[v4,09/10] s390x/kvm: msi route fixup for non-pci

Message ID	20170821091614.28251-10-cohuck@redhat.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 05C334629B From: Cornelia Huck <cohuck@redhat.com> To: qemu-devel@nongnu.org Date: Mon, 21 Aug 2017 11:16:13 +0200 Message-Id: <20170821091614.28251-10-cohuck@redhat.com> In-Reply-To: <20170821091614.28251-1-cohuck@redhat.com> References: <20170821091614.28251-1-cohuck@redhat.com> Subject: [Qemu-devel] [PATCH v4 09/10] s390x/kvm: msi route fixup for non-pci Precedence: list Cc: thuth@redhat.com, zyimin@linux.vnet.ibm.com, david@redhat.com, Cornelia Huck <cohuck@redhat.com>, pmorel@linux.vnet.ibm.com, agraf@suse.de, borntraeger@de.ibm.com Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>

Cornelia Huck Aug. 21, 2017, 9:16 a.m. UTC

If we don't provide pci, we cannot have a pci device for which we
have to translate to adapter routes: just return -ENODEV.

Signed-off-by: Cornelia Huck <cohuck@redhat.com>
---
 target/s390x/kvm.c | 6 ++++++
 1 file changed, 6 insertions(+)

Halil Pasic Aug. 21, 2017, noon UTC | #1

On 08/21/2017 11:16 AM, Cornelia Huck wrote:
> If we don't provide pci, we cannot have a pci device for which we
> have to translate to adapter routes: just return -ENODEV.
> 
> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
> ---
>  target/s390x/kvm.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
> index 9de165d8b1..d8db1cbf6e 100644
> --- a/target/s390x/kvm.c
> +++ b/target/s390x/kvm.c
> @@ -2424,6 +2424,12 @@ int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry *route,
>      uint32_t idx = data >> ZPCI_MSI_VEC_BITS;
>      uint32_t vec = data & ZPCI_MSI_VEC_MASK;
> 
> +    if (!s390_has_feat(S390_FEAT_ZPCI)) {
> +        /* How can we get here without pci enabled? */
> +        g_assert(false);

You don't tell us about the g_assert in the commit message.
Do you expect G_DISABLE_ASSERT being defined for production 
builds. I've grepped for G_DISABLE_ASSERT and found nothing.

And why g_assert over assert (again no guidance in HACKING
mostly asking for my own learning)?

Other that that LGTM.


> +        return -ENODEV;
> +    }
> +
>      pbdev = s390_pci_find_dev_by_idx(s390_get_phb(), idx);
>      if (!pbdev) {
>          DPRINTF("add_msi_route no dev\n");
>

Cornelia Huck Aug. 21, 2017, 12:13 p.m. UTC | #2

On Mon, 21 Aug 2017 14:00:15 +0200
Halil Pasic <pasic@linux.vnet.ibm.com> wrote:

> On 08/21/2017 11:16 AM, Cornelia Huck wrote:
> > If we don't provide pci, we cannot have a pci device for which we
> > have to translate to adapter routes: just return -ENODEV.
> > 
> > Signed-off-by: Cornelia Huck <cohuck@redhat.com>
> > ---
> >  target/s390x/kvm.c | 6 ++++++
> >  1 file changed, 6 insertions(+)
> > 
> > diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
> > index 9de165d8b1..d8db1cbf6e 100644
> > --- a/target/s390x/kvm.c
> > +++ b/target/s390x/kvm.c
> > @@ -2424,6 +2424,12 @@ int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry *route,
> >      uint32_t idx = data >> ZPCI_MSI_VEC_BITS;
> >      uint32_t vec = data & ZPCI_MSI_VEC_MASK;
> > 
> > +    if (!s390_has_feat(S390_FEAT_ZPCI)) {
> > +        /* How can we get here without pci enabled? */
> > +        g_assert(false);  
> 
> You don't tell us about the g_assert in the commit message.
> Do you expect G_DISABLE_ASSERT being defined for production 
> builds. I've grepped for G_DISABLE_ASSERT and found nothing.

AFAIK this is set by distribution builds. I've also noticed that mingw
builds treat (g_)assert() as if code flow continues, but I don't know
whether asserts do anything there at all.

> 
> And why g_assert over assert (again no guidance in HACKING
> mostly asking for my own learning)?

I do recall a recent(ish) discussion, but not the details. Anyway,
using glib interfaces seems more consistent.

> 
> Other that that LGTM.

Thanks!

> 
> 
> > +        return -ENODEV;
> > +    }
> > +
> >      pbdev = s390_pci_find_dev_by_idx(s390_get_phb(), idx);
> >      if (!pbdev) {
> >          DPRINTF("add_msi_route no dev\n");
> >   
>

