Re: [PATCH v3] i2c: virtio: add a virtio i2c frontend driver

[Jason Wang <jasowang@redhat.com>]

On 2020/10/14 下午4:37, Jie Deng wrote:
>
> On 2020/10/13 16:00, Jason Wang wrote:
>>
>>>>>>> +
>>>>>>> +        virtqueue_kick(vq);
>>>>>>> +
>>>>>>> +        time_left = 
>>>>>>> wait_for_completion_timeout(&vi->completion, adap->timeout);
>>>>>>> +        if (!time_left) {
>>>>>>> +            dev_err(&adap->dev, "msg[%d]: addr=0x%x 
>>>>>>> timeout.\n", i, msgs[i].addr);
>>>>>>> +            break;
>>>>>>> +        }
>>>>>>
>>>>>>
>>>>>> You don't set error number here. Is this intended?
>>>>>>
>>>>>> And using a timeout here is not good, and if the request is 
>>>>>> finished just after the timeout, in the next xfer you may hit the 
>>>>>> following check.
>>>>>>
>>>>>> It's better to use either interrupt here.
>>>>>>
>>>>> Could you check the I2C drivers in the kernel ? The 
>>>>> "wait_for_completion_timeout" mechanism
>>>>> is commonly used by I2C bus drivers in their 
>>>>> i2c_algorithm.master_xfer.
>>>>
>>>>
>>>> There's a major difference between virtio-i2c and other drivers. In 
>>>> the case of virtio, the device could be a software device emulated 
>>>> by a remote process. This means the timeout might not be rare.
>>>>
>>>> I don't see how timeout is properly handled in this patch (e.g did 
>>>> you notice that you don't set any error when timeout? or is this 
>>>> intended?)
>>>>
>>> The backend software may operate the physical device. The timeout 
>>> depends on how the backend is designed.
>>> Here if the timeout happens, it will return the actual number of 
>>> messages successfully processed to the I2C core.
>>> Let the I2C core decides how to do next.
>>
>>
>> So let's consider the following case:
>>
>> 1) driver:virtio_i2c_add_msg(msgA)
>> 2) driver:timeout, and return to I2C core
>> 3) driver:virtio_i2c_add_msg(msgB)
>> 4) device: complete msgA
>> 5) driver: virtqueue_get_buf() returns msgA, since the token is 
>> always vi->vmsg, the driver may think msgB has been completed.
>>
>>
> If this case does happen, it is exactly a case that the condition 
> "((!vmsg) || (vmsg != &vi->vmsg))" are met.


I may miss something, but you always use vi->vmsg as token so vmsg is 
equal to &vi->vmsg here


> Currently, the timeout value is hard-coded in the driver. Generally 
> speaking, timeout rarely happens.


Well, it's better to no have such assumption consider the device could 
be a emulated one.


> It can also be designed as a device configuration if needed.


In any case, the timeout should be handled correctly regardless of its 
frequency.


