DPDK patches and discussions
 help / color / mirror / Atom feed
From: Ferruh Yigit <ferruh.yigit@intel.com>
To: Matan Azrad <matan@mellanox.com>,
	"Yigit, Ferruh" <ferruh.yigit@linux.intel.com>,
	"dev@dpdk.org" <dev@dpdk.org>,
	Bernard Iremonger <bernard.iremonger@intel.com>
Cc: Gaetan Rivet <gaetan.rivet@6wind.com>,
	Thomas Monjalon <thomas@monjalon.net>,
	"stable@dpdk.org" <stable@dpdk.org>,
	David Marchand <david.marchand@redhat.com>,
	Jeff Guo <jia.guo@intel.com>, Qi Zhang <qi.z.zhang@intel.com>
Subject: Re: [dpdk-dev] [dpdk-stable] [PATCH 2/2] app/testpmd: fix invalid port detaching
Date: Wed, 12 Feb 2020 13:49:49 +0000	[thread overview]
Message-ID: <200f3f01-fedb-b795-a733-e135957e8e99@intel.com> (raw)
In-Reply-To: <AM0PR0502MB4019BEB2315DF909237A8A36D2000@AM0PR0502MB4019.eurprd05.prod.outlook.com>

On 2/3/2020 5:10 PM, Matan Azrad wrote:
> 
> Hi
> 
> From: Ferruh Yigit
>> On 1/25/2020 6:56 PM, Matan Azrad wrote:
>>> Hi Ferruh
>>>
>>> From: Ferruh Yigit
>>>> On 1/23/2020 7:25 PM, Matan Azrad wrote:
>>>>> Hi
>>>>>
>>>>> From: Ferruh Yigit
>>>>>> On 1/23/2020 3:29 PM, Matan Azrad wrote:
>>>>>>>
>>>>>>> Hi
>>>>>>>
>>>>>>> From: Ferruh Yigit
>>>>>>>> On 1/23/2020 2:05 PM, Matan Azrad wrote:
>>>>>>>>> Hi
>>>>>>>>>
>>>>>>>>> From: Yigit, Ferruh
>>>>>>>>>> On 11/12/2019 8:47 AM, Matan Azrad wrote:
>>>>>>>>>>> The port was not validated before detaching.
>>>>>>>>>>>
>>>>>>>>>>> Ignore port detach operation when the port is not valid.
>>>>>>>>>>>
>>>>>>>>>>> Fixes: f8e5baa2662d ("app/testpmd: check not detaching device
>>>>>>>>>>> twice")
>>>>>>>>>>> Cc: thomas@monjalon.net
>>>>>>>>>>> Cc: stable@dpdk.org
>>>>>>>>>>>
>>>>>>>>>>> Signed-off-by: Matan Azrad <matan@mellanox.com>
>>>>>>>>>>> ---
>>>>>>>>>>>  app/test-pmd/testpmd.c | 3 +++
>>>>>>>>>>>  1 file changed, 3 insertions(+)
>>>>>>>>>>>
>>>>>>>>>>> diff --git a/app/test-pmd/testpmd.c b/app/test-pmd/testpmd.c
>>>>>>>>>>> index 4444346..370eefe 100644
>>>>>>>>>>> --- a/app/test-pmd/testpmd.c
>>>>>>>>>>> +++ b/app/test-pmd/testpmd.c
>>>>>>>>>>> @@ -2545,6 +2545,9 @@ struct extmem_param {
>>>>>>>>>>>
>>>>>>>>>>>  	printf("Removing a device...\n");
>>>>>>>>>>>
>>>>>>>>>>> +	if (port_id_is_invalid(port_id, ENABLED_WARN))
>>>>>>>>>>> +		return;
>>>>>>>>>>> +
>>>>>>>>>>>  	dev = rte_eth_devices[port_id].device;
>>>>>>>>>>>  	if (dev == NULL) {
>>>>>>>>>>>  		printf("Device already removed\n");
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> The patch is already in 19.11 [1] but it is breaking the
>>>>>>>>>> testpmd hotplug support.
>>>>>>>>>> Before 'detach_port_device()' called, the port has been stopped
>>>>>>>>>> and closed [2], which will make port fail from 'port_id_is_invalid()'
>>>>>>>>>> check and the device removal path never fully called.
>>>>>>>>>> The implication is, since device not detached, vfio request
>>>>>>>>>> interrupt keeps triggered continuously and re-starts the detach
>>>>>>>>>> path, but because of the half cleaned device it fails and app
>>>>>>>>>> gets stuck with a
>>>>>>>> continuous log [3].
>>>>>>>>>>
>>>>>>>>>> I wonder if the actual hotplug has been tested with this patch,
>>>>>>>>>> the commit log is not clear about the motivation and
>>>>>>>>>> implication of the patch, I am not clear why this check is
>>>>>>>>>> added but I am sending a patch soon to remove it back.
>>>>>>>>>
>>>>>>>>> The motivation of this patch was to prevent double detach on
>>>>>>>>> same port,
>>>>>>>> so the user cannot call detach of invalid port.
>>>>>>>>
>>>>>>>> What is the definition of the 'invalid port', if you mean device
>>>>>>>> already detached case, in the second call of the function "if
>>>>>>>> (dev == NULL)" check should prevent it going forward.
>>>>>>>
>>>>>>> No, ethdev doesn't zero the device pointer when it release a port.
>>>>>>
>>>>>> As far as I can see it does, please see below.
>>>>>
>>>>> The code below is problematic because:
>>>>>
>>>>> 1. It is very bad that the application changing ethdev structure directly.
>>>>
>>>> Where the application is changing the ethdev structure?
