The ACPI 6.2 spec added NVDIMM root DSM functions that managibility
and test software need to call.
This patch set enables the calling of root functions DSMs via the
pass thru mechanism.
Changes v4
----------
1. Minor refactoring of patch sequence.
Changes v3
----------
1. Fix checkpatch warnings
2. modify bus_dsm_mask_show to display name "dsm_mask" in sysfs.
3. modified submittal comments.
Changes v2
----------
1. Add bus_dsm_mask to filter root pass thru calls.
2. Add bus_dsm_mask_show to display bus_dsm_mask in sysfs
3. Extend override_dsm_mask to be used for bus_dms_mask also.
Details v1
----------
__nd_ioctl:
Check pass thru functions against nd_cmd_clear_to_send.
acpi_nfit_init_dsms:
Set additional bits in cmd_mask for new functions.
ndctl.h:
Define data structure for the new 6.2 functions.
Jerry Hoemann (6):
libnvdimm: passthru functions clear to send
acpi, nfit: Enable DSM pass thru for root functions.
libnvdimm, acpi, nfit: Add bus level dsm mask for pass thru.
acpi, nfit: Show bus_dsm_mask in sysfs
libnvdimm: New ACPI 6.2 DSM functions
nfit allow override of root dsm mask
drivers/acpi/nfit/core.c | 23 +++++++++++++++++++++++
drivers/nvdimm/bus.c | 4 +++-
include/linux/libnvdimm.h | 1 +
include/uapi/linux/ndctl.h | 41 ++++++++++++++++++++++++++++++++++++++++-
4 files changed, 67 insertions(+), 2 deletions(-)
--
1.8.5.6
Have dsm functions called via the pass thru mechanism also
be checked against clear to send.
Signed-off-by: Jerry Hoemann <[email protected]>
---
drivers/nvdimm/bus.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/nvdimm/bus.c b/drivers/nvdimm/bus.c
index e9361bf..e16427d 100644
--- a/drivers/nvdimm/bus.c
+++ b/drivers/nvdimm/bus.c
@@ -907,6 +907,7 @@ static int __nd_ioctl(struct nvdimm_bus *nvdimm_bus, struct nvdimm *nvdimm,
static char in_env[ND_CMD_MAX_ENVELOPE];
const struct nd_cmd_desc *desc = NULL;
unsigned int cmd = _IOC_NR(ioctl_cmd);
+ unsigned int func = cmd;
void __user *p = (void __user *) arg;
struct device *dev = &nvdimm_bus->dev;
struct nd_cmd_pkg pkg;
@@ -972,6 +973,7 @@ static int __nd_ioctl(struct nvdimm_bus *nvdimm_bus, struct nvdimm *nvdimm,
}
if (cmd == ND_CMD_CALL) {
+ func = pkg.nd_command;
dev_dbg(dev, "%s:%s, idx: %llu, in: %zu, out: %zu, len %zu\n",
__func__, dimm_name, pkg.nd_command,
in_len, out_len, buf_len);
@@ -1020,7 +1022,7 @@ static int __nd_ioctl(struct nvdimm_bus *nvdimm_bus, struct nvdimm *nvdimm,
}
nvdimm_bus_lock(&nvdimm_bus->dev);
- rc = nd_cmd_clear_to_send(nvdimm_bus, nvdimm, cmd, buf);
+ rc = nd_cmd_clear_to_send(nvdimm_bus, nvdimm, func, buf);
if (rc)
goto out_unlock;
--
1.8.5.6
Have module parameter override_dsm_mask override the dsm_mask for
root calls like it does for non-root dsm calls.
Signed-off-by: Jerry Hoemann <[email protected]>
---
drivers/acpi/nfit/core.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
index 4e24d69..87acaf2 100644
--- a/drivers/acpi/nfit/core.c
+++ b/drivers/acpi/nfit/core.c
@@ -1641,6 +1641,8 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
set_bit(ND_CMD_CALL, &nd_desc->cmd_mask);
dsm_mask = 0x3bf;
+ if (override_dsm_mask)
+ dsm_mask = override_dsm_mask;
for_each_set_bit(i, &dsm_mask, BITS_PER_LONG)
if (acpi_check_dsm(adev->handle, uuid, 1, 1ULL << i))
set_bit(i, &nd_desc->bus_dsm_mask);
--
1.8.5.6
Display bus_dsm_mask in sysfs as /sys/bus/nd/devices/ndbusX/nfit/dsm_mask.
Signed-off-by: Jerry Hoemann <[email protected]>
---
drivers/acpi/nfit/core.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
index 5e4c137..4e24d69 100644
--- a/drivers/acpi/nfit/core.c
+++ b/drivers/acpi/nfit/core.c
@@ -929,6 +929,17 @@ static int nfit_mem_init(struct acpi_nfit_desc *acpi_desc)
return 0;
}
+static ssize_t bus_dsm_mask_show(struct device *dev,
+ struct device_attribute *attr, char *buf)
+{
+ struct nvdimm_bus *nvdimm_bus = to_nvdimm_bus(dev);
+ struct nvdimm_bus_descriptor *nd_desc = to_nd_desc(nvdimm_bus);
+
+ return sprintf(buf, "%#lx\n", nd_desc->bus_dsm_mask);
+}
+static struct device_attribute dev_attr_bus_dsm_mask =
+ __ATTR(dsm_mask, 0444, bus_dsm_mask_show, NULL);
+
static ssize_t revision_show(struct device *dev,
struct device_attribute *attr, char *buf)
{
@@ -1065,6 +1076,7 @@ static umode_t nfit_visible(struct kobject *kobj, struct attribute *a, int n)
&dev_attr_revision.attr,
&dev_attr_scrub.attr,
&dev_attr_hw_error_scrub.attr,
+ &dev_attr_bus_dsm_mask.attr,
NULL,
};
--
1.8.5.6
ACPI 6.2 added new NVDIMM root DSM functions. Define their
data structures.
Signed-off-by: Jerry Hoemann <[email protected]>
---
include/uapi/linux/ndctl.h | 40 +++++++++++++++++++++++++++++++++++++++-
1 file changed, 39 insertions(+), 1 deletion(-)
diff --git a/include/uapi/linux/ndctl.h b/include/uapi/linux/ndctl.h
index e23c37f..e15768f 100644
--- a/include/uapi/linux/ndctl.h
+++ b/include/uapi/linux/ndctl.h
@@ -105,7 +105,8 @@ struct nd_cmd_ars_cap {
__u32 status;
__u32 max_ars_out;
__u32 clear_err_unit;
- __u32 reserved;
+ __u16 flags;
+ __u16 reserved;
} __packed;
struct nd_cmd_ars_start {
@@ -144,6 +145,43 @@ struct nd_cmd_clear_error {
__u64 cleared;
} __packed;
+struct nd_cmd_trans_spa {
+ __u64 spa;
+ __u32 status;
+ __u8 flags;
+ __u8 _reserved[3];
+ __u64 trans_length;
+ __u32 num_nvdimms;
+ struct nd_nvdimm_device {
+ __u32 nfit_device_handle;
+ __u32 _reserved;
+ __u64 dpa;
+ } __packed devices[0];
+
+} __packed;
+
+struct nd_cmd_ars_err_inj {
+ __u64 err_inj_spa_range_base;
+ __u64 err_inj_spa_range_length;
+ __u8 err_inj_options;
+ __u32 status;
+} __packed;
+
+struct nd_cmd_ars_err_inj_clr {
+ __u64 err_inj_clr_spa_range_base;
+ __u64 err_inj_clr_spa_range_length;
+ __u32 status;
+} __packed;
+
+struct nd_cmd_ars_err_inj_stat {
+ __u32 status;
+ __u32 inj_err_rec_count;
+ struct nd_error_stat_query_record {
+ __u64 err_inj_stat_spa_range_base;
+ __u64 err_inj_stat_spa_range_length;
+ } __packed record[0];
+} __packed;
+
enum {
ND_CMD_IMPLEMENTED = 0,
--
1.8.5.6
Add a bus level dsm_mask to nvdimm_bus_descriptor to allow the passthru
calling mechanism to specify a different mask from the cmd_mask.
