From: "Michael S. Tsirkin" <mst@redhat.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-kernel@vger.kernel.org, Amit Shah <amit@kernel.org>,
Arnd Bergmann <arnd@arndb.de>,
virtualization@lists.linux-foundation.org
Subject: Re: [PATCH] virtio_console: break out of buf poll on remove
Date: Fri, 14 Jan 2022 16:48:57 -0500 [thread overview]
Message-ID: <20220114164549-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <YVxUNudHGxURHH/4@kroah.com>
On Tue, Oct 05, 2021 at 03:33:42PM +0200, Greg Kroah-Hartman wrote:
> On Tue, Oct 05, 2021 at 03:04:07AM -0400, Michael S. Tsirkin wrote:
> > A common pattern for device reset is currently:
> > vdev->config->reset(vdev);
> > .. cleanup ..
> >
> > reset prevents new interrupts from arriving and waits for interrupt
> > handlers to finish.
> >
> > However if - as is common - the handler queues a work request which is
> > flushed during the cleanup stage, we have code adding buffers / trying
> > to get buffers while device is reset. Not good.
> >
> > This was reproduced by running
> > modprobe virtio_console
> > modprobe -r virtio_console
> > in a loop.
>
> That's a pathological case that is not "in the field" except by people
> who want to abuse the system as root. And they can do much worse things
> than that.
>
> > Fixing this comprehensively needs some thought, and new APIs.
> > Let's at least handle the specific case of virtio_console
> > removal that was reported in the field.
>
> Let's fix this correctly, don't just hack it up now.
Well I poked at it some more, and things are not as bad
as I thought. It's mostly just console and possibly virtio-mem.
Well and virtio-bt has a completely borken cleanup that
does not even bother to reset the device, but that's
a separate issue, discussing it with the maintainer.
So I wrote some patches to document the requirements better, added a
wrapper for reset and generally cleaned the API up a bit, and added a
patch for mem, but generally I no longer think we need a major API
change.
> > Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1786239
> > Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> > ---
> > drivers/char/virtio_console.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
> > index 7eaf303a7a86..c852ce0b4d56 100644
> > --- a/drivers/char/virtio_console.c
> > +++ b/drivers/char/virtio_console.c
> > @@ -1956,6 +1956,12 @@ static void virtcons_remove(struct virtio_device *vdev)
> > list_del(&portdev->list);
> > spin_unlock_irq(&pdrvdata_lock);
> >
> > + /* Device is going away, exit any polling for buffers */
> > + virtio_break_device(vdev);
> > + if (use_multiport(portdev))
> > + flush_work(&portdev->control_work);
> > + else
> > + flush_work(&portdev->config_work);
> > /* Disable interrupts for vqs */
>
> newline before comment?
sure
> thanks,
>
> greg k-h
WARNING: multiple messages have this Message-ID (diff)
From: "Michael S. Tsirkin" <mst@redhat.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: virtualization@lists.linux-foundation.org,
linux-kernel@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
Amit Shah <amit@kernel.org>
Subject: Re: [PATCH] virtio_console: break out of buf poll on remove
Date: Fri, 14 Jan 2022 16:48:57 -0500 [thread overview]
Message-ID: <20220114164549-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <YVxUNudHGxURHH/4@kroah.com>
On Tue, Oct 05, 2021 at 03:33:42PM +0200, Greg Kroah-Hartman wrote:
> On Tue, Oct 05, 2021 at 03:04:07AM -0400, Michael S. Tsirkin wrote:
> > A common pattern for device reset is currently:
> > vdev->config->reset(vdev);
> > .. cleanup ..
> >
> > reset prevents new interrupts from arriving and waits for interrupt
> > handlers to finish.
> >
> > However if - as is common - the handler queues a work request which is
> > flushed during the cleanup stage, we have code adding buffers / trying
> > to get buffers while device is reset. Not good.
> >
> > This was reproduced by running
> > modprobe virtio_console
> > modprobe -r virtio_console
> > in a loop.
>
> That's a pathological case that is not "in the field" except by people
> who want to abuse the system as root. And they can do much worse things
> than that.
>
> > Fixing this comprehensively needs some thought, and new APIs.
> > Let's at least handle the specific case of virtio_console
> > removal that was reported in the field.
>
> Let's fix this correctly, don't just hack it up now.
Well I poked at it some more, and things are not as bad
as I thought. It's mostly just console and possibly virtio-mem.
Well and virtio-bt has a completely borken cleanup that
does not even bother to reset the device, but that's
a separate issue, discussing it with the maintainer.
So I wrote some patches to document the requirements better, added a
wrapper for reset and generally cleaned the API up a bit, and added a
patch for mem, but generally I no longer think we need a major API
change.
> > Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1786239
> > Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
> > ---
> > drivers/char/virtio_console.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
> > index 7eaf303a7a86..c852ce0b4d56 100644
> > --- a/drivers/char/virtio_console.c
> > +++ b/drivers/char/virtio_console.c
> > @@ -1956,6 +1956,12 @@ static void virtcons_remove(struct virtio_device *vdev)
> > list_del(&portdev->list);
> > spin_unlock_irq(&pdrvdata_lock);
> >
> > + /* Device is going away, exit any polling for buffers */
> > + virtio_break_device(vdev);
> > + if (use_multiport(portdev))
> > + flush_work(&portdev->control_work);
> > + else
> > + flush_work(&portdev->config_work);
> > /* Disable interrupts for vqs */
>
> newline before comment?
sure
> thanks,
>
> greg k-h
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next prev parent reply other threads:[~2022-01-14 21:49 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-05 7:04 [PATCH] virtio_console: break out of buf poll on remove Michael S. Tsirkin
2021-10-05 7:04 ` Michael S. Tsirkin
2021-10-05 13:33 ` Greg Kroah-Hartman
2021-10-05 13:33 ` Greg Kroah-Hartman
2022-01-14 21:48 ` Michael S. Tsirkin [this message]
2022-01-14 21:48 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220114164549-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=amit@kernel.org \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.