[PATCH] vfio/pci: Generate more relevant log messages for reset failures

Alex Williamson posted 1 patch 2 years, 2 months ago
Test checkpatch passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/164141259622.4193261.8252690438434562107.stgit@omen
Maintainers: Alex Williamson <alex.williamson@redhat.com>
hw/vfio/pci.c |   44 ++++++++++++++++++++++++++++++++------------
1 file changed, 32 insertions(+), 12 deletions(-)
[PATCH] vfio/pci: Generate more relevant log messages for reset failures
Posted by Alex Williamson 2 years, 2 months ago
The VFIO_DEVICE_RESET ioctl might be backed by several different reset
methods, including a device specific reset (ie. custom reset code in
kernel), an ACPI reset (ie. custom reset code in firmware), FLR, PM,
and bus resets.  This listing is also the default priority order used
by the kernel for trying reset methods.  Traditionally we've had some
FUD regarding the PM reset as the extent of a "Soft Reset" is not well
defined in the PCI specification.  Therefore we try to guess what type
of reset a device might use for the VFIO_DEVICE_RESET and insert a bus
reset via the vfio hot reset interface if we think it could be a PM
reset.

This results in a couple odd tests for PM reset in our hot reset code,
as we assume if we don't detect has_pm_reset support that we can't
reset the device otherwise.  Starting with kernel v5.15, the kernel
exposes a sysfs attribute for devices that can tell us the priority
order for device resets, so long term (not implemented here) we no
longer need to play this guessing game, and if permissions allow we
could manipulate the order ourselves so that we don't need to inject
our own hot reset.

In the shorter term, implemented here, let's not assume we're out of
reset methods if we can't perform a hot reset and the device doesn't
support PM reset.  We can use reset_works as the authority, which
allows us to generate more comprehensible error messages for the case
when it actually doesn't work.

The impetus for this change is a result of commit d5daff7d3126 ("pcie:
implement slot power control for pcie root ports"), where powering off
a slot now results in a device reset.  If the slot is powered off as a
result of qdev_unplug() via the device request event, that device
request is potentially the result of an unbind operation in the host.
That unbind operation holds the kernel device lock, which causes the
VFIO_DEVICE_RESET ioctl to fail (or in the case of some kernels, has
cleared the flag indicating support of a device reset function).  We
can then end up with an SR-IOV VF device trying to trigger a hot reset,
which finds that it needs ownership of the PF group to perform such a
reset, resulting in confusing log messages.

Ultimately the above commit still introduces a log message that we
didn't have prior on such an unplug, but it's not unjustified to
perform such a reset, though it might be considered unnecessary.
Arguably failure to reset the device should always generate some sort
of meaningful log message.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
---
 hw/vfio/pci.c |   44 ++++++++++++++++++++++++++++++++------------
 1 file changed, 32 insertions(+), 12 deletions(-)

diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 7b45353ce27f..ea697951556e 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -2224,7 +2224,7 @@ static int vfio_pci_hot_reset(VFIOPCIDevice *vdev, bool single)
     ret = ioctl(vdev->vbasedev.fd, VFIO_DEVICE_GET_PCI_HOT_RESET_INFO, info);
     if (ret && errno != ENOSPC) {
         ret = -errno;
-        if (!vdev->has_pm_reset) {
+        if (!vdev->vbasedev.reset_works) {
             error_report("vfio: Cannot reset device %s, "
                          "no available reset mechanism.", vdev->vbasedev.name);
         }
@@ -2270,7 +2270,7 @@ static int vfio_pci_hot_reset(VFIOPCIDevice *vdev, bool single)
         }
 
         if (!group) {
-            if (!vdev->has_pm_reset) {
+            if (!vdev->vbasedev.reset_works) {
                 error_report("vfio: Cannot reset device %s, "
                              "depends on group %d which is not owned.",
                              vdev->vbasedev.name, devices[i].group_id);
@@ -3162,6 +3162,8 @@ static void vfio_exitfn(PCIDevice *pdev)
 static void vfio_pci_reset(DeviceState *dev)
 {
     VFIOPCIDevice *vdev = VFIO_PCI(dev);
+    Error *err = NULL;
+    int ret;
 
     trace_vfio_pci_reset(vdev->vbasedev.name);
 