Populate bus_dsm_mask and use it to filter dsm calls that user can
make through the pass thru interface.
Signed-off-by: Jerry Hoemann <[email protected]>
---
drivers/acpi/nfit/core.c | 8 ++++++++
include/linux/libnvdimm.h | 1 +
2 files changed, 9 insertions(+)
diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
index b46fca2..5e4c137 100644
--- a/drivers/acpi/nfit/core.c
+++ b/drivers/acpi/nfit/core.c
@@ -253,6 +253,8 @@ int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, struct nvdimm *nvdimm,
cmd_name = nvdimm_bus_cmd_name(cmd);
cmd_mask = nd_desc->cmd_mask;
dsm_mask = cmd_mask;
+ if (cmd == ND_CMD_CALL)
+ dsm_mask = nd_desc->bus_dsm_mask;
desc = nd_cmd_bus_desc(cmd);
uuid = to_nfit_uuid(NFIT_DEV_BUS);
handle = adev->handle;
@@ -1613,6 +1615,7 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
struct nvdimm_bus_descriptor *nd_desc = &acpi_desc->nd_desc;
const u8 *uuid = to_nfit_uuid(NFIT_DEV_BUS);
struct acpi_device *adev;
+ unsigned long dsm_mask;
int i;
nd_desc->cmd_mask = acpi_desc->bus_cmd_force_en;
@@ -1624,6 +1627,11 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
if (acpi_check_dsm(adev->handle, uuid, 1, 1ULL << i))
set_bit(i, &nd_desc->cmd_mask);
set_bit(ND_CMD_CALL, &nd_desc->cmd_mask);
+
+ dsm_mask = 0x3bf;
+ for_each_set_bit(i, &dsm_mask, BITS_PER_LONG)
+ if (acpi_check_dsm(adev->handle, uuid, 1, 1ULL << i))
+ set_bit(i, &nd_desc->bus_dsm_mask);
}
static ssize_t range_index_show(struct device *dev,
diff --git a/include/linux/libnvdimm.h b/include/linux/libnvdimm.h
index 6c80701..f8b8f43 100644
--- a/include/linux/libnvdimm.h
+++ b/include/linux/libnvdimm.h
@@ -54,6 +54,7 @@ typedef int (*ndctl_fn)(struct nvdimm_bus_descriptor *nd_desc,
struct nvdimm_bus_descriptor {
const struct attribute_group **attr_groups;
+ unsigned long bus_dsm_mask;
unsigned long cmd_mask;
struct module *module;
char *provider_name;
--
1.8.5.6
Set ND_CMD_CALL in the cmd_mask to enable calling root
functions via the pass thru mechanism.
Signed-off-by: Jerry Hoemann <[email protected]>
---
drivers/acpi/nfit/core.c | 1 +
include/uapi/linux/ndctl.h | 1 +
2 files changed, 2 insertions(+)
diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
index 656acb5..b46fca2 100644
--- a/drivers/acpi/nfit/core.c
+++ b/drivers/acpi/nfit/core.c
@@ -1623,6 +1623,7 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
for (i = ND_CMD_ARS_CAP; i <= ND_CMD_CLEAR_ERROR; i++)
if (acpi_check_dsm(adev->handle, uuid, 1, 1ULL << i))
set_bit(i, &nd_desc->cmd_mask);
+ set_bit(ND_CMD_CALL, &nd_desc->cmd_mask);
}
static ssize_t range_index_show(struct device *dev,
diff --git a/include/uapi/linux/ndctl.h b/include/uapi/linux/ndctl.h
index 7ad3863..e23c37f 100644
--- a/include/uapi/linux/ndctl.h
+++ b/include/uapi/linux/ndctl.h
@@ -179,6 +179,7 @@ static inline const char *nvdimm_bus_cmd_name(unsigned cmd)
[ND_CMD_ARS_START] = "ars_start",
[ND_CMD_ARS_STATUS] = "ars_status",
[ND_CMD_CLEAR_ERROR] = "clear_error",
+ [ND_CMD_CALL] = "cmd_call",
};
if (cmd < ARRAY_SIZE(names) && names[cmd])
--
1.8.5.6
On Fri, Jun 30, 2017 at 9:09 AM, Jerry Hoemann <[email protected]> wrote:
> Have module parameter override_dsm_mask override the dsm_mask for
> root calls like it does for non-root dsm calls.
>
> Signed-off-by: Jerry Hoemann <[email protected]>
> ---
> drivers/acpi/nfit/core.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
> index 4e24d69..87acaf2 100644
> --- a/drivers/acpi/nfit/core.c
> +++ b/drivers/acpi/nfit/core.c
> @@ -1641,6 +1641,8 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
> set_bit(ND_CMD_CALL, &nd_desc->cmd_mask);
>
> dsm_mask = 0x3bf;
> + if (override_dsm_mask)
> + dsm_mask = override_dsm_mask;
> for_each_set_bit(i, &dsm_mask, BITS_PER_LONG)
> if (acpi_check_dsm(adev->handle, uuid, 1, 1ULL << i))
> set_bit(i, &nd_desc->bus_dsm_mask);
Another reason not to apply this is to take a look at what happened
with the introduction of _LSI, _LSR, and _LSW. We should not expect
that _DSM will keep being used for future NVDIMM root bus methods.
On Fri, Jun 30, 2017 at 9:09 AM, Jerry Hoemann <[email protected]> wrote:
> Add a bus level dsm_mask to nvdimm_bus_descriptor to allow the passthru
> calling mechanism to specify a different mask from the cmd_mask.
>
> Populate bus_dsm_mask and use it to filter dsm calls that user can
> make through the pass thru interface.
>
> Signed-off-by: Jerry Hoemann <[email protected]>
> ---
> drivers/acpi/nfit/core.c | 8 ++++++++
> include/linux/libnvdimm.h | 1 +
> 2 files changed, 9 insertions(+)
>
> diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
> index b46fca2..5e4c137 100644
> --- a/drivers/acpi/nfit/core.c
> +++ b/drivers/acpi/nfit/core.c
> @@ -253,6 +253,8 @@ int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, struct nvdimm *nvdimm,
> cmd_name = nvdimm_bus_cmd_name(cmd);
> cmd_mask = nd_desc->cmd_mask;
> dsm_mask = cmd_mask;
> + if (cmd == ND_CMD_CALL)
> + dsm_mask = nd_desc->bus_dsm_mask;
> desc = nd_cmd_bus_desc(cmd);
> uuid = to_nfit_uuid(NFIT_DEV_BUS);
> handle = adev->handle;
> @@ -1613,6 +1615,7 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
> struct nvdimm_bus_descriptor *nd_desc = &acpi_desc->nd_desc;
> const u8 *uuid = to_nfit_uuid(NFIT_DEV_BUS);
> struct acpi_device *adev;
> + unsigned long dsm_mask;
> int i;
>
> nd_desc->cmd_mask = acpi_desc->bus_cmd_force_en;
> @@ -1624,6 +1627,11 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
> if (acpi_check_dsm(adev->handle, uuid, 1, 1ULL << i))
> set_bit(i, &nd_desc->cmd_mask);
> set_bit(ND_CMD_CALL, &nd_desc->cmd_mask);
> +
> + dsm_mask = 0x3bf;
I went ahead and fixed this up to use dsm_mask defined like this:
+ dsm_mask =
+ (1 << ND_CMD_ARS_CAP) |
+ (1 << ND_CMD_ARS_START) |
+ (1 << ND_CMD_ARS_STATUS) |
+ (1 << ND_CMD_CLEAR_ERROR) |
+ (1 << NFIT_CMD_TRANSLATE_SPA) |
+ (1 << NFIT_CMD_ARS_INJECT_SET) |
+ (1 << NFIT_CMD_ARS_INJECT_CLEAR) |
+ (1 << NFIT_CMD_ARS_INJECT_GET);
This drops function number 0 which userspace has no need to call.
