From: Stefan Hajnoczi <stefanha@redhat.com>
To: Thanos Makatos <thanos.makatos@nutanix.com>
Cc: "Elena Ufimtseva" <elena.ufimtseva@oracle.com>,
"John Johnson" <john.g.johnson@oracle.com>,
"thuth@redhat.com" <thuth@redhat.com>,
"Jag Raman" <jag.raman@oracle.com>,
"bleal@redhat.com" <bleal@redhat.com>,
"Swapnil Ingle" <swapnil.ingle@nutanix.com>,
"John Levon" <john.levon@nutanix.com>,
"alex.bennee@linaro.org" <alex.bennee@linaro.org>,
qemu-devel <qemu-devel@nongnu.org>,
"wainersm@redhat.com" <wainersm@redhat.com>,
"Alex Williamson" <alex.williamson@redhat.com>,
"Marc-André Lureau" <marcandre.lureau@gmail.com>,
"crosa@redhat.com" <crosa@redhat.com>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@redhat.com>
Subject: Re: [PATCH v4 07/14] vfio-user: run vfio-user context
Date: Thu, 6 Jan 2022 13:35:32 +0000 [thread overview]
Message-ID: <YdbwJE2E0T6Lo9Aw@stefanha-x1.localdomain> (raw)
In-Reply-To: <DM8PR02MB80054A55BCA44CD3525364308B4B9@DM8PR02MB8005.namprd02.prod.outlook.com>
[-- Attachment #1: Type: text/plain, Size: 5805 bytes --]
On Wed, Jan 05, 2022 at 10:38:10AM +0000, Thanos Makatos wrote:
>
>
> > -----Original Message-----
> > From: Jag Raman <jag.raman@oracle.com>
> > Sent: 17 December 2021 18:00
> > To: Stefan Hajnoczi <stefanha@redhat.com>; John Levon
> > <john.levon@nutanix.com>; Thanos Makatos <thanos.makatos@nutanix.com>
> > Cc: qemu-devel <qemu-devel@nongnu.org>; Alex Williamson
> > <alex.williamson@redhat.com>; Marc-André Lureau
> > <marcandre.lureau@gmail.com>; Philippe Mathieu-Daudé
> > <philmd@redhat.com>; pbonzini@redhat.com; alex.bennee@linaro.org;
> > thuth@redhat.com; crosa@redhat.com; wainersm@redhat.com;
> > bleal@redhat.com; Elena Ufimtseva <elena.ufimtseva@oracle.com>; John
> > Levon <john.levon@nutanix.com>; John Johnson
> > <john.g.johnson@oracle.com>; Thanos Makatos
> > <thanos.makatos@nutanix.com>; Swapnil Ingle <swapnil.ingle@nutanix.com>
> > Subject: Re: [PATCH v4 07/14] vfio-user: run vfio-user context
> >
> >
> >
> > > On Dec 16, 2021, at 6:17 AM, Stefan Hajnoczi <stefanha@redhat.com> wrote:
> > >
> > > On Wed, Dec 15, 2021 at 10:35:31AM -0500, Jagannathan Raman wrote:
> > >> @@ -114,6 +118,62 @@ static void vfu_object_set_device(Object *obj,
> > const char *str, Error **errp)
> > >> vfu_object_init_ctx(o, errp);
> > >> }
> > >>
> > >> +static void vfu_object_ctx_run(void *opaque)
> > >> +{
> > >> + VfuObject *o = opaque;
> > >> + int ret = -1;
> > >> +
> > >> + while (ret != 0) {
> > >> + ret = vfu_run_ctx(o->vfu_ctx);
> > >> + if (ret < 0) {
> > >> + if (errno == EINTR) {
> > >> + continue;
> > >> + } else if (errno == ENOTCONN) {
> > >> + qemu_set_fd_handler(o->vfu_poll_fd, NULL, NULL, NULL);
> > >> + o->vfu_poll_fd = -1;
> > >> + object_unparent(OBJECT(o));
> > >> + break;
> > >
> > > If nothing else logs a message then I think that should be done here so
> > > users know why their vfio-user server object disappeared.
