From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <yliu@fridaylinux.org>
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com
 [66.111.4.25]) by dpdk.org (Postfix) with ESMTP id DE1B81B314;
 Fri, 19 Jan 2018 14:51:46 +0100 (CET)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
 by mailout.nyi.internal (Postfix) with ESMTP id 4764220ADA;
 Fri, 19 Jan 2018 08:51:46 -0500 (EST)
Received: from frontend1 ([10.202.2.160])
 by compute1.internal (MEProxy); Fri, 19 Jan 2018 08:51:46 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fridaylinux.org;
 h=cc:content-type:date:from:in-reply-to:message-id:mime-version
 :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=
 fm1; bh=Eba/beRJXALq7vTA8KPYBaeP2sGhbPmJUFdaOfhrVPc=; b=td1DjLzv
 oQTlVDYnn++KsE+oWRBTseNPIjGMrZttWk8s/qh8Ic/jN0jGy6W9YO9w+v6IVp7N
 yjUVuPmo6WT2XJztev2qdvgM3O7ofYCmi3Zw7XvgRXNsb68IcezLQ/8wNcmjNL10
 REfQaO9I9cz9vKrwo5Qnb+XPZQPsPmMUe7HTa7FZtn8f/Jz5ka9lKdcbTjB0hcAI
 +5yhry/c5I+F3tEc7b5n/4aJ4IHu7K7MjErIdtks8s4p1Fil63YZx8OUjXKGtEQ2
 nSlNmNPb6ajtOEnd3W0nY7uS5DBa75yfDOLZo8JHAz3U7idHOpB4KZ7OGO/z8oou
 xfVifWvP4qATbQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-sender
 :x-me-sender:x-sasl-enc; s=fm1; bh=Eba/beRJXALq7vTA8KPYBaeP2sGhb
 PmJUFdaOfhrVPc=; b=lWuZNyfSXXf7J0yNff/aTkqdGj4ngO02EmVGYYkcxMBOO
 KAhxfwAA7yaTGG7+J/HLQWTcV0fSegQJPF1/R+QEZ3CEis+GhSBrbdv56dxPAllf
 zpEuK7WSVEcQDkhEXvIxMmXomhO5LpZz3rPSAMYYqfm3GCv06ZO0QsN81JFXS8Et
 TsUn0m1hpseaaZ+UO3EATy3+KPIkwA6+AAu7K1UxLS666NYa8O3vOr7Oo8FCEqPp
 i5yVOWUOW4yuvoY9Qpsnj/ysrBgGnWAnvuR6F+fUeJUJQ0fUyvkVgrroTmnTO2BR
 G4RF6q1HR71mRPsbuL2eA81vXix/7GuoPGcMGAO2Q==
X-ME-Sender: <xms:8vdhWvB2NF-O4_QDUopOHgAit3GqT_McxIvUyIPfUKgqJeUt33Q_pQ>
Received: from yliu-mob (unknown [115.148.90.22])
 by mail.messagingengine.com (Postfix) with ESMTPA id C4D087E0FA;
 Fri, 19 Jan 2018 08:51:44 -0500 (EST)
Date: Fri, 19 Jan 2018 21:51:40 +0800
From: Yuanhan Liu <yliu@fridaylinux.org>
To: Victor Kaplansky <victork@redhat.com>
Cc: dev@dpdk.org, stable@dpdk.org, Jens Freimann <jfreiman@redhat.com>,
 Maxime Coquelin <maxime.coquelin@redhat.com>,
 Tiwei Bie <tiwei.bie@intel.com>, "Tan, Jianfeng" <jianfeng.tan@intel.com>,
 Stephen Hemminger <stephen@networkplumber.org>
Message-ID: <20180119135140.GO29540@yliu-mob>
References: <20180117154925-mutt-send-email-victork@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180117154925-mutt-send-email-victork@redhat.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Subject: Re: [dpdk-stable] [PATCH v5] vhost_user: protect active rings from
 async ring changes
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://dpdk.org/ml/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://dpdk.org/ml/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jan 2018 13:51:47 -0000

On Wed, Jan 17, 2018 at 03:49:25PM +0200, Victor Kaplansky wrote:
> When performing live migration or memory hot-plugging,
> the changes to the device and vrings made by message handler
> done independently from vring usage by PMD threads.