On Fri, Jun 30, 2017 at 08:55:22PM -0700, Dan Williams wrote:
...
> On Fri, Jun 30, 2017 at 9:09 AM, Jerry Hoemann <[email protected]> wrote:
> > + if (cmd == ND_CMD_CALL)
> > + dsm_mask = nd_desc->bus_dsm_mask;
> > desc = nd_cmd_bus_desc(cmd);
> > uuid = to_nfit_uuid(NFIT_DEV_BUS);
> > handle = adev->handle;
> > @@ -1613,6 +1615,7 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
> > struct nvdimm_bus_descriptor *nd_desc = &acpi_desc->nd_desc;
> > const u8 *uuid = to_nfit_uuid(NFIT_DEV_BUS);
> > struct acpi_device *adev;
> > + unsigned long dsm_mask;
> > int i;
> >
> > nd_desc->cmd_mask = acpi_desc->bus_cmd_force_en;
> > @@ -1624,6 +1627,11 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
> > if (acpi_check_dsm(adev->handle, uuid, 1, 1ULL << i))
> > set_bit(i, &nd_desc->cmd_mask);
> > set_bit(ND_CMD_CALL, &nd_desc->cmd_mask);
> > +
> > + dsm_mask = 0x3bf;
>
> I went ahead and fixed this up to use dsm_mask defined like this:
>
> + dsm_mask =
> + (1 << ND_CMD_ARS_CAP) |
> + (1 << ND_CMD_ARS_START) |
> + (1 << ND_CMD_ARS_STATUS) |
> + (1 << ND_CMD_CLEAR_ERROR) |
> + (1 << NFIT_CMD_TRANSLATE_SPA) |
> + (1 << NFIT_CMD_ARS_INJECT_SET) |
> + (1 << NFIT_CMD_ARS_INJECT_CLEAR) |
> + (1 << NFIT_CMD_ARS_INJECT_GET);
>
> This drops function number 0 which userspace has no need to call.
Actually I like to call function 0. Its an excellent test when
modifying the code path as its a no side effects function whose output
is known in advance and instantly recognizable. I also use it when
testing new firmware.
What is the downside to allowing it? What bad things happen?
Also, I do have to ask why you allow function zero for NVDIMM_FAMILY_MSFT?
--
-----------------------------------------------------------------------------
Jerry Hoemann Software Engineer Hewlett Packard Enterprise
-----------------------------------------------------------------------------
On Sat, Jul 1, 2017 at 12:58 PM, Jerry Hoemann <[email protected]> wrote:
> On Fri, Jun 30, 2017 at 08:55:22PM -0700, Dan Williams wrote:
>
> ...
>
>> On Fri, Jun 30, 2017 at 9:09 AM, Jerry Hoemann <[email protected]> wrote:
>> > + if (cmd == ND_CMD_CALL)
>> > + dsm_mask = nd_desc->bus_dsm_mask;
>> > desc = nd_cmd_bus_desc(cmd);
>> > uuid = to_nfit_uuid(NFIT_DEV_BUS);
>> > handle = adev->handle;
>> > @@ -1613,6 +1615,7 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
>> > struct nvdimm_bus_descriptor *nd_desc = &acpi_desc->nd_desc;
>> > const u8 *uuid = to_nfit_uuid(NFIT_DEV_BUS);
>> > struct acpi_device *adev;
>> > + unsigned long dsm_mask;
>> > int i;
>> >
>> > nd_desc->cmd_mask = acpi_desc->bus_cmd_force_en;
>> > @@ -1624,6 +1627,11 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
>> > if (acpi_check_dsm(adev->handle, uuid, 1, 1ULL << i))
>> > set_bit(i, &nd_desc->cmd_mask);
>> > set_bit(ND_CMD_CALL, &nd_desc->cmd_mask);
>> > +
>> > + dsm_mask = 0x3bf;
>>
>> I went ahead and fixed this up to use dsm_mask defined like this:
>>
>> + dsm_mask =
>> + (1 << ND_CMD_ARS_CAP) |
>> + (1 << ND_CMD_ARS_START) |
>> + (1 << ND_CMD_ARS_STATUS) |
>> + (1 << ND_CMD_CLEAR_ERROR) |
>> + (1 << NFIT_CMD_TRANSLATE_SPA) |
>> + (1 << NFIT_CMD_ARS_INJECT_SET) |
>> + (1 << NFIT_CMD_ARS_INJECT_CLEAR) |
>> + (1 << NFIT_CMD_ARS_INJECT_GET);
>>
>> This drops function number 0 which userspace has no need to call.
>
> Actually I like to call function 0. Its an excellent test when
> modifying the code path as its a no side effects function whose output
> is known in advance and instantly recognizable. I also use it when
> testing new firmware.
>
> What is the downside to allowing it? What bad things happen?
It allows implementations to bypass the standardization process and
ship new root DSMs. It's always possible to patch the kernel locally
for development, so I see no reason to ship this capability globally.
> Also, I do have to ask why you allow function zero for NVDIMM_FAMILY_MSFT?
Yeah, that's an oversight / mistake, but it's also benign since it
can't be used to add support for new function numbers to the family
since all 32 numbers are already taken. We also allow override for
leaf devices since there's quite a bit more per vendor differentiation
that might take a while to standardize.
On Sat, Jul 1, 2017 at 1:08 PM, Dan Williams <[email protected]> wrote:
> On Sat, Jul 1, 2017 at 12:58 PM, Jerry Hoemann <[email protected]> wrote:
>> On Fri, Jun 30, 2017 at 08:55:22PM -0700, Dan Williams wrote:
>>
>> ...
>>
>>> On Fri, Jun 30, 2017 at 9:09 AM, Jerry Hoemann <[email protected]> wrote:
>>> > + if (cmd == ND_CMD_CALL)
>>> > + dsm_mask = nd_desc->bus_dsm_mask;
>>> > desc = nd_cmd_bus_desc(cmd);
>>> > uuid = to_nfit_uuid(NFIT_DEV_BUS);
>>> > handle = adev->handle;
>>> > @@ -1613,6 +1615,7 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
>>> > struct nvdimm_bus_descriptor *nd_desc = &acpi_desc->nd_desc;
>>> > const u8 *uuid = to_nfit_uuid(NFIT_DEV_BUS);
>>> > struct acpi_device *adev;
>>> > + unsigned long dsm_mask;
>>> > int i;
>>> >
>>> > nd_desc->cmd_mask = acpi_desc->bus_cmd_force_en;
>>> > @@ -1624,6 +1627,11 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
>>> > if (acpi_check_dsm(adev->handle, uuid, 1, 1ULL << i))
>>> > set_bit(i, &nd_desc->cmd_mask);
>>> > set_bit(ND_CMD_CALL, &nd_desc->cmd_mask);
>>> > +
>>> > + dsm_mask = 0x3bf;
>>>
>>> I went ahead and fixed this up to use dsm_mask defined like this:
>>>
>>> + dsm_mask =
>>> + (1 << ND_CMD_ARS_CAP) |
>>> + (1 << ND_CMD_ARS_START) |
>>> + (1 << ND_CMD_ARS_STATUS) |
>>> + (1 << ND_CMD_CLEAR_ERROR) |
>>> + (1 << NFIT_CMD_TRANSLATE_SPA) |
>>> + (1 << NFIT_CMD_ARS_INJECT_SET) |
>>> + (1 << NFIT_CMD_ARS_INJECT_CLEAR) |
>>> + (1 << NFIT_CMD_ARS_INJECT_GET);
>>>
>>> This drops function number 0 which userspace has no need to call.
