Message ID | 1524188524-28411-5-git-send-email-sridhar.samudrala@intel.com |
---|---|
State | Changes Requested, archived |
Delegated to: | David Miller |
Headers | show |
Series | Enable virtio_net to act as a standby for a passthru device | expand |
On Thu, 19 Apr 2018 18:42:04 -0700 Sridhar Samudrala <sridhar.samudrala@intel.com> wrote: > Use the registration/notification framework supported by the generic > failover infrastructure. > > Signed-off-by: Sridhar Samudrala <sridhar.samudrala@intel.com> Do what you want to other devices but leave netvsc alone. Adding these failover ops does not reduce the code size, and really is no benefit. The netvsc device driver needs to be backported to several other distributions and doing this makes that harder. I will NAK patches to change to common code for netvsc especially the three device model. MS worked hard with distro vendors to support transparent mode, ans we really can't have a new model; or do backport. Plus, DPDK is now dependent on existing model.
On Fri, Apr 20, 2018 at 08:28:02AM -0700, Stephen Hemminger wrote: > On Thu, 19 Apr 2018 18:42:04 -0700 > Sridhar Samudrala <sridhar.samudrala@intel.com> wrote: > > > Use the registration/notification framework supported by the generic > > failover infrastructure. > > > > Signed-off-by: Sridhar Samudrala <sridhar.samudrala@intel.com> > > Do what you want to other devices but leave netvsc alone. > Adding these failover ops does not reduce the code size, drivers/net/hyperv/Kconfig | 1 + drivers/net/hyperv/hyperv_net.h | 2 + drivers/net/hyperv/netvsc_drv.c | 208 ++++++++++------------------------------ 3 files changed, 55 insertions(+), 156 deletions(-) 100 lines gone. > and really is > no benefit. The netvsc device driver needs to be backported to several > other distributions and doing this makes that harder. > > I will NAK patches to change to common code for netvsc Wow. > especially the > three device model. AFAIK these patches do not change netvsc to a three device model. > MS worked hard with distro vendors to support transparent > mode, ans we really can't have a new model; That's why Sridhar worked hard to preserve a 2 device model for netvsc. > or do backport. > > Plus, DPDK is now dependent on existing model. DPDK does the kernel bypass thing, doesn't it? Why does the kernel care?
From: Stephen Hemminger <stephen@networkplumber.org> Date: Fri, 20 Apr 2018 08:28:02 -0700 > On Thu, 19 Apr 2018 18:42:04 -0700 > Sridhar Samudrala <sridhar.samudrala@intel.com> wrote: > >> Use the registration/notification framework supported by the generic >> failover infrastructure. >> >> Signed-off-by: Sridhar Samudrala <sridhar.samudrala@intel.com> > > Do what you want to other devices but leave netvsc alone. > Adding these failover ops does not reduce the code size, and really is > no benefit. The netvsc device driver needs to be backported to several > other distributions and doing this makes that harder. > > I will NAK patches to change to common code for netvsc especially the > three device model. MS worked hard with distro vendors to support transparent > mode, ans we really can't have a new model; or do backport. > > Plus, DPDK is now dependent on existing model. Stephen, I understand your situation. But the result we have now is undesirable and it happened because MS worked with distro vendors on this rather than the upstream community and entities with other device with similar needs. Please next time do the latter rather than the former. Thank you.
On 4/20/2018 8:28 AM, Stephen Hemminger wrote: > On Thu, 19 Apr 2018 18:42:04 -0700 > Sridhar Samudrala <sridhar.samudrala@intel.com> wrote: > >> Use the registration/notification framework supported by the generic >> failover infrastructure. >> >> Signed-off-by: Sridhar Samudrala <sridhar.samudrala@intel.com> > Do what you want to other devices but leave netvsc alone. > Adding these failover ops does not reduce the code size, and really is > no benefit. The netvsc device driver needs to be backported to several > other distributions and doing this makes that harder. > > I will NAK patches to change to common code for netvsc especially the > three device model. MS worked hard with distro vendors to support transparent > mode, ans we really can't have a new model; or do backport. failover_ops are specifically added to support both 2-netdev and 3-netdev models This patch doesn't change netvsc model. It still keeps its 2-netdev model. From netvsc, point of view it is just moving some code from netvsc to the failover module and also i think the eventhandling and getbymac routines are more optimal. > Plus, DPDK is now dependent on existing model.
From: "Michael S. Tsirkin" <mst@redhat.com> Date: Fri, 20 Apr 2018 18:43:54 +0300 > On Fri, Apr 20, 2018 at 08:28:02AM -0700, Stephen Hemminger wrote: >> Plus, DPDK is now dependent on existing model. > > DPDK does the kernel bypass thing, doesn't it? Why does the kernel care? +1
Fri, Apr 20, 2018 at 05:28:02PM CEST, stephen@networkplumber.org wrote: >On Thu, 19 Apr 2018 18:42:04 -0700 >Sridhar Samudrala <sridhar.samudrala@intel.com> wrote: > >> Use the registration/notification framework supported by the generic >> failover infrastructure. >> >> Signed-off-by: Sridhar Samudrala <sridhar.samudrala@intel.com> > >Do what you want to other devices but leave netvsc alone. >Adding these failover ops does not reduce the code size, and really is >no benefit. The netvsc device driver needs to be backported to several >other distributions and doing this makes that harder. We should not care about the backport burden when we are trying to make things right. And things are not right. The current netvsc approach is just plain wrong shortcut. It should have been done in a generic way from the very beginning. We are just trying to fix this situation. Moreover, I believe that part of the fix is to convert netvsc to 3 netdev solution too. 2 netdev model is wrong. > >I will NAK patches to change to common code for netvsc especially the >three device model. MS worked hard with distro vendors to support transparent >mode, ans we really can't have a new model; or do backport. > >Plus, DPDK is now dependent on existing model. Sorry, but nobody here cares about dpdk or other similar oddities.
Hi Sridhar, Thank you for the patch! Yet something to improve: [auto build test ERROR on net/master] [also build test ERROR on v4.17-rc1] [cannot apply to net-next/master next-20180420] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Sridhar-Samudrala/Enable-virtio_net-to-act-as-a-standby-for-a-passthru-device/20180422-210557 config: x86_64-allyesdebian (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All error/warnings (new ones prefixed by >>): In file included from drivers/net/hyperv/netvsc_drv.c:46:0: include/net/failover.h:67:1: error: expected identifier or '(' before '{' token { ^ include/net/failover.h:78:16: warning: 'struct pfailover' declared inside parameter list will not be visible outside of this definition or declaration struct pfailover **pfailover); ^~~~~~~~~ include/net/failover.h:79:1: error: expected identifier or '(' before '{' token { ^ drivers/net/hyperv/netvsc_drv.c: In function 'netvsc_probe': >> drivers/net/hyperv/netvsc_drv.c:2020:5: error: passing argument 3 of 'failover_register' from incompatible pointer type [-Werror=incompatible-pointer-types] &net_device_ctx->failover); ^ In file included from drivers/net/hyperv/netvsc_drv.c:46:0: include/net/failover.h:77:5: note: expected 'struct pfailover **' but argument is of type 'struct failover **' int failover_register(struct net_device *standby_dev, struct failover_ops *ops, ^~~~~~~~~~~~~~~~~ drivers/net/hyperv/netvsc_drv.c: At top level: include/net/failover.h:65:5: warning: 'failover_create' declared 'static' but never defined [-Wunused-function] int failover_create(struct net_device *standby_dev, ^~~~~~~~~~~~~~~ >> include/net/failover.h:77:5: warning: 'failover_register' used but never defined int failover_register(struct net_device *standby_dev, struct failover_ops *ops, ^~~~~~~~~~~~~~~~~ cc1: some warnings being treated as errors -- In file included from drivers/net//hyperv/netvsc_drv.c:46:0: include/net/failover.h:67:1: error: expected identifier or '(' before '{' token { ^ include/net/failover.h:78:16: warning: 'struct pfailover' declared inside parameter list will not be visible outside of this definition or declaration struct pfailover **pfailover); ^~~~~~~~~ include/net/failover.h:79:1: error: expected identifier or '(' before '{' token { ^ drivers/net//hyperv/netvsc_drv.c: In function 'netvsc_probe': drivers/net//hyperv/netvsc_drv.c:2020:5: error: passing argument 3 of 'failover_register' from incompatible pointer type [-Werror=incompatible-pointer-types] &net_device_ctx->failover); ^ In file included from drivers/net//hyperv/netvsc_drv.c:46:0: include/net/failover.h:77:5: note: expected 'struct pfailover **' but argument is of type 'struct failover **' int failover_register(struct net_device *standby_dev, struct failover_ops *ops, ^~~~~~~~~~~~~~~~~ drivers/net//hyperv/netvsc_drv.c: At top level: include/net/failover.h:65:5: warning: 'failover_create' declared 'static' but never defined [-Wunused-function] int failover_create(struct net_device *standby_dev, ^~~~~~~~~~~~~~~ >> include/net/failover.h:77:5: warning: 'failover_register' used but never defined int failover_register(struct net_device *standby_dev, struct failover_ops *ops, ^~~~~~~~~~~~~~~~~ cc1: some warnings being treated as errors vim +/failover_register +2020 drivers/net/hyperv/netvsc_drv.c 1929 1930 static int netvsc_probe(struct hv_device *dev, 1931 const struct hv_vmbus_device_id *dev_id) 1932 { 1933 struct net_device *net = NULL; 1934 struct net_device_context *net_device_ctx; 1935 struct netvsc_device_info device_info; 1936 struct netvsc_device *nvdev; 1937 int ret = -ENOMEM; 1938 1939 net = alloc_etherdev_mq(sizeof(struct net_device_context), 1940 VRSS_CHANNEL_MAX); 1941 if (!net) 1942 goto no_net; 1943 1944 netif_carrier_off(net); 1945 1946 netvsc_init_settings(net); 1947 1948 net_device_ctx = netdev_priv(net); 1949 net_device_ctx->device_ctx = dev; 1950 net_device_ctx->msg_enable = netif_msg_init(debug, default_msg); 1951 if (netif_msg_probe(net_device_ctx)) 1952 netdev_dbg(net, "netvsc msg_enable: %d\n", 1953 net_device_ctx->msg_enable); 1954 1955 hv_set_drvdata(dev, net); 1956 1957 INIT_DELAYED_WORK(&net_device_ctx->dwork, netvsc_link_change); 1958 1959 spin_lock_init(&net_device_ctx->lock); 1960 INIT_LIST_HEAD(&net_device_ctx->reconfig_events); 1961 INIT_DELAYED_WORK(&net_device_ctx->vf_takeover, netvsc_vf_setup); 1962 1963 net_device_ctx->vf_stats 1964 = netdev_alloc_pcpu_stats(struct netvsc_vf_pcpu_stats); 1965 if (!net_device_ctx->vf_stats) 1966 goto no_stats; 1967 1968 net->netdev_ops = &device_ops; 1969 net->ethtool_ops = ðtool_ops; 1970 SET_NETDEV_DEV(net, &dev->device); 1971 1972 /* We always need headroom for rndis header */ 1973 net->needed_headroom = RNDIS_AND_PPI_SIZE; 1974 1975 /* Initialize the number of queues to be 1, we may change it if more 1976 * channels are offered later. 1977 */ 1978 netif_set_real_num_tx_queues(net, 1); 1979 netif_set_real_num_rx_queues(net, 1); 1980 1981 /* Notify the netvsc driver of the new device */ 1982 memset(&device_info, 0, sizeof(device_info)); 1983 device_info.num_chn = VRSS_CHANNEL_DEFAULT; 1984 device_info.send_sections = NETVSC_DEFAULT_TX; 1985 device_info.send_section_size = NETVSC_SEND_SECTION_SIZE; 1986 device_info.recv_sections = NETVSC_DEFAULT_RX; 1987 device_info.recv_section_size = NETVSC_RECV_SECTION_SIZE; 1988 1989 nvdev = rndis_filter_device_add(dev, &device_info); 1990 if (IS_ERR(nvdev)) { 1991 ret = PTR_ERR(nvdev); 1992 netdev_err(net, "unable to add netvsc device (ret %d)\n", ret); 1993 goto rndis_failed; 1994 } 1995 1996 memcpy(net->dev_addr, device_info.mac_adr, ETH_ALEN); 1997 1998 /* hw_features computed in rndis_netdev_set_hwcaps() */ 1999 net->features = net->hw_features | 2000 NETIF_F_HIGHDMA | NETIF_F_SG | 2001 NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_CTAG_RX; 2002 net->vlan_features = net->features; 2003 2004 netdev_lockdep_set_classes(net); 2005 2006 /* MTU range: 68 - 1500 or 65521 */ 2007 net->min_mtu = NETVSC_MTU_MIN; 2008 if (nvdev->nvsp_version >= NVSP_PROTOCOL_VERSION_2) 2009 net->max_mtu = NETVSC_MTU - ETH_HLEN; 2010 else 2011 net->max_mtu = ETH_DATA_LEN; 2012 2013 ret = register_netdev(net); 2014 if (ret != 0) { 2015 pr_err("Unable to register netdev.\n"); 2016 goto register_failed; 2017 } 2018 2019 ret = failover_register(net, &netvsc_failover_ops, > 2020 &net_device_ctx->failover); 2021 if (ret != 0) 2022 goto err_failover; 2023 2024 return ret; 2025 2026 err_failover: 2027 unregister_netdev(net); 2028 register_failed: 2029 rndis_filter_device_remove(dev, nvdev); 2030 rndis_failed: 2031 free_percpu(net_device_ctx->vf_stats); 2032 no_stats: 2033 hv_set_drvdata(dev, NULL); 2034 free_netdev(net); 2035 no_net: 2036 return ret; 2037 } 2038 --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation
On Fri, 20 Apr 2018 18:00:58 +0200 Jiri Pirko <jiri@resnulli.us> wrote: > Fri, Apr 20, 2018 at 05:28:02PM CEST, stephen@networkplumber.org wrote: > >On Thu, 19 Apr 2018 18:42:04 -0700 > >Sridhar Samudrala <sridhar.samudrala@intel.com> wrote: > > > >> Use the registration/notification framework supported by the generic > >> failover infrastructure. > >> > >> Signed-off-by: Sridhar Samudrala <sridhar.samudrala@intel.com> > > > >Do what you want to other devices but leave netvsc alone. > >Adding these failover ops does not reduce the code size, and really is > >no benefit. The netvsc device driver needs to be backported to several > >other distributions and doing this makes that harder. > > We should not care about the backport burden when we are trying to make > things right. And things are not right. The current netvsc approach is > just plain wrong shortcut. It should have been done in a generic way > from the very beginning. We are just trying to fix this situation. > > Moreover, I believe that part of the fix is to convert netvsc to 3 > netdev solution too. 2 netdev model is wrong. > > > > > >I will NAK patches to change to common code for netvsc especially the > >three device model. MS worked hard with distro vendors to support transparent > >mode, ans we really can't have a new model; or do backport. > > > >Plus, DPDK is now dependent on existing model. > > Sorry, but nobody here cares about dpdk or other similar oddities. The network device model is a userspace API, and DPDK is a userspace application. You can't go breaking userspace even if you don't like the application.