> >
> > Sure will do.
> >
> > Do you prefer a trace, or a message to the console? Trace makes sense to me.
> > Presently, the client could unplug the vfio-user device which would trigger the
> > deletion of this object. This process could happen quietly.
> >
> > >
> > >> + } else {
> > >> + error_setg(&error_abort, "vfu: Failed to run device %s - %s",
> > >> + o->device, strerror(errno));
> > >
> > > error_abort is equivalent to assuming !o->daemon. In the case where the
> > > user doesn't want to automatically shut down the process we need to log
> > > a message without aborting.
> >
> > OK, makes sense.
> >
> > >
> > >> + break;
> > >
> > > Indentation is off.
> > >
> > >> + }
> > >> + }
> > >> + }
> > >> +}
> > >> +
> > >> +static void vfu_object_attach_ctx(void *opaque)
> > >> +{
> > >> + VfuObject *o = opaque;
> > >> + GPollFD pfds[1];
> > >> + int ret;
> > >> +
> > >> + qemu_set_fd_handler(o->vfu_poll_fd, NULL, NULL, NULL);
> > >> +
> > >> + pfds[0].fd = o->vfu_poll_fd;
> > >> + pfds[0].events = G_IO_IN | G_IO_HUP | G_IO_ERR;
> > >> +
> > >> +retry_attach:
> > >> + ret = vfu_attach_ctx(o->vfu_ctx);
> > >> + if (ret < 0 && (errno == EAGAIN || errno == EWOULDBLOCK)) {
> > >> + qemu_poll_ns(pfds, 1, 500 * (int64_t)SCALE_MS);
> > >> + goto retry_attach;
> > >
> > > This can block the thread indefinitely. Other events like monitor
> > > commands are not handled in this loop. Please make this asynchronous
> > > (set an fd handler and return from this function so we can try again
> > > later).
> > >
> > > The vfu_attach_ctx() implementation synchronously negotiates the
> > > vfio-user connection :(. That's a shame because even if accept(2) is
> > > handled asynchronously, the negotiation can still block. It would be
> > > cleanest to have a fully async libvfio-user's vfu_attach_ctx() API to
> > > avoid blocking. Is that possible?
> >
> > Thanos / John,
> >
> > Any thoughts on this?
>
> I'm discussing this with John and FYI there are other places where libvfio-user can block, e.g. sending a response or receiving a command. Is it just the negotiation you want it to be asynchronous or _all_ libvfio-user operations? Making libvfio-user fully asynchronous might require a substantial API rewrite.
I see at least two reasons for a fully async API:
1. The program wants to handle other events (e.g. a management REST API)
from the same event loop thread that invokes libvfio-user. If
libvfio-user blocks then the other events cannot be handled within a
reasonable time frame.
The workaround for this is to use multi-threading and ignore the
event-driven architecture implied by vfu_get_poll_fd().
2. The program handles multiple clients that do not trust each other.
This could be a software-defined network switch or storage appliance.
A malicious client can cause a denial-of-service by making a
libvfio-user call block.
Again, the program needs separate threads instead of an event loop to
work around this.
The downside to a sync approach is that programs that already have an
event loop require extra code to set up dedicated threads for
libvfio-user. That's a library integration/usability issue.
In some cases it's okay to block: when the program doesn't need to
handle other events. If most users of libvfio-user are expected to fall
into this category then there's no need to change the API.
Either way, the doc comments in libvfio-user.h aren't very clear.
Someone integrating this library may think vfu_get_poll_fd() allows for
fully async operation.
