DPDK patches and discussions
 help / color / mirror / Atom feed
From: Ferruh Yigit <ferruh.yigit@intel.com>
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: Thomas Monjalon <thomas@monjalon.net>,
	David Marchand <david.marchand@redhat.com>,
	Elad Nachman <eladv6@gmail.com>, <dev@dpdk.org>,
	 <stable@dpdk.org>, Igor Ryzhov <iryzhov@nfware.com>,
	Eric Christian <erclists@gmail.com>
Subject: Re: [PATCH] kni: restrict bifurcated device support
Date: Tue, 23 Nov 2021 16:51:27 +0000
Message-ID: <0914b58e-de54-50ef-7e48-febf9688eb09@intel.com> (raw)
In-Reply-To: <20211123082218.11b894b0@hermes.local>

On 11/23/2021 4:22 PM, Stephen Hemminger wrote:
> On Tue, 23 Nov 2021 09:54:01 +0000
> Ferruh Yigit <ferruh.yigit@intel.com> wrote:
>> On 10/9/2021 3:03 AM, Stephen Hemminger wrote:
>>> On Sat,  9 Oct 2021 00:58:30 +0100
>>> Ferruh Yigit <ferruh.yigit@intel.com> wrote:
>>>> To enable bifurcated device support, rtnl_lock is released before calling
>>>> userspace callbacks and asynchronous requests are enabled.
>>>> But these changes caused more issues, like bug #809, #816. To reduce the
>>>> scope of the problems, the bifurcated device support related changes are
>>>> only enabled when it is requested explicitly with new 'enable_bifurcated'
>>>> module parameter.
>>>> And bifurcated device support is disabled by default.
>>>> So the bifurcated device related problems are isolated and they can be
>>>> fixed without impacting all use cases.
>>>> Bugzilla ID: 816
>>>> Fixes: 631217c76135 ("kni: fix kernel deadlock with bifurcated device")
>>>> Cc: stable@dpdk.org
>>>> Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
>>> Calling userspace with semaphore held is still risky and buggy.
>>> There is no guarantee that the userspace DPDK application will be well behaved.
>>> And if it is not, the spinning holding RTNL would break any other network management
>>> functions in the kernel.
>> Hi Stephen,
>> Because of what you described above, we tried the option that releases the RTNL
>> lock before userspace callback,
>> That caused a deadlock in the ifdown, and we add a workaround for it.
>> But now we are facing with two more issues because of the rtnl lock release,
>> - Bugzilla ID: 816, MAC set cause kernel deadlock
>> - Some requests are overwritten (because of the workaround we put for ifdown)
>> This patch just converts the default behavior to what it was previously.
>> Releasing rtnl lock still supported with the module param, but I think it
>> is not good idea to make it default while it is know that it is buggy.
>> @Thomas, @David,
>> Can it be possible to get this patch for -rc4? Since it has potential
>> to cause a deadlock in kernel as it is.
>> I can send a new version with documentation update.
> Is it possible for userspace to choose the correct behavior instead
> of module option. Users will do it wrong.

That is why default is changed. If user will use bifurcated driver, user will
know it and need to explicitly request this support.

I don't think there is a way to know automatically which device/interface
will be used with KNI, that is why user config is required.

Right now KNI is with a defect that can cause a deadlock in the kernel with
its default config, that is why I think we should get this fix first for the

>>> These are the kind of problems that make me think it there should be a
>>> big "DO NOT USE THIS" onto KNI. Maybe make it print a big nasty message
>>> (see kernel VFIO without IOMMU description) or mark kernel as tainted??
>>> See: https://fedoraproject.org/wiki/KernelStagingPolicy
>>> Something like:
>>> diff --git a/kernel/linux/kni/kni_net.c b/kernel/linux/kni/kni_net.c
>>> index 611719b5ee27..d47fc6133cbe 100644
>>> --- a/kernel/linux/kni/kni_net.c
>>> +++ b/kernel/linux/kni/kni_net.c
>>> @@ -838,6 +838,14 @@ kni_net_init(struct net_device *dev)
>>>    	dev->header_ops      = &kni_net_header_ops;
>>>    	dev->ethtool_ops     = &kni_net_ethtool_ops;
>>>    	dev->watchdog_timeo = WD_TIMEOUT;
>>> +
>>> +	/*
>>> +	 * KNI is unsafe since it requires calling userspace to do
>>> +	 * control operations. And the overall quality according to
>>> +	 * kernel standards is the same as devices in staging.
>>> +	 */
>>> +	add_taint(TAINT_CRAP, LOCKDEP_STILL_OK);
>>> +	netdev_warn(dev, "Adding kernel taint for KNI because it is not safe\n");
>> I am for discussing above separate from this patch, since this patch
>> restores the behavior that exist since KNI module exists.
> Any user of KNI will already get tainted because KNI is out of tree driver.

I mean the note and explicit 'add_taint()' you mentioned above, can we separate
it from this bug fix.

  reply	other threads:[~2021-11-23 16:51 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-08 23:58 [dpdk-dev] " Ferruh Yigit
2021-10-09  2:03 ` Stephen Hemminger
2021-11-23  9:54   ` Ferruh Yigit
2021-11-23 16:22     ` Stephen Hemminger
2021-11-23 16:51       ` Ferruh Yigit [this message]
2021-11-23 19:10         ` Stephen Hemminger
2021-11-17 16:42 ` Igor Ryzhov
2021-11-23 16:46 ` [PATCH v2] " Ferruh Yigit
2021-11-24 13:51   ` Thomas Monjalon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0914b58e-de54-50ef-7e48-febf9688eb09@intel.com \
    --to=ferruh.yigit@intel.com \
    --cc=david.marchand@redhat.com \
    --cc=dev@dpdk.org \
    --cc=eladv6@gmail.com \
    --cc=erclists@gmail.com \
    --cc=iryzhov@nfware.com \
    --cc=stable@dpdk.org \
    --cc=stephen@networkplumber.org \
    --cc=thomas@monjalon.net \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ http://inbox.dpdk.org/dev \
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git