On Mon, Apr 23, 2018 at 10:04:06AM -0700, Stephen Hemminger wrote: > > > > > >I will NAK patches to change to common code for netvsc especially the > > >three device model. MS worked hard with distro vendors to support transparent > > >mode, ans we really can't have a new model; or do backport. > > > > > >Plus, DPDK is now dependent on existing model. > > > > Sorry, but nobody here cares about dpdk or other similar oddities. > > The network device model is a userspace API, and DPDK is a userspace application. It is userspace but are you sure dpdk is actually poking at netdevs? AFAIK it's normally banging device registers directly. > You can't go breaking userspace even if you don't like the application. Could you please explain how is the proposed patchset breaking userspace? Ignoring DPDK for now, I don't think it changes the userspace API at all.
Mon, Apr 23, 2018 at 07:04:06PM CEST, stephen@networkplumber.org wrote: >On Fri, 20 Apr 2018 18:00:58 +0200 >Jiri Pirko <jiri@resnulli.us> wrote: > >> Fri, Apr 20, 2018 at 05:28:02PM CEST, stephen@networkplumber.org wrote: >> >On Thu, 19 Apr 2018 18:42:04 -0700 >> >Sridhar Samudrala <sridhar.samudrala@intel.com> wrote: >> > >> >> Use the registration/notification framework supported by the generic >> >> failover infrastructure. >> >> >> >> Signed-off-by: Sridhar Samudrala <sridhar.samudrala@intel.com> >> > >> >Do what you want to other devices but leave netvsc alone. >> >Adding these failover ops does not reduce the code size, and really is >> >no benefit. The netvsc device driver needs to be backported to several >> >other distributions and doing this makes that harder. >> >> We should not care about the backport burden when we are trying to make >> things right. And things are not right. The current netvsc approach is >> just plain wrong shortcut. It should have been done in a generic way >> from the very beginning. We are just trying to fix this situation. >> >> Moreover, I believe that part of the fix is to convert netvsc to 3 >> netdev solution too. 2 netdev model is wrong. >> >> >> > >> >I will NAK patches to change to common code for netvsc especially the >> >three device model. MS worked hard with distro vendors to support transparent >> >mode, ans we really can't have a new model; or do backport. >> > >> >Plus, DPDK is now dependent on existing model. >> >> Sorry, but nobody here cares about dpdk or other similar oddities. > >The network device model is a userspace API, and DPDK is a userspace application. >You can't go breaking userspace even if you don't like the application. I don't understand how you can break anything by exposing just-another-netdevice. If you break it, it is already broken... And how you can break anything in userspace by doing refactoring inside the kernel is puzzling me even more...
On Mon, 23 Apr 2018 20:24:56 +0300 "Michael S. Tsirkin" <mst@redhat.com> wrote: > On Mon, Apr 23, 2018 at 10:04:06AM -0700, Stephen Hemminger wrote: > > > > > > > >I will NAK patches to change to common code for netvsc especially the > > > >three device model. MS worked hard with distro vendors to support transparent > > > >mode, ans we really can't have a new model; or do backport. > > > > > > > >Plus, DPDK is now dependent on existing model. > > > > > > Sorry, but nobody here cares about dpdk or other similar oddities. > > > > The network device model is a userspace API, and DPDK is a userspace application. > > It is userspace but are you sure dpdk is actually poking at netdevs? > AFAIK it's normally banging device registers directly. > > > You can't go breaking userspace even if you don't like the application. > > Could you please explain how is the proposed patchset breaking > userspace? Ignoring DPDK for now, I don't think it changes the userspace > API at all. > The DPDK has a device driver vdev_netvsc which scans the Linux network devices to look for Linux netvsc device and the paired VF device and setup the DPDK environment. This setup creates a DPDK failsafe (bondingish) instance and sets up TAP support over the Linux netvsc device as well as the Mellanox VF device. So it depends on existing 2 device model. You can't go to a 3 device model or start hiding devices from userspace. Also, I am working on associating netvsc and VF device based on serial number rather than MAC address. The serial number is how Windows works now, and it makes sense for Linux and Windows to use the same mechanism if possible.
On Mon, Apr 23, 2018 at 10:44:40AM -0700, Stephen Hemminger wrote: > On Mon, 23 Apr 2018 20:24:56 +0300 > "Michael S. Tsirkin" <mst@redhat.com> wrote: > > > On Mon, Apr 23, 2018 at 10:04:06AM -0700, Stephen Hemminger wrote: > > > > > > > > > >I will NAK patches to change to common code for netvsc especially the > > > > >three device model. MS worked hard with distro vendors to support transparent > > > > >mode, ans we really can't have a new model; or do backport. > > > > > > > > > >Plus, DPDK is now dependent on existing model. > > > > > > > > Sorry, but nobody here cares about dpdk or other similar oddities. > > > > > > The network device model is a userspace API, and DPDK is a userspace application. > > > > It is userspace but are you sure dpdk is actually poking at netdevs? > > AFAIK it's normally banging device registers directly. > > > > > You can't go breaking userspace even if you don't like the application. > > > > Could you please explain how is the proposed patchset breaking > > userspace? Ignoring DPDK for now, I don't think it changes the userspace > > API at all. > > > > The DPDK has a device driver vdev_netvsc which scans the Linux network devices > to look for Linux netvsc device and the paired VF device and setup the > DPDK environment. This setup creates a DPDK failsafe (bondingish) instance > and sets up TAP support over the Linux netvsc device as well as the Mellanox > VF device. > > So it depends on existing 2 device model. You can't go to a 3 device model > or start hiding devices from userspace. Okay so how does the existing patch break that? IIUC does not go to a 3 device model since netvsc calls failover_register directly. > Also, I am working on associating netvsc and VF device based on serial number > rather than MAC address. The serial number is how Windows works now, and it makes > sense for Linux and Windows to use the same mechanism if possible. Maybe we should support same for virtio ... Which serial do you mean? From vpd? I guess you will want to keep supporting MAC for old hypervisors? It all seems like a reasonable thing to support in the generic core.
On Mon, Apr 23, 2018 at 10:56 AM, Michael S. Tsirkin <mst@redhat.com> wrote: > On Mon, Apr 23, 2018 at 10:44:40AM -0700, Stephen Hemminger wrote: >> On Mon, 23 Apr 2018 20:24:56 +0300 >> "Michael S. Tsirkin" <mst@redhat.com> wrote: >> >> > On Mon, Apr 23, 2018 at 10:04:06AM -0700, Stephen Hemminger wrote: >> > > > > >> > > > >I will NAK patches to change to common code for netvsc especially the >> > > > >three device model. MS worked hard with distro vendors to support transparent >> > > > >mode, ans we really can't have a new model; or do backport. >> > > > > >> > > > >Plus, DPDK is now dependent on existing model. >> > > > >> > > > Sorry, but nobody here cares about dpdk or other similar oddities. >> > > >> > > The network device model is a userspace API, and DPDK is a userspace application. >> > >> > It is userspace but are you sure dpdk is actually poking at netdevs? >> > AFAIK it's normally banging device registers directly. >> > >> > > You can't go breaking userspace even if you don't like the application. >> > >> > Could you please explain how is the proposed patchset breaking >> > userspace? Ignoring DPDK for now, I don't think it changes the userspace >> > API at all. >> > >> >> The DPDK has a device driver vdev_netvsc which scans the Linux network devices >> to look for Linux netvsc device and the paired VF device and setup the >> DPDK environment. This setup creates a DPDK failsafe (bondingish) instance >> and sets up TAP support over the Linux netvsc device as well as the Mellanox >> VF device. >> >> So it depends on existing 2 device model. You can't go to a 3 device model >> or start hiding devices from userspace. > > Okay so how does the existing patch break that? IIUC does not go to > a 3 device model since netvsc calls failover_register directly. > >> Also, I am working on associating netvsc and VF device based on serial number >> rather than MAC address. The serial number is how Windows works now, and it makes >> sense for Linux and Windows to use the same mechanism if possible. > > Maybe we should support same for virtio ... > Which serial do you mean? From vpd? > > I guess you will want to keep supporting MAC for old hypervisors? > > It all seems like a reasonable thing to support in the generic core. That's the reason why I chose explicit identifier rather than rely on MAC address to bind/pair a device. MAC address can change. Even if it can't, malicious guest user can fake MAC address to skip binding. -Siwei > > -- > MST
On Mon, Apr 23, 2018 at 12:44:39PM -0700, Siwei Liu wrote: > On Mon, Apr 23, 2018 at 10:56 AM, Michael S. Tsirkin <mst@redhat.com> wrote: > > On Mon, Apr 23, 2018 at 10:44:40AM -0700, Stephen Hemminger wrote: > >> On Mon, 23 Apr 2018 20:24:56 +0300 > >> "Michael S. Tsirkin" <mst@redhat.com> wrote: > >> > >> > On Mon, Apr 23, 2018 at 10:04:06AM -0700, Stephen Hemminger wrote: > >> > > > > > >> > > > >I will NAK patches to change to common code for netvsc especially the > >> > > > >three device model. MS worked hard with distro vendors to support transparent > >> > > > >mode, ans we really can't have a new model; or do backport. > >> > > > > > >> > > > >Plus, DPDK is now dependent on existing model. > >> > > > > >> > > > Sorry, but nobody here cares about dpdk or other similar oddities. > >> > > > >> > > The network device model is a userspace API, and DPDK is a userspace application. > >> > > >> > It is userspace but are you sure dpdk is actually poking at netdevs? > >> > AFAIK it's normally banging device registers directly. > >> > > >> > > You can't go breaking userspace even if you don't like the application. > >> > > >> > Could you please explain how is the proposed patchset breaking > >> > userspace? Ignoring DPDK for now, I don't think it changes the userspace > >> > API at all. > >> > > >> > >> The DPDK has a device driver vdev_netvsc which scans the Linux network devices > >> to look for Linux netvsc device and the paired VF device and setup the > >> DPDK environment. This setup creates a DPDK failsafe (bondingish) instance > >> and sets up TAP support over the Linux netvsc device as well as the Mellanox > >> VF device. > >> > >> So it depends on existing 2 device model. You can't go to a 3 device model > >> or start hiding devices from userspace. > > > > Okay so how does the existing patch break that? IIUC does not go to > > a 3 device model since netvsc calls failover_register directly. > > > >> Also, I am working on associating netvsc and VF device based on serial number > >> rather than MAC address. The serial number is how Windows works now, and it makes > >> sense for Linux and Windows to use the same mechanism if possible. > > > > Maybe we should support same for virtio ... > > Which serial do you mean? From vpd? > > > > I guess you will want to keep supporting MAC for old hypervisors? > > > > It all seems like a reasonable thing to support in the generic core. > > That's the reason why I chose explicit identifier rather than rely on > MAC address to bind/pair a device. MAC address can change. Even if it > can't, malicious guest user can fake MAC address to skip binding. > > -Siwei Address should be sampled at device creation to prevent this kind of hack. Not that it buys the malicious user much: if you can poke at MAC addresses you probably already can break networking. > > > > > -- > > MST
On Mon, 23 Apr 2018 12:44:39 -0700 Siwei Liu <loseweigh@gmail.com> wrote: > On Mon, Apr 23, 2018 at 10:56 AM, Michael S. Tsirkin <mst@redhat.com> wrote: > > On Mon, Apr 23, 2018 at 10:44:40AM -0700, Stephen Hemminger wrote: > >> On Mon, 23 Apr 2018 20:24:56 +0300 > >> "Michael S. Tsirkin" <mst@redhat.com> wrote: > >> > >> > On Mon, Apr 23, 2018 at 10:04:06AM -0700, Stephen Hemminger wrote: > >> > > > > > >> > > > >I will NAK patches to change to common code for netvsc especially the > >> > > > >three device model. MS worked hard with distro vendors to support transparent > >> > > > >mode, ans we really can't have a new model; or do backport. > >> > > > > > >> > > > >Plus, DPDK is now dependent on existing model. > >> > > > > >> > > > Sorry, but nobody here cares about dpdk or other similar oddities. > >> > > > >> > > The network device model is a userspace API, and DPDK is a userspace application. > >> > > >> > It is userspace but are you sure dpdk is actually poking at netdevs? > >> > AFAIK it's normally banging device registers directly. > >> > > >> > > You can't go breaking userspace even if you don't like the application. > >> > > >> > Could you please explain how is the proposed patchset breaking > >> > userspace? Ignoring DPDK for now, I don't think it changes the userspace > >> > API at all. > >> > > >> > >> The DPDK has a device driver vdev_netvsc which scans the Linux network devices > >> to look for Linux netvsc device and the paired VF device and setup the > >> DPDK environment. This setup creates a DPDK failsafe (bondingish) instance > >> and sets up TAP support over the Linux netvsc device as well as the Mellanox > >> VF device. > >> > >> So it depends on existing 2 device model. You can't go to a 3 device model > >> or start hiding devices from userspace. > > > > Okay so how does the existing patch break that? IIUC does not go to > > a 3 device model since netvsc calls failover_register directly. > > > >> Also, I am working on associating netvsc and VF device based on serial number > >> rather than MAC address. The serial number is how Windows works now, and it makes > >> sense for Linux and Windows to use the same mechanism if possible. > > > > Maybe we should support same for virtio ... > > Which serial do you mean? From vpd? > > > > I guess you will want to keep supporting MAC for old hypervisors? The serial number has always been in the hypervisor since original support of SR-IOV in WS2008. So no backward compatibility special cases would be needed.
