Add support for virtio device reset

CHANGELOG.md

@@ -16,6 +16,8 @@ and this project adheres to
   rescan the PCI bus after hotplug and remove the device before unplug since no
   automatic notification mechanism is implemented yet. More information can be
   found in the [Device Hotplugging](docs/device-hotplug.md) documentation page.
+- [#5891](https://github.com/firecracker-microvm/firecracker/pull/5891): Added
+  support for virtio device reset.
 - [#5323](https://github.com/firecracker-microvm/firecracker/pull/5323): Add
   support for Vsock Unix domain socket path overriding on snapshot restore. More
   information can be found in the

src/vmm/src/device_manager/mmio.rs

@@ -587,6 +587,12 @@ pub(crate) mod tests {
         fn is_activated(&self) -> bool {
             false
         }
+
+        fn deactivate(&mut self) {}
+
+        fn _reset(&mut self) -> bool {
+            false
+        }
     }
 
     #[test]

src/vmm/src/devices/virtio/balloon/device.rs

@@ -979,6 +979,17 @@ impl VirtioDevice for Balloon {
         self.device_state.is_activated()
     }
 
+    fn deactivate(&mut self) {
+        self.device_state = DeviceState::Inactive;
+    }
+
+    fn _reset(&mut self) -> bool {
+        self.stats_timer.arm(Duration::ZERO, None);
+        self.stats_desc_index = None;
+        self.hinting_state = Default::default();
+        true
+    }
+
     fn kick(&mut self) {
         if self.is_activated() {
             if self.free_page_hinting() {

src/vmm/src/devices/virtio/block/device.rs

@@ -207,6 +207,20 @@ impl VirtioDevice for Block {
         }
     }
 
+    fn deactivate(&mut self) {
+        match self {
+            Self::Virtio(b) => b.deactivate(),
+            Self::VhostUser(b) => b.deactivate(),
+        }
+    }
+
+    fn _reset(&mut self) -> bool {
+        match self {
+            Self::Virtio(b) => b._reset(),
+            Self::VhostUser(b) => b._reset(),
+        }
+    }
+
     fn prepare_save(&mut self) {
         match self {
             Self::Virtio(b) => b.prepare_save(),

src/vmm/src/devices/virtio/block/vhost_user/device.rs

@@ -379,6 +379,14 @@ where
     fn is_activated(&self) -> bool {
         self.device_state.is_activated()
     }
+
+    fn deactivate(&mut self) {
+        self.device_state = DeviceState::Inactive;
+    }
+
+    fn _reset(&mut self) -> bool {
+        false
+    }
 }
 
 #[cfg(test)]

src/vmm/src/devices/virtio/block/virtio/device.rs

@@ -674,6 +674,15 @@ impl VirtioDevice for VirtioBlock {
     fn is_activated(&self) -> bool {
         self.device_state.is_activated()
     }
+
+    fn deactivate(&mut self) {
+        self.device_state = DeviceState::Inactive;
+    }
+
+    fn _reset(&mut self) -> bool {
+        self.is_io_engine_throttled = false;
+        true
+    }
 }
 
 impl Drop for VirtioBlock {

src/vmm/src/devices/virtio/device.rs

@@ -178,12 +178,24 @@ pub trait VirtioDevice: AsAny + MutEventSubscriber + Send {
     /// Checks if the resources of this device are activated.
     fn is_activated(&self) -> bool;
 
-    /// Optionally deactivates this device and returns ownership of the guest memory map, interrupt
-    /// event, and queue events.
-    fn reset(&mut self) -> Option<(Arc<dyn VirtioInterrupt>, Vec<EventFd>)> {
-        None
+    /// Set the device state to Inactive
+    fn deactivate(&mut self);
+
+    /// Reset the device. Returns true on success, false otherwise.
+    /// It must not be overridden.
+    fn reset(&mut self) -> bool {
+        self.deactivate();
+        self.set_acked_features(0);
+        for queue in self.queues_mut() {
+            *queue = Queue::new(queue.max_size);
+        }
+        self._reset()
     }
 
+    /// Backend-specific reset logic. Returns true on success, false if the
+    /// backend does not support reset.
+    fn _reset(&mut self) -> bool;
+
     /// Mark pages used by queues as dirty.
     fn mark_queue_memory_dirty(&mut self, mem: &GuestMemoryMmap) -> Result<(), QueueError> {
         for queue in self.queues_mut() {
@@ -310,6 +322,14 @@ pub(crate) mod tests {
         fn is_activated(&self) -> bool {
             todo!()
         }
+
+        fn deactivate(&mut self) {
+            todo!()
+        }
+
+        fn _reset(&mut self) -> bool {
+            todo!()
+        }
     }
 