>>>
>>> See it in the function we talk on:
>>> rte_eth_devices[sibling].device = NULL;
>>>
>>> The application shouldn't do it - it should be done only by ethdev lib or by
>> the PMDs.
>>>
>>> Are you agree here?
>>
>> This is really no fun :(
>>
>> It is not done by application, I already provided the call trace. This is done by
>> the path of driver .remove().
> 
> Yes, probably, but also by testpmd application, I copied it from testpmd application.
> 
> Don't you see it?
> 
>>>
>>>> Application calls the 'rte_dev_remove()' API, which does the job.
>>>
>>> Agree, This function is freeing(rte_free) the rte_device (actually
>>> makes the rte_eth_devices[sibling].device pointer dangled) and releases
>> its related resources what makes the device detached.
>>
>> No it doesn't, I provided full call stack, and showed where the value set to
>> NULL.
> 
> See again the testpmd function - it  does it too.
> 
>>>
>>>>> 2. The below code run over valid port only, not on invalid
>>>>> port(UNUSED
>>>> state).
>>>>>
>>>>> So, the device pointer will still be valid if the port is invalid.
>>>>>
>>>>> All of this shows that this function try to detach only a valid port
>>>>> (probably
>>>> mainly because it is called by Testpmd detach command).
>>>>>
>>>>>>> So even if the port is in unused state already - means invalid,
>>>>>>> the device
>>>>>> pointer still may be valid and point to the last port that used the same
>> id.
>>>>>>
>>>>>> If the port is closed, it is unused state, and ethdev layer
>>>>>> resources freed but as you said device related structures are still
>>>>>> there, device pointer is still valid and it is still in probed
>>>>>> device list etc.. We need to able to detach the device even after it is
>> unused state.
>>>>>
>>>>> Yes, but detach is for device, not for port.
>>>>> The device pointer must be taken only when the port is in valid state.
>>>>> Why?
>>>>> Because if the port is in UNUSED state it is free to be allocated
>>>>> again by
>>>> ethdev layer for other device, then, the device pointer may point to
>>>> other device.
>>>>>
>>>
>>> Do you agree on the above statement I wrote?
>>>
>>>>>> "stop -> close -> detach" is a normal order, we shouldn't prevent
>>>>>> it, but your check does prevent it.
>>>>>
>>>>> Yes, this is good order, but the pointer of the device should be
>>>>> taken
>>>> before close.
>>>>> My patch prevent accessing invalid structure.
>>>>
>>>> The ethdev close() dev_ops, frees ethdev related resources, the
>>>> rte_device is still valid in that struct.
>>>
>>> That’s exactly my concern.
>>> I think you wrong here, the rte_device may be invalid in that struct,
>> especially after close():
>>>
>>> When the port ID is closed and released, its ethdev structure moves to
>> UNUSED state.
>>> When an ethdev structure is in UNUSED state it may be attached again to
>> another rte_device - see function rte_eth_dev_allocate.
>>> Are you agree here?
>>>
>>> In this case, when a new device is attached after close() and before
>> detach_port_device() we may remove wrong rte_device and cause a lot of
>> problems.
>>
>> The problem here is re-using the ethdev structure when it is closed but not
>> freed completely, resulting overwriting some fields of it. This is another issue
>> and can be fixed in the alloc path.
> 
> Sorry, don't agree with you here.
> Port which is closed can be allocated again for other device - this is the basic for hot-plug mechanism in dpdk.
> Reading the rte_device from port which was closed may remove other rte_device which is not related.
> 
> Agree that the PMD should clear the ethdev structure in remove, mlx5 doesn't do it and should be fixed, I don't know about other PMDS.
> But this is not the issue I talk about.
> 
> Testpmd shouldn't read device pointer from port which was closed - this is race.
>   
>>>
>>> Do you understand that?
>>>
>>> One more problematic case is a user mistake by the Testpmd command
>> which may cause segfault in the good case and memory overriding in the