Halil Pasic Aug. 21, 2017, 3:10 p.m. UTC | #3

On 08/21/2017 02:13 PM, Cornelia Huck wrote:
> On Mon, 21 Aug 2017 14:00:15 +0200
> Halil Pasic <pasic@linux.vnet.ibm.com> wrote:
> 
>> On 08/21/2017 11:16 AM, Cornelia Huck wrote:
>>> If we don't provide pci, we cannot have a pci device for which we
>>> have to translate to adapter routes: just return -ENODEV.
>>>
>>> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
>>> ---
>>>  target/s390x/kvm.c | 6 ++++++
>>>  1 file changed, 6 insertions(+)
>>>
>>> diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
>>> index 9de165d8b1..d8db1cbf6e 100644
>>> --- a/target/s390x/kvm.c
>>> +++ b/target/s390x/kvm.c
>>> @@ -2424,6 +2424,12 @@ int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry *route,
>>>      uint32_t idx = data >> ZPCI_MSI_VEC_BITS;
>>>      uint32_t vec = data & ZPCI_MSI_VEC_MASK;
>>>
>>> +    if (!s390_has_feat(S390_FEAT_ZPCI)) {
>>> +        /* How can we get here without pci enabled? */
>>> +        g_assert(false);  
>>
>> You don't tell us about the g_assert in the commit message.
>> Do you expect G_DISABLE_ASSERT being defined for production 
>> builds. I've grepped for G_DISABLE_ASSERT and found nothing.
> 
> AFAIK this is set by distribution builds. I've also noticed that mingw
> builds treat (g_)assert() as if code flow continues, but I don't know
> whether asserts do anything there at all.
> 

After thinking some more,  I would prefer the the commit message being
modified so, that it's clear, what we really want is the assert; or this
assert being dropped or replaced with some kind of warning/tracing.

I assume no production QEMU should ever return -ENODEV here (and if it
does, it's due to an QEMU bug). So the assert is there to communicate
with the devel, and just in case if the client code fails to fulfill
their part of the contract.  In this case we shall fail fast and hard,
and no such QEMU should ship. The return -ENODEV is then 'just in case'
on the square -- a failsafe for the failsafe (which does make sense
to me).

On the contrary if we assume this is a legit error condition (and a part
of the contract) then according to HACKING 7.2 Handling errors we shall
not call exit() or abort() to handle an error that can be triggered by
the guest in particular and operation related errors in general. Makes
perfect sense to me.

Pierre helped me, kvm_arch_fixup_msi_route is guest triggered and also
considering this particular case killing off the QEMU, and the guest does
not seem like the lesser evil.

The situation is just complicated by the fact that there is code which
relies on assert(true) asserting for correctness (e.g. virtio goes so far
to make builds with normal asserts disabled fail). Thus for me it's hard
to assume that the assertion is guaranteed to be disabled in production.

But if it ain't disabled than it calls abort() which we should not
do (HACKING and IMHO common sense).

TL;DR

I'm for modifying the commit message so it tells us about
the assert.

>>
>> And why g_assert over assert (again no guidance in HACKING
>> mostly asking for my own learning)?
> 
> I do recall a recent(ish) discussion, but not the details. Anyway,
> using glib interfaces seems more consistent.

We can't live with NDEBUG is another reason for using g_assert (makes
my preferred solution work).

Regards,
Halil

[..]

Thomas Huth Aug. 21, 2017, 3:17 p.m. UTC | #4

On 21.08.2017 17:10, Halil Pasic wrote:
[...]
> The situation is just complicated by the fact that there is code which
> relies on assert(true) asserting for correctness (e.g. virtio goes so far
> to make builds with normal asserts disabled fail). Thus for me it's hard
> to assume that the assertion is guaranteed to be disabled in production.

FYI: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg03608.html

 Thomas

Halil Pasic Aug. 21, 2017, 3:30 p.m. UTC | #5

On 08/21/2017 05:17 PM, Thomas Huth wrote:
> On 21.08.2017 17:10, Halil Pasic wrote:
> [...]
>> The situation is just complicated by the fact that there is code which
>> relies on assert(true) asserting for correctness (e.g. virtio goes so far
>> to make builds with normal asserts disabled fail). Thus for me it's hard
>> to assume that the assertion is guaranteed to be disabled in production.
> 
> FYI: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg03608.html
> 
>  Thomas
> 

Thanks, I've missed that. With that assumed it becomes either
assert(false) or return -ENODEV but not both.

Regards,
Halil

Cornelia Huck Aug. 23, 2017, 10:03 a.m. UTC | #6

On Mon, 21 Aug 2017 17:30:58 +0200
Halil Pasic <pasic@linux.vnet.ibm.com> wrote:

> On 08/21/2017 05:17 PM, Thomas Huth wrote:
> > On 21.08.2017 17:10, Halil Pasic wrote:
> > [...]  
> >> The situation is just complicated by the fact that there is code which
> >> relies on assert(true) asserting for correctness (e.g. virtio goes so far
> >> to make builds with normal asserts disabled fail). Thus for me it's hard
> >> to assume that the assertion is guaranteed to be disabled in production.  
> > 
> > FYI: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg03608.html
> > 
> >  Thomas
> >   
> 
> Thanks, I've missed that. With that assumed it becomes either
> assert(false) or return -ENODEV but not both.
> 
> Regards,
> Halil 
> 

Thinking about this some more, this seems to be completely covered
within the next statement:

- For builds with pci completely disabled, we'll end up with NULL in
  both s390_get_phb() and s390_pci_find_dev_by_idx() and return -ENODEV.
- If only the zpci facility bit is not set, we'll hit the assert in
  s390_get_phb().

Without an error message, there does not really seem to be additional
value (other than failing explicitly), so I'll drop this patch.

(Yeah, deja vu...)

[v4,09/10] s390x/kvm: msi route fixup for non-pci

Commit Message

Comments

Patch