@@ -3175,26 +3177,44 @@ static void vfio_pci_reset(DeviceState *dev)
         goto post_reset;
     }
 
-    if (vdev->vbasedev.reset_works &&
-        (vdev->has_flr || !vdev->has_pm_reset) &&
-        !ioctl(vdev->vbasedev.fd, VFIO_DEVICE_RESET)) {
-        trace_vfio_pci_reset_flr(vdev->vbasedev.name);
-        goto post_reset;
+    if (vdev->vbasedev.reset_works && (vdev->has_flr || !vdev->has_pm_reset)) {
+        if (!ioctl(vdev->vbasedev.fd, VFIO_DEVICE_RESET)) {
+            trace_vfio_pci_reset_flr(vdev->vbasedev.name);
+            goto post_reset;
+        }
+
+        error_setg_errno(&err, errno, "Unable to reset device");
     }
 
     /* See if we can do our own bus reset */
-    if (!vfio_pci_hot_reset_one(vdev)) {
+    ret = vfio_pci_hot_reset_one(vdev);
+    if (!ret) {
         goto post_reset;
     }
 
+    if (!err) {
+        error_setg_errno(&err, -ret, "Unable to perform bus reset");
+    }
+
     /* If nothing else works and the device supports PM reset, use it */
-    if (vdev->vbasedev.reset_works && vdev->has_pm_reset &&
-        !ioctl(vdev->vbasedev.fd, VFIO_DEVICE_RESET)) {
-        trace_vfio_pci_reset_pm(vdev->vbasedev.name);
-        goto post_reset;
+    if (vdev->vbasedev.reset_works && vdev->has_pm_reset) {
+        /* Prefer to report the ioctl failure mode */
+        error_free(err);
+        err = NULL;
+
+        if (!ioctl(vdev->vbasedev.fd, VFIO_DEVICE_RESET)) {
+            trace_vfio_pci_reset_pm(vdev->vbasedev.name);
+            goto post_reset;
+        }
+
+        error_setg_errno(&err, errno, "Unable to reset device");
     }
 
+    warn_reportf_err(err, VFIO_MSG_PREFIX, vdev->vbasedev.name);
+    err = NULL;
+
 post_reset:
+    error_free(err);
     vfio_pci_post_reset(vdev);
 }
 



Re: [PATCH] vfio/pci: Generate more relevant log messages for reset failures
Posted by Michael S. Tsirkin 2 years, 2 months ago
On Wed, Jan 05, 2022 at 12:56:42PM -0700, Alex Williamson wrote:
> The VFIO_DEVICE_RESET ioctl might be backed by several different reset
> methods, including a device specific reset (ie. custom reset code in
> kernel), an ACPI reset (ie. custom reset code in firmware), FLR, PM,
> and bus resets.  This listing is also the default priority order used
> by the kernel for trying reset methods.  Traditionally we've had some
> FUD regarding the PM reset as the extent of a "Soft Reset" is not well
> defined in the PCI specification.  Therefore we try to guess what type
> of reset a device might use for the VFIO_DEVICE_RESET and insert a bus
> reset via the vfio hot reset interface if we think it could be a PM
> reset.
> 
> This results in a couple odd tests for PM reset in our hot reset code,
> as we assume if we don't detect has_pm_reset support that we can't
> reset the device otherwise.  Starting with kernel v5.15, the kernel
> exposes a sysfs attribute for devices that can tell us the priority
> order for device resets, so long term (not implemented here) we no
> longer need to play this guessing game, and if permissions allow we
> could manipulate the order ourselves so that we don't need to inject
> our own hot reset.
> 
> In the shorter term, implemented here, let's not assume we're out of
> reset methods if we can't perform a hot reset and the device doesn't
> support PM reset.  We can use reset_works as the authority, which
> allows us to generate more comprehensible error messages for the case
> when it actually doesn't work.
> 
> The impetus for this change is a result of commit d5daff7d3126 ("pcie:
> implement slot power control for pcie root ports"), where powering off
> a slot now results in a device reset.  If the slot is powered off as a
> result of qdev_unplug() via the device request event, that device
> request is potentially the result of an unbind operation in the host.
> That unbind operation holds the kernel device lock, which causes the
> VFIO_DEVICE_RESET ioctl to fail (or in the case of some kernels, has
> cleared the flag indicating support of a device reset function).  We
> can then end up with an SR-IOV VF device trying to trigger a hot reset,
> which finds that it needs ownership of the PF group to perform such a
> reset, resulting in confusing log messages.
> 
> Ultimately the above commit still introduces a log message that we
> didn't have prior on such an unplug, but it's not unjustified to
> perform such a reset, though it might be considered unnecessary.
> Arguably failure to reset the device should always generate some sort
> of meaningful log message.
> 
> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>

