提交 cd34af40 编写于 作者: M Matthew R. Ochs 提交者: Martin K. Petersen

scsi: cxlflash: Transition to application close model

Caching the adapter file descriptor and performing a close on behalf of
an application is a poor design. This is due to the fact that once a
file descriptor in installed, it is free to be altered without the
knowledge of the cxlflash driver. This can lead to inconsistencies
between the application and kernel. Furthermore, the nature of the
former design is more exploitable and thus should be abandoned.

To support applications performing a close on the adapter file that is
associated with a context, a new flag is introduced to the user API to
indicate to applications that they are responsible for the close
following the cleanup (detach) of a context. The documentation is also
updated to reflect this change in behavior.
Inspired-by: NAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: NMatthew R. Ochs <mrochs@linux.vnet.ibm.com>
Acked-by: NManoj N. Kumar <manoj@linux.vnet.ibm.com>
Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
上级 888baf06
...@@ -171,11 +171,30 @@ DK_CXLFLASH_ATTACH ...@@ -171,11 +171,30 @@ DK_CXLFLASH_ATTACH
destroyed, the tokens are to be considered stale and subsequent destroyed, the tokens are to be considered stale and subsequent
usage will result in errors. usage will result in errors.
- A valid adapter file descriptor (fd2 >= 0) is only returned on
the initial attach for a context. Subsequent attaches to an
existing context (DK_CXLFLASH_ATTACH_REUSE_CONTEXT flag present)
do not provide the adapter file descriptor as it was previously
made known to the application.
- When a context is no longer needed, the user shall detach from - When a context is no longer needed, the user shall detach from
the context via the DK_CXLFLASH_DETACH ioctl. the context via the DK_CXLFLASH_DETACH ioctl. When this ioctl
returns with a valid adapter file descriptor and the return flag
DK_CXLFLASH_APP_CLOSE_ADAP_FD is present, the application _must_
close the adapter file descriptor following a successful detach.
- When this ioctl returns with a valid fd2 and the return flag
DK_CXLFLASH_APP_CLOSE_ADAP_FD is present, the application _must_
close fd2 in the following circumstances:
+ Following a successful detach of the last user of the context
+ Following a successful recovery on the context's original fd2
+ In the child process of a fork(), following a clone ioctl,
on the fd2 associated with the source context
- A close on fd2 will invalidate the tokens. This operation is not - At any time, a close on fd2 will invalidate the tokens. Applications
required by the user. should exercise caution to only close fd2 when appropriate (outlined
in the previous bullet) to avoid premature loss of I/O.
DK_CXLFLASH_USER_DIRECT DK_CXLFLASH_USER_DIRECT
----------------------- -----------------------
...@@ -254,6 +273,10 @@ DK_CXLFLASH_DETACH ...@@ -254,6 +273,10 @@ DK_CXLFLASH_DETACH
success, all "tokens" which had been provided to the user from the success, all "tokens" which had been provided to the user from the
DK_CXLFLASH_ATTACH onward are no longer valid. DK_CXLFLASH_ATTACH onward are no longer valid.
When the DK_CXLFLASH_APP_CLOSE_ADAP_FD flag was returned on a successful
attach, the application _must_ close the fd2 associated with the context
following the detach of the final user of the context.
DK_CXLFLASH_VLUN_CLONE DK_CXLFLASH_VLUN_CLONE
---------------------- ----------------------
This ioctl is responsible for cloning a previously created This ioctl is responsible for cloning a previously created
...@@ -261,7 +284,7 @@ DK_CXLFLASH_VLUN_CLONE ...@@ -261,7 +284,7 @@ DK_CXLFLASH_VLUN_CLONE
support maintaining user space access to storage after a process support maintaining user space access to storage after a process
forks. Upon success, the child process (which invoked the ioctl) forks. Upon success, the child process (which invoked the ioctl)
will have access to the same LUNs via the same resource handle(s) will have access to the same LUNs via the same resource handle(s)
and fd2 as the parent, but under a different context. as the parent, but under a different context.