     #[test]

src/vmm/src/devices/virtio/mem/device.rs

@@ -656,6 +656,21 @@ impl VirtioDevice for VirtioMem {
         self.device_state.is_activated()
     }
 
+    fn deactivate(&mut self) {
+        self.device_state = DeviceState::Inactive;
+    }
+
+    fn _reset(&mut self) -> bool {
+        // Virtio spec, section 5.15.5.2:
+        // The device MUST NOT change the state of memory blocks during device
+        // reset. The device MUST NOT modify memory or memory properties of
+        // plugged memory blocks during device reset.
+        //
+        // Note: the Linux virtio-mem driver does not support rebinding when
+        // memory is plugged
+        true
+    }
+
     fn activate(
         &mut self,
         mem: GuestMemoryMmap,

src/vmm/src/devices/virtio/net/device.rs

@@ -135,6 +135,15 @@ impl RxBuffers {
         })
     }
 
+    /// Reset the RX buffers to their initial state.
+    fn clear(&mut self) {
+        self.iovec.clear();
+        self.parsed_descriptors.clear();
+        self.used_descriptors = 0;
+        self.used_bytes = 0;
+        self.min_buffer_size = 0;
+    }
+
     /// Add a new `DescriptorChain` that we received from the RX queue in the buffer.
     ///
     /// SAFETY: The `DescriptorChain` cannot be referencing the same memory location as any other
@@ -1088,6 +1097,16 @@ impl VirtioDevice for Net {
         self.device_state.is_activated()
     }
 
+    fn deactivate(&mut self) {
+        self.device_state = DeviceState::Inactive;
+    }
+
+    fn _reset(&mut self) -> bool {
+        self.rx_buffer.clear();
+        self.tx_buffer.clear();
+        true
+    }
+
     /// Prepare saving state
     fn prepare_save(&mut self) {
         // We shouldn't be messing with the queue if the device is not activated.
@@ -2601,4 +2620,16 @@ pub mod tests {
         assert!(queues[RX_INDEX].uses_notif_suppression);
         assert!(queues[TX_INDEX].uses_notif_suppression);
     }
+
+    #[test]
+    fn test_reset() {
+        let mem = single_region_mem(2 * MAX_BUFFER_SIZE);
+        let mut th = TestHelper::get_default(&mem);
+        th.activate_net();
+
+        assert!(th.net().is_activated());
+        assert!(th.net().reset());
+        assert!(!th.net().is_activated());
+        assert_eq!(th.net().acked_features(), 0);
+    }
 }

src/vmm/src/devices/virtio/pmem/device.rs

@@ -588,6 +588,14 @@ impl VirtioDevice for Pmem {
         self.device_state.is_activated()
     }
 
+    fn deactivate(&mut self) {
+        self.device_state = DeviceState::Inactive;
+    }
+
+    fn _reset(&mut self) -> bool {
+        true
+    }
+
     fn kick(&mut self) {
         if self.is_activated() {
             info!("kick pmem {}.", self.config.id);

src/vmm/src/devices/virtio/queue.rs

@@ -669,19 +669,6 @@ impl Queue {
 
         new - used_event - Wrapping(1) < new - old
     }
-
-    /// Resets the Virtio Queue
-    pub(crate) fn reset(&mut self) {
-        self.ready = false;
-        self.size = self.max_size;
-        self.desc_table_address = GuestAddress(0);
-        self.avail_ring_address = GuestAddress(0);
-        self.used_ring_address = GuestAddress(0);
-        self.next_avail = Wrapping(0);
-        self.next_used = Wrapping(0);
-        self.num_added = Wrapping(0);
-        self.uses_notif_suppression = false;
-    }
 }
 
 #[cfg(kani)]

src/vmm/src/devices/virtio/rng/device.rs

@@ -307,6 +307,14 @@ impl VirtioDevice for Entropy {
         self.device_state.is_activated()
     }
 
+    fn deactivate(&mut self) {
+        self.device_state = DeviceState::Inactive;
+    }
+
+    fn _reset(&mut self) -> bool {
+        true
+    }
+
     fn activate(
         &mut self,
         mem: GuestMemoryMmap,

src/vmm/src/devices/virtio/transport/mmio.rs

@@ -153,9 +153,6 @@ impl MmioTransport {
         // . Keep interrupt_evt and queue_evts as is. There may be pending notifications in those
         //   eventfds, but nothing will happen other than supurious wakeups.
         // . Do not reset config_generation and keep it monotonically increasing
-        for queue in self.locked_device().queues_mut() {
-            *queue = Queue::new(queue.max_size);
-        }
     }
 