On Mon, 23 Apr 2018 23:06:55 +0300 "Michael S. Tsirkin" <mst@redhat.com> wrote: > On Mon, Apr 23, 2018 at 12:44:39PM -0700, Siwei Liu wrote: > > On Mon, Apr 23, 2018 at 10:56 AM, Michael S. Tsirkin <mst@redhat.com> wrote: > > > On Mon, Apr 23, 2018 at 10:44:40AM -0700, Stephen Hemminger wrote: > > >> On Mon, 23 Apr 2018 20:24:56 +0300 > > >> "Michael S. Tsirkin" <mst@redhat.com> wrote: > > >> > > >> > On Mon, Apr 23, 2018 at 10:04:06AM -0700, Stephen Hemminger wrote: > > >> > > > > > > >> > > > >I will NAK patches to change to common code for netvsc especially the > > >> > > > >three device model. MS worked hard with distro vendors to support transparent > > >> > > > >mode, ans we really can't have a new model; or do backport. > > >> > > > > > > >> > > > >Plus, DPDK is now dependent on existing model. > > >> > > > > > >> > > > Sorry, but nobody here cares about dpdk or other similar oddities. > > >> > > > > >> > > The network device model is a userspace API, and DPDK is a userspace application. > > >> > > > >> > It is userspace but are you sure dpdk is actually poking at netdevs? > > >> > AFAIK it's normally banging device registers directly. > > >> > > > >> > > You can't go breaking userspace even if you don't like the application. > > >> > > > >> > Could you please explain how is the proposed patchset breaking > > >> > userspace? Ignoring DPDK for now, I don't think it changes the userspace > > >> > API at all. > > >> > > > >> > > >> The DPDK has a device driver vdev_netvsc which scans the Linux network devices > > >> to look for Linux netvsc device and the paired VF device and setup the > > >> DPDK environment. This setup creates a DPDK failsafe (bondingish) instance > > >> and sets up TAP support over the Linux netvsc device as well as the Mellanox > > >> VF device. > > >> > > >> So it depends on existing 2 device model. You can't go to a 3 device model > > >> or start hiding devices from userspace. > > > > > > Okay so how does the existing patch break that? IIUC does not go to > > > a 3 device model since netvsc calls failover_register directly. > > > > > >> Also, I am working on associating netvsc and VF device based on serial number > > >> rather than MAC address. The serial number is how Windows works now, and it makes > > >> sense for Linux and Windows to use the same mechanism if possible. > > > > > > Maybe we should support same for virtio ... > > > Which serial do you mean? From vpd? > > > > > > I guess you will want to keep supporting MAC for old hypervisors? > > > > > > It all seems like a reasonable thing to support in the generic core. > > > > That's the reason why I chose explicit identifier rather than rely on > > MAC address to bind/pair a device. MAC address can change. Even if it > > can't, malicious guest user can fake MAC address to skip binding. > > > > -Siwei > > Address should be sampled at device creation to prevent this > kind of hack. Not that it buys the malicious user much: > if you can poke at MAC addresses you probably already can > break networking. On Hyper-V guest can't really change MAC address if SR-IOV is enabled. Also, Linux has permanent ether address in netdev which is what should be used to avoid user messing with device.
On Mon, Apr 23, 2018 at 06:25:03PM -0700, Stephen Hemminger wrote: > On Mon, 23 Apr 2018 12:44:39 -0700 > Siwei Liu <loseweigh@gmail.com> wrote: > > > On Mon, Apr 23, 2018 at 10:56 AM, Michael S. Tsirkin <mst@redhat.com> wrote: > > > On Mon, Apr 23, 2018 at 10:44:40AM -0700, Stephen Hemminger wrote: > > >> On Mon, 23 Apr 2018 20:24:56 +0300 > > >> "Michael S. Tsirkin" <mst@redhat.com> wrote: > > >> > > >> > On Mon, Apr 23, 2018 at 10:04:06AM -0700, Stephen Hemminger wrote: > > >> > > > > > > >> > > > >I will NAK patches to change to common code for netvsc especially the > > >> > > > >three device model. MS worked hard with distro vendors to support transparent > > >> > > > >mode, ans we really can't have a new model; or do backport. > > >> > > > > > > >> > > > >Plus, DPDK is now dependent on existing model. > > >> > > > > > >> > > > Sorry, but nobody here cares about dpdk or other similar oddities. > > >> > > > > >> > > The network device model is a userspace API, and DPDK is a userspace application. > > >> > > > >> > It is userspace but are you sure dpdk is actually poking at netdevs? > > >> > AFAIK it's normally banging device registers directly. > > >> > > > >> > > You can't go breaking userspace even if you don't like the application. > > >> > > > >> > Could you please explain how is the proposed patchset breaking > > >> > userspace? Ignoring DPDK for now, I don't think it changes the userspace > > >> > API at all. > > >> > > > >> > > >> The DPDK has a device driver vdev_netvsc which scans the Linux network devices > > >> to look for Linux netvsc device and the paired VF device and setup the > > >> DPDK environment. This setup creates a DPDK failsafe (bondingish) instance > > >> and sets up TAP support over the Linux netvsc device as well as the Mellanox > > >> VF device. > > >> > > >> So it depends on existing 2 device model. You can't go to a 3 device model > > >> or start hiding devices from userspace. > > > > > > Okay so how does the existing patch break that? IIUC does not go to > > > a 3 device model since netvsc calls failover_register directly. > > > > > >> Also, I am working on associating netvsc and VF device based on serial number > > >> rather than MAC address. The serial number is how Windows works now, and it makes > > >> sense for Linux and Windows to use the same mechanism if possible. > > > > > > Maybe we should support same for virtio ... > > > Which serial do you mean? From vpd? > > > > > > I guess you will want to keep supporting MAC for old hypervisors? > > The serial number has always been in the hypervisor since original support of SR-IOV > in WS2008. So no backward compatibility special cases would be needed. Is that a serial from real hardware or a hypervisor thing?
On Tue, 24 Apr 2018 04:42:22 +0300 "Michael S. Tsirkin" <mst@redhat.com> wrote: > On Mon, Apr 23, 2018 at 06:25:03PM -0700, Stephen Hemminger wrote: > > On Mon, 23 Apr 2018 12:44:39 -0700 > > Siwei Liu <loseweigh@gmail.com> wrote: > > > > > On Mon, Apr 23, 2018 at 10:56 AM, Michael S. Tsirkin <mst@redhat.com> wrote: > > > > On Mon, Apr 23, 2018 at 10:44:40AM -0700, Stephen Hemminger wrote: > > > >> On Mon, 23 Apr 2018 20:24:56 +0300 > > > >> "Michael S. Tsirkin" <mst@redhat.com> wrote: > > > >> > > > >> > On Mon, Apr 23, 2018 at 10:04:06AM -0700, Stephen Hemminger wrote: > > > >> > > > > > > > >> > > > >I will NAK patches to change to common code for netvsc especially the > > > >> > > > >three device model. MS worked hard with distro vendors to support transparent > > > >> > > > >mode, ans we really can't have a new model; or do backport. > > > >> > > > > > > > >> > > > >Plus, DPDK is now dependent on existing model. > > > >> > > > > > > >> > > > Sorry, but nobody here cares about dpdk or other similar oddities. > > > >> > > > > > >> > > The network device model is a userspace API, and DPDK is a userspace application. > > > >> > > > > >> > It is userspace but are you sure dpdk is actually poking at netdevs? > > > >> > AFAIK it's normally banging device registers directly. > > > >> > > > > >> > > You can't go breaking userspace even if you don't like the application. > > > >> > > > > >> > Could you please explain how is the proposed patchset breaking > > > >> > userspace? Ignoring DPDK for now, I don't think it changes the userspace > > > >> > API at all. > > > >> > > > > >> > > > >> The DPDK has a device driver vdev_netvsc which scans the Linux network devices > > > >> to look for Linux netvsc device and the paired VF device and setup the > > > >> DPDK environment. This setup creates a DPDK failsafe (bondingish) instance > > > >> and sets up TAP support over the Linux netvsc device as well as the Mellanox > > > >> VF device. > > > >> > > > >> So it depends on existing 2 device model. You can't go to a 3 device model > > > >> or start hiding devices from userspace. > > > > > > > > Okay so how does the existing patch break that? IIUC does not go to > > > > a 3 device model since netvsc calls failover_register directly. > > > > > > > >> Also, I am working on associating netvsc and VF device based on serial number > > > >> rather than MAC address. The serial number is how Windows works now, and it makes > > > >> sense for Linux and Windows to use the same mechanism if possible. > > > > > > > > Maybe we should support same for virtio ... > > > > Which serial do you mean? From vpd? > > > > > > > > I guess you will want to keep supporting MAC for old hypervisors? > > > > The serial number has always been in the hypervisor since original support of SR-IOV > > in WS2008. So no backward compatibility special cases would be needed. > > Is that a serial from real hardware or a hypervisor thing? > > It is a hypervisor thing in the PCI hyperv code and the hyperv Netvsc interface. It might also be in the PCI spec, but the value in Hyper-V is being generated by the host.