Looks reasonable. Just an extra idea: do we want to maybe validate the
return code from the ioctl? I assume it's something like EBUSY right?
In any case better than what we have now:

Acked-by: Michael S. Tsirkin <mst@redhat.com>



> ---
>  hw/vfio/pci.c |   44 ++++++++++++++++++++++++++++++++------------
>  1 file changed, 32 insertions(+), 12 deletions(-)
> 
> diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
> index 7b45353ce27f..ea697951556e 100644
> --- a/hw/vfio/pci.c
> +++ b/hw/vfio/pci.c
> @@ -2224,7 +2224,7 @@ static int vfio_pci_hot_reset(VFIOPCIDevice *vdev, bool single)
>      ret = ioctl(vdev->vbasedev.fd, VFIO_DEVICE_GET_PCI_HOT_RESET_INFO, info);
>      if (ret && errno != ENOSPC) {
>          ret = -errno;
> -        if (!vdev->has_pm_reset) {
> +        if (!vdev->vbasedev.reset_works) {
>              error_report("vfio: Cannot reset device %s, "
>                           "no available reset mechanism.", vdev->vbasedev.name);
>          }
> @@ -2270,7 +2270,7 @@ static int vfio_pci_hot_reset(VFIOPCIDevice *vdev, bool single)
>          }
>  
>          if (!group) {
> -            if (!vdev->has_pm_reset) {
> +            if (!vdev->vbasedev.reset_works) {
>                  error_report("vfio: Cannot reset device %s, "
>                               "depends on group %d which is not owned.",
>                               vdev->vbasedev.name, devices[i].group_id);
> @@ -3162,6 +3162,8 @@ static void vfio_exitfn(PCIDevice *pdev)
>  static void vfio_pci_reset(DeviceState *dev)
>  {
>      VFIOPCIDevice *vdev = VFIO_PCI(dev);
> +    Error *err = NULL;
> +    int ret;
>  
>      trace_vfio_pci_reset(vdev->vbasedev.name);
>  
> @@ -3175,26 +3177,44 @@ static void vfio_pci_reset(DeviceState *dev)
>          goto post_reset;
>      }
>  
> -    if (vdev->vbasedev.reset_works &&
> -        (vdev->has_flr || !vdev->has_pm_reset) &&
> -        !ioctl(vdev->vbasedev.fd, VFIO_DEVICE_RESET)) {
> -        trace_vfio_pci_reset_flr(vdev->vbasedev.name);
> -        goto post_reset;
> +    if (vdev->vbasedev.reset_works && (vdev->has_flr || !vdev->has_pm_reset)) {
> +        if (!ioctl(vdev->vbasedev.fd, VFIO_DEVICE_RESET)) {
> +            trace_vfio_pci_reset_flr(vdev->vbasedev.name);
> +            goto post_reset;
> +        }
> +
> +        error_setg_errno(&err, errno, "Unable to reset device");
>      }
>  
>      /* See if we can do our own bus reset */
> -    if (!vfio_pci_hot_reset_one(vdev)) {
> +    ret = vfio_pci_hot_reset_one(vdev);
> +    if (!ret) {
>          goto post_reset;
>      }
>  
> +    if (!err) {
> +        error_setg_errno(&err, -ret, "Unable to perform bus reset");
> +    }
> +
>      /* If nothing else works and the device supports PM reset, use it */
> -    if (vdev->vbasedev.reset_works && vdev->has_pm_reset &&
> -        !ioctl(vdev->vbasedev.fd, VFIO_DEVICE_RESET)) {
> -        trace_vfio_pci_reset_pm(vdev->vbasedev.name);
> -        goto post_reset;
> +    if (vdev->vbasedev.reset_works && vdev->has_pm_reset) {
> +        /* Prefer to report the ioctl failure mode */
> +        error_free(err);
> +        err = NULL;
> +
> +        if (!ioctl(vdev->vbasedev.fd, VFIO_DEVICE_RESET)) {
> +            trace_vfio_pci_reset_pm(vdev->vbasedev.name);
> +            goto post_reset;
> +        }
> +
> +        error_setg_errno(&err, errno, "Unable to reset device");
>      }
>  
> +    warn_reportf_err(err, VFIO_MSG_PREFIX, vdev->vbasedev.name);
> +    err = NULL;
> +
>  post_reset:
> +    error_free(err);
>      vfio_pci_post_reset(vdev);
>  }
>  
> 