>> worst case (my patch case):
>>>
>>> port stop all
>>> port detach 0
>>> port detach 0
>>>
>>> detach the same port twice will cause referencing of freed pointer of
>> rte_device.
>>>
>>>
>>> All of that is because Testpmd takes ethdev structure information from
>> invalid ethdev structure.
>>>
>>> My patch prevents it.
>>
>> For this case I am already getting "Device already removed" message from
>> 'detach_port_device()' function.
>>
>> Your patch is doing two things:
>> - Hiding the fact that PMD .remove() is not setting the device pointer to null
> 
> The device pointer is zero also by testpmd - the hiding is here.
> 
>> - Breaking the hotplug functionality
> 
> To be precise - stay it broken.
> 
>>
>>>
>>>
>>>
>>>> And yes your patch prevents accessing them and prevents hotplug
>>>> remove the device.
>>>>
>>>
>>> Yes, my patch is not good, solved issues and caused a new one.
>>>
>>> Agree that we need a new fix, my suggestion here is:
>>>
>>> 1. In the Testpmd internal management for hutplug (rmv_port_callback):
>>> 	Call stop()
>>> 	Take rte_device pointer( before port close).
>>> 	Call close().
>>> 	If no other valid port for the rte_device:
>>> 		call detach() by the saved rte_device pointer.
>>
>> Not sure about pushing more to the application, like checking if any other
>> port using a device etc..
> 
> And for device pointer before close(), do you agree?
> 
>> As far as I understand your concern is when multiple ethdev are using same
>> device, why not handle this in driver .remove() path, like detect if device still
>> needs to be used and if so free only ethdev resources and return error, this
>> error will prevent device resources to be freed:
>>
>> pci_unplug()
>>   ret = rte_pci_detach_dev(pdev);
>>   if (ret == 0)
>>     rte_pci_remove_device(pdev);
>>     rte_devargs_remove(dev->devargs);
>>     ...
>>
>> This will cause the application receive an error but this is kind of true because
>> all resources are not freed because they are shared.
>>
>> When last ethdev detached, driver can send success causing all device
>> resources to be freed.
> 
> Can be good for multi-port handling, but testpmd should handle this error and report it correctly.
> 
>>> 2. Replace the Testpmd command line for "port detach" with "detach [rte
>> device name]":
>>> 	Why?
>>> 	Detach by port is problematic:
>>> 	1. If the port is closed - Testpmd cannot get its rte_device from the
>> related ethdev port structure.
>>> 	2. If the port is not closed - It is not safe to detach it.
>>> 	3. Attach is done by rte_device name, detach should be in same way.
>>
>> Testpmd can first close() later detach().
> 
> Yes, close by port, detach by rte_device name (for example pci name).
> That’s what I said.
> 
> 
>> If it is closed already, agreed that new attached devices shouldn't be able to
>> this struct until it is freed completely. But this is kind of edge case, because it
>> required new device to be attached after old one closed but before it is
>> detached.
>>
>>>  Are you agree?
> 
> This is race, no edge.
> What is "freed completely"?
> IMO it is when the port is in UNUSED state (after close\release).
> 
> Hotplug can be triggered internally in parallel.
> 
>>>
>>> I hope you understand now.
>>>
>>>>> And yes, Testpmd detach stays broken after my patch and after this
>>>>> patch
>>>> too.
>>>>>
>>>>>
>>>>>>
> <snip>
>>>> To simplify things, can you please clarify what error are you getting
>>>> with this patch, and can you please give some details how to
>>>> reproduce it? So I can debug the issue you are having.
>>>
>>> Added details above, hope everything is clear when you read this line
>>> 😊
>>
>> Overall I believe this all fuss is about the PMD you are testing not cleaning the
>> 'rte_eth_devices[port_id].device' pointer which should be handled in driver
>> level but you are trying to fix this in testpmd causing it fail.
> 
> Sorry, but no, It is all about hotplug race.
> 
> Even if the PMD clear the device pointer, the testpmd still may release wrong rte_device.