Context sharing across processes is not supported with CXL and Context sharing across processes is not supported with CXL and
therefore each fork must be met with establishing a new context therefore each fork must be met with establishing a new context
...@@ -275,6 +298,12 @@ DK_CXLFLASH_VLUN_CLONE ...@@ -275,6 +298,12 @@ DK_CXLFLASH_VLUN_CLONE
translation tables are copied from the parent context to the child's translation tables are copied from the parent context to the child's
and then synced with the AFU. and then synced with the AFU.
When the DK_CXLFLASH_APP_CLOSE_ADAP_FD flag was returned on a successful
attach, the application _must_ close the fd2 associated with the source
context (still resident/accessible in the parent process) following the
clone. This is to avoid a stale entry in the file descriptor table of the
child process.
DK_CXLFLASH_VERIFY DK_CXLFLASH_VERIFY
------------------ ------------------
This ioctl is used to detect various changes such as the capacity of This ioctl is used to detect various changes such as the capacity of
...@@ -309,6 +338,11 @@ DK_CXLFLASH_RECOVER_AFU ...@@ -309,6 +338,11 @@ DK_CXLFLASH_RECOVER_AFU
at which time the context/resources they held will be freed as part of at which time the context/resources they held will be freed as part of
the release fop. the release fop.
When the DK_CXLFLASH_APP_CLOSE_ADAP_FD flag was returned on a successful
attach, the application _must_ unmap and close the fd2 associated with the
original context following this ioctl returning success and indicating that
the context was recovered (DK_CXLFLASH_RECOVER_AFU_CONTEXT_RESET).
DK_CXLFLASH_MANAGE_LUN DK_CXLFLASH_MANAGE_LUN
---------------------- ----------------------
This ioctl is used to switch a LUN from a mode where it is available This ioctl is used to switch a LUN from a mode where it is available
......
...@@ -825,7 +825,6 @@ static void remove_context(struct kref *kref) ...@@ -825,7 +825,6 @@ static void remove_context(struct kref *kref)
{ {
struct ctx_info *ctxi = container_of(kref, struct ctx_info, kref); struct ctx_info *ctxi = container_of(kref, struct ctx_info, kref);
struct cxlflash_cfg *cfg = ctxi->cfg; struct cxlflash_cfg *cfg = ctxi->cfg;
int lfd;
u64 ctxid = DECODE_CTXID(ctxi->ctxid); u64 ctxid = DECODE_CTXID(ctxi->ctxid);
/* Remove context from table/error list */ /* Remove context from table/error list */
...@@ -842,19 +841,7 @@ static void remove_context(struct kref *kref) ...@@ -842,19 +841,7 @@ static void remove_context(struct kref *kref)
mutex_unlock(&ctxi->mutex); mutex_unlock(&ctxi->mutex);
/* Context now completely uncoupled/unreachable */ /* Context now completely uncoupled/unreachable */
lfd = ctxi->lfd;
destroy_context(cfg, ctxi); destroy_context(cfg, ctxi);
/*
* As a last step, clean up external resources when not
* already on an external cleanup thread, i.e.: close(adap_fd).
*
* NOTE: this will free up the context from the CXL services,
* allowing it to dole out the same context_id on a future
* (or even currently in-flight) disk_attach operation.
*/
if (lfd != -1)
sys_close(lfd);
} }
/** /**
...@@ -949,34 +936,18 @@ static int cxlflash_disk_detach(struct scsi_device *sdev, ...@@ -949,34 +936,18 @@ static int cxlflash_disk_detach(struct scsi_device *sdev,
* *
* This routine is the release handler for the fops registered with * This routine is the release handler for the fops registered with
* the CXL services on an initial attach for a context. It is called * the CXL services on an initial attach for a context. It is called
* when a close is performed on the adapter file descriptor returned * when a close (explicity by the user or as part of a process tear
* to the user. Programmatically, the user is not required to perform * down) is performed on the adapter file descriptor returned to the
* the close, as it is handled internally via the detach ioctl when * user. The user should be aware that explicitly performing a close
* a context is being removed. Note that nothing prevents the user * considered catastrophic and subsequent usage of the superpipe API
* from performing a close, but the user should be aware that doing * with previously saved off tokens will fail.