>>
>> Actually I like to call function 0. Its an excellent test when
>> modifying the code path as its a no side effects function whose output
>> is known in advance and instantly recognizable. I also use it when
>> testing new firmware.
>>
>> What is the downside to allowing it? What bad things happen?
>
> It allows implementations to bypass the standardization process and
> ship new root DSMs. It's always possible to patch the kernel locally
> for development, so I see no reason to ship this capability globally.
Actually, just the discovery portion does not lead to this leak, but
it's redundant when we have the 'dsm_mask' sysfs attribute.
On Sat, Jul 01, 2017 at 01:10:31PM -0700, Dan Williams wrote:
> On Sat, Jul 1, 2017 at 1:08 PM, Dan Williams <[email protected]> wrote:
> > On Sat, Jul 1, 2017 at 12:58 PM, Jerry Hoemann <[email protected]> wrote:
> >> On Fri, Jun 30, 2017 at 08:55:22PM -0700, Dan Williams wrote:
> >>
> >> ...
> >>
> >>> On Fri, Jun 30, 2017 at 9:09 AM, Jerry Hoemann <[email protected]> wrote:
> >>> > + if (cmd == ND_CMD_CALL)
> >>> > + dsm_mask = nd_desc->bus_dsm_mask;
> >>> > desc = nd_cmd_bus_desc(cmd);
> >>> > uuid = to_nfit_uuid(NFIT_DEV_BUS);
> >>> > handle = adev->handle;
> >>> > @@ -1613,6 +1615,7 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
> >>> > struct nvdimm_bus_descriptor *nd_desc = &acpi_desc->nd_desc;
> >>> > const u8 *uuid = to_nfit_uuid(NFIT_DEV_BUS);
> >>> > struct acpi_device *adev;
> >>> > + unsigned long dsm_mask;
> >>> > int i;
> >>> >
> >>> > nd_desc->cmd_mask = acpi_desc->bus_cmd_force_en;
> >>> > @@ -1624,6 +1627,11 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
> >>> > if (acpi_check_dsm(adev->handle, uuid, 1, 1ULL << i))
> >>> > set_bit(i, &nd_desc->cmd_mask);
> >>> > set_bit(ND_CMD_CALL, &nd_desc->cmd_mask);
> >>> > +
> >>> > + dsm_mask = 0x3bf;
> >>>
> >>> I went ahead and fixed this up to use dsm_mask defined like this:
> >>>
> >>> + dsm_mask =
> >>> + (1 << ND_CMD_ARS_CAP) |
> >>> + (1 << ND_CMD_ARS_START) |
> >>> + (1 << ND_CMD_ARS_STATUS) |
> >>> + (1 << ND_CMD_CLEAR_ERROR) |
> >>> + (1 << NFIT_CMD_TRANSLATE_SPA) |
> >>> + (1 << NFIT_CMD_ARS_INJECT_SET) |
> >>> + (1 << NFIT_CMD_ARS_INJECT_CLEAR) |
> >>> + (1 << NFIT_CMD_ARS_INJECT_GET);
> >>>
> >>> This drops function number 0 which userspace has no need to call.
> >>
> >> Actually I like to call function 0. Its an excellent test when
> >> modifying the code path as its a no side effects function whose output
> >> is known in advance and instantly recognizable. I also use it when
> >> testing new firmware.
> >>
> >> What is the downside to allowing it? What bad things happen?
> >
> > It allows implementations to bypass the standardization process and
> > ship new root DSMs. It's always possible to patch the kernel locally
> > for development, so I see no reason to ship this capability globally.
I don't understand this comment, but I think your next comment
essentially says to disregard this comment?
>
> Actually, just the discovery portion does not lead to this leak, but
> it's redundant when we have the 'dsm_mask' sysfs attribute.
No. The generation of the mask in sysfs is not done by
executing the code in acpi_nfit_ctl. One of the reasons I call
function 0 to test changes I am making to the ioctl path itself.
The sysfs has nothing to do with that path and cannot be used
to serve this purpose.
And since the content of sysfs has been edited it also can not be
used as a basic test of firmware.
What is the downside to allowing the calling of function 0?
--
-----------------------------------------------------------------------------
Jerry Hoemann Software Engineer Hewlett Packard Enterprise
-----------------------------------------------------------------------------
On Sat, Jul 1, 2017 at 1:38 PM, Jerry Hoemann <[email protected]> wrote:
> On Sat, Jul 01, 2017 at 01:10:31PM -0700, Dan Williams wrote:
>> On Sat, Jul 1, 2017 at 1:08 PM, Dan Williams <[email protected]> wrote:
>> > On Sat, Jul 1, 2017 at 12:58 PM, Jerry Hoemann <[email protected]> wrote:
>> >> On Fri, Jun 30, 2017 at 08:55:22PM -0700, Dan Williams wrote:
>> >>
>> >> ...
>> >>
>> >>> On Fri, Jun 30, 2017 at 9:09 AM, Jerry Hoemann <[email protected]> wrote:
>> >>> > + if (cmd == ND_CMD_CALL)
>> >>> > + dsm_mask = nd_desc->bus_dsm_mask;
>> >>> > desc = nd_cmd_bus_desc(cmd);
>> >>> > uuid = to_nfit_uuid(NFIT_DEV_BUS);
>> >>> > handle = adev->handle;
>> >>> > @@ -1613,6 +1615,7 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
>> >>> > struct nvdimm_bus_descriptor *nd_desc = &acpi_desc->nd_desc;
>> >>> > const u8 *uuid = to_nfit_uuid(NFIT_DEV_BUS);
>> >>> > struct acpi_device *adev;
>> >>> > + unsigned long dsm_mask;
>> >>> > int i;
>> >>> >
>> >>> > nd_desc->cmd_mask = acpi_desc->bus_cmd_force_en;
>> >>> > @@ -1624,6 +1627,11 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
>> >>> > if (acpi_check_dsm(adev->handle, uuid, 1, 1ULL << i))
>> >>> > set_bit(i, &nd_desc->cmd_mask);
>> >>> > set_bit(ND_CMD_CALL, &nd_desc->cmd_mask);
>> >>> > +
>> >>> > + dsm_mask = 0x3bf;
>> >>>
>> >>> I went ahead and fixed this up to use dsm_mask defined like this:
>> >>>
>> >>> + dsm_mask =
>> >>> + (1 << ND_CMD_ARS_CAP) |
>> >>> + (1 << ND_CMD_ARS_START) |
>> >>> + (1 << ND_CMD_ARS_STATUS) |
>> >>> + (1 << ND_CMD_CLEAR_ERROR) |
>> >>> + (1 << NFIT_CMD_TRANSLATE_SPA) |
>> >>> + (1 << NFIT_CMD_ARS_INJECT_SET) |
>> >>> + (1 << NFIT_CMD_ARS_INJECT_CLEAR) |
>> >>> + (1 << NFIT_CMD_ARS_INJECT_GET);
>> >>>
>> >>> This drops function number 0 which userspace has no need to call.