On Mon, Apr 23, 2018 at 1:06 PM, Michael S. Tsirkin <mst@redhat.com> wrote: > On Mon, Apr 23, 2018 at 12:44:39PM -0700, Siwei Liu wrote: >> On Mon, Apr 23, 2018 at 10:56 AM, Michael S. Tsirkin <mst@redhat.com> wrote: >> > On Mon, Apr 23, 2018 at 10:44:40AM -0700, Stephen Hemminger wrote: >> >> On Mon, 23 Apr 2018 20:24:56 +0300 >> >> "Michael S. Tsirkin" <mst@redhat.com> wrote: >> >> >> >> > On Mon, Apr 23, 2018 at 10:04:06AM -0700, Stephen Hemminger wrote: >> >> > > > > >> >> > > > >I will NAK patches to change to common code for netvsc especially the >> >> > > > >three device model. MS worked hard with distro vendors to support transparent >> >> > > > >mode, ans we really can't have a new model; or do backport. >> >> > > > > >> >> > > > >Plus, DPDK is now dependent on existing model. >> >> > > > >> >> > > > Sorry, but nobody here cares about dpdk or other similar oddities. >> >> > > >> >> > > The network device model is a userspace API, and DPDK is a userspace application. >> >> > >> >> > It is userspace but are you sure dpdk is actually poking at netdevs? >> >> > AFAIK it's normally banging device registers directly. >> >> > >> >> > > You can't go breaking userspace even if you don't like the application. >> >> > >> >> > Could you please explain how is the proposed patchset breaking >> >> > userspace? Ignoring DPDK for now, I don't think it changes the userspace >> >> > API at all. >> >> > >> >> >> >> The DPDK has a device driver vdev_netvsc which scans the Linux network devices >> >> to look for Linux netvsc device and the paired VF device and setup the >> >> DPDK environment. This setup creates a DPDK failsafe (bondingish) instance >> >> and sets up TAP support over the Linux netvsc device as well as the Mellanox >> >> VF device. >> >> >> >> So it depends on existing 2 device model. You can't go to a 3 device model >> >> or start hiding devices from userspace. >> > >> > Okay so how does the existing patch break that? IIUC does not go to >> > a 3 device model since netvsc calls failover_register directly. >> > >> >> Also, I am working on associating netvsc and VF device based on serial number >> >> rather than MAC address. The serial number is how Windows works now, and it makes >> >> sense for Linux and Windows to use the same mechanism if possible. >> > >> > Maybe we should support same for virtio ... >> > Which serial do you mean? From vpd? >> > >> > I guess you will want to keep supporting MAC for old hypervisors? >> > >> > It all seems like a reasonable thing to support in the generic core. >> >> That's the reason why I chose explicit identifier rather than rely on >> MAC address to bind/pair a device. MAC address can change. Even if it >> can't, malicious guest user can fake MAC address to skip binding. >> >> -Siwei > > Address should be sampled at device creation to prevent this > kind of hack. Not that it buys the malicious user much: > if you can poke at MAC addresses you probably already can > break networking. I don't understand why poking at MAC address may potentially break networking. Unlike VF, passthrough PCI endpoint device has its freedom to change the MAC address. Even on a VF setup it's not neccessarily always safe to assume the VF's MAC address cannot or shouldn't be changed. That depends on the specific need whether the host admin wants to restrict guest from changing the MAC address, although in most cases it's true. I understand we can use the perm_addr to distinguish. But as said, this will pose limitation of flexible configuration where one can assign VFs with identical MAC address at all while each VF belongs to different PF and/or different subnet for e.g. load balancing. And furthermore, the QEMU device model never uses MAC address to be interpreted as an identifier, which requires to be unique per VM instance. Why we're introducing this inconsistency? -Siwei > > > > >> >> > >> > -- >> > MST
On Wed, Apr 25, 2018 at 02:38:57PM -0700, Siwei Liu wrote: > On Mon, Apr 23, 2018 at 1:06 PM, Michael S. Tsirkin <mst@redhat.com> wrote: > > On Mon, Apr 23, 2018 at 12:44:39PM -0700, Siwei Liu wrote: > >> On Mon, Apr 23, 2018 at 10:56 AM, Michael S. Tsirkin <mst@redhat.com> wrote: > >> > On Mon, Apr 23, 2018 at 10:44:40AM -0700, Stephen Hemminger wrote: > >> >> On Mon, 23 Apr 2018 20:24:56 +0300 > >> >> "Michael S. Tsirkin" <mst@redhat.com> wrote: > >> >> > >> >> > On Mon, Apr 23, 2018 at 10:04:06AM -0700, Stephen Hemminger wrote: > >> >> > > > > > >> >> > > > >I will NAK patches to change to common code for netvsc especially the > >> >> > > > >three device model. MS worked hard with distro vendors to support transparent > >> >> > > > >mode, ans we really can't have a new model; or do backport. > >> >> > > > > > >> >> > > > >Plus, DPDK is now dependent on existing model. > >> >> > > > > >> >> > > > Sorry, but nobody here cares about dpdk or other similar oddities. > >> >> > > > >> >> > > The network device model is a userspace API, and DPDK is a userspace application. > >> >> > > >> >> > It is userspace but are you sure dpdk is actually poking at netdevs? > >> >> > AFAIK it's normally banging device registers directly. > >> >> > > >> >> > > You can't go breaking userspace even if you don't like the application. > >> >> > > >> >> > Could you please explain how is the proposed patchset breaking > >> >> > userspace? Ignoring DPDK for now, I don't think it changes the userspace > >> >> > API at all. > >> >> > > >> >> > >> >> The DPDK has a device driver vdev_netvsc which scans the Linux network devices > >> >> to look for Linux netvsc device and the paired VF device and setup the > >> >> DPDK environment. This setup creates a DPDK failsafe (bondingish) instance > >> >> and sets up TAP support over the Linux netvsc device as well as the Mellanox > >> >> VF device. > >> >> > >> >> So it depends on existing 2 device model. You can't go to a 3 device model > >> >> or start hiding devices from userspace. > >> > > >> > Okay so how does the existing patch break that? IIUC does not go to > >> > a 3 device model since netvsc calls failover_register directly. > >> > > >> >> Also, I am working on associating netvsc and VF device based on serial number > >> >> rather than MAC address. The serial number is how Windows works now, and it makes > >> >> sense for Linux and Windows to use the same mechanism if possible. > >> > > >> > Maybe we should support same for virtio ... > >> > Which serial do you mean? From vpd? > >> > > >> > I guess you will want to keep supporting MAC for old hypervisors? > >> > > >> > It all seems like a reasonable thing to support in the generic core. > >> > >> That's the reason why I chose explicit identifier rather than rely on > >> MAC address to bind/pair a device. MAC address can change. Even if it > >> can't, malicious guest user can fake MAC address to skip binding. > >> > >> -Siwei > > > > Address should be sampled at device creation to prevent this > > kind of hack. Not that it buys the malicious user much: > > if you can poke at MAC addresses you probably already can > > break networking. > > I don't understand why poking at MAC address may potentially break > networking. Set a MAC address to match another device on the same LAN, packets will stop reaching that MAC. > Unlike VF, passthrough PCI endpoint device has its freedom > to change the MAC address. Even on a VF setup it's not neccessarily > always safe to assume the VF's MAC address cannot or shouldn't be > changed. That depends on the specific need whether the host admin > wants to restrict guest from changing the MAC address, although in > most cases it's true. > > I understand we can use the perm_addr to distinguish. But as said, > this will pose limitation of flexible configuration where one can > assign VFs with identical MAC address at all while each VF belongs to > different PF and/or different subnet for e.g. load balancing. > And > furthermore, the QEMU device model never uses MAC address to be > interpreted as an identifier, which requires to be unique per VM > instance. Why we're introducing this inconsistency? > > -Siwei Because it addresses most of the issues and is simple. That's already much better than what we have now which is nothing unless guest configures things manually. I think ideally the infrastructure should suppport flexible matching of NICs - netvsc is already reported to be moving to some kind of serial address. > > > > > > > > > >> > >> > > >> > -- > >> > MST
On Wed, Apr 25, 2018 at 3:22 PM, Michael S. Tsirkin <mst@redhat.com> wrote: > On Wed, Apr 25, 2018 at 02:38:57PM -0700, Siwei Liu wrote: >> On Mon, Apr 23, 2018 at 1:06 PM, Michael S. Tsirkin <mst@redhat.com> wrote: >> > On Mon, Apr 23, 2018 at 12:44:39PM -0700, Siwei Liu wrote: >> >> On Mon, Apr 23, 2018 at 10:56 AM, Michael S. Tsirkin <mst@redhat.com> wrote: >> >> > On Mon, Apr 23, 2018 at 10:44:40AM -0700, Stephen Hemminger wrote: >> >> >> On Mon, 23 Apr 2018 20:24:56 +0300 >> >> >> "Michael S. Tsirkin" <mst@redhat.com> wrote: >> >> >> >> >> >> > On Mon, Apr 23, 2018 at 10:04:06AM -0700, Stephen Hemminger wrote: >> >> >> > > > > >> >> >> > > > >I will NAK patches to change to common code for netvsc especially the >> >> >> > > > >three device model. MS worked hard with distro vendors to support transparent >> >> >> > > > >mode, ans we really can't have a new model; or do backport. >> >> >> > > > > >> >> >> > > > >Plus, DPDK is now dependent on existing model. >> >> >> > > > >> >> >> > > > Sorry, but nobody here cares about dpdk or other similar oddities. >> >> >> > > >> >> >> > > The network device model is a userspace API, and DPDK is a userspace application. >> >> >> > >> >> >> > It is userspace but are you sure dpdk is actually poking at netdevs? >> >> >> > AFAIK it's normally banging device registers directly. >> >> >> > >> >> >> > > You can't go breaking userspace even if you don't like the application. >> >> >> > >> >> >> > Could you please explain how is the proposed patchset breaking >> >> >> > userspace? Ignoring DPDK for now, I don't think it changes the userspace >> >> >> > API at all. >> >> >> > >> >> >> >> >> >> The DPDK has a device driver vdev_netvsc which scans the Linux network devices >> >> >> to look for Linux netvsc device and the paired VF device and setup the >> >> >> DPDK environment. This setup creates a DPDK failsafe (bondingish) instance >> >> >> and sets up TAP support over the Linux netvsc device as well as the Mellanox >> >> >> VF device. >> >> >> >> >> >> So it depends on existing 2 device model. You can't go to a 3 device model >> >> >> or start hiding devices from userspace. >> >> > >> >> > Okay so how does the existing patch break that? IIUC does not go to >> >> > a 3 device model since netvsc calls failover_register directly. >> >> > >> >> >> Also, I am working on associating netvsc and VF device based on serial number >> >> >> rather than MAC address. The serial number is how Windows works now, and it makes >> >> >> sense for Linux and Windows to use the same mechanism if possible. >> >> > >> >> > Maybe we should support same for virtio ... >> >> > Which serial do you mean? From vpd? >> >> > >> >> > I guess you will want to keep supporting MAC for old hypervisors? >> >> > >> >> > It all seems like a reasonable thing to support in the generic core. >> >> >> >> That's the reason why I chose explicit identifier rather than rely on >> >> MAC address to bind/pair a device. MAC address can change. Even if it >> >> can't, malicious guest user can fake MAC address to skip binding. >> >> >> >> -Siwei >> > >> > Address should be sampled at device creation to prevent this >> > kind of hack. Not that it buys the malicious user much: >> > if you can poke at MAC addresses you probably already can >> > break networking. >> >> I don't understand why poking at MAC address may potentially break >> networking. > > Set a MAC address to match another device on the same LAN, > packets will stop reaching that MAC. What I meant was guest users may create a virtual link, say veth that has exactly the same MAC address as that for the VF, which can easily get around of the binding procedure. There's no explicit flag to identify a VF or pass-through device AFAIK. And sometimes this happens maybe due to user misconfiguring the link. This process should be hardened to avoid from any potential configuration errors. > >> Unlike VF, passthrough PCI endpoint device has its freedom >> to change the MAC address. Even on a VF setup it's not neccessarily >> always safe to assume the VF's MAC address cannot or shouldn't be >> changed. That depends on the specific need whether the host admin >> wants to restrict guest from changing the MAC address, although in >> most cases it's true. >> >> I understand we can use the perm_addr to distinguish. But as said, >> this will pose limitation of flexible configuration where one can >> assign VFs with identical MAC address at all while each VF belongs to >> different PF and/or different subnet for e.g. load balancing. >> And >> furthermore, the QEMU device model never uses MAC address to be >> interpreted as an identifier, which requires to be unique per VM >> instance. Why we're introducing this inconsistency? >> >> -Siwei > > Because it addresses most of the issues and is simple. That's already > much better than what we have now which is nothing unless guest > configures things manually. Did you see my QEMU patch for using BDF as the grouping identifier? And there can be others like what you suggested, but the point is that it's requried to support explicit grouping mechanism from day one, before the backup property cast into stones. This is orthogonal to device model being proposed, be it 1-netdev or not. Delaying it would just mean support and compatibility burden, appearing more like a design flaw rather than a feature to add later on. > > I think ideally the infrastructure should suppport flexible matching of > NICs - netvsc is already reported to be moving to some kind of serial > address. > As Stephen said, Hyper-V supports the serial UUID thing from day-one. It's just the Linux netvsc guest driver itself does not leverage that ID from the very beginging. Regards, -Siwei > >> > >> > >> > >> > >> >> >> >> > >> >> > -- >> >> > MST
On Wed, 25 Apr 2018 15:57:57 -0700 Siwei Liu <loseweigh@gmail.com> wrote: > > > > I think ideally the infrastructure should suppport flexible matching of > > NICs - netvsc is already reported to be moving to some kind of serial > > address. > > > As Stephen said, Hyper-V supports the serial UUID thing from day-one. > It's just the Linux netvsc guest driver itself does not leverage that > ID from the very beginging. > > Regards, > -Siwei I am working on that. The problem is that it requires some messy work to go from VF netdevice back to PCI device and from there to the PCI hyperv host infrastructure to find the serial number. I was hoping that the serial number would also match the concept of PCI Express device serial number. But that is a completely different ID :-( The PCI-E serial number is a hardware serial number more like MAC address. The Hyper-V serial number is more like PCI slot value.
