On Thu, Sep 06, 2012 at 08:27:35AM +0300, Michael S. Tsirkin wrote: > On Thu, Sep 06, 2012 at 11:34:25AM +0930, Rusty Russell wrote: > > "Michael S. Tsirkin" <mst@xxxxxxxxxx> writes: > > > On Tue, Sep 04, 2012 at 06:58:47PM +0200, Sjur Brændeland wrote: > > >> Hi Michael, > > >> > > >> > Exactly. Though if we just fail load it will be much less code. > > >> > > > >> > Generally, using a feature bit for this is a bit of a problem though: > > >> > normally driver is expected to be able to simply ignore > > >> > a feature bit. In this case driver is required to > > >> > do something so a feature bit is not a good fit. > > >> > I am not sure what the right thing to do is. > > >> > > >> I see - so in order to avoid the binding between driver and device > > >> there are two options I guess. Either make virtio_dev_match() or > > >> virtcons_probe() fail. Neither of them seems like the obvious choice. > > >> > > >> Maybe adding a check for VIRTIO_CONSOLE_F_DMA_MEM match > > >> between device and driver in virtcons_probe() is the lesser evil? > > >> > > >> Regards, > > >> Sjur > > > > > > A simplest thing to do is change dev id. rusty? > > > > For generic usage, this is correct. But my opinion is that fallback on > > feature non-ack is quality-of-implementation issue: great to have, but > > there are cases where you just want to fail with "you're too old". > > > > And in this case, an old system simply will never work. So it's a > > question of how graceful the failure is. > > > > Can your userspace loader can refuse to proceed if the driver doesn't > > ack the bits? If so, it's simpler than a whole new ID. > > > > Cheers, > > Rusty. > > Yes but how can it signal guest that it will never proceed? > > Also grep for BUG_ON in core found this: > > drv->remove(dev); > > /* Driver should have reset device. */ > BUG_ON(dev->config->get_status(dev)); > > I think below is what Sjur refers to. > I think below is a good idea for 3.6. Thoughts? > > ---> > > virtio: don't crash when device is buggy > > Because of a sanity check in virtio_dev_remove, a buggy device can crash > kernel. And in case of rproc it's userspace so it's not a good idea. > We are unloading a driver so how bad can it be? > Be less aggressive in handling this error: if it's a driver bug, > warning once should be enough. > > Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx> > > -- Rusty? > diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c > index c3b3f7f..1e8659c 100644 > --- a/drivers/virtio/virtio.c > +++ b/drivers/virtio/virtio.c > @@ -159,7 +159,7 @@ static int virtio_dev_remove(struct device *_d) > drv->remove(dev); > > /* Driver should have reset device. */ > - BUG_ON(dev->config->get_status(dev)); > + WARN_ON_ONCE(dev->config->get_status(dev)); > > /* Acknowledge the device's existence again. */ > add_status(dev, VIRTIO_CONFIG_S_ACKNOWLEDGE); > > -- > MST _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