Yes it may, although that is less likely to occur, it requires a new device hot
added between close() and detach of the other device.

Would you be agree to say there are two problems:

1) When testpmd close a port, a new attached port can re-use it over writing
some fields, relying the data structures of the closed port is not safe.

2) PMD not cleaning ethdev->device pointer in the .remove() may cause issues in
double detach of a port.


For (1) I suggest fixing it in the attach path, don't re-use an eth_dev port id
unless it is completely freed, may need to add new state for it. Does it make sense?

For (2) PMDs want to get hotplug support needs to fix it.




  reply	other threads:[~2020-02-12 13:49 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-12  8:47 [dpdk-dev] [PATCH 1/2] bus/pci: fix driver detach clear Matan Azrad
2019-11-12  8:47 ` [dpdk-dev] [PATCH 2/2] app/testpmd: fix invalid port detaching Matan Azrad
2019-11-12 11:20   ` Iremonger, Bernard
2019-11-20 22:52     ` [dpdk-dev] [dpdk-stable] " David Marchand
2020-01-23 13:19   ` [dpdk-dev] " Yigit, Ferruh
2020-01-23 14:05     ` Matan Azrad
2020-01-23 14:48       ` [dpdk-dev] [dpdk-stable] " Ferruh Yigit
2020-01-23 15:29         ` Matan Azrad
2020-01-23 18:14           ` Ferruh Yigit
2020-01-23 19:25             ` Matan Azrad
2020-01-24 16:28               ` Ferruh Yigit
2020-01-25 18:56                 ` Matan Azrad
2020-02-03 15:58                   ` Ferruh Yigit
2020-02-03 17:10                     ` Matan Azrad
2020-02-12 13:49                       ` Ferruh Yigit [this message]
2020-02-13 12:37                         ` Thomas Monjalon
2020-02-13 13:36                           ` Thomas Monjalon
2020-02-13 14:00                             ` Ferruh Yigit
2019-11-19 22:40 ` [dpdk-dev] [dpdk-stable] [PATCH 1/2] bus/pci: fix driver detach clear Thomas Monjalon
2019-11-20  9:02   ` Matan Azrad
2019-11-20  9:47 ` [dpdk-dev] [PATCH v2] " Matan Azrad
2019-11-20 13:03   ` [dpdk-dev] [dpdk-stable] " David Marchand
2019-11-20 13:44     ` Matan Azrad
2019-11-20 13:51     ` Thomas Monjalon
2019-11-20 17:22       ` David Marchand
2019-11-20 22:52   ` David Marchand

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200f3f01-fedb-b795-a733-e135957e8e99@intel.com \
    --to=ferruh.yigit@intel.com \
    --cc=bernard.iremonger@intel.com \
    --cc=david.marchand@redhat.com \
    --cc=dev@dpdk.org \
    --cc=ferruh.yigit@linux.intel.com \
    --cc=gaetan.rivet@6wind.com \
    --cc=jia.guo@intel.com \
    --cc=matan@mellanox.com \
    --cc=qi.z.zhang@intel.com \
    --cc=stable@dpdk.org \
    --cc=thomas@monjalon.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).