On Wed, Apr 25, 2018 at 03:57:57PM -0700, Siwei Liu wrote: > On Wed, Apr 25, 2018 at 3:22 PM, Michael S. Tsirkin <mst@redhat.com> wrote: > > On Wed, Apr 25, 2018 at 02:38:57PM -0700, Siwei Liu wrote: > >> On Mon, Apr 23, 2018 at 1:06 PM, Michael S. Tsirkin <mst@redhat.com> wrote: > >> > On Mon, Apr 23, 2018 at 12:44:39PM -0700, Siwei Liu wrote: > >> >> On Mon, Apr 23, 2018 at 10:56 AM, Michael S. Tsirkin <mst@redhat.com> wrote: > >> >> > On Mon, Apr 23, 2018 at 10:44:40AM -0700, Stephen Hemminger wrote: > >> >> >> On Mon, 23 Apr 2018 20:24:56 +0300 > >> >> >> "Michael S. Tsirkin" <mst@redhat.com> wrote: > >> >> >> > >> >> >> > On Mon, Apr 23, 2018 at 10:04:06AM -0700, Stephen Hemminger wrote: > >> >> >> > > > > > >> >> >> > > > >I will NAK patches to change to common code for netvsc especially the > >> >> >> > > > >three device model. MS worked hard with distro vendors to support transparent > >> >> >> > > > >mode, ans we really can't have a new model; or do backport. > >> >> >> > > > > > >> >> >> > > > >Plus, DPDK is now dependent on existing model. > >> >> >> > > > > >> >> >> > > > Sorry, but nobody here cares about dpdk or other similar oddities. > >> >> >> > > > >> >> >> > > The network device model is a userspace API, and DPDK is a userspace application. > >> >> >> > > >> >> >> > It is userspace but are you sure dpdk is actually poking at netdevs? > >> >> >> > AFAIK it's normally banging device registers directly. > >> >> >> > > >> >> >> > > You can't go breaking userspace even if you don't like the application. > >> >> >> > > >> >> >> > Could you please explain how is the proposed patchset breaking > >> >> >> > userspace? Ignoring DPDK for now, I don't think it changes the userspace > >> >> >> > API at all. > >> >> >> > > >> >> >> > >> >> >> The DPDK has a device driver vdev_netvsc which scans the Linux network devices > >> >> >> to look for Linux netvsc device and the paired VF device and setup the > >> >> >> DPDK environment. This setup creates a DPDK failsafe (bondingish) instance > >> >> >> and sets up TAP support over the Linux netvsc device as well as the Mellanox > >> >> >> VF device. > >> >> >> > >> >> >> So it depends on existing 2 device model. You can't go to a 3 device model > >> >> >> or start hiding devices from userspace. > >> >> > > >> >> > Okay so how does the existing patch break that? IIUC does not go to > >> >> > a 3 device model since netvsc calls failover_register directly. > >> >> > > >> >> >> Also, I am working on associating netvsc and VF device based on serial number > >> >> >> rather than MAC address. The serial number is how Windows works now, and it makes > >> >> >> sense for Linux and Windows to use the same mechanism if possible. > >> >> > > >> >> > Maybe we should support same for virtio ... > >> >> > Which serial do you mean? From vpd? > >> >> > > >> >> > I guess you will want to keep supporting MAC for old hypervisors? > >> >> > > >> >> > It all seems like a reasonable thing to support in the generic core. > >> >> > >> >> That's the reason why I chose explicit identifier rather than rely on > >> >> MAC address to bind/pair a device. MAC address can change. Even if it > >> >> can't, malicious guest user can fake MAC address to skip binding. > >> >> > >> >> -Siwei > >> > > >> > Address should be sampled at device creation to prevent this > >> > kind of hack. Not that it buys the malicious user much: > >> > if you can poke at MAC addresses you probably already can > >> > break networking. > >> > >> I don't understand why poking at MAC address may potentially break > >> networking. > > > > Set a MAC address to match another device on the same LAN, > > packets will stop reaching that MAC. > > What I meant was guest users may create a virtual link, say veth that > has exactly the same MAC address as that for the VF, which can easily > get around of the binding procedure. This patchset limits binding to PCI devices so it won't be affected by any hacks around virtual devices. > There's no explicit flag to > identify a VF or pass-through device AFAIK. And sometimes this happens > maybe due to user misconfiguring the link. This process should be > hardened to avoid from any potential configuration errors. They are still PCI devices though. > > > >> Unlike VF, passthrough PCI endpoint device has its freedom > >> to change the MAC address. Even on a VF setup it's not neccessarily > >> always safe to assume the VF's MAC address cannot or shouldn't be > >> changed. That depends on the specific need whether the host admin > >> wants to restrict guest from changing the MAC address, although in > >> most cases it's true. > >> > >> I understand we can use the perm_addr to distinguish. But as said, > >> this will pose limitation of flexible configuration where one can > >> assign VFs with identical MAC address at all while each VF belongs to > >> different PF and/or different subnet for e.g. load balancing. > >> And > >> furthermore, the QEMU device model never uses MAC address to be > >> interpreted as an identifier, which requires to be unique per VM > >> instance. Why we're introducing this inconsistency? > >> > >> -Siwei > > > > Because it addresses most of the issues and is simple. That's already > > much better than what we have now which is nothing unless guest > > configures things manually. > > Did you see my QEMU patch for using BDF as the grouping identifier? Yes. And I don't think it can work because bus numbers are guest specified. > And there can be others like what you suggested, but the point is that > it's requried to support explicit grouping mechanism from day one, > before the backup property cast into stones. Let's start with addressing simple configs with just two NICs. Down the road I can see possible extensions that can work: for example, require that devices are on the same pci bridge. Or we could even make the virtio device actually include a pci bridge (as part of same or a child function), the PT would have to be behind it. As long as we are not breaking anything, adding more flags to fix non-working configurations is always fair game. > This is orthogonal to > device model being proposed, be it 1-netdev or not. Delaying it would > just mean support and compatibility burden, appearing more like a > design flaw rather than a feature to add later on. Well it's mostly myself who gets to support it, and I see the device model as much more fundamental as userspace will come to depend on it. So I'm not too worried, let's take this one step at a time. > > > > I think ideally the infrastructure should suppport flexible matching of > > NICs - netvsc is already reported to be moving to some kind of serial > > address. > > > As Stephen said, Hyper-V supports the serial UUID thing from day-one. > It's just the Linux netvsc guest driver itself does not leverage that > ID from the very beginging. > > Regards, > -Siwei We could add something like this, too. For example, we could add a virtual VPD capability with a UUID. Do you know how exactly does hyperv pass the UUID for NICs? > > > >> > > >> > > >> > > >> > > >> >> > >> >> > > >> >> > -- > >> >> > MST
On Wed, Apr 25, 2018 at 05:18:31PM -0700, Stephen Hemminger wrote: > On Wed, 25 Apr 2018 15:57:57 -0700 > Siwei Liu <loseweigh@gmail.com> wrote: > > > > > > > I think ideally the infrastructure should suppport flexible matching of > > > NICs - netvsc is already reported to be moving to some kind of serial > > > address. > > > > > As Stephen said, Hyper-V supports the serial UUID thing from day-one. > > It's just the Linux netvsc guest driver itself does not leverage that > > ID from the very beginging. > > > > Regards, > > -Siwei > > I am working on that. The problem is that it requires some messy work > to go from VF netdevice back to PCI device and from there to the PCI hyperv > host infrastructure to find the serial number. > > I was hoping that the serial number would also match the concept of PCI Express > device serial number. But that is a completely different ID :-( > The PCI-E serial number is a hardware serial number more like MAC address. > The Hyper-V serial number is more like PCI slot value. Asuming you mean the Device Serial Number Capability, I did consider this, and we could use that, changing the UUID to one matching the PV device, but I'm not sure no drivers will get confused suddenly seeing the UUID of another company there. If we are going the UUID route, a better idea might be to specify the UUID of the PCI port into which the PT device is being hotplugged. This is PCI-Express specific, but presumably legacy PCI/PCI-X devices aren't common enough to bother about this for now.
On Wed, Apr 25, 2018 at 7:28 PM, Michael S. Tsirkin <mst@redhat.com> wrote: > On Wed, Apr 25, 2018 at 03:57:57PM -0700, Siwei Liu wrote: >> On Wed, Apr 25, 2018 at 3:22 PM, Michael S. Tsirkin <mst@redhat.com> wrote: >> > On Wed, Apr 25, 2018 at 02:38:57PM -0700, Siwei Liu wrote: >> >> On Mon, Apr 23, 2018 at 1:06 PM, Michael S. Tsirkin <mst@redhat.com> wrote: >> >> > On Mon, Apr 23, 2018 at 12:44:39PM -0700, Siwei Liu wrote: >> >> >> On Mon, Apr 23, 2018 at 10:56 AM, Michael S. Tsirkin <mst@redhat.com> wrote: >> >> >> > On Mon, Apr 23, 2018 at 10:44:40AM -0700, Stephen Hemminger wrote: >> >> >> >> On Mon, 23 Apr 2018 20:24:56 +0300 >> >> >> >> "Michael S. Tsirkin" <mst@redhat.com> wrote: >> >> >> >> >> >> >> >> > On Mon, Apr 23, 2018 at 10:04:06AM -0700, Stephen Hemminger wrote: >> >> >> >> > > > > >> >> >> >> > > > >I will NAK patches to change to common code for netvsc especially the >> >> >> >> > > > >three device model. MS worked hard with distro vendors to support transparent >> >> >> >> > > > >mode, ans we really can't have a new model; or do backport. >> >> >> >> > > > > >> >> >> >> > > > >Plus, DPDK is now dependent on existing model. >> >> >> >> > > > >> >> >> >> > > > Sorry, but nobody here cares about dpdk or other similar oddities. >> >> >> >> > > >> >> >> >> > > The network device model is a userspace API, and DPDK is a userspace application. >> >> >> >> > >> >> >> >> > It is userspace but are you sure dpdk is actually poking at netdevs? >> >> >> >> > AFAIK it's normally banging device registers directly. >> >> >> >> > >> >> >> >> > > You can't go breaking userspace even if you don't like the application. >> >> >> >> > >> >> >> >> > Could you please explain how is the proposed patchset breaking >> >> >> >> > userspace? Ignoring DPDK for now, I don't think it changes the userspace >> >> >> >> > API at all. >> >> >> >> > >> >> >> >> >> >> >> >> The DPDK has a device driver vdev_netvsc which scans the Linux network devices >> >> >> >> to look for Linux netvsc device and the paired VF device and setup the >> >> >> >> DPDK environment. This setup creates a DPDK failsafe (bondingish) instance >> >> >> >> and sets up TAP support over the Linux netvsc device as well as the Mellanox >> >> >> >> VF device. >> >> >> >> >> >> >> >> So it depends on existing 2 device model. You can't go to a 3 device model >> >> >> >> or start hiding devices from userspace. >> >> >> > >> >> >> > Okay so how does the existing patch break that? IIUC does not go to >> >> >> > a 3 device model since netvsc calls failover_register directly. >> >> >> > >> >> >> >> Also, I am working on associating netvsc and VF device based on serial number >> >> >> >> rather than MAC address. The serial number is how Windows works now, and it makes >> >> >> >> sense for Linux and Windows to use the same mechanism if possible. >> >> >> > >> >> >> > Maybe we should support same for virtio ... >> >> >> > Which serial do you mean? From vpd? >> >> >> > >> >> >> > I guess you will want to keep supporting MAC for old hypervisors? >> >> >> > >> >> >> > It all seems like a reasonable thing to support in the generic core. >> >> >> >> >> >> That's the reason why I chose explicit identifier rather than rely on >> >> >> MAC address to bind/pair a device. MAC address can change. Even if it >> >> >> can't, malicious guest user can fake MAC address to skip binding. >> >> >> >> >> >> -Siwei >> >> > >> >> > Address should be sampled at device creation to prevent this >> >> > kind of hack. Not that it buys the malicious user much: >> >> > if you can poke at MAC addresses you probably already can >> >> > break networking. >> >> >> >> I don't understand why poking at MAC address may potentially break >> >> networking. >> > >> > Set a MAC address to match another device on the same LAN, >> > packets will stop reaching that MAC. >> >> What I meant was guest users may create a virtual link, say veth that >> has exactly the same MAC address as that for the VF, which can easily >> get around of the binding procedure. > > This patchset limits binding to PCI devices so it won't be affected > by any hacks around virtual devices. Wait, I vaguely recall you seemed to like to generalize this feature to non-PCI device. But now you're saying it should stick to PCI. It's not that I'm reluctant with sticking to PCI. The fact is that I don't think we can go with implementation until the semantics of the so-called _F_STANDBY feature can be clearly defined into the spec. Previously the boundary of using MAC address as the identifier for bonding was quite confusing to me. And now PCI adds to the matrix. However it still does not gurantee uniqueness I think. It's almost incorrect of choosing MAC address as the ID in the beginning since that has the implication of breaking existing configs. I don't think libvirt or QEMU today retricts the MAC address to be unique per VM instance. Neither the virtio spec mentions that. In addition, it's difficult to fake PCI device on Linux does not mean the same applies to other OSes that is going to implement this VirtIO feature. It's a fragile assumption IMHO. > >> There's no explicit flag to >> identify a VF or pass-through device AFAIK. And sometimes this happens >> maybe due to user misconfiguring the link. This process should be >> hardened to avoid from any potential configuration errors. > > They are still PCI devices though. > >> > >> >> Unlike VF, passthrough PCI endpoint device has its freedom >> >> to change the MAC address. Even on a VF setup it's not neccessarily >> >> always safe to assume the VF's MAC address cannot or shouldn't be >> >> changed. That depends on the specific need whether the host admin >> >> wants to restrict guest from