>> >>
>> >> Actually I like to call function 0. Its an excellent test when
>> >> modifying the code path as its a no side effects function whose output
>> >> is known in advance and instantly recognizable. I also use it when
>> >> testing new firmware.
>> >>
>> >> What is the downside to allowing it? What bad things happen?
>> >
>> > It allows implementations to bypass the standardization process and
>> > ship new root DSMs. It's always possible to patch the kernel locally
>> > for development, so I see no reason to ship this capability globally.
>
> I don't understand this comment, but I think your next comment
> essentially says to disregard this comment?
Yes, sorry.
>> Actually, just the discovery portion does not lead to this leak, but
>> it's redundant when we have the 'dsm_mask' sysfs attribute.
>
> No. The generation of the mask in sysfs is not done by
> executing the code in acpi_nfit_ctl. One of the reasons I call
> function 0 to test changes I am making to the ioctl path itself.
> The sysfs has nothing to do with that path and cannot be used
> to serve this purpose.
>
> And since the content of sysfs has been edited it also can not be
> used as a basic test of firmware.
>
> What is the downside to allowing the calling of function 0?
It needlessly expands the kernel ABI. I would suggest, if you want to
test acpi_nfit_ctl() path changes, expand the existing test
infrastructure we have in nfit_ctl_test(). If you want to test
firmware you don't need the upstream kernel to carry firmware debug
enabling in the production path, but I would support expanding
tools/testing/nvdimm/ to make it easier to test firmware.
On Sat, Jul 01, 2017 at 01:46:03PM -0700, Dan Williams wrote:
> On Sat, Jul 1, 2017 at 1:38 PM, Jerry Hoemann <[email protected]> wrote:
> > On Sat, Jul 01, 2017 at 01:10:31PM -0700, Dan Williams wrote:
> >> On Sat, Jul 1, 2017 at 1:08 PM, Dan Williams <[email protected]> wrote:
> >> > On Sat, Jul 1, 2017 at 12:58 PM, Jerry Hoemann <[email protected]> wrote:
> >> >> On Fri, Jun 30, 2017 at 08:55:22PM -0700, Dan Williams wrote:
> >> >>
> >> >> ...
> >> >>
> >> >>> On Fri, Jun 30, 2017 at 9:09 AM, Jerry Hoemann <[email protected]> wrote:
> >> >>> > + if (cmd == ND_CMD_CALL)
> >> >>> > + dsm_mask = nd_desc->bus_dsm_mask;
> >> >>> > desc = nd_cmd_bus_desc(cmd);
> >> >>> > uuid = to_nfit_uuid(NFIT_DEV_BUS);
> >> >>> > handle = adev->handle;
> >> >>> > @@ -1613,6 +1615,7 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
> >> >>> > struct nvdimm_bus_descriptor *nd_desc = &acpi_desc->nd_desc;
> >> >>> > const u8 *uuid = to_nfit_uuid(NFIT_DEV_BUS);
> >> >>> > struct acpi_device *adev;
> >> >>> > + unsigned long dsm_mask;
> >> >>> > int i;
> >> >>> >
> >> >>> > nd_desc->cmd_mask = acpi_desc->bus_cmd_force_en;
> >> >>> > @@ -1624,6 +1627,11 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
> >> >>> > if (acpi_check_dsm(adev->handle, uuid, 1, 1ULL << i))
> >> >>> > set_bit(i, &nd_desc->cmd_mask);
> >> >>> > set_bit(ND_CMD_CALL, &nd_desc->cmd_mask);
> >> >>> > +
> >> >>> > + dsm_mask = 0x3bf;
> >> >>>
> >> >>> I went ahead and fixed this up to use dsm_mask defined like this:
> >> >>>
> >> >>> + dsm_mask =
> >> >>> + (1 << ND_CMD_ARS_CAP) |
> >> >>> + (1 << ND_CMD_ARS_START) |
> >> >>> + (1 << ND_CMD_ARS_STATUS) |
> >> >>> + (1 << ND_CMD_CLEAR_ERROR) |
> >> >>> + (1 << NFIT_CMD_TRANSLATE_SPA) |
> >> >>> + (1 << NFIT_CMD_ARS_INJECT_SET) |
> >> >>> + (1 << NFIT_CMD_ARS_INJECT_CLEAR) |
> >> >>> + (1 << NFIT_CMD_ARS_INJECT_GET);
> >> >>>
> >> >>> This drops function number 0 which userspace has no need to call.
> >> >>
> >> >> Actually I like to call function 0. Its an excellent test when
> >> >> modifying the code path as its a no side effects function whose output
> >> >> is known in advance and instantly recognizable. I also use it when
> >> >> testing new firmware.
> >> >>
> >> >> What is the downside to allowing it? What bad things happen?
> >> >
> >> > It allows implementations to bypass the standardization process and
> >> > ship new root DSMs. It's always possible to patch the kernel locally
> >> > for development, so I see no reason to ship this capability globally.
> >
> > I don't understand this comment, but I think your next comment
> > essentially says to disregard this comment?
>
> Yes, sorry.
>
> >> Actually, just the discovery portion does not lead to this leak, but
> >> it's redundant when we have the 'dsm_mask' sysfs attribute.
> >
> > No. The generation of the mask in sysfs is not done by
> > executing the code in acpi_nfit_ctl. One of the reasons I call
> > function 0 to test changes I am making to the ioctl path itself.
> > The sysfs has nothing to do with that path and cannot be used
> > to serve this purpose.
> >
> > And since the content of sysfs has been edited it also can not be
> > used as a basic test of firmware.
> >
> > What is the downside to allowing the calling of function 0?
>
> It needlessly expands the kernel ABI. I would suggest, if you want to
No. It is not needless. It is not an ABI extension.
Same goes for the override feature.
I hope that ACPI doesn't extend the specification in the future because
we'll just have to redo these patches yet again.
--
-----------------------------------------------------------------------------
Jerry Hoemann Software Engineer Hewlett Packard Enterprise
-----------------------------------------------------------------------------
On Tue, Jul 4, 2017 at 1:08 PM, Jerry Hoemann <[email protected]> wrote:
> On Sat, Jul 01, 2017 at 01:46:03PM -0700, Dan Williams wrote:
>> On Sat, Jul 1, 2017 at 1:38 PM, Jerry Hoemann <[email protected]> wrote:
>> > On Sat, Jul 01, 2017 at 01:10:31PM -0700, Dan Williams wrote:
>> >> On Sat, Jul 1, 2017 at 1:08 PM, Dan Williams <[email protected]> wrote:
>> >> > On Sat, Jul 1, 2017 at 12:58 PM, Jerry Hoemann <[email protected]> wrote:
>> >> >> On Fri, Jun 30, 2017 at 08:55:22PM -0700, Dan Williams wrote:
>> >> >>
>> >> >> ...