* so is considered catastrophic and subsequent usage of the superpipe
* API with previously saved off tokens will fail.
* *
* When initiated from an external close (either by the user or via * This routine derives the context reference and calls detach for
* a process tear down), the routine derives the context reference * each LUN associated with the context.The final detach operation
* and calls detach for each LUN associated with the context. The * causes the context itself to be freed. With exception to when the
* final detach operation will cause the context itself to be freed. * CXL process element (context id) lookup fails (a case that should
* Note that the saved off lfd is reset prior to calling detach to * theoretically never occur), every call into this routine results
* signify that the final detach should not perform a close. * in a complete freeing of a context.
*
* When initiated from a detach operation as part of the tear down
* of a context, the context is first completely freed and then the
* close is performed. This routine will fail to derive the context
* reference (due to the context having already been freed) and then
* call into the CXL release entry point.
*
* Thus, with exception to when the CXL process element (context id)
* lookup fails (a case that should theoretically never occur), every
* call into this routine results in a complete freeing of a context.
*
* As part of the detach, all per-context resources associated with the LUN
* are cleaned up. When detaching the last LUN for a context, the context
* itself is cleaned up and released.
* *
* Return: 0 on success * Return: 0 on success
*/ */
...@@ -1014,11 +985,8 @@ static int cxlflash_cxl_release(struct inode *inode, struct file *file) ...@@ -1014,11 +985,8 @@ static int cxlflash_cxl_release(struct inode *inode, struct file *file)
goto out; goto out;
} }
dev_dbg(dev, "%s: close(%d) for context %d\n", dev_dbg(dev, "%s: close for context %d\n", __func__, ctxid);
__func__, ctxi->lfd, ctxid);
/* Reset the file descriptor to indicate we're on a close() thread */
ctxi->lfd = -1;
detach.context_id = ctxi->ctxid; detach.context_id = ctxi->ctxid;
list_for_each_entry_safe(lun_access, t, &ctxi->luns, list) list_for_each_entry_safe(lun_access, t, &ctxi->luns, list)
_cxlflash_disk_detach(lun_access->sdev, ctxi, &detach); _cxlflash_disk_detach(lun_access->sdev, ctxi, &detach);
...@@ -1391,7 +1359,6 @@ static int cxlflash_disk_attach(struct scsi_device *sdev, ...@@ -1391,7 +1359,6 @@ static int cxlflash_disk_attach(struct scsi_device *sdev,
__func__, rctxid); __func__, rctxid);
kref_get(&ctxi->kref); kref_get(&ctxi->kref);
list_add(&lun_access->list, &ctxi->luns); list_add(&lun_access->list, &ctxi->luns);
fd = ctxi->lfd;
goto out_attach; goto out_attach;
} }
...@@ -1461,7 +1428,11 @@ static int cxlflash_disk_attach(struct scsi_device *sdev, ...@@ -1461,7 +1428,11 @@ static int cxlflash_disk_attach(struct scsi_device *sdev,
fd_install(fd, file); fd_install(fd, file);
out_attach: out_attach:
attach->hdr.return_flags = 0; if (fd != -1)
attach->hdr.return_flags = DK_CXLFLASH_APP_CLOSE_ADAP_FD;
else
attach->hdr.return_flags = 0;
attach->context_id = ctxi->ctxid; attach->context_id = ctxi->ctxid;
attach->block_size = gli->blk_len; attach->block_size = gli->blk_len;
attach->mmio_size = sizeof(afu->afu_map->hosts[0].harea); attach->mmio_size = sizeof(afu->afu_map->hosts[0].harea);
...@@ -1526,7 +1497,7 @@ static int recover_context(struct cxlflash_cfg *cfg, struct ctx_info *ctxi) ...@@ -1526,7 +1497,7 @@ static int recover_context(struct cxlflash_cfg *cfg, struct ctx_info *ctxi)
{ {
struct device *dev = &cfg->dev->dev; struct device *dev = &cfg->dev->dev;
int rc = 0; int rc = 0;
int old_fd, fd = -1; int fd = -1;
int ctxid = -1; int ctxid = -1;
struct file *file; struct file *file;
struct cxl_context *ctx; struct cxl_context *ctx;
...@@ -1574,7 +1545,6 @@ static int recover_context(struct cxlflash_cfg *cfg, struct ctx_info *ctxi) ...@@ -1574,7 +1545,6 @@ static int recover_context(struct cxlflash_cfg *cfg, struct ctx_info *ctxi)
* No error paths after this point. Once the fd is installed it's * No error paths after this point. Once the fd is installed it's
* visible to user space and can't be undone safely on this thread. * visible to user space and can't be undone safely on this thread.