changing the MAC address, although in >> >> most cases it's true. >> >> >> >> I understand we can use the perm_addr to distinguish. But as said, >> >> this will pose limitation of flexible configuration where one can >> >> assign VFs with identical MAC address at all while each VF belongs to >> >> different PF and/or different subnet for e.g. load balancing. >> >> And >> >> furthermore, the QEMU device model never uses MAC address to be >> >> interpreted as an identifier, which requires to be unique per VM >> >> instance. Why we're introducing this inconsistency? >> >> >> >> -Siwei >> > >> > Because it addresses most of the issues and is simple. That's already >> > much better than what we have now which is nothing unless guest >> > configures things manually. >> >> Did you see my QEMU patch for using BDF as the grouping identifier? > > Yes. And I don't think it can work because bus numbers are > guest specified. I know it's not ideal but perhaps its the best one can do in the KVM world without adding complex config e.g. PCI bridge. Even if bus number is guest specified, it's readily available in the guest and recognizable by any OS, while on the QEMU configuration users specify an id instead of the bus number. Unlike Hyper-V PCI bus, I don't think there exists a para-virtual PCI bus in QEMU backend to expose VPD capability to a passthrough device. > >> And there can be others like what you suggested, but the point is that >> it's requried to support explicit grouping mechanism from day one, >> before the backup property cast into stones. > > Let's start with addressing simple configs with just two NICs. > > Down the road I can see possible extensions that can work: for example, > require that devices are on the same pci bridge. Or we could even make > the virtio device actually include a pci bridge (as part of same > or a child function), the PT would have to be > behind it. > > As long as we are not breaking anything, adding more flags to fix > non-working configurations is always fair game. While it may work, the PCI bridge has NUMA and IOMMU implications that would restrict the current flexibility to group devices. I'm not sure if vIOMMU would have to be introduced inadvertently for isolation/protection of devices under the PCI bridge which may cause negative performance impact on the VF. > >> This is orthogonal to >> device model being proposed, be it 1-netdev or not. Delaying it would >> just mean support and compatibility burden, appearing more like a >> design flaw rather than a feature to add later on. > > Well it's mostly myself who gets to support it, and I see the device > model as much more fundamental as userspace will come to depend > on it. So I'm not too worried, let's take this one step at a time. > >> > >> > I think ideally the infrastructure should suppport flexible matching of >> > NICs - netvsc is already reported to be moving to some kind of serial >> > address. >> > >> As Stephen said, Hyper-V supports the serial UUID thing from day-one. >> It's just the Linux netvsc guest driver itself does not leverage that >> ID from the very beginging. >> >> Regards, >> -Siwei > > We could add something like this, too. For example, > we could add a virtual VPD capability with a UUID. I'm not an expert on that and wonder how you could do this (add a virtual VPD capability with a UUID to passthrough device) with existing QEMU emulation model and native PCI bus. > > Do you know how exactly does hyperv pass the UUID for NICs? Stephen might know it more and can correct me. But my personal interpretation is that the SN is a host generated 32 bit sequence number which is unique per VM instance and gets propogated to guest via the para-virtual Hyper-V PCI bus. Regards, -Siwei > >> > >> >> > >> >> > >> >> > >> >> > >> >> >> >> >> >> > >> >> >> > -- >> >> >> > MST
On Thu, Apr 26, 2018 at 03:14:46PM -0700, Siwei Liu wrote: > On Wed, Apr 25, 2018 at 7:28 PM, Michael S. Tsirkin <mst@redhat.com> wrote: > > On Wed, Apr 25, 2018 at 03:57:57PM -0700, Siwei Liu wrote: > >> On Wed, Apr 25, 2018 at 3:22 PM, Michael S. Tsirkin <mst@redhat.com> wrote: > >> > On Wed, Apr 25, 2018 at 02:38:57PM -0700, Siwei Liu wrote: > >> >> On Mon, Apr 23, 2018 at 1:06 PM, Michael S. Tsirkin <mst@redhat.com> wrote: > >> >> > On Mon, Apr 23, 2018 at 12:44:39PM -0700, Siwei Liu wrote: > >> >> >> On Mon, Apr 23, 2018 at 10:56 AM, Michael S. Tsirkin <mst@redhat.com> wrote: > >> >> >> > On Mon, Apr 23, 2018 at 10:44:40AM -0700, Stephen Hemminger wrote: > >> >> >> >> On Mon, 23 Apr 2018 20:24:56 +0300 > >> >> >> >> "Michael S. Tsirkin" <mst@redhat.com> wrote: > >> >> >> >> > >> >> >> >> > On Mon, Apr 23, 2018 at 10:04:06AM -0700, Stephen Hemminger wrote: > >> >> >> >> > > > > > >> >> >> >> > > > >I will NAK patches to change to common code for netvsc especially the > >> >> >> >> > > > >three device model. MS worked hard with distro vendors to support transparent > >> >> >> >> > > > >mode, ans we really can't have a new model; or do backport. > >> >> >> >> > > > > > >> >> >> >> > > > >Plus, DPDK is now dependent on existing model. > >> >> >> >> > > > > >> >> >> >> > > > Sorry, but nobody here cares about dpdk or other similar oddities. > >> >> >> >> > > > >> >> >> >> > > The network device model is a userspace API, and DPDK is a userspace application. > >> >> >> >> > > >> >> >> >> > It is userspace but are you sure dpdk is actually poking at netdevs? > >> >> >> >> > AFAIK it's normally banging device registers directly. > >> >> >> >> > > >> >> >> >> > > You can't go breaking userspace even if you don't like the application. > >> >> >> >> > > >> >> >> >> > Could you please explain how is the proposed patchset breaking > >> >> >> >> > userspace? Ignoring DPDK for now, I don't think it changes the userspace > >> >> >> >> > API at all. > >> >> >> >> > > >> >> >> >> > >> >> >> >> The DPDK has a device driver vdev_netvsc which scans the Linux network devices > >> >> >> >> to look for Linux netvsc device and the paired VF device and setup the > >> >> >> >> DPDK environment. This setup creates a DPDK failsafe (bondingish) instance > >> >> >> >> and sets up TAP support over the Linux netvsc device as well as the Mellanox > >> >> >> >> VF device. > >> >> >> >> > >> >> >> >> So it depends on existing 2 device model. You can't go to a 3 device model > >> >> >> >> or start hiding devices from userspace. > >> >> >> > > >> >> >> > Okay so how does the existing patch break that? IIUC does not go to > >> >> >> > a 3 device model since netvsc calls failover_register directly. > >> >> >> > > >> >> >> >> Also, I am working on associating netvsc and VF device based on serial number > >> >> >> >> rather than MAC address. The serial number is how Windows works now, and it makes > >> >> >> >> sense for Linux and Windows to use the same mechanism if possible. > >> >> >> > > >> >> >> > Maybe we should support same for virtio ... > >> >> >> > Which serial do you mean? From vpd? > >> >> >> > > >> >> >> > I guess you will want to keep supporting MAC for old hypervisors? > >> >> >> > > >> >> >> > It all seems like a reasonable thing to support in the generic core. > >> >> >> > >> >> >> That's the reason why I chose explicit identifier rather than rely on > >> >> >> MAC address to bind/pair a device. MAC address can change. Even if it > >> >> >> can't, malicious guest user can fake MAC address to skip binding. > >> >> >> > >> >> >> -Siwei > >> >> > > >> >> > Address should be sampled at device creation to prevent this > >> >> > kind of hack. Not that it buys the malicious user much: > >> >> > if you can poke at MAC addresses you probably already can > >> >> > break networking. > >> >> > >> >> I don't understand why poking at MAC address may potentially break > >> >> networking. > >> > > >> > Set a MAC address to match another device on the same LAN, > >> > packets will stop reaching that MAC. > >> > >> What I meant was guest users may create a virtual link, say veth that > >> has exactly the same MAC address as that for the VF, which can easily > >> get around of the binding procedure. > > > > This patchset limits binding to PCI devices so it won't be affected > > by any hacks around virtual devices. > > Wait, I vaguely recall you seemed to like to generalize this feature > to non-PCI device. It's purely a layering thing. It is cleaner not to have PCI specific data in the device-specific transport-independent section of the virtio spec. > But now you're saying it should stick to PCI. It's > not that I'm reluctant with sticking to PCI. The fact is that I don't > think we can go with implementation until the semantics of the > so-called _F_STANDBY feature can be clearly defined into the spec. > Previously the boundary of using MAC address as the identifier for > bonding was quite confusing to me. And now PCI adds to the matrix. PCI is simply one way to exclude software NICs. It's not the most elegant one, but it will cover many setups. We can add more types, but we do want to exclude software devices since these have not been supplied by the hypervisor. > However it still does not gurantee uniqueness I think. It's almost > incorrect of choosing MAC address as the ID in the beginning since > that has the implication of breaking existing configs. IMO there's no chance it will break any existing config since no existing config sets _F_STANDBY. > I don't think > libvirt or QEMU today retricts the MAC address to be unique per VM > instance. Neither the virtio spec mentions that. You really don't have to. > In addition, it's difficult to fake PCI device on Linux does not mean > the same applies to other OSes that is going to implement this VirtIO > feature. It's a fragile assumption IMHO. What an OS does internally is its own business. What we are telling the guest here is simply that the virtio NIC is actually the same device as some other NIC. At this point we do not specify this other NIC in any way. So how do you find it? Well it has to have the same MAC clearly. You point out that there could be multiple NICs with the same MAC in theory. It's a broken config generally but since it kind of works in some setups maybe it's worth supporting. If so we can look for ways to make the matching more specific by e.g. adding more flags but I see that as a separate issue, and pretty narrow in scope. > > > >> There's no explicit flag to > >> identify a VF or pass-through device AFAIK. And sometimes this happens > >> maybe due to user misconfiguring the link. This process should be > >> hardened to avoid from any potential configuration errors. > > > > They are still PCI devices though. > > > >> > > >> >> Unlike VF, passthrough PCI endpoint device has its freedom > >> >> to change the MAC address. Even on a VF setup it's not neccessarily > >> >> always safe to assume the VF's MAC address cannot or shouldn't be > >> >> changed. That depends on the specific need whether the host admin > >> >> wants to restrict guest from changing the MAC address, although in > >> >> most cases it's true. > >> >> > >> >> I understand we can use the perm_addr to distinguish. But as said, > >> >> this will pose limitation of flexible configuration where one can > >> >> assign VFs with identical MAC address at all while each VF belongs to > >> >> different PF and/or different subnet for e.g. load balancing. > >> >> And > >> >> furthermore, the QEMU device model never uses MAC address to be > >> >> interpreted as an identifier, which requires to be unique per VM > >> >> instance. Why we're introducing this inconsistency? > >> >> > >> >> -Siwei > >> > > >> > Because it addresses most of the issues and is simple. That's already > >> > much better than what we have now which is nothing unless guest > >> > configures things manually. > >> > >> Did you see my QEMU patch for using BDF as the grouping identifier? > > > > Yes. And I don't think it can work because bus numbers are > > guest specified. > > I know it's not ideal but perhaps its the best one can do in the KVM > world without adding complex config e.g. PCI bridge. KVM is just a VMX/SVM driver. I think you mean QEMU. And well - "best one can do" is a high bar to clear. > Even if bus > number is guest specified, it's readily available in the guest and > recognizable by any OS, while on the QEMU configuration users specify > an id instead of the bus number. Unlike Hyper-V PCI bus, I don't think > there exists a para-virtual PCI bus in QEMU backend to expose VPD > capability to a passthrough device. We can always add more interfaces if we need them. But let's be clear that we are adding an interface and what are we trying to fix by doing it. Let's not mix it as part of the failover discussion. > > > >> And there can be others like what you suggested, but the point is that > >> it's requried to support explicit grouping mechanism from day one, > >> before the backup property cast into stones. > > > > Let's start with addressing simple configs with just two NICs. > > > > Down the road I can see possible extensions that can work: for example, > > require that devices are on the same pci bridge. Or we could even make > > the virtio device actually include a pci bridge (as part of same > > or a child function), the PT would have to be > > behind it. > > > > As long as we are not breaking anything, adding more flags to fix > > non-working configurations is always fair game. > > While it may work, the PCI bridge has NUMA and IOMMU implications that > would restrict the current flexibility to group devices. It's interesting you should mention that. If you want to be flexible in placing the primary device WRT NUMA and IOMMU, and given that both IOMMU and NUMA are keyed by the bus address, then doesn't this completely break the idea of passing the bus address to the guest? > I'm not sure > if vIOMMU would have to be introduced inadvertently for > isolation/protection of devices under the PCI bridge which may cause > negative performance impact on the VF. No idea how do you introduce an IOMMU inadvertently. > > > >> This is orthogonal to > >> device model being proposed, be it 1-netdev or not. Delaying it would > >> just mean support and compatibility burden, appearing more like a > >> design flaw rather than a feature to add later on. > > > > Well it's mostly myself who gets to support it, and I see the device > > model as much more fundamental as userspace will come to depend > > on it. So I'm not too worried, let's take this one step at a time. > > > >> > > >> > I think ideally the infrastructure should suppport flexible matching of > >> > NICs - netvsc is already reported to be moving to some kind of serial > >> > address. > >> > > >> As Stephen said, Hyper-V supports the serial UUID thing from day-one. > >> It's just the Linux netvsc guest driver itself does not leverage that > >> ID from the very beginging. > >> > >> Regards, > >> -Siwei > > > > We could add something like this, too. For example, > > we could add a virtual VPD capability with a UUID. > > I'm not an expert on that and wonder how you could do this (add a > virtual VPD capability with a UUID to passthrough device) with > existing QEMU emulation model and native PCI bus. I think I see an elegant way to do that. You could put it in the port where you want to stick you PT device. Here's how it could work then: - standby virtio device is tied to a pci bridge. Tied how? Well it could be - behind this bridge - include a bridge internally - have the bridge as a PCI function - include a bridge and the bridge as a PCI function - have a VPD or serial capability with same UUID as the bridge - primary passthrough device is placed behind a bridge *with the same ID* - either simply behind the same bridge - or behind another bridge with the same UUID. The treatment could also be limited just to bridges which have a specific vendor/device id (maybe a good idea), or in any other arbitrary way. > > > > Do you know how exactly does hyperv pass the UUID for NICs? > > Stephen might know it more and can correct me. But my personal > interpretation is that the SN is a host generated 32 bit sequence > number which is unique per VM instance and gets propogated to guest > via the para-virtual Hyper-V PCI bus. > > Regards, > -Siwei Ah, so it's a Hyper-V thing. > > > >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> >> > >> >> >> > > >> >> >> > -- > >> >> >> > MST