>> >> >>
>> >> >>> On Fri, Jun 30, 2017 at 9:09 AM, Jerry Hoemann <[email protected]> wrote:
>> >> >>> > + if (cmd == ND_CMD_CALL)
>> >> >>> > + dsm_mask = nd_desc->bus_dsm_mask;
>> >> >>> > desc = nd_cmd_bus_desc(cmd);
>> >> >>> > uuid = to_nfit_uuid(NFIT_DEV_BUS);
>> >> >>> > handle = adev->handle;
>> >> >>> > @@ -1613,6 +1615,7 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
>> >> >>> > struct nvdimm_bus_descriptor *nd_desc = &acpi_desc->nd_desc;
>> >> >>> > const u8 *uuid = to_nfit_uuid(NFIT_DEV_BUS);
>> >> >>> > struct acpi_device *adev;
>> >> >>> > + unsigned long dsm_mask;
>> >> >>> > int i;
>> >> >>> >
>> >> >>> > nd_desc->cmd_mask = acpi_desc->bus_cmd_force_en;
>> >> >>> > @@ -1624,6 +1627,11 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
>> >> >>> > if (acpi_check_dsm(adev->handle, uuid, 1, 1ULL << i))
>> >> >>> > set_bit(i, &nd_desc->cmd_mask);
>> >> >>> > set_bit(ND_CMD_CALL, &nd_desc->cmd_mask);
>> >> >>> > +
>> >> >>> > + dsm_mask = 0x3bf;
>> >> >>>
>> >> >>> I went ahead and fixed this up to use dsm_mask defined like this:
>> >> >>>
>> >> >>> + dsm_mask =
>> >> >>> + (1 << ND_CMD_ARS_CAP) |
>> >> >>> + (1 << ND_CMD_ARS_START) |
>> >> >>> + (1 << ND_CMD_ARS_STATUS) |
>> >> >>> + (1 << ND_CMD_CLEAR_ERROR) |
>> >> >>> + (1 << NFIT_CMD_TRANSLATE_SPA) |
>> >> >>> + (1 << NFIT_CMD_ARS_INJECT_SET) |
>> >> >>> + (1 << NFIT_CMD_ARS_INJECT_CLEAR) |
>> >> >>> + (1 << NFIT_CMD_ARS_INJECT_GET);
>> >> >>>
>> >> >>> This drops function number 0 which userspace has no need to call.
>> >> >>
>> >> >> Actually I like to call function 0. Its an excellent test when
>> >> >> modifying the code path as its a no side effects function whose output
>> >> >> is known in advance and instantly recognizable. I also use it when
>> >> >> testing new firmware.
>> >> >>
>> >> >> What is the downside to allowing it? What bad things happen?
>> >> >
>> >> > It allows implementations to bypass the standardization process and
>> >> > ship new root DSMs. It's always possible to patch the kernel locally
>> >> > for development, so I see no reason to ship this capability globally.
>> >
>> > I don't understand this comment, but I think your next comment
>> > essentially says to disregard this comment?
>>
>> Yes, sorry.
>>
>> >> Actually, just the discovery portion does not lead to this leak, but
>> >> it's redundant when we have the 'dsm_mask' sysfs attribute.
>> >
>> > No. The generation of the mask in sysfs is not done by
>> > executing the code in acpi_nfit_ctl. One of the reasons I call
>> > function 0 to test changes I am making to the ioctl path itself.
>> > The sysfs has nothing to do with that path and cannot be used
>> > to serve this purpose.
>> >
>> > And since the content of sysfs has been edited it also can not be
>> > used as a basic test of firmware.
>> >
>> > What is the downside to allowing the calling of function 0?
>>
>> It needlessly expands the kernel ABI. I would suggest, if you want to
>
> No. It is not needless. It is not an ABI extension.
> Same goes for the override feature.
If the need is testing then we have a tools/testing/nvdimm for that.
Of course it's an ABI extension, it allows userspace to discover DSM
function numbers the kernel didn't know about at compile time.
> I hope that ACPI doesn't extend the specification in the future because
> we'll just have to redo these patches yet again.
Hopefully this is the last ACPI spec version where we add new DSMs to
the root device. All future methods should be named methods like what
the specification started doing for NVIDMM leaf devices with _LSI,
_LSR, and _LSW.
On 07/04/2017 04:37 PM, Dan Williams wrote:
> On Tue, Jul 4, 2017 at 1:08 PM, Jerry Hoemann <[email protected]> wrote:
>> On Sat, Jul 01, 2017 at 01:46:03PM -0700, Dan Williams wrote:
>>> On Sat, Jul 1, 2017 at 1:38 PM, Jerry Hoemann <[email protected]> wrote:
>>>> On Sat, Jul 01, 2017 at 01:10:31PM -0700, Dan Williams wrote:
>>>>> On Sat, Jul 1, 2017 at 1:08 PM, Dan Williams <[email protected]> wrote:
>>>>>> On Sat, Jul 1, 2017 at 12:58 PM, Jerry Hoemann <[email protected]> wrote:
>>>>>>> On Fri, Jun 30, 2017 at 08:55:22PM -0700, Dan Williams wrote:
>>>>>>>
>>>>>>> ...
>>>>>>>
>>>>>>>> On Fri, Jun 30, 2017 at 9:09 AM, Jerry Hoemann <[email protected]> wrote:
>>>>>>>>> + if (cmd == ND_CMD_CALL)
>>>>>>>>> + dsm_mask = nd_desc->bus_dsm_mask;
>>>>>>>>> desc = nd_cmd_bus_desc(cmd);
>>>>>>>>> uuid = to_nfit_uuid(NFIT_DEV_BUS);
>>>>>>>>> handle = adev->handle;
>>>>>>>>> @@ -1613,6 +1615,7 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
>>>>>>>>> struct nvdimm_bus_descriptor *nd_desc = &acpi_desc->nd_desc;
>>>>>>>>> const u8 *uuid = to_nfit_uuid(NFIT_DEV_BUS);
>>>>>>>>> struct acpi_device *adev;
>>>>>>>>> + unsigned long dsm_mask;
>>>>>>>>> int i;
>>>>>>>>>
>>>>>>>>> nd_desc->cmd_mask = acpi_desc->bus_cmd_force_en;
>>>>>>>>> @@ -1624,6 +1627,11 @@ static void acpi_nfit_init_dsms(struct acpi_nfit_desc *acpi_desc)
>>>>>>>>> if (acpi_check_dsm(adev->handle, uuid, 1, 1ULL << i))
>>>>>>>>> set_bit(i, &nd_desc->cmd_mask);
>>>>>>>>> set_bit(ND_CMD_CALL, &nd_desc->cmd_mask);
>>>>>>>>> +
>>>>>>>>> + dsm_mask = 0x3bf;
>>>>>>>>
>>>>>>>> I went ahead and fixed this up to use dsm_mask defined like this:
>>>>>>>>
>>>>>>>> + dsm_mask =
>>>>>>>> + (1 << ND_CMD_ARS_CAP) |
>>>>>>>> + (1 << ND_CMD_ARS_START) |
>>>>>>>> + (1 << ND_CMD_ARS_STATUS) |
>>>>>>>> + (1 << ND_CMD_CLEAR_ERROR) |
>>>>>>>> + (1 << NFIT_CMD_TRANSLATE_SPA) |
>>>>>>>> + (1 << NFIT_CMD_ARS_INJECT_SET) |
>>>>>>>> + (1 << NFIT_CMD_ARS_INJECT_CLEAR) |
>>>>>>>> + (1 << NFIT_CMD_ARS_INJECT_GET);
>>>>>>>>
>>>>>>>> This drops function number 0 which userspace has no need to call.
>>>>>>>
>>>>>>> Actually I like to call function 0. Its an excellent test when
>>>>>>> modifying the code path as its a no side effects function whose output
>>>>>>> is known in advance and instantly recognizable. I also use it when
>>>>>>> testing new firmware.
>>>>>>>
>>>>>>> What is the downside to allowing it? What bad things happen?
>>>>>>
>>>>>> It allows implementations to bypass the standardization process and
>>>>>> ship new root DSMs. It's always possible to patch the kernel locally
>>>>>> for development, so I see no reason to ship this capability globally.