*/ */
old_fd = ctxi->lfd;
ctxi->ctxid = ENCODE_CTXID(ctxi, ctxid); ctxi->ctxid = ENCODE_CTXID(ctxi, ctxid);
ctxi->lfd = fd; ctxi->lfd = fd;
ctxi->ctx = ctx; ctxi->ctx = ctx;
...@@ -1593,9 +1563,6 @@ static int recover_context(struct cxlflash_cfg *cfg, struct ctx_info *ctxi) ...@@ -1593,9 +1563,6 @@ static int recover_context(struct cxlflash_cfg *cfg, struct ctx_info *ctxi)
cfg->ctx_tbl[ctxid] = ctxi; cfg->ctx_tbl[ctxid] = ctxi;
mutex_unlock(&cfg->ctx_tbl_list_mutex); mutex_unlock(&cfg->ctx_tbl_list_mutex);
fd_install(fd, file); fd_install(fd, file);
/* Release the original adapter fd and associated CXL resources */
sys_close(old_fd);
out: out:
dev_dbg(dev, "%s: returning ctxid=%d fd=%d rc=%d\n", dev_dbg(dev, "%s: returning ctxid=%d fd=%d rc=%d\n",
__func__, ctxid, fd, rc); __func__, ctxid, fd, rc);
...@@ -1707,7 +1674,7 @@ static int cxlflash_afu_recover(struct scsi_device *sdev, ...@@ -1707,7 +1674,7 @@ static int cxlflash_afu_recover(struct scsi_device *sdev,
recover->context_id = ctxi->ctxid; recover->context_id = ctxi->ctxid;
recover->adap_fd = ctxi->lfd; recover->adap_fd = ctxi->lfd;
recover->mmio_size = sizeof(afu->afu_map->hosts[0].harea); recover->mmio_size = sizeof(afu->afu_map->hosts[0].harea);
recover->hdr.return_flags |= recover->hdr.return_flags = DK_CXLFLASH_APP_CLOSE_ADAP_FD |
DK_CXLFLASH_RECOVER_AFU_CONTEXT_RESET; DK_CXLFLASH_RECOVER_AFU_CONTEXT_RESET;
goto out; goto out;
} }
......