> 
> This causes for example segfaults during live-migration
> with MQ enable, but in general virtually any request
> sent by qemu changing the state of device can cause
> problems.

Applied to dpdk-next-virtio, with

Cc: stable@dpdk.org

Thanks.

	--yliu
> 
> These patches fixes all above issues by adding a spinlock
> to every vring and requiring message handler to start operation
> only after ensuring that all PMD threads related to the device
> are out of critical section accessing the vring data.
> 
> Each vring has its own lock in order to not create contention
> between PMD threads of different vrings and to prevent
> performance degradation by scaling queue pair number.
> 
> See https://bugzilla.redhat.com/show_bug.cgi?id=1450680
> 
> Signed-off-by: Victor Kaplansky <victork@redhat.com>
> ---
> v5:
>  o get rid of spinlock wrapping functions in vhost.h
> 
> v4:
> 
>  o moved access_unlock before accessing enable flag and
>    access_unlock after iommu_unlock consistently.
>  o cosmetics: removed blank line.
>  o the access_lock variable moved to be in the same
>    cache line with enable and access_ok flags.
>  o dequeue path is now guarded with trylock and returning
>    zero if unsuccessful.
>  o GET_VRING_BASE operation is not guarded by access lock
>    to avoid deadlock with device_destroy. See the comment
>    in the code.
>  o Fixed error path exit from enqueue and dequeue carefully
>    unlocking access and iommu locks as appropriate.
> 
> v3:
>    o Added locking to enqueue flow.
>    o Enqueue path guarded as well as dequeue path.
>    o Changed name of active_lock.
>    o Added initialization of guarding spinlock.
>    o Reworked functions skimming over all virt-queues.
>    o Performance measurements done by Maxime Coquelin shows
>      no degradation in bandwidth and throughput.
>    o Spelling.
>    o Taking lock only on set operations.
>    o IOMMU messages are not guarded by access lock.
> 
> v2:
>    o Fixed checkpatch complains.
>    o Added Signed-off-by.
>    o Refined placement of guard to exclude IOMMU messages.
>    o TODO: performance degradation measurement.
> 
>  lib/librte_vhost/vhost.h      |  6 ++--
>  lib/librte_vhost/vhost.c      |  1 +
>  lib/librte_vhost/vhost_user.c | 70 +++++++++++++++++++++++++++++++++++++++++++
>  lib/librte_vhost/virtio_net.c | 28 ++++++++++++++---
>  4 files changed, 99 insertions(+), 6 deletions(-)
> 
> diff --git a/lib/librte_vhost/vhost.h b/lib/librte_vhost/vhost.h
> index 1cc81c17..c8f2a817 100644
> --- a/lib/librte_vhost/vhost.h
> +++ b/lib/librte_vhost/vhost.h
> @@ -108,12 +108,14 @@ struct vhost_virtqueue {
>  
>  	/* Backend value to determine if device should started/stopped */
>  	int			backend;
> +	int			enabled;
> +	int			access_ok;
> +	rte_spinlock_t		access_lock;
> +
>  	/* Used to notify the guest (trigger interrupt) */
>  	int			callfd;
>  	/* Currently unused as polling mode is enabled */
>  	int			kickfd;
> -	int			enabled;