     /// Update device status according to the state machine defined by VirtIO Spec 1.0.
@@ -165,7 +162,6 @@ impl MmioTransport {
     /// of the driver initialization sequence specified in 3.1. The driver MUST NOT clear
     /// a device status bit. If the driver sets the FAILED bit, the driver MUST later reset
     /// the device before attempting to re-initialize.
-    #[allow(unused_assignments)]
     fn set_device_status(&mut self, status: u32) {
         use device_status::*;
 
@@ -183,25 +179,11 @@ impl MmioTransport {
             // TODO: notify backend driver to stop the device
             self.device_status |= FAILED;
         } else if status == INIT {
-            {
-                let mut locked_device = self.device.lock().expect("Poisoned lock");
-                if locked_device.is_activated() {
-                    let mut device_status = self.device_status;
-                    let reset_result = locked_device.reset();
-                    match reset_result {
-                        Some((_interrupt_evt, mut _queue_evts)) => {}
-                        None => {
-                            device_status |= FAILED;
-                        }
-                    }
-                    self.device_status = device_status;
-                }
-            }
-
-            // If the backend device driver doesn't support reset,
-            // just leave the device marked as FAILED.
-            if self.device_status & FAILED == 0 {
+            if self.device_status != INIT {
                 self.reset();
+                if !self.device.lock().expect("Poisoned lock").reset() {
+                    self.device_status |= FAILED;
+                }
             }
         } else if VALID_TRANSITIONS
             .iter()
@@ -506,6 +488,7 @@ pub(crate) mod tests {
         device_activated: bool,
         config_bytes: [u8; 0xeff],
         activate_should_error: bool,
+        reset_should_fail: bool,
     }
 
     impl DummyDevice {
@@ -522,6 +505,7 @@ pub(crate) mod tests {
                 device_activated: false,
                 config_bytes: [0; 0xeff],
                 activate_should_error: false,
+                reset_should_fail: false,
             }
         }
 
@@ -600,6 +584,14 @@ pub(crate) mod tests {
         fn is_activated(&self) -> bool {
             self.device_activated
         }
+
+        fn deactivate(&mut self) {
+            self.device_activated = false;
+        }
+
+        fn _reset(&mut self) -> bool {
+            !self.reset_should_fail
+        }
     }
 
     fn set_device_status(d: &mut MmioTransport, status: u32) {
@@ -613,8 +605,7 @@ pub(crate) mod tests {
         let m = single_region_mem(0x1000);
         let interrupt = Arc::new(IrqTrigger::new());
         let mut dummy = DummyDevice::new();
-        // Validate reset is no-op.
-        assert!(dummy.reset().is_none());
+        assert!(dummy.reset());
         let mut d = MmioTransport::new(m, interrupt, Arc::new(Mutex::new(dummy)), false);
 
         // We just make sure here that the implementation of a mmio device behaves as we expect,
@@ -1144,11 +1135,32 @@ pub(crate) mod tests {
         assert_eq!(d.device_status, 0x8f);
         assert!(d.locked_device().is_activated());
 
-        // Nothing happens when backend driver doesn't support reset
+        // Resetting the device should deactivate it
         write_le_u32(&mut buf[..], 0x0);
         d.write(0x0, 0x70, &buf[..]);
-        assert_eq!(d.device_status, 0x8f);
+        assert_eq!(d.device_status, device_status::INIT);
+        assert!(!d.locked_device().is_activated());
+        assert_eq!(d.locked_device().acked_features(), 0);
+    }
+
+    #[test]
+    fn test_bus_device_reset_failure() {
+        let m = single_region_mem(0x1000);
+        let interrupt = Arc::new(IrqTrigger::new());
+        let device = DummyDevice {
+            reset_should_fail: true,
+            ..DummyDevice::new()
+        };
+        let mut d = MmioTransport::new(m, interrupt, Arc::new(Mutex::new(device)), false);
+
+        activate_device(&mut d);
         assert!(d.locked_device().is_activated());
+
+        // A backend that doesn't support reset must set FAILED.
+        let mut buf = [0; 4];
+        write_le_u32(&mut buf[..], 0x0);
+        d.write(0x0, 0x70, &buf[..]);
+        assert_ne!(d.device_status & device_status::FAILED, 0);
     }
 
     #[test]