On Thu, Apr 26, 2018 at 4:42 PM, Michael S. Tsirkin <mst@redhat.com> wrote: > On Thu, Apr 26, 2018 at 03:14:46PM -0700, Siwei Liu wrote: >> On Wed, Apr 25, 2018 at 7:28 PM, Michael S. Tsirkin <mst@redhat.com> wrote: >> > On Wed, Apr 25, 2018 at 03:57:57PM -0700, Siwei Liu wrote: >> >> On Wed, Apr 25, 2018 at 3:22 PM, Michael S. Tsirkin <mst@redhat.com> wrote: >> >> > On Wed, Apr 25, 2018 at 02:38:57PM -0700, Siwei Liu wrote: >> >> >> On Mon, Apr 23, 2018 at 1:06 PM, Michael S. Tsirkin <mst@redhat.com> wrote: >> >> >> > On Mon, Apr 23, 2018 at 12:44:39PM -0700, Siwei Liu wrote: >> >> >> >> On Mon, Apr 23, 2018 at 10:56 AM, Michael S. Tsirkin <mst@redhat.com> wrote: >> >> >> >> > On Mon, Apr 23, 2018 at 10:44:40AM -0700, Stephen Hemminger wrote: >> >> >> >> >> On Mon, 23 Apr 2018 20:24:56 +0300 >> >> >> >> >> "Michael S. Tsirkin" <mst@redhat.com> wrote: >> >> >> >> >> >> >> >> >> >> > On Mon, Apr 23, 2018 at 10:04:06AM -0700, Stephen Hemminger wrote: >> >> >> >> >> > > > > >> >> >> >> >> > > > >I will NAK patches to change to common code for netvsc especially the >> >> >> >> >> > > > >three device model. MS worked hard with distro vendors to support transparent >> >> >> >> >> > > > >mode, ans we really can't have a new model; or do backport. >> >> >> >> >> > > > > >> >> >> >> >> > > > >Plus, DPDK is now dependent on existing model. >> >> >> >> >> > > > >> >> >> >> >> > > > Sorry, but nobody here cares about dpdk or other similar oddities. >> >> >> >> >> > > >> >> >> >> >> > > The network device model is a userspace API, and DPDK is a userspace application. >> >> >> >> >> > >> >> >> >> >> > It is userspace but are you sure dpdk is actually poking at netdevs? >> >> >> >> >> > AFAIK it's normally banging device registers directly. >> >> >> >> >> > >> >> >> >> >> > > You can't go breaking userspace even if you don't like the application. >> >> >> >> >> > >> >> >> >> >> > Could you please explain how is the proposed patchset breaking >> >> >> >> >> > userspace? Ignoring DPDK for now, I don't think it changes the userspace >> >> >> >> >> > API at all. >> >> >> >> >> > >> >> >> >> >> >> >> >> >> >> The DPDK has a device driver vdev_netvsc which scans the Linux network devices >> >> >> >> >> to look for Linux netvsc device and the paired VF device and setup the >> >> >> >> >> DPDK environment. This setup creates a DPDK failsafe (bondingish) instance >> >> >> >> >> and sets up TAP support over the Linux netvsc device as well as the Mellanox >> >> >> >> >> VF device. >> >> >> >> >> >> >> >> >> >> So it depends on existing 2 device model. You can't go to a 3 device model >> >> >> >> >> or start hiding devices from userspace. >> >> >> >> > >> >> >> >> > Okay so how does the existing patch break that? IIUC does not go to >> >> >> >> > a 3 device model since netvsc calls failover_register directly. >> >> >> >> > >> >> >> >> >> Also, I am working on associating netvsc and VF device based on serial number >> >> >> >> >> rather than MAC address. The serial number is how Windows works now, and it makes >> >> >> >> >> sense for Linux and Windows to use the same mechanism if possible. >> >> >> >> > >> >> >> >> > Maybe we should support same for virtio ... >> >> >> >> > Which serial do you mean? From vpd? >> >> >> >> > >> >> >> >> > I guess you will want to keep supporting MAC for old hypervisors? >> >> >> >> > >> >> >> >> > It all seems like a reasonable thing to support in the generic core. >> >> >> >> >> >> >> >> That's the reason why I chose explicit identifier rather than rely on >> >> >> >> MAC address to bind/pair a device. MAC address can change. Even if it >> >> >> >> can't, malicious guest user can fake MAC address to skip binding. >> >> >> >> >> >> >> >> -Siwei >> >> >> > >> >> >> > Address should be sampled at device creation to prevent this >> >> >> > kind of hack. Not that it buys the malicious user much: >> >> >> > if you can poke at MAC addresses you probably already can >> >> >> > break networking. >> >> >> >> >> >> I don't understand why poking at MAC address may potentially break >> >> >> networking. >> >> > >> >> > Set a MAC address to match another device on the same LAN, >> >> > packets will stop reaching that MAC. >> >> >> >> What I meant was guest users may create a virtual link, say veth that >> >> has exactly the same MAC address as that for the VF, which can easily >> >> get around of the binding procedure. >> > >> > This patchset limits binding to PCI devices so it won't be affected >> > by any hacks around virtual devices. >> >> Wait, I vaguely recall you seemed to like to generalize this feature >> to non-PCI device. > > It's purely a layering thing. It is cleaner not to have PCI specific > data in the device-specific transport-independent section of the virtio > spec. > OK. So looks like you think it's okay to include PCI specific concept but not the data? Like a feature indicating the virtio device is behind a (external) PCI bridge, and perhaps also includes the data present in the PCI bridge/function's capability? Sorry for asking tough questions. I still need to understand and digest the boundary of this layering thing. > >> But now you're saying it should stick to PCI. It's >> not that I'm reluctant with sticking to PCI. The fact is that I don't >> think we can go with implementation until the semantics of the >> so-called _F_STANDBY feature can be clearly defined into the spec. >> Previously the boundary of using MAC address as the identifier for >> bonding was quite confusing to me. And now PCI adds to the matrix. > > PCI is simply one way to exclude software NICs. It's not the most > elegant one, but it will cover many setups. We can add more types, but > we do want to exclude software devices since these have > not been supplied by the hypervisor. I'm afraid it's a loose end. The real thing is there's no way to indicate VF or passthrough device on Linux, even true on some other OS. There's no such flag exists yet. Even the emulated e1000 and rltk8139 device looks the same as PCI device. And as part of the requirements of being a spec, the behaviour and expectation need to be precisely described for implementations to follow. There's no point to assume just one OS will implement this feature so it needs to depend on specifics of that OS. > >> However it still does not gurantee uniqueness I think. It's almost >> incorrect of choosing MAC address as the ID in the beginning since >> that has the implication of breaking existing configs. > > IMO there's no chance it will break any existing config since > no existing config sets _F_STANDBY. True, but it breaks people's expectation that it has to rely on MAC address being unique when turning it on for live migration, and once it happens some configs with same MAC address would break (for e.g. bonding setup can have it for cross subnet failover and site replication). Unless this limitation is clearly documented in the spec I don't think people will notice that until it breaks. > >> I don't think >> libvirt or QEMU today retricts the MAC address to be unique per VM >> instance. Neither the virtio spec mentions that. > > You really don't have to. > >> In addition, it's difficult to fake PCI device on Linux does not mean >> the same applies to other OSes that is going to implement this VirtIO >> feature. It's a fragile assumption IMHO. > > What an OS does internally is its own business. > > What we are telling the guest here is simply that the virtio NIC is > actually the same device as some other NIC. At this point we do not > specify this other NIC in any way. So how do you find it? Well it has > to have the same MAC clearly. Well this condition is absolutely neccessary but not sufficient. There should be some other unique key to help find the NIC as the MAC cannot be unique as what people generally thought it be. > > You point out that there could be multiple NICs with the same > MAC in theory. It's a broken config generally but since it > kind of works in some setups maybe it's worth supporting. > If so we can look for ways to make the matching more specific by e.g. > adding more flags but I see that as a separate issue, > and pretty narrow in scope. Well there are precedents that people thought something broken but soon find out users already depends on the "broken" behaviour. Nowadays widely use of virtualization technology make MAC address duplication really cheap. It's not that uncommon as one might think. Unless the expectation can be explicitly documented in the spec, I don't feel it's something users can easily infer from what the new feature should target - live migration. > >> > >> >> There's no explicit flag to >> >> identify a VF or pass-through device AFAIK. And sometimes this happens >> >> maybe due to user misconfiguring the link. This process should be >> >> hardened to avoid from any potential configuration errors. >> > >> > They are still PCI devices though. >> > >> >> > >> >> >> Unlike VF, passthrough PCI endpoint device has its freedom >> >> >> to change the MAC address. Even on a VF setup it's not neccessarily >> >> >> always safe to assume the VF's MAC address cannot or shouldn't be >> >> >> changed. That depends on the specific need whether the host admin >> >> >> wants to restrict guest from changing the MAC address, although in >> >> >> most cases it's true. >> >> >> >> >> >> I understand we can use the perm_addr to distinguish. But as said, >> >> >> this will pose limitation of flexible configuration where one can >> >> >> assign VFs with identical MAC address at all while each VF belongs to >> >> >> different PF and/or different subnet for e.g. load balancing. >> >> >> And >> >> >> furthermore, the QEMU device model never uses MAC address to be >> >> >> interpreted as an identifier, which requires to be unique per VM >> >> >> instance. Why we're introducing this inconsistency? >> >> >> >> >> >> -Siwei >> >> > >> >> > Because it addresses most of the issues and is simple. That's already >> >> > much better than what we have now which is nothing unless guest >> >> > configures things manually. >> >> >> >> Did you see my QEMU patch for using BDF as the grouping identifier? >> > >> > Yes. And I don't think it can work because bus numbers are >> > guest specified. >> >> I know it's not ideal but perhaps its the best one can do in the KVM >> world without adding complex config e.g. PCI bridge. > > KVM is just a VMX/SVM driver. I think you mean QEMU. And well - > "best one can do" is a high bar to clear. > > Glad you'd have to admit that there's no better way *without introducing complex PCI bridge setup* in the KVM, oops, QEMU without KVM? err, QEMU with KVM world. >> Even if bus >> number is guest specified, it's readily available in the guest and >> recognizable by any OS, while on the QEMU configuration users specify >> an id instead of the bus number. Unlike Hyper-V PCI bus, I don't think >> there exists a para-virtual PCI bus in QEMU backend to expose VPD >> capability to a passthrough device. > > We can always add more interfaces if we need them. But let's be clear > that we are adding an interface and what are we trying to fix by doing > it. Let's not mix it as part of the failover discussion. I'm sorry, I don't understand why this should not be part of the failover discussion. There's a lot of ambiguity about the semantics and the expectation of the _F_STANDBY feature, and that should be recorded in virtio-dev. If you think we should run it with a different thread, I can definitely fork a new thread to continue. As you may wonder, the other aspects unclear to me now are: - does this feature imply the device model already? The 3-netdev? - should clear the feature bit upon unsuccessful creation of the failover interface or failure to enslave the VF? - does the feature bit indicate migratability status for the corresponding VF/PT device? - does the feature expect automatic bonding by default or always? - does the guest user have the freedom to disable/re-enable the automatic bonding? such that they can use raw VF for DPDK or RDMA after the migration - ... I hope the answer won't just be to look at what the current implementation is doing. The discussion will be helpful, at least not harmful, for people to understand the intention and definition clearly, since live migration itself is just too complicated. > >> > >> >> And there can be others