>>>>
>>>> I don't understand this comment, but I think your next comment
>>>> essentially says to disregard this comment?
>>>
>>> Yes, sorry.
>>>
>>>>> Actually, just the discovery portion does not lead to this leak, but
>>>>> it's redundant when we have the 'dsm_mask' sysfs attribute.
>>>>
>>>> No. The generation of the mask in sysfs is not done by
>>>> executing the code in acpi_nfit_ctl. One of the reasons I call
>>>> function 0 to test changes I am making to the ioctl path itself.
>>>> The sysfs has nothing to do with that path and cannot be used
>>>> to serve this purpose.
>>>>
>>>> And since the content of sysfs has been edited it also can not be
>>>> used as a basic test of firmware.
>>>>
>>>> What is the downside to allowing the calling of function 0?
>>>
>>> It needlessly expands the kernel ABI. I would suggest, if you want to
>>
>> No. It is not needless. It is not an ABI extension.
>> Same goes for the override feature.
I have never understood why allowing function 0 is considered harmful.
It is a standard function defined by ACPI in general and specifically
for NVDIMM Rood Device _DSMs. It is also defined for each vendor-specific
DSM family. It is not an ABI extension. It is a standard.
> If the need is testing then we have a tools/testing/nvdimm for that.
> Of course it's an ABI extension, it allows userspace to discover DSM
> function numbers the kernel didn't know about at compile time.
It also allows user space to determine which DSMs are actually supported
by the platform, which may be a subset of the defined set, in a standard
way. Exposing information only in /sys just makes it harder for people
writing software (tools, tests, whatever) that need to support more than
just Linux.
>> I hope that ACPI doesn't extend the specification in the future because
>> we'll just have to redo these patches yet again.
>
> Hopefully this is the last ACPI spec version where we add new DSMs to
> the root device.
I wouldn't bet on it.
> All future methods should be named methods like what
> the specification started doing for NVIDMM leaf devices with _LSI,
> _LSR, and _LSW.
Those methods started out as DSMs for a specific vendor and then became
standardized. It would not surprise me if that's the path that is taken
as new NVDIMM technologies evolve and new functions may be required. It's
not always clear on the outset what should be standardized.
Aggressively preventing extensibility, especially when it's actually part
of a standard, baffles me.
-- ljk
> _______________________________________________
> Linux-nvdimm mailing list
> [email protected]
> https://lists.01.org/mailman/listinfo/linux-nvdimm
>
On Tue, Jul 04, 2017 at 01:37:43PM -0700, Dan Williams wrote:
> On Tue, Jul 4, 2017 at 1:08 PM, Jerry Hoemann <[email protected]> wrote:
> > On Sat, Jul 01, 2017 at 01:46:03PM -0700, Dan Williams wrote:
> >> On Sat, Jul 1, 2017 at 1:38 PM, Jerry Hoemann <[email protected]> wrote:
> >> > On Sat, Jul 01, 2017 at 01:10:31PM -0700, Dan Williams wrote:
> >> >> On Sat, Jul 1, 2017 at 1:08 PM, Dan Williams <[email protected]> wrote:
> >> >> > On Sat, Jul 1, 2017 at 12:58 PM, Jerry Hoemann <[email protected]> wrote:
> >> >> >> On Fri, Jun 30, 2017 at 08:55:22PM -0700, Dan Williams wrote:
> >> >> >>
> >> >> >> ...
...
> >> >> >>>
> >> >> >>> This drops function number 0 which userspace has no need to call.
> >> >> >>
> >> >> >> Actually I like to call function 0. Its an excellent test when
> >> >> >> modifying the code path as its a no side effects function whose output
> >> >> >> is known in advance and instantly recognizable. I also use it when
> >> >> >> testing new firmware.
> >> >> >>
> >> >> >> What is the downside to allowing it? What bad things happen?
> >> >> >
> >> >> > It allows implementations to bypass the standardization process and
> >> >> > ship new root DSMs. It's always possible to patch the kernel locally
> >> >> > for development, so I see no reason to ship this capability globally.
> >> >
> >> > I don't understand this comment, but I think your next comment
> >> > essentially says to disregard this comment?
> >>
> >> Yes, sorry.
> >>
> >> >> Actually, just the discovery portion does not lead to this leak, but
> >> >> it's redundant when we have the 'dsm_mask' sysfs attribute.
> >> >
> >> > No. The generation of the mask in sysfs is not done by
> >> > executing the code in acpi_nfit_ctl. One of the reasons I call
> >> > function 0 to test changes I am making to the ioctl path itself.
> >> > The sysfs has nothing to do with that path and cannot be used
> >> > to serve this purpose.
> >> >
> >> > And since the content of sysfs has been edited it also can not be
> >> > used as a basic test of firmware.
> >> >
> >> > What is the downside to allowing the calling of function 0?
> >>
> >> It needlessly expands the kernel ABI. I would suggest, if you want to
> >
> > No. It is not needless. It is not an ABI extension.
> > Same goes for the override feature.
>
> If the need is testing then we have a tools/testing/nvdimm for that.
> Of course it's an ABI extension, it allows userspace to discover DSM
> function numbers the kernel didn't know about at compile time.
A modification to a library or kernel that changes the results of a
function (or system call) doesn't necessarily break (or extend) an ABI.
An obvious example is that of a random number generator function.
A library/kernel is completely free to change the implementation
of the random number generator (and the values it returns)
without breaking the ABI provided all other rules of ABI preservation
are followed.
Now lets look at problem at hand. The pass thru mechanism has very
little semantic overhead. Fill in the nd_cmd_pkg as described in ndctl.h,
call the ioctl w/ argument with ND_CMD_CALL, and the kernel will marshal
up the arguments, call the DSM and return the results. The values
of nd_command could be any value and it is for the DSM to either accept
or reject the input argument. I wrote this interface and this is how
I defined it.
The user application is not changing irrespective of if the kernel applies
a mask to the passed in nd_command argument. The data structures are not
changing at either source level or binary level. The calling convention is not
changing. No object file changes are required. Nothing related to ABI
preservation is impacted. The only question is whether the application
of a mask to special case function 0 breaks/extends the ABI.
It turns out that this point doesn't really matter as your position
is invalid either way.
The argument for this not being an API breakage/extension:
A DSM could either implement or not a function index for any value of N.
So, a correctly written application must take into account that for
any value of N, the DSM may return error or not. Preserving an ABI
doesn't require the library/kernel preserve incorrect application
behavior.
Now, assume that the special casing of function zero does constitute
a breakage/extension of the ABI:
I'm not the one wishing to special case function 0, you are.
So, to this point I say, Dan please don't make needless extension to
the ABI. Its and extension and you've provided no valid reason
for making it.
Your argument to disallow function zero is invalid.
There is nothing harmful per se to allow function 0. All DSMs that return
non zero are required to have it. By excluding it, you actually create the
impression that the underlying DSM is violating the DSM specification.
--
-----------------------------------------------------------------------------
Jerry Hoemann Software Engineer Hewlett Packard Enterprise
-----------------------------------------------------------------------------
On Wed, Jul 5, 2017 at 9:24 AM, Jerry Hoemann <[email protected]> wrote:
> On Tue, Jul 04, 2017 at 01:37:43PM -0700, Dan Williams wrote:
>> On Tue, Jul 4, 2017 at 1:08 PM, Jerry Hoemann <[email protected]> wrote:
>> > On Sat, Jul 01, 2017 at 01:46:03PM -0700, Dan Williams wrote:
>> >> On Sat, Jul 1, 2017 at 1:38 PM, Jerry Hoemann <[email protected]> wrote:
>> >> > On Sat, Jul 01, 2017 at 01:10:31PM -0700, Dan Williams wrote:
>> >> >> On Sat, Jul 1, 2017 at 1:08 PM, Dan Williams <[email protected]> wrote:
>> >> >> > On Sat, Jul 1, 2017 at 12:58 PM, Jerry Hoemann <[email protected]> wrote:
>> >> >> >> On Fri, Jun 30, 2017 at 08:55:22PM -0700, Dan Williams wrote:
>> >> >> >>
>> >> >> >> ...
