)
> > drv->config_changed(dev);
> > @@ -146,17 +146,23 @@ EXPORT_SYMBOL_GPL(virtio_config_changed);
> > static void virtio_config_disable(struct virtio_device *dev)
> > {
> > spin_lock_irq(&dev->config_lock);
> > - dev->config_enabled = false;
> > + --dev->config_enabled;
> > spin_unlock_irq(&dev->config_lock);
> > }
> >
> > static void virtio_config_enable(struct virtio_device *dev)
> > {
> > spin_lock_irq(&dev->config_lock);
> > - dev->config_enabled = true;
> > - if (dev->config_change_pending)
> > - __virtio_config_changed(dev);
> > - dev->config_change_pending = false;
> > +
> > + if (dev->config_enabled < 1) {
> > + ++dev->config_enabled;
> > + if (dev->config_enabled == 1 &&
> > + dev->config_change_pending) {
> > + __virtio_config_changed(dev);
> > + dev->config_change_pending = false;
> > + }
> > + }
> > +
> > spin_unlock_irq(&dev->config_lock);
> > }
> >
>
> So every disable decrements the counter. Enable only increments it up to 1.
> You seem to be making some very specific assumptions
> about how this API will be used. Any misuse will lead to under/overflow
> eventually ...
>
Well, a counter gives us more information than a boolean. With
boolean, misuse is even harder to be noticed.
>
>
> My suggestion would be to
> 1. rename config_enabled to config_core_enabled
> 2. rename virtio_config_enable/disable to virtio_config_core_enable/disable
> 3. add bool config_driver_disabled and make virtio_config_enable/disable
> switch that.
> 4. Change logic from dev->config_enabled to
> dev->config_core_enabled && !dev->config_driver_disabled
If we make config_driver_disabled by default true, we need someone to
enable it explicitly. If it's core, it breaks the semantic that it is
under the control of the driver (or needs to synchronize with the
driver). If it's a driver, each driver needs to enable it at some time
which can be easily forgotten. And if we end up with workarounds like:
/* If probe didn't do it, mark device DRIVER_OK ourselves. */
if (!(dev->config->get_status(dev) & VIRTIO_CONFIG_S_DRIVER_OK))
virtio_device_ready(dev);
It's another break of the semantics. And actually the above is also racy.
It seems the only choice is to make config_driver_disabled by default
false. But the driver needs to be aware of this and take extra care
when calling virtio_device_ready() which is also tricky.
So in conclusion, two booleans seems sut-optimal than a counter. For
example we can use different bits for the counter as preempt_count
did. With counter(s), core and driver don't need any implicit/explicit
synchronization.
Thanks
>
>
>
>
> > @@ -455,7 +461,7 @@ int register_virtio_device(struct virtio_device *dev)
> > goto out_ida_remove;
> >
> > spin_lock_init(&dev->config_lock);
> > - dev->config_enabled = false;
> > + dev->config_enabled = 0;
> > dev->config_change_pending = false;
> >
> > INIT_LIST_HEAD(&dev->vqs);
> > diff --git a/include/linux/virtio.h b/include/linux/virtio.h
> > index 96fea920873b..4496f9ba5d82 100644
> > --- a/include/linux/virtio.h
> > +++ b/include/linux/virtio.h
> > @@ -132,7 +132,7 @@ struct virtio_admin_cmd {
> > struct virtio_device {
> > int index;
> > bool failed;
> > - bool config_enabled;
> > + int config_enabled;
> > bool config_change_pending;
> > spinlock_t config_lock;
> > spinlock_t vqs_list_lock;
> > --
> > 2.31.1
>
Powered by blists - more mailing lists