like what you suggested, but the point is that >> >> it's requried to support explicit grouping mechanism from day one, >> >> before the backup property cast into stones. >> > >> > Let's start with addressing simple configs with just two NICs. >> > >> > Down the road I can see possible extensions that can work: for example, >> > require that devices are on the same pci bridge. Or we could even make >> > the virtio device actually include a pci bridge (as part of same >> > or a child function), the PT would have to be >> > behind it. >> > >> > As long as we are not breaking anything, adding more flags to fix >> > non-working configurations is always fair game. >> >> While it may work, the PCI bridge has NUMA and IOMMU implications that >> would restrict the current flexibility to group devices. > > It's interesting you should mention that. > > If you want to be flexible in placing the primary device WRT NUMA and > IOMMU, and given that both IOMMU and NUMA are keyed by the bus address, > then doesn't this completely break the idea of passing > the bus address to the guest? I'm confused. Isn't the NUMA and IOMMU disposition host admin should explicitly define? In that case it's assumed that s/he understand the implication and the bus address doesn't restrict the host admin from placing the device according to the NUMA or IOMMU consideration/constrait. > >> I'm not sure >> if vIOMMU would have to be introduced inadvertently for >> isolation/protection of devices under the PCI bridge which may cause >> negative performance impact on the VF. > > No idea how do you introduce an IOMMU inadvertently. If the virtio has to be behind a different bridge thus IOMMU domain than that for VF (which does not actually need a guest IOMMU) then your former proposal of grouping them *under the same bridge* would come across hurtles. > >> > >> >> This is orthogonal to >> >> device model being proposed, be it 1-netdev or not. Delaying it would >> >> just mean support and compatibility burden, appearing more like a >> >> design flaw rather than a feature to add later on. >> > >> > Well it's mostly myself who gets to support it, and I see the device >> > model as much more fundamental as userspace will come to depend >> > on it. So I'm not too worried, let's take this one step at a time. >> > >> >> > >> >> > I think ideally the infrastructure should suppport flexible matching of >> >> > NICs - netvsc is already reported to be moving to some kind of serial >> >> > address. >> >> > >> >> As Stephen said, Hyper-V supports the serial UUID thing from day-one. >> >> It's just the Linux netvsc guest driver itself does not leverage that >> >> ID from the very beginging. >> >> >> >> Regards, >> >> -Siwei >> > >> > We could add something like this, too. For example, >> > we could add a virtual VPD capability with a UUID. >> >> I'm not an expert on that and wonder how you could do this (add a >> virtual VPD capability with a UUID to passthrough device) with >> existing QEMU emulation model and native PCI bus. > > > I think I see an elegant way to do that. > > You could put it in the port where you want to stick you PT device. > > Here's how it could work then: > > > - standby virtio device is tied to a pci bridge. > > Tied how? Well it could be > - behind this bridge An external PCI bridge? This gets back to the first question I ask. It's interesting a virtio feature should reference an externel object which seems more like a layering problem at least to me. > - include a bridge internally This internal one being a native PCI bridge or VirtIO PCI bridge? I'm almost cerntain it should be the latter down the road. That determines where the VPD or SN capability should reside. > - have the bridge as a PCI function > - include a bridge and the bridge as a PCI function > - have a VPD or serial capability with same UUID as the bridge > > - primary passthrough device is placed behind a bridge > *with the same ID* > > - either simply behind the same bridge > - or behind another bridge with the same UUID. > Good. Decouple the concept of grouping to rely on same PCI bridge, and another bridge with same UUID seems more flexible and promissing. > > The treatment could also be limited just to bridges which have a > specific vendor/device id (maybe a good idea), or in any other arbitrary > way. I'd think anway VirtIO spec revision is unavoidable if you have to involve PCI bridge. Not so complicated? Regards, -Siwei > > > > >> > >> > Do you know how exactly does hyperv pass the UUID for NICs? >> >> Stephen might know it more and can correct me. But my personal >> interpretation is that the SN is a host generated 32 bit sequence >> number which is unique per VM instance and gets propogated to guest >> via the para-virtual Hyper-V PCI bus. >> >> Regards, >> -Siwei > > Ah, so it's a Hyper-V thing. > > > > >> > >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> >> >> >> >> >> > >> >> >> >> > -- >> >> >> >> > MST
diff --git a/drivers/net/hyperv/Kconfig b/drivers/net/hyperv/Kconfig index 936968d23559..56099d10beed 100644 --- a/drivers/net/hyperv/Kconfig +++ b/drivers/net/hyperv/Kconfig @@ -1,5 +1,6 @@ config HYPERV_NET tristate "Microsoft Hyper-V virtual network driver" depends on HYPERV + depends on MAY_USE_FAILOVER help Select this option to enable the Hyper-V virtual network driver. diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h index 960f06141472..d8c2ff698693 100644 --- a/drivers/net/hyperv/hyperv_net.h +++ b/drivers/net/hyperv/hyperv_net.h @@ -768,6 +768,8 @@ struct net_device_context { u32 vf_alloc; /* Serial number of the VF to team with */ u32 vf_serial; + + struct failover *failover; }; /* Per channel data */ diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c index ecc84954c511..8404c22de32b 100644 --- a/drivers/net/hyperv/netvsc_drv.c +++ b/drivers/net/hyperv/netvsc_drv.c @@ -43,6 +43,7 @@ #include <net/pkt_sched.h> #include <net/checksum.h> #include <net/ip6_checksum.h> +#include <net/failover.h> #include "hyperv_net.h" @@ -1763,46 +1764,6 @@ static void netvsc_link_change(struct work_struct *w) rtnl_unlock(); } -static struct net_device *get_netvsc_bymac(const u8 *mac) -{ - struct net_device *dev; - - ASSERT_RTNL(); - - for_each_netdev(&init_net, dev) { - if (dev->netdev_ops != &device_ops) - continue; /* not a netvsc device */ - - if (ether_addr_equal(mac, dev->perm_addr)) - return dev; - } - - return NULL; -} - -static struct net_device *get_netvsc_byref(struct net_device *vf_netdev) -{ - struct net_device *dev; - - ASSERT_RTNL(); - - for_each_netdev(&init_net, dev) { - struct net_device_context *net_device_ctx; - - if (dev->netdev_ops != &device_ops) - continue; /* not a netvsc device */ - - net_device_ctx = netdev_priv(dev); - if (!rtnl_dereference(net_device_ctx->nvdev)) - continue; /* device is removed */ - - if (rtnl_dereference(net_device_ctx->vf_netdev) == vf_netdev) - return dev; /* a match */ - } - - return NULL; -} - /* Called when VF is injecting data into network stack. * Change the associated network device from VF to netvsc. * note: already called with rcu_read_lock @@ -1829,39 +1790,15 @@ static int netvsc_vf_join(struct net_device *vf_netdev, struct net_device *ndev) { struct net_device_context *ndev_ctx = netdev_priv(ndev); - int ret; - - ret = netdev_rx_handler_register(vf_netdev, - netvsc_vf_handle_frame, ndev); - if (ret != 0) { - netdev_err(vf_netdev, - "can not register netvsc VF receive handler (err = %d)\n", - ret); - goto rx_handler_failed; - } - - ret = netdev_upper_dev_link(vf_netdev, ndev, NULL); - if (ret != 0) { - netdev_err(vf_netdev, - "can not set master device %s (err = %d)\n", - ndev->name, ret); - goto upper_link_failed; - } - - /* set slave flag before open to prevent IPv6 addrconf */ - vf_netdev->flags |= IFF_SLAVE; schedule_delayed_work(&ndev_ctx->vf_takeover, VF_TAKEOVER_INT); - call_netdevice_notifiers(NETDEV_JOIN, vf_netdev); - netdev_info(vf_netdev, "joined to %s\n", ndev->name); - return 0; -upper_link_failed: - netdev_rx_handler_unregister(vf_netdev); -rx_handler_failed: - return ret; + dev_hold(vf_netdev); + rcu_assign_pointer(ndev_ctx->vf_netdev, vf_netdev); + + return 0; } static void __netvsc_vf_setup(struct net_device *ndev, @@ -1914,85 +1851,82 @@ static void netvsc_vf_setup(struct work_struct *w) rtnl_unlock(); } -static int netvsc_register_vf(struct net_device *vf_netdev) +static int netvsc_vf_pre_register(struct net_device *vf_netdev, + struct net_device *ndev) { - struct net_device *ndev; struct net_device_context *net_device_ctx; struct netvsc_device *netvsc_dev; - if (vf_netdev->addr_len != ETH_ALEN) - return NOTIFY_DONE; - - /* - * We will use the MAC address to locate the synthetic interface to - * associate with the VF interface. If we don't find a matching - * synthetic interface, move on. - */ - ndev = get_netvsc_bymac(vf_netdev->perm_addr); - if (!ndev) - return NOTIFY_DONE; - net_device_ctx = netdev_priv(ndev); netvsc_dev = rtnl_dereference(net_device_ctx->nvdev); if (!netvsc_dev || rtnl_dereference(net_device_ctx->vf_netdev)) - return NOTIFY_DONE; - - if (netvsc_vf_join(vf_netdev, ndev) != 0) - return NOTIFY_DONE; + return -EEXIST; netdev_info(ndev, "VF registering: %s\n", vf_netdev->name); - dev_hold(vf_netdev); - rcu_assign_pointer(net_device_ctx->vf_netdev, vf_netdev); - return NOTIFY_OK; + return 0; } /* VF up/down change detected, schedule to change data path */ -static int netvsc_vf_changed(struct net_device *vf_netdev) +static int netvsc_vf_changed(struct net_device *vf_netdev, + struct net_device *ndev) { struct net_device_context *net_device_ctx; struct netvsc_device *netvsc_dev; - struct net_device *ndev; bool vf_is_up = netif_running(vf_netdev); - ndev = get_netvsc_byref(vf_netdev); - if (!ndev) - return NOTIFY_DONE; - net_device_ctx = netdev_priv(ndev); netvsc_dev = rtnl_dereference(net_device_ctx->nvdev); if (!netvsc_dev) - return NOTIFY_DONE; + return -EINVAL; netvsc_switch_datapath(ndev, vf_is_up); netdev_info(ndev, "Data path switched %s VF: %s\n", vf_is_up ? "to" : "from", vf_netdev->name); - return NOTIFY_OK; + return 0; } -static int netvsc_unregister_vf(struct net_device *vf_netdev) +static int netvsc_vf_release(struct net_device *vf_netdev, + struct net_device *ndev) { - struct net_device *ndev; struct net_device_context *net_device_ctx; - ndev = get_netvsc_byref(vf_netdev); - if (!ndev) - return NOTIFY_DONE; - net_device_ctx = netdev_priv(ndev); - cancel_delayed_work_sync(&net_device_ctx->vf_takeover); + if (vf_netdev != rtnl_dereference(net_device_ctx->vf_netdev)) + return -EINVAL; - netdev_info(ndev, "VF unregistering: %s\n", vf_netdev->name); + cancel_delayed_work_sync(&net_device_ctx->vf_takeover); - netdev_rx_handler_unregister(vf_netdev); - netdev_upper_dev_unlink(vf_netdev, ndev); RCU_INIT_POINTER(net_device_ctx->vf_netdev, NULL); dev_put(vf_netdev); - return NOTIFY_OK; + return 0; } +static int netvsc_vf_pre_unregister(struct net_device *vf_netdev, + struct net_device *ndev) +{ + struct net_device_context *net_device_ctx; + + net_device_ctx = netdev_priv(ndev); + if (vf_netdev != rtnl_dereference(net_device_ctx->vf_netdev)) + return -EINVAL; + + netdev_info(ndev, "VF unregistering: %s\n", vf_netdev->name); + + return 0; +} + +static struct failover_ops netvsc_failover_ops = { + .slave_pre_register = netvsc_vf_pre_register, + .slave_join = netvsc_vf_join, + .slave_pre_unregister = netvsc_vf_pre_unregister, + .slave_release = netvsc_vf_release, + .slave_link_change = netvsc_vf_changed, + .handle_frame = netvsc_vf_handle_frame, +}; + static int netvsc_probe(struct hv_device *dev, const struct hv_vmbus_device_id *dev_id) { @@ -2082,8 +2016,15 @@ static int netvsc_probe(struct hv_device *dev, goto register_failed; } + ret = failover_register(net, &netvsc_failover_ops, + &net_device_ctx->failover); + if (ret != 0) + goto err_failover; + return ret; +err_failover: + unregister_netdev(net); register_failed: rndis_filter_device_remove(dev, nvdev); rndis_failed: @@ -2124,13 +2065,15 @@ static int netvsc_remove(struct hv_device *dev) rtnl_lock(); vf_netdev = rtnl_dereference(ndev_ctx->vf_netdev); if (vf_netdev) - netvsc_unregister_vf(vf_netdev); + failover_slave_unregister(vf_netdev); if (nvdev) rndis_filter_device_remove(dev, nvdev); unregister_netdevice(net); + failover_unregister(ndev_ctx->failover); + rtnl_unlock(); rcu_read_unlock(); @@ -2157,54 +2100,8 @@ static struct hv_driver netvsc_drv = { .remove = netvsc_remove, }; -/* - * On Hyper-V, every VF interface is matched with a corresponding - * synthetic interface. The synthetic interface is presented first - * to the guest. When the corresponding VF instance is registered, - * we will take care of switching the data path. - */ -static int netvsc_netdev_event(struct notifier_block *this, - unsigned long event, void *ptr) -{ - struct net_device *event_dev = netdev_notifier_info_to_dev(ptr); - - /* Skip our own events */ - if (event_dev->netdev_ops == &device_ops) - return NOTIFY_DONE; - - /* Avoid non-Ethernet type devices */ - if (event_dev->type != ARPHRD_ETHER) - return NOTIFY_DONE; - - /* Avoid Vlan dev with same MAC registering as VF */ - if (is_vlan_dev(event_dev)) - return NOTIFY_DONE; - - /* Avoid Bonding master dev with same MAC registering as VF */ - if ((event_dev->priv_flags & IFF_BONDING) && - (event_dev->flags & IFF_MASTER)) - return NOTIFY_DONE; - - switch (event) { - case NETDEV_REGISTER: - return netvsc_register_vf(event_dev); - case NETDEV_UNREGISTER: - return netvsc_unregister_vf(event_dev); - case NETDEV_UP: - case NETDEV_DOWN: - return netvsc_vf_changed(event_dev); - default: - return NOTIFY_DONE; - } -} - -static struct notifier_block netvsc_netdev_notifier = { - .notifier_call = netvsc_netdev_event, -}; - static void __exit netvsc_drv_exit(void) { - unregister_netdevice_notifier(&netvsc_netdev_notifier); vmbus_driver_unregister(&netvsc_drv); } @@ -2224,7 +2121,6 @@ static int __init netvsc_drv_init(void) if (ret) return ret; - register_netdevice_notifier(&netvsc_netdev_notifier); return 0; }
Use the registration/notification framework supported by the generic failover infrastructure. Signed-off-by: Sridhar Samudrala <sridhar.samudrala@intel.com> --- drivers/net/hyperv/Kconfig | 1 + drivers/net/hyperv/hyperv_net.h | 2 + drivers/net/hyperv/netvsc_drv.c | 208 ++++++++++------------------------------ 3 files changed, 55 insertions(+), 156 deletions(-)