On Thu, 5 May 2022 15:34:21 -0300 Jason Gunthorpe <jgg@xxxxxxxxxx> wrote: > On Thu, May 05, 2022 at 12:10:47PM -0600, Alex Williamson wrote: > > > > + /* Drivers must set the vfio_pci_core_device to their drvdata */ > > > + if (WARN_ON(vdev != dev_get_drvdata(&vdev->pdev->dev))) > > > + return -EINVAL; > > > + > > > > The ordering seems off, if we only validate in the core enable function > > then we can only guarantee drvdata is correct once the user has opened > > the device. However, we start invoking power management controls, > > which Abhishek proposes moving to runtime pm, from the core register > > device function. Therefore we've not validated drvdata for anything we > > might do in the background, not under the direction of the user. > > It is just a guard to make it obvious to someone testing the driver > that something has gone wrong, ie in backporting or something. > > It is not intended to be protective against drivers that are actually > wrong and installed in the system. > > I added this because I felt a driver could silently be wrong and never > hit a PM or AER callback during some basic testing to catch a crash or > whatever. Then the earlier we do the sanity test such that it fails simply by loading the driver, the better, right? > > I'd also rather see the variant driver fail to register with the core > > than to see a failure opening the device an arbitrary time later. > > It still permits a driver to be wrong, eg all the drivers are like > this today: > > ret = vfio_pci_core_register_device(&hisi_acc_vdev->core_device); > if (ret) > goto out_free; > dev_set_drvdata(&pdev->dev, &hisi_acc_vdev->core_device); > > So a WARN_ON inside register_device will not catch the mistake, as > this is the common pattern it isn't as helpful. In the above case the WARN_ON would trigger because drvdata isn't set to the core device for the registration call. Yes, a driver could still set drvdata after the registration call, but then they get to explain why they set drvdata twice and thought they could get away with changing it after the core made pretty clear that it wants a specific thing there. Thanks, Alex