>
> Thanks.
>
>>>
>>> Thanks.
>>>
>>>>
>>>>>
>>>>>>
>>>>>>> +
>>>>>>> +        vmsg = (struct virtio_i2c_msg *)virtqueue_get_buf(vq, 
>>>>>>> &len);
>>>>>>> +        /* vmsg should point to the same address with &vi->vmsg */
>>>>>>> +        if ((!vmsg) || (vmsg != &vi->vmsg)) {
>>>>>>> +            dev_err(&adap->dev, "msg[%d]: addr=0x%x virtqueue 
>>>>>>> error.\n",
>>>>>>> +                i, msgs[i].addr);
>>>>>>> +            break;
>>>>>>> +        }
>>>>>>
>>>>>>
>>>>>> So I think we can remove this check. Consider only one descriptor 
>>>>>> will be used at most, unless there's a bug in the device (and no 
>>>>>> other driver to the similar check), we should not hit this.
>>>>>>
>>>>>> Btw, as I replied in the previous version, the device should be 
>>>>>> cacpable of dealing of a batch of requests through the virtqueue, 
>>>>>> otherwise it's meaningless to use a queue here.
>>>>>>
>>>>> We should not assume there is no bug in the device. I don't think 
>>>>> we can remove this check if we want our code to be robust.
>>>>
>>>>
>>>> Can you tell when at which case you may hit !vmsg or vmsg != vi->vmsg?
>>>>
>>> Normally, it won't hit here. But the API "virtqueue_get_buf" tells me
>>> "It *may *return NULL or the "data" token handed to virtqueue_add_*()."
>>
>>
>> Note that we had the following check already in 
>> virtqueue_get_buf_ctx(), so the the virtio core had already have the 
>> ability to figure out the wrong head.
>>
>>     if (unlikely(id >= vq->packed.vring.num)) {
>>         BAD_RING(vq, "id %u out of range\n", id);
>>         return NULL;
>>     }
>>     if (unlikely(!vq->packed.desc_state[id].data)) {
>>         BAD_RING(vq, "id %u is not a head!\n", id);
>>         return NULL;
>>     }
>>
>> And when it returns a NULL, it's not necessarily an error of the 
>> device, it might just require more time to finish the processing.
>>
>
> That's why we just returned the actual number of messages successfully 
> processed in this case,
> and let the I2C core to try one more time.
>
> Actually we have no idea if this is a device error or not. Try one 
> more time can also fail if it is a backend error.
> Of course, there is another option. We can return error for timeout, 
> no matter what reason.
>
> Thanks.
>
>
>>
>>>
>>> From the perspective of a caller, I just don't care when it happens.
>>> To make the code robust, what I care about is what I should do if 
>>> this is not our case
>>> since the doc says it*may *happen.
>>>
>>> If you insist on removing this check, I will remove "vmsg != 
>>> vi->vmsg" and keep the check for !vmsg.
>>> As Dan reported in v2, we should at least check here for NULL.
>>>
>>> Thanks.
>>>
>>>>
>>>>
>>>>> As I said, currently, we are using the virtqueue to send the msg 
>>>>> one by one to the backend. The mechanism is described in the spec. 
>>>>
>>>>
>>>> Which part of the spec describes such "one by one" mechanism? If 
>>>> there is one, I'd happily give a NACK since it doesn't require a 
>>>> queue to work which is conflict with the concept of the virtqueue.
>>>>
>>>>
>>> What's the concept of the virtqueue ?  Why do you want to restrict 
>>> how users use virtqueue ?
>>
>>
>> So I think there's some misunderstanding here. The point is not to 
>> restrict how to use virtqueue.
>>
>> What I meant is:
>>
>> - we should not invent a device with a virtqueue that can only accept 
>> one buffer at a time
>> - I don't see any mechanism like "one by one" described in the spec, 
>> so it's ok but if it'd happen to have, I will NACK
>>
>>
> Thanks for your clarification. I didn't restrict how to use the 
> virtqueue in the spec.
> The code is just one implementation. I'd like to have this simple 
> driver been merged first.
> It may have optimization in the future according to the needs.
>
> Thanks.
>
>
>>>
>>> It's like you provide a water glass to user. The user can fill a 
>>> full glass of water and drinks once or
>>> fill half a glass of water and drink twice. It is a user behavior 
>>> and should not be restricted by
>>> the glass provider.
>>
>>
>> That's my point as well, we should not describe the "once" behavior 
>> in the spec.
>>
>>
>>>
>>> Thanks.
>>>
>>>
>>>>> Thanks.
>>>>>
>>>>>
>>>>>>
>>>>>>> +
>>>>>>>
>>>>>>> +
>>>>>>> +#ifndef _UAPI_LINUX_VIRTIO_I2C_H
>>>>>>> +#define _UAPI_LINUX_VIRTIO_I2C_H
>>>>>>> +
>>>>>>> +#include <linux/types.h>
>>>>>>> +#include <linux/virtio_ids.h>
>>>>>>> +#include <linux/virtio_config.h>
>>>>>>> +
>>>>>>> +/**
>>>>>>> + * struct virtio_i2c_hdr - the virtio I2C message header structure
>>>>>>> + * @addr: i2c_msg addr, the slave address
>>>>>>> + * @flags: i2c_msg flags
>>>>>>> + * @len: i2c_msg len
>>>>>>> + */
>>>>>>> +struct virtio_i2c_hdr {
>>>>>>> +    __le16 addr;
>>>>>>> +    __le16 flags;
>>>>>>> +    __le16 len;
>>>>>>> +};
>>>>>>
>>>>>>
>>>>>> I'm afraid this is not complete. E.g the status is missed.
>>>>>>
>>>>>> I suspect what virtio-scsi use is better. Which split the in from 
>>>>>> the out instead of reusing the same buffer. And it can ease the 
>>>>>> uAPI header export.
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>>
>>>>>
>>>>> I think following definition in uAPI for the status is enough.
>>>>> There is no need to provide a "u8" status in the structure.
>>>>>
>>>>> /* The final status written by the device */
>>>>> #define VIRTIO_I2C_MSG_OK    0
>>>>> #define VIRTIO_I2C_MSG_ERR    1
>>>>>
>>>>> You can see an example in virtio_blk.
>>>>>
>>>>> In the spec:
>>>>>
>>>>> struct virtio_blk_req {
>>>>> le32 type;
>>>>> le32 reserved;
>>>>> le64 sector;
>>>>> u8 data[];
>>>>> u8 status;
>>>>> };
>>>>>
>>>>> In virtio_blk.h, there is only following definitions.
>>>>>
>>>>> #define VIRTIO_BLK_S_OK        0
>>>>> #define VIRTIO_BLK_S_IOERR    1
>>>>> #define VIRTIO_BLK_S_UNSUPP    2
>>>>>
>>>>
>>>> virtio-blk is a bad example, it's just too late to fix. For any new 
>>>> introduced uAPI it should be a complete one.
>>>>
>>>> Thanks
>>>>
>>> I checked a relatively new device "virtio_fs".
>>> I found following definition in spec but not in uAPI also.
>>>
>>> struct virtio_fs_req {
>>> // Device -readable part
>>> struct fuse_in_header in;
>>> u8 datain[];
>>> // Device -writable part
>>> struct fuse_out_header out;
>>> u8 dataout[];
>>> };
>>>
>>> So is this also a bad example which has not been fixed yet.
>>
>>
>> Cc Stefan for the answer.
>>
>>
>>> Or what's your mean about "complete" here ? Is there any definition 
>>> about "complete uAPI" ?
>>
>>
>> My understanding it should contain all the fields defined in the 
>> virtio spec.
>>
>> Thanks
>>
> OK. I noticed this isn't strictly implemented in the current virtio 
> codes.
> I'm not sure if this is already a consensus. I will follow it if this 
> is the opinion of the majority.


Please do that, this forces us to maintain uABI compatibility which is 
what Linux try to maintain for ever.

Thanks


>
> Thanks.
>
>