[PATCH 2/2] ethdev: fix race condition in fast-path ops setup

[fengchengwen]

On 2023/2/23 12:40, Honnappa Nagarahalli wrote:
> <snip>
> 
>>>>>>
>>>>>> On 2023/2/20 14:08, Ashok Kaladi wrote:
>>>>>>> If ethdev enqueue or dequeue function is called during
>>>>>>> eth_dev_fp_ops_setup(), it may get pre-empted after setting the
>>>>>>> function pointers, but before setting the pointer to port data.
>>>>>>> In this case the newly registered enqueue/dequeue function will
>>>>>>> use dummy port data and end up in seg fault.
>>>>>>>
>>>>>>> This patch moves the updation of each data pointers before
>>>>>>> updating corresponding function pointers.
>>>>>>>
>>>>>>> Fixes: c87d435a4d79 ("ethdev: copy fast-path API into separate
>>>>>>> structure")
>>>>>>> Cc: stable at dpdk.org
>>>>
>>>> Why is something calling enqueue/dequeue when device is not fully
>> started.
>>>> A correctly written application would not call rx/tx burst until
>>>> after ethdev start had finished.
>>>
>>> Please refer the eb0d471a894 (ethdev: add proactive error handling
>>> mode), when driver recover itself, the application may still invoke
>> enqueue/dequeue API.
>>
>> Right now DPDK ethdev layer *does not* provide synchronization
>> mechanisms between data-path and control-path functions.
>> That was a deliberate deisgn choice. If we want to change that rule, then I
>> suppose we need a community consensus for it.
>> I think that if the driver wants to provide some sort of error recovery
>> procedure, then it has to provide some synchronization mechanism inside it
>> between data-path and control-path functions.
>> Actually looking at eb0d471a894 (ethdev: add proactive error handling
>> mode), and following patches I wonder how it creeped in?
>> It seems we just introduced a loophole for race condition with this
>> approach...

Could you try to describe the specific scenario of loophole ?

>> It probably needs to be either deprecated or reworked.
> Looking at the commit, it does not say anything about the data plane functions which probably means, the error recovery is happening within the data plane thread. What happens to other data plane threads that are polling the same port on which the error recovery is happening?

The commit log says: "the PMD sets the data path pointers to dummy functions".

So the data plane threads will receive non-packet and send zero with port which in error recovery.

> 
> Also, the commit log says that while the error recovery is under progress, the application should not call any control plane APIs. Does that mean, the application has to check for error condition every time it calls a control plane API?

If application has not register event (RTE_ETH_EVENT_ERR_RECOVERING) callback, it could calls control plane API, but it will return failed.
If application has register above callback, it can wait for recovery result, or direct call without wait but this will return failed.

> 
> The commit message also says that "PMD makes sure the control path operations failed with retcode -EBUSY". It does not say how it does this. But, any communication from the PMD thread to control plane thread may introduce race conditions if not done correctly.

First there are no PMD thread, do you mean eal-intr-thread ?

As for this question, you can see PMDs which already implement it, they both provides mutual exclusion protection.

> 
>>
>>>
>>>>
>>>> Would something like this work better?
>>>>
>>>> Note: there is another bug in current code. The check for link state
>>>> interrupt and link_ops could return -ENOTSUP and leave device in
>> indeterminate state.
>>>> The check should be done before calling PMD.
>>>>
>>>> diff --git a/lib/ethdev/rte_ethdev.c b/lib/ethdev/rte_ethdev.c index
>>>> 0266cc82acb6..d6c163ed85e7 100644
>>>> --- a/lib/ethdev/rte_ethdev.c
>>>> +++ b/lib/ethdev/rte_ethdev.c
>>>> @@ -1582,6 +1582,14 @@ rte_eth_dev_start(uint16_t port_id)
>>>>  		return 0;
>>>>  	}
>>>>
>>>> +	if (dev->data->dev_conf.intr_conf.lsc == 0 &&
>>>> +	    dev->dev_ops->link_update == NULL) {
>>>> +		RTE_ETHDEV_LOG(INFO,
>>>> +			       "Device with port_id=%"PRIu16" link update not
>> supported\n",
>>>> +			       port_id);
>>>> +			return -ENOTSUP;
>>>> +	}
>>>> +
>>>>  	ret = rte_eth_dev_info_get(port_id, &dev_info);
>>>>  	if (ret != 0)
>>>>  		return ret;
>>>> @@ -1591,9 +1599,7 @@ rte_eth_dev_start(uint16_t port_id)
>>>>  		eth_dev_mac_restore(dev, &dev_info);
>>>>
>>>>  	diag = (*dev->dev_ops->dev_start)(dev);
>>>> -	if (diag == 0)
>>>> -		dev->data->dev_started = 1;
>>>> -	else
>>>> +	if (diag != 0)
>>>>  		return eth_err(port_id, diag);
>>>>
>>>>  	ret = eth_dev_config_restore(dev, &dev_info, port_id); @@ -1611,16
>>>> +1617,18 @@ rte_eth_dev_start(uint16_t port_id)
>>>>  		return ret;
>>>>  	}
>>>>
>>>> -	if (dev->data->dev_conf.intr_conf.lsc == 0) {
>>>> -		if (*dev->dev_ops->link_update == NULL)
>>>> -			return -ENOTSUP;
>>>> -		(*dev->dev_ops->link_update)(dev, 0);
>>>> -	}
>>>> -
>>>>  	/* expose selection of PMD fast-path functions */
>>>>  	eth_dev_fp_ops_setup(rte_eth_fp_ops + port_id, dev);
>>>>
>>>> +	/* ensure state is set before marking device ready */
>>>> +	rte_smp_wmb();
>>>> +
>>>>  	rte_ethdev_trace_start(port_id);
>>>> +
>>>> +	/* Update current link state */
>>>> +	if (dev->data->dev_conf.intr_conf.lsc == 0)
>>>> +		(*dev->dev_ops->link_update)(dev, 0);
>>>> +
>>>>  	return 0;
>>>>  }
>>>>
>>>>
>>>> .
>>>>
>