...@@ -1135,14 +1135,13 @@ int cxlflash_disk_clone(struct scsi_device *sdev, ...@@ -1135,14 +1135,13 @@ int cxlflash_disk_clone(struct scsi_device *sdev,
ctxid_dst = DECODE_CTXID(clone->context_id_dst), ctxid_dst = DECODE_CTXID(clone->context_id_dst),
rctxid_src = clone->context_id_src, rctxid_src = clone->context_id_src,
rctxid_dst = clone->context_id_dst; rctxid_dst = clone->context_id_dst;
int adap_fd_src = clone->adap_fd_src;
int i, j; int i, j;
int rc = 0; int rc = 0;
bool found; bool found;
LIST_HEAD(sidecar); LIST_HEAD(sidecar);
pr_debug("%s: ctxid_src=%llu ctxid_dst=%llu adap_fd_src=%d\n", pr_debug("%s: ctxid_src=%llu ctxid_dst=%llu\n",
__func__, ctxid_src, ctxid_dst, adap_fd_src); __func__, ctxid_src, ctxid_dst);
/* Do not clone yourself */ /* Do not clone yourself */
if (unlikely(rctxid_src == rctxid_dst)) { if (unlikely(rctxid_src == rctxid_dst)) {
...@@ -1166,13 +1165,6 @@ int cxlflash_disk_clone(struct scsi_device *sdev, ...@@ -1166,13 +1165,6 @@ int cxlflash_disk_clone(struct scsi_device *sdev,
goto out; goto out;
} }
if (unlikely(adap_fd_src != ctxi_src->lfd)) {
pr_debug("%s: Invalid source adapter fd! (%d)\n",
__func__, adap_fd_src);
rc = -EINVAL;
goto out;
}
/* Verify there is no open resource handle in the destination context */ /* Verify there is no open resource handle in the destination context */
for (i = 0; i < MAX_RHT_PER_CONTEXT; i++) for (i = 0; i < MAX_RHT_PER_CONTEXT; i++)
if (ctxi_dst->rht_start[i].nmask != 0) { if (ctxi_dst->rht_start[i].nmask != 0) {
...@@ -1257,7 +1249,6 @@ int cxlflash_disk_clone(struct scsi_device *sdev, ...@@ -1257,7 +1249,6 @@ int cxlflash_disk_clone(struct scsi_device *sdev,
out_success: out_success:
list_splice(&sidecar, &ctxi_dst->luns); list_splice(&sidecar, &ctxi_dst->luns);
sys_close(adap_fd_src);
/* fall through */ /* fall through */
out: out:
......
...@@ -39,19 +39,28 @@ struct dk_cxlflash_hdr { ...@@ -39,19 +39,28 @@ struct dk_cxlflash_hdr {
* at this time, this provides future flexibility. * at this time, this provides future flexibility.
*/ */
#define DK_CXLFLASH_ALL_PORTS_ACTIVE 0x0000000000000001ULL #define DK_CXLFLASH_ALL_PORTS_ACTIVE 0x0000000000000001ULL
#define DK_CXLFLASH_APP_CLOSE_ADAP_FD 0x0000000000000002ULL
/* /*
* Notes: * General Notes:
* ----- * -------------
* The 'context_id' field of all ioctl structures contains the context * The 'context_id' field of all ioctl structures contains the context
* identifier for a context in the lower 32-bits (upper 32-bits are not * identifier for a context in the lower 32-bits (upper 32-bits are not
* to be used when identifying a context to the AFU). That said, the value * to be used when identifying a context to the AFU). That said, the value
* in its entirety (all 64-bits) is to be treated as an opaque cookie and * in its entirety (all 64-bits) is to be treated as an opaque cookie and
* should be presented as such when issuing ioctls. * should be presented as such when issuing ioctls.
*/
/*
* DK_CXLFLASH_ATTACH Notes:
* ------------------------
* Read/write access permissions are specified via the O_RDONLY, O_WRONLY,
* and O_RDWR flags defined in the fcntl.h header file.
* *
* For DK_CXLFLASH_ATTACH ioctl, user specifies read/write access * A valid adapter file descriptor (fd >= 0) is only returned on the initial
* permissions via the O_RDONLY, O_WRONLY, and O_RDWR flags defined in * attach (successful) of a context. When a context is shared(reused), the user
* the fcntl.h header file. * is expected to already 'know' the adapter file descriptor associated with the
* context.
*/ */
#define DK_CXLFLASH_ATTACH_REUSE_CONTEXT 0x8000000000000000ULL #define DK_CXLFLASH_ATTACH_REUSE_CONTEXT 0x8000000000000000ULL
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册