Stefan
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2022-01-06 14:20 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-15 15:35 [PATCH v4 00/14] vfio-user server in QEMU Jagannathan Raman
2021-12-15 15:35 ` [PATCH v4 01/14] configure, meson: override C compiler for cmake Jagannathan Raman
2021-12-15 15:35 ` [PATCH v4 02/14] tests/avocado: Specify target VM argument to helper routines Jagannathan Raman
2021-12-15 15:54 ` Philippe Mathieu-Daudé
2021-12-15 22:04 ` Beraldo Leal
2021-12-16 21:28 ` Jag Raman
2021-12-15 15:35 ` [PATCH v4 03/14] vfio-user: build library Jagannathan Raman
2021-12-15 15:35 ` [PATCH v4 04/14] vfio-user: define vfio-user-server object Jagannathan Raman
2021-12-16 9:33 ` Stefan Hajnoczi
2021-12-17 2:17 ` Jag Raman
2021-12-16 9:58 ` Stefan Hajnoczi
2021-12-17 2:31 ` Jag Raman
2021-12-17 8:28 ` Stefan Hajnoczi
2021-12-15 15:35 ` [PATCH v4 05/14] vfio-user: instantiate vfio-user context Jagannathan Raman
2021-12-16 9:55 ` Stefan Hajnoczi
2021-12-16 21:32 ` Jag Raman
2021-12-15 15:35 ` [PATCH v4 06/14] vfio-user: find and init PCI device Jagannathan Raman
2021-12-16 10:39 ` Stefan Hajnoczi
2021-12-17 3:12 ` Jag Raman
2021-12-15 15:35 ` [PATCH v4 07/14] vfio-user: run vfio-user context Jagannathan Raman
2021-12-16 11:17 ` Stefan Hajnoczi
2021-12-17 17:59 ` Jag Raman
2021-12-20 8:29 ` Stefan Hajnoczi
2021-12-21 3:04 ` Jag Raman
2022-01-05 10:38 ` Thanos Makatos
2022-01-06 13:35 ` Stefan Hajnoczi [this message]
2022-01-10 17:56 ` John Levon
2022-01-11 9:36 ` Stefan Hajnoczi
2022-01-11 13:12 ` Jag Raman
2021-12-15 15:35 ` [PATCH v4 08/14] vfio-user: handle PCI config space accesses Jagannathan Raman
2021-12-16 11:30 ` Stefan Hajnoczi
2021-12-16 11:47 ` John Levon
2021-12-16 16:00 ` Stefan Hajnoczi
2021-12-15 15:35 ` [PATCH v4 09/14] vfio-user: handle DMA mappings Jagannathan Raman
2021-12-16 13:24 ` Stefan Hajnoczi
2021-12-17 19:11 ` Jag Raman
2021-12-15 15:35 ` [PATCH v4 10/14] vfio-user: handle PCI BAR accesses Jagannathan Raman
2021-12-16 14:10 ` Stefan Hajnoczi
2021-12-17 19:12 ` Jag Raman
2021-12-15 15:35 ` [PATCH v4 11/14] vfio-user: IOMMU support for remote device Jagannathan Raman
2021-12-16 14:40 ` Stefan Hajnoczi
2021-12-17 20:00 ` Jag Raman
2021-12-20 14:36 ` Stefan Hajnoczi
2021-12-21 4:32 ` Jag Raman
2022-01-06 13:10 ` Stefan Hajnoczi
2021-12-15 15:35 ` [PATCH v4 12/14] vfio-user: handle device interrupts Jagannathan Raman
2021-12-16 15:56 ` Stefan Hajnoczi
2021-12-15 15:35 ` [PATCH v4 13/14] vfio-user: register handlers to facilitate migration Jagannathan Raman
2021-12-15 15:35 ` [PATCH v4 14/14] vfio-user: avocado tests for vfio-user Jagannathan Raman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YdbwJE2E0T6Lo9Aw@stefanha-x1.localdomain \
--to=stefanha@redhat.com \
--cc=alex.bennee@linaro.org \
--cc=alex.williamson@redhat.com \
--cc=bleal@redhat.com \
--cc=crosa@redhat.com \
--cc=elena.ufimtseva@oracle.com \
--cc=jag.raman@oracle.com \
--cc=john.g.johnson@oracle.com \
--cc=john.levon@nutanix.com \
--cc=marcandre.lureau@gmail.com \
--cc=pbonzini@redhat.com \
--cc=philmd@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=swapnil.ingle@nutanix.com \
--cc=thanos.makatos@nutanix.com \
--cc=thuth@redhat.com \
--cc=wainersm@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).