Re: [PATCH] vfio/pci: Generate more relevant log messages for reset failures
Posted by Alex Williamson 2 years, 2 months ago
On Wed, 5 Jan 2022 16:05:45 -0500
"Michael S. Tsirkin" <mst@redhat.com> wrote:

> On Wed, Jan 05, 2022 at 12:56:42PM -0700, Alex Williamson wrote:
> > The VFIO_DEVICE_RESET ioctl might be backed by several different reset
> > methods, including a device specific reset (ie. custom reset code in
> > kernel), an ACPI reset (ie. custom reset code in firmware), FLR, PM,
> > and bus resets.  This listing is also the default priority order used
> > by the kernel for trying reset methods.  Traditionally we've had some
> > FUD regarding the PM reset as the extent of a "Soft Reset" is not well
> > defined in the PCI specification.  Therefore we try to guess what type
> > of reset a device might use for the VFIO_DEVICE_RESET and insert a bus
> > reset via the vfio hot reset interface if we think it could be a PM
> > reset.
> > 
> > This results in a couple odd tests for PM reset in our hot reset code,
> > as we assume if we don't detect has_pm_reset support that we can't
> > reset the device otherwise.  Starting with kernel v5.15, the kernel
> > exposes a sysfs attribute for devices that can tell us the priority
> > order for device resets, so long term (not implemented here) we no
> > longer need to play this guessing game, and if permissions allow we
> > could manipulate the order ourselves so that we don't need to inject
> > our own hot reset.
> > 
> > In the shorter term, implemented here, let's not assume we're out of
> > reset methods if we can't perform a hot reset and the device doesn't
> > support PM reset.  We can use reset_works as the authority, which
> > allows us to generate more comprehensible error messages for the case
> > when it actually doesn't work.
> > 
> > The impetus for this change is a result of commit d5daff7d3126 ("pcie:
> > implement slot power control for pcie root ports"), where powering off
> > a slot now results in a device reset.  If the slot is powered off as a
> > result of qdev_unplug() via the device request event, that device
> > request is potentially the result of an unbind operation in the host.
> > That unbind operation holds the kernel device lock, which causes the
> > VFIO_DEVICE_RESET ioctl to fail (or in the case of some kernels, has
> > cleared the flag indicating support of a device reset function).  We
> > can then end up with an SR-IOV VF device trying to trigger a hot reset,
> > which finds that it needs ownership of the PF group to perform such a
> > reset, resulting in confusing log messages.
> > 
> > Ultimately the above commit still introduces a log message that we
> > didn't have prior on such an unplug, but it's not unjustified to
> > perform such a reset, though it might be considered unnecessary.
> > Arguably failure to reset the device should always generate some sort
> > of meaningful log message.
> > 
> > Signed-off-by: Alex Williamson <alex.williamson@redhat.com>  
> 
> Looks reasonable. Just an extra idea: do we want to maybe validate the
> return code from the ioctl? I assume it's something like EBUSY right?

Ideally it'd be EAGAIN to denote the lock contention, but for some
reason there was a recent time when the kernel would clear the
pci_dev.reset_fn flag as part of pci_stop_dev() before unbinding the
driver from the device, in that case we get an ENOTTY.

