[dpdk-dev,v3,1/4] vhost: prevent features to be changed while device is running

  As section 2.2 of the Virtio spec states about features
negotiation:
"During device initialization, the driver reads this and tells
the device the subset that it accepts. The only way to
renegotiate is to reset the device."

This patch implements a check to prevent illegal features change
while the device is running.

One exception is the VHOST_F_LOG_ALL feature bit, which is enabled
when live-migration is initiated. But this feature is not negotiated
with the Virtio driver, but directly with the Vhost master.

Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
 lib/librte_vhost/vhost_user.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)
  

On Wed, Dec 06, 2017 at 10:20:45AM +0100, Maxime Coquelin wrote:
> As section 2.2 of the Virtio spec states about features
> negotiation:
> "During device initialization, the driver reads this and tells
> the device the subset that it accepts. The only way to
> renegotiate is to reset the device."
> 
> This patch implements a check to prevent illegal features change
> while the device is running.
> 
> One exception is the VHOST_F_LOG_ALL feature bit, which is enabled
> when live-migration is initiated. But this feature is not negotiated
> with the Virtio driver, but directly with the Vhost master.
> 
> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
> ---
>  lib/librte_vhost/vhost_user.c | 17 ++++++++++++++++-
>  1 file changed, 16 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
> index f4c7ce462..2d86c0ca8 100644
> --- a/lib/librte_vhost/vhost_user.c
> +++ b/lib/librte_vhost/vhost_user.c
> @@ -183,7 +183,22 @@ vhost_user_set_features(struct virtio_net *dev, uint64_t features)
>  		return -1;
>  	}
>  
> -	if ((dev->flags & VIRTIO_DEV_RUNNING) && dev->features != features) {
> +	if (dev->features == features)
> +		return 0;
> +

We couldn't return directly when dev->features == features.
Otherwise, if the features provided by virtio driver is 0,
dev->vhost_hlen won't get a chance to be initialized.

Best regards,
Tiwei Bie
  

On 12/07/2017 09:08 AM, Tiwei Bie wrote:
> On Wed, Dec 06, 2017 at 10:20:45AM +0100, Maxime Coquelin wrote:
>> As section 2.2 of the Virtio spec states about features
>> negotiation:
>> "During device initialization, the driver reads this and tells
>> the device the subset that it accepts. The only way to
>> renegotiate is to reset the device."
>>
>> This patch implements a check to prevent illegal features change
>> while the device is running.
>>
>> One exception is the VHOST_F_LOG_ALL feature bit, which is enabled
>> when live-migration is initiated. But this feature is not negotiated
>> with the Virtio driver, but directly with the Vhost master.
>>
>> Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
>> ---
>>   lib/librte_vhost/vhost_user.c | 17 ++++++++++++++++-
>>   1 file changed, 16 insertions(+), 1 deletion(-)
>>
>> diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
>> index f4c7ce462..2d86c0ca8 100644
>> --- a/lib/librte_vhost/vhost_user.c
>> +++ b/lib/librte_vhost/vhost_user.c
>> @@ -183,7 +183,22 @@ vhost_user_set_features(struct virtio_net *dev, uint64_t features)
>>   		return -1;
>>   	}
>>   
>> -	if ((dev->flags & VIRTIO_DEV_RUNNING) && dev->features != features) {
>> +	if (dev->features == features)
>> +		return 0;
>> +
> 
> We couldn't return directly when dev->features == features.
> Otherwise, if the features provided by virtio driver is 0,
> dev->vhost_hlen won't get a chance to be initialized.

Good catch.

Either we do :
if ((dev->features == features) && dev->vhost_len)
     return 0;

Or we could initialize dev->vhost_len to sizeof(struct virtio_net_hdr)
at alloc time.

I prefer the former, what do you think?

Thanks,
Maxime

> Best regards,
> Tiwei Bie
>
  

On Thu, Dec 07, 2017 at 09:39:06AM +0100, Maxime Coquelin wrote:
> On 12/07/2017 09:08 AM, Tiwei Bie wrote:
> > On Wed, Dec 06, 2017 at 10:20:45AM +0100, Maxime Coquelin wrote:
> > > As section 2.2 of the Virtio spec states about features
> > > negotiation:
> > > "During device initialization, the driver reads this and tells
> > > the device the subset that it accepts. The only way to
> > > renegotiate is to reset the device."
> > > 
> > > This patch implements a check to prevent illegal features change
> > > while the device is running.
> > > 
> > > One exception is the VHOST_F_LOG_ALL feature bit, which is enabled
> > > when live-migration is initiated. But this feature is not negotiated
> > > with the Virtio driver, but directly with the Vhost master.
> > > 
> > > Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
> > > ---
> > >   lib/librte_vhost/vhost_user.c | 17 ++++++++++++++++-
> > >   1 file changed, 16 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c
> > > index f4c7ce462..2d86c0ca8 100644
> > > --- a/lib/librte_vhost/vhost_user.c
> > > +++ b/lib/librte_vhost/vhost_user.c
> > > @@ -183,7 +183,22 @@ vhost_user_set_features(struct virtio_net *dev, uint64_t features)
> > >   		return -1;
> > >   	}
> > > -	if ((dev->flags & VIRTIO_DEV_RUNNING) && dev->features != features) {
> > > +	if (dev->features == features)
> > > +		return 0;
> > > +
> > 
> > We couldn't return directly when dev->features == features.
> > Otherwise, if the features provided by virtio driver is 0,
> > dev->vhost_hlen won't get a chance to be initialized.
> 
> Good catch.
> 
> Either we do :
> if ((dev->features == features) && dev->vhost_len)
>     return 0;
> 
> Or we could initialize dev->vhost_len to sizeof(struct virtio_net_hdr)
> at alloc time.
> 
> I prefer the former, what do you think?
> 

I prefer to give other code (e.g. LOG code) a chance
to run. So maybe we could remove the "fast return" and
check whether the features are changed when calling
dev->notify_ops->features_changed()? Or return only
when device is running and features are not changed?

Best regards,
Tiwei Bie