> -	int			access_ok;
>  
>  	/* Physical address of used ring, for logging */
>  	uint64_t		log_guest_addr;
> diff --git a/lib/librte_vhost/vhost.c b/lib/librte_vhost/vhost.c
> index 4f8b73a0..dcc42fc7 100644
> --- a/lib/librte_vhost/vhost.c
> +++ b/lib/librte_vhost/vhost.c
> @@ -259,6 +259,7 @@ alloc_vring_queue(struct virtio_net *dev, uint32_t vring_idx)
>  
>  	dev->virtqueue[vring_idx] = vq;
>  	init_vring_queue(dev, vring_idx);
> +	rte_spinlock_init(&vq->access_lock);
>  
>  	dev->nr_vring += 1;
>  
> diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
> index f4c7ce46..0685d4e7 100644
> --- a/lib/librte_vhost/vhost_user.c
> +++ b/lib/librte_vhost/vhost_user.c
> @@ -1190,12 +1190,47 @@ vhost_user_check_and_alloc_queue_pair(struct virtio_net *dev, VhostUserMsg *msg)
>  	return alloc_vring_queue(dev, vring_idx);
>  }
>  
> +static void
> +vhost_user_lock_all_queue_pairs(struct virtio_net *dev)
> +{
> +	unsigned int i = 0;
> +	unsigned int vq_num = 0;
> +
> +	while (vq_num < dev->nr_vring) {
> +		struct vhost_virtqueue *vq = dev->virtqueue[i];
> +
> +		if (vq) {
> +			rte_spinlock_lock(&vq->access_lock);
> +			vq_num++;
> +		}
> +		i++;
> +	}
> +}
> +
> +static void
> +vhost_user_unlock_all_queue_pairs(struct virtio_net *dev)
> +{
> +	unsigned int i = 0;
> +	unsigned int vq_num = 0;
> +
> +	while (vq_num < dev->nr_vring) {
> +		struct vhost_virtqueue *vq = dev->virtqueue[i];
> +
> +		if (vq) {
> +			rte_spinlock_unlock(&vq->access_lock);
> +			vq_num++;
> +		}
> +		i++;
> +	}
> +}
> +
>  int
>  vhost_user_msg_handler(int vid, int fd)
>  {
>  	struct virtio_net *dev;
>  	struct VhostUserMsg msg;
>  	int ret;
> +	int unlock_required = 0;
>  
>  	dev = get_device(vid);
>  	if (dev == NULL)
> @@ -1241,6 +1276,38 @@ vhost_user_msg_handler(int vid, int fd)
>  		return -1;
>  	}
>  
> +	/*
> +	 * Note: we don't lock all queues on VHOST_USER_GET_VRING_BASE,
> +	 * since it is sent when virtio stops and device is destroyed.
> +	 * destroy_device waits for queues to be inactive, so it is safe.
> +	 * Otherwise taking the access_lock would cause a dead lock.
> +	 */
> +	switch (msg.request.master) {
> +	case VHOST_USER_SET_FEATURES:
> +	case VHOST_USER_SET_PROTOCOL_FEATURES:
> +	case VHOST_USER_SET_OWNER:
> +	case VHOST_USER_RESET_OWNER:
> +	case VHOST_USER_SET_MEM_TABLE:
> +	case VHOST_USER_SET_LOG_BASE:
> +	case VHOST_USER_SET_LOG_FD:
> +	case VHOST_USER_SET_VRING_NUM:
> +	case VHOST_USER_SET_VRING_ADDR:
> +	case VHOST_USER_SET_VRING_BASE:
> +	case VHOST_USER_SET_VRING_KICK:
> +	case VHOST_USER_SET_VRING_CALL:
> +	case VHOST_USER_SET_VRING_ERR:
> +	case VHOST_USER_SET_VRING_ENABLE:
> +	case VHOST_USER_SEND_RARP:
> +	case VHOST_USER_NET_SET_MTU:
> +	case VHOST_USER_SET_SLAVE_REQ_FD:
> +		vhost_user_lock_all_queue_pairs(dev);
> +		unlock_required = 1;
> +		break;
> +	default:
> +		break;
> +
> +	}
> +
>  	switch (msg.request.master) {
>  	case VHOST_USER_GET_FEATURES:
>  		msg.payload.u64 = vhost_user_get_features(dev);