Hmm, I'm remembering now that an issue with this approach to log all
device reset failures is that we're going to get false positives every
time we reboot a VM where we need a bus reset for multiple devices.  We
handle multiple devices via a reset handler but we'll still get a
redundant per device reset and we have no way to associate that per
device reset to a VM reset where the reset handler multi-device
mechanism may have been successful :-\  This would be very common with
desktop GPUs.  I'll plug away at this some more.  Thanks,

Alex


Re: [PATCH] vfio/pci: Generate more relevant log messages for reset failures
Posted by Michael S. Tsirkin 2 years, 2 months ago
On Wed, Jan 05, 2022 at 03:12:26PM -0700, Alex Williamson wrote:
> On Wed, 5 Jan 2022 16:05:45 -0500
> "Michael S. Tsirkin" <mst@redhat.com> wrote:
> 
> > On Wed, Jan 05, 2022 at 12:56:42PM -0700, Alex Williamson wrote:
> > > The VFIO_DEVICE_RESET ioctl might be backed by several different reset
> > > methods, including a device specific reset (ie. custom reset code in
> > > kernel), an ACPI reset (ie. custom reset code in firmware), FLR, PM,
> > > and bus resets.  This listing is also the default priority order used
> > > by the kernel for trying reset methods.  Traditionally we've had some
> > > FUD regarding the PM reset as the extent of a "Soft Reset" is not well
> > > defined in the PCI specification.  Therefore we try to guess what type
> > > of reset a device might use for the VFIO_DEVICE_RESET and insert a bus
> > > reset via the vfio hot reset interface if we think it could be a PM
> > > reset.
> > > 
> > > This results in a couple odd tests for PM reset in our hot reset code,
> > > as we assume if we don't detect has_pm_reset support that we can't
> > > reset the device otherwise.  Starting with kernel v5.15, the kernel
> > > exposes a sysfs attribute for devices that can tell us the priority
> > > order for device resets, so long term (not implemented here) we no
> > > longer need to play this guessing game, and if permissions allow we
> > > could manipulate the order ourselves so that we don't need to inject
> > > our own hot reset.
> > > 
> > > In the shorter term, implemented here, let's not assume we're out of
> > > reset methods if we can't perform a hot reset and the device doesn't
> > > support PM reset.  We can use reset_works as the authority, which
> > > allows us to generate more comprehensible error messages for the case
> > > when it actually doesn't work.
> > > 
> > > The impetus for this change is a result of commit d5daff7d3126 ("pcie:
> > > implement slot power control for pcie root ports"), where powering off
> > > a slot now results in a device reset.  If the slot is powered off as a
> > > result of qdev_unplug() via the device request event, that device
> > > request is potentially the result of an unbind operation in the host.
> > > That unbind operation holds the kernel device lock, which causes the
> > > VFIO_DEVICE_RESET ioctl to fail (or in the case of some kernels, has
> > > cleared the flag indicating support of a device reset function).  We
> > > can then end up with an SR-IOV VF device trying to trigger a hot reset,
> > > which finds that it needs ownership of the PF group to perform such a
> > > reset, resulting in confusing log messages.
> > > 
> > > Ultimately the above commit still introduces a log message that we
> > > didn't have prior on such an unplug, but it's not unjustified to
> > > perform such a reset, though it might be considered unnecessary.
> > > Arguably failure to reset the device should always generate some sort
> > > of meaningful log message.
> > > 
> > > Signed-off-by: Alex Williamson <alex.williamson@redhat.com>  
> > 
> > Looks reasonable. Just an extra idea: do we want to maybe validate the
> > return code from the ioctl? I assume it's something like EBUSY right?
> 
> Ideally it'd be EAGAIN to denote the lock contention,

Or EBUSY?

> but for some
> reason there was a recent time when the kernel would clear the
> pci_dev.reset_fn flag as part of pci_stop_dev() before unbinding the
> driver from the device, in that case we get an ENOTTY.
> 
> Hmm, I'm remembering now that an issue with this approach to log all
> device reset failures is that we're going to get false positives every
> time we reboot a VM where we need a bus reset for multiple devices.  We
> handle multiple devices via a reset handler but we'll still get a
> redundant per device reset and we have no way to associate that per
> device reset to a VM reset where the reset handler multi-device
> mechanism may have been successful :-\  This would be very common with
> desktop GPUs.  I'll plug away at this some more.  Thanks,
> 
> Alex