On Tue, Feb 20, 2024 at 12:26:49PM +0100, Maxime Coquelin wrote:
>
>
> On 2/13/24 11:05, Michael S. Tsirkin wrote:
> > On Fri, Jan 26, 2024 at 06:07:37PM +0800, Hao Chen wrote:
> > > I run "dpdk-vdpa" and "qemur-L2" in "qemu-L1".
> > >
> > > In a nested virtualization environment, "qemu-L2" vhost-user socket sends
> > > a "VHOST_USER_IOTLB_MSG" message to "dpdk-vdpa" and blocks waiting for
> > > "dpdk-vdpa" to process the message.
> > > If "dpdk-vdpa" doesn't complete the processing of the
> > > "VHOST_USER_IOTLB_MSG"
> > > message and sends a message that needs to be replied in another thread,
> > > such as "VHOST_USER_SLAVE_VRING_HOST_NOTIFIER_MSG", "dpdk-vdpa" will also
> > > block and wait for "qemu-L2" to process this message. However, "qemu-L2"
> > > vhost-user's socket is blocking while waiting for a reply from "dpdk-vdpa"
> > > after processing the message "VHOSTr_USER_IOTLB_MSG", and
> > > "VHOST_USER_SLAVE_VRING_HOST_NOTIFIER_MSG" will not be processed.
> > > In this case, both "dpdk-vdpa" and "qemu-L2" are blocked on the
> > > vhost read, resulting in a deadlock.
> > >
> > > You can modify "VHOST_USER_SLAVE_VRING_HOST_NOTIFIER_MSG" or
> > > "VHOST_USER_IOTLB_MSG" to "no need reply" to fix this issue.
> > > There are too many messages in dpdk that are similar to
> > > "VHOST_USER_SLAVE_VRING_HOST_NOTIFIER_MSG", and I would prefer the latter.
> > >
> > > Fixes: 24e34754eb78 ("vhost-user: factor out msg head and payload")
> > >
> > > Signed-off-by: Hao Chen <ch...@yusur.tech>
> >
> > I would be very worried that IOTLB becomes stale and
> > guest memory is corrupted if we just proceed without waiting.
> >
> > Maxime what do you think? How would you address the issue?
>
> I agree with you, this is not possible.
> For example, in case of IOTLB invalidate, the frontend relies on the
> backend reply to ensure it is no more accessing the memory before
> proceeding.
>
> The reply-ack for VHOST_USER_BACKEND_VRING_HOST_NOTIFIER_MSG request is
> less important, if it fails the host notifications won't work but would
> not risk corruption. Maybe on Qemu side we could fail init if processing
> the request fails, as I think that if negotiated, we can expect it to
> succeed.
>
> What do you think about this proposal?
>
> Regards,
> Maxime
Fundamentally, I think that if qemu blocks guest waiting for a rely
that is ok but it really has to process incoming messages meanwhile.
Same should apply to backend I think ...
> >
> >
> > > ---
> > > hw/virtio/vhost-user.c | 10 ++--------
> > > 1 file changed, 2 insertions(+), 8 deletions(-)
> > >
> > > diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> > > index f214df804b..02caa94b6c 100644
> > > --- a/hw/virtio/vhost-user.c
> > > +++ b/hw/virtio/vhost-user.c
> > > @@ -2371,20 +2371,14 @@ static int vhost_user_net_set_mtu(struct
> > > vhost_dev *dev, uint16_t mtu)
> > > static int vhost_user_send_device_iotlb_msg(struct vhost_dev *dev,
> > > struct vhost_iotlb_msg
> > > *imsg)
> > > {
> > > - int ret;
> > > VhostUserMsg msg = {
> > > .hdr.request = VHOST_USER_IOTLB_MSG,
> > > .hdr.size = sizeof(msg.payload.iotlb),
> > > - .hdr.flags = VHOST_USER_VERSION | VHOST_USER_NEED_REPLY_MASK,
> > > + .hdr.flags = VHOST_USER_VERSION,
> > > .payload.iotlb = *imsg,
> > > };
> > > - ret = vhost_user_write(dev, &msg, NULL, 0);
> > > - if (ret < 0) {
> > > - return ret;
> > > - }
> > > -
> > > - return process_message_reply(dev, &msg);
> > > + return vhost_user_write(dev, &msg, NULL, 0);
> > > }
> > > --
> > > 2.27.0
> >