> @@ -1342,6 +1409,9 @@ vhost_user_msg_handler(int vid, int fd)
>  
>  	}
>  
> +	if (unlock_required)
> +		vhost_user_unlock_all_queue_pairs(dev);
> +
>  	if (msg.flags & VHOST_USER_NEED_REPLY) {
>  		msg.payload.u64 = !!ret;
>  		msg.size = sizeof(msg.payload.u64);
> diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c
> index 6fee16e5..e09a927d 100644
> --- a/lib/librte_vhost/virtio_net.c
> +++ b/lib/librte_vhost/virtio_net.c
> @@ -44,6 +44,7 @@
>  #include <rte_udp.h>
>  #include <rte_sctp.h>
>  #include <rte_arp.h>
> +#include <rte_spinlock.h>
>  
>  #include "iotlb.h"
>  #include "vhost.h"
> @@ -326,8 +327,11 @@ virtio_dev_rx(struct virtio_net *dev, uint16_t queue_id,
>  	}
>  
>  	vq = dev->virtqueue[queue_id];
> +
> +	rte_spinlock_lock(&vq->access_lock);
> +
>  	if (unlikely(vq->enabled == 0))
> -		return 0;
> +		goto out_access_unlock;
>  
>  	if (dev->features & (1ULL << VIRTIO_F_IOMMU_PLATFORM))
>  		vhost_user_iotlb_rd_lock(vq);
> @@ -419,6 +423,9 @@ virtio_dev_rx(struct virtio_net *dev, uint16_t queue_id,
>  	if (dev->features & (1ULL << VIRTIO_F_IOMMU_PLATFORM))
>  		vhost_user_iotlb_rd_unlock(vq);
>  
> +out_access_unlock:
> +	rte_spinlock_unlock(&vq->access_lock);
> +
>  	return count;
>  }
>  
> @@ -651,8 +658,11 @@ virtio_dev_merge_rx(struct virtio_net *dev, uint16_t queue_id,
>  	}
>  
>  	vq = dev->virtqueue[queue_id];
> +
> +	rte_spinlock_lock(&vq->access_lock);
> +
>  	if (unlikely(vq->enabled == 0))
> -		return 0;
> +		goto out_access_unlock;
>  
>  	if (dev->features & (1ULL << VIRTIO_F_IOMMU_PLATFORM))
>  		vhost_user_iotlb_rd_lock(vq);
> @@ -715,6 +725,9 @@ virtio_dev_merge_rx(struct virtio_net *dev, uint16_t queue_id,
>  	if (dev->features & (1ULL << VIRTIO_F_IOMMU_PLATFORM))
>  		vhost_user_iotlb_rd_unlock(vq);
>  
> +out_access_unlock:
> +	rte_spinlock_unlock(&vq->access_lock);
> +
>  	return pkt_idx;
>  }
>  
> @@ -1180,9 +1193,13 @@ rte_vhost_dequeue_burst(int vid, uint16_t queue_id,
>  	}
>  
>  	vq = dev->virtqueue[queue_id];
> -	if (unlikely(vq->enabled == 0))
> +
> +	if (unlikely(rte_spinlock_trylock(&vq->access_lock) == 0))
>  		return 0;
>  
> +	if (unlikely(vq->enabled == 0))
> +		goto out_access_unlock;
> +
>  	vq->batch_copy_nb_elems = 0;
>  
>  	if (dev->features & (1ULL << VIRTIO_F_IOMMU_PLATFORM))
> @@ -1240,7 +1257,7 @@ rte_vhost_dequeue_burst(int vid, uint16_t queue_id,
>  		if (rarp_mbuf == NULL) {
>  			RTE_LOG(ERR, VHOST_DATA,
>  				"Failed to allocate memory for mbuf.\n");
> -			return 0;
> +			goto out;
>  		}
>  
>  		if (make_rarp_packet(rarp_mbuf, &dev->mac)) {
> @@ -1356,6 +1373,9 @@ rte_vhost_dequeue_burst(int vid, uint16_t queue_id,
>  	if (dev->features & (1ULL << VIRTIO_F_IOMMU_PLATFORM))
>  		vhost_user_iotlb_rd_unlock(vq);
>  
> +out_access_unlock:
> +	rte_spinlock_unlock(&vq->access_lock);
> +
>  	if (unlikely(rarp_mbuf != NULL)) {
>  		/*
>  		 * Inject it to the head of "pkts" array, so that switch's mac
> -- 
> Victor