>
> ...
>
>> >> >> >>>
>> >> >> >>> This drops function number 0 which userspace has no need to call.
>> >> >> >>
>> >> >> >> Actually I like to call function 0. Its an excellent test when
>> >> >> >> modifying the code path as its a no side effects function whose output
>> >> >> >> is known in advance and instantly recognizable. I also use it when
>> >> >> >> testing new firmware.
>> >> >> >>
>> >> >> >> What is the downside to allowing it? What bad things happen?
>> >> >> >
>> >> >> > It allows implementations to bypass the standardization process and
>> >> >> > ship new root DSMs. It's always possible to patch the kernel locally
>> >> >> > for development, so I see no reason to ship this capability globally.
>> >> >
>> >> > I don't understand this comment, but I think your next comment
>> >> > essentially says to disregard this comment?
>> >>
>> >> Yes, sorry.
>> >>
>> >> >> Actually, just the discovery portion does not lead to this leak, but
>> >> >> it's redundant when we have the 'dsm_mask' sysfs attribute.
>> >> >
>> >> > No. The generation of the mask in sysfs is not done by
>> >> > executing the code in acpi_nfit_ctl. One of the reasons I call
>> >> > function 0 to test changes I am making to the ioctl path itself.
>> >> > The sysfs has nothing to do with that path and cannot be used
>> >> > to serve this purpose.
>> >> >
>> >> > And since the content of sysfs has been edited it also can not be
>> >> > used as a basic test of firmware.
>> >> >
>> >> > What is the downside to allowing the calling of function 0?
>> >>
>> >> It needlessly expands the kernel ABI. I would suggest, if you want to
>> >
>> > No. It is not needless. It is not an ABI extension.
>> > Same goes for the override feature.
>>
>> If the need is testing then we have a tools/testing/nvdimm for that.
>
>
>
>> Of course it's an ABI extension, it allows userspace to discover DSM
>> function numbers the kernel didn't know about at compile time.
>
>
> A modification to a library or kernel that changes the results of a
> function (or system call) doesn't necessarily break (or extend) an ABI.
> An obvious example is that of a random number generator function.
> A library/kernel is completely free to change the implementation
> of the random number generator (and the values it returns)
> without breaking the ABI provided all other rules of ABI preservation
> are followed.
>
> Now lets look at problem at hand. The pass thru mechanism has very
> little semantic overhead. Fill in the nd_cmd_pkg as described in ndctl.h,
> call the ioctl w/ argument with ND_CMD_CALL, and the kernel will marshal
> up the arguments, call the DSM and return the results. The values
> of nd_command could be any value and it is for the DSM to either accept
> or reject the input argument. I wrote this interface and this is how
> I defined it.
>
> The user application is not changing irrespective of if the kernel applies
> a mask to the passed in nd_command argument. The data structures are not
> changing at either source level or binary level. The calling convention is not
> changing. No object file changes are required. Nothing related to ABI
> preservation is impacted. The only question is whether the application
> of a mask to special case function 0 breaks/extends the ABI.
>
> It turns out that this point doesn't really matter as your position
> is invalid either way.
>
> The argument for this not being an API breakage/extension:
>
> A DSM could either implement or not a function index for any value of N.
> So, a correctly written application must take into account that for
> any value of N, the DSM may return error or not. Preserving an ABI
> doesn't require the library/kernel preserve incorrect application
> behavior.
>
> Now, assume that the special casing of function zero does constitute
> a breakage/extension of the ABI:
>
> I'm not the one wishing to special case function 0, you are.
> So, to this point I say, Dan please don't make needless extension to
> the ABI. Its and extension and you've provided no valid reason
> for making it.
>
> Your argument to disallow function zero is invalid.
>
> There is nothing harmful per se to allow function 0. All DSMs that return
> non zero are required to have it. By excluding it, you actually create the
> impression that the underlying DSM is violating the DSM specification.
This goes back to the original reasoning for pushing back on the
override for the leaf-level _DSM methods. Specifically the ability to
bypass the standardization process to ship vendor-specific behavior.
Now, the other side of the argument is that if the next spec adds new
_DSMs a simple override can enable them. I am more sympathetic to the
override for the leaf / DIMM level because those _DSMs truly are
DIMM-vendor specific, but the root device is not. Also, none of the
root-level DSMs added for 6.2 are in any way critical for proper
operation of the platform, and I do not see any bus-level
functionality on the horizon that we need to aggressively pre-enable.
It was a mistake to use _DSM for common root-level functionality, and
we shouldn't double down on that mistake by allowing unfettered
definition of new interfaces. NVDIMM is not so special that it needs
to bypass the standard ACPI-to-kernel development pipeline.
On Wed, Jul 05, 2017 at 09:35:48AM -0700, Dan Williams wrote:
> On Wed, Jul 5, 2017 at 9:24 AM, Jerry Hoemann <[email protected]> wrote:
> > On Tue, Jul 04, 2017 at 01:37:43PM -0700, Dan Williams wrote:
> >> On Tue, Jul 4, 2017 at 1:08 PM, Jerry Hoemann <[email protected]> wrote:
> >> > On Sat, Jul 01, 2017 at 01:46:03PM -0700, Dan Williams wrote:
> >> >> On Sat, Jul 1, 2017 at 1:38 PM, Jerry Hoemann <[email protected]> wrote:
> >> >> > On Sat, Jul 01, 2017 at 01:10:31PM -0700, Dan Williams wrote:
> >> >> >> On Sat, Jul 1, 2017 at 1:08 PM, Dan Williams <[email protected]> wrote:
> >> >> >> > On Sat, Jul 1, 2017 at 12:58 PM, Jerry Hoemann <[email protected]> wrote:
> >> >> >> >> On Fri, Jun 30, 2017 at 08:55:22PM -0700, Dan Williams wrote:
> >> >> >> >>
> >> >> >> >> ...
> >
> > ...
> >
> >> >> >> >>>
> >> >> >> >>> This drops function number 0 which userspace has no need to call.
> >> >> >> >>
> >> >> >> >> Actually I like to call function 0. Its an excellent test when
> >> >> >> >> modifying the code path as its a no side effects function whose output
> >> >> >> >> is known in advance and instantly recognizable. I also use it when
> >> >> >> >> testing new firmware.
> >> >> >> >>
> >> >> >> >> What is the downside to allowing it? What bad things happen?
> >> >> >> >
> >> >> >> > It allows implementations to bypass the standardization process and
> >> >> >> > ship new root DSMs. It's always possible to patch the kernel locally
> >> >> >> > for development, so I see no reason to ship this capability globally.
> >> >> >
> >> >> > I don't understand this comment, but I think your next comment
> >> >> > essentially says to disregard this comment?
> >> >>
> >> >> Yes, sorry.
> >> >>
> >> >> >> Actually, just the discovery portion does not lead to this leak, but
> >> >> >> it's redundant when we have the 'dsm_mask' sysfs attribute.
> >> >> >
> >> >> > No. The generation of the mask in sysfs is not done by
> >> >> > executing the code in acpi_nfit_ctl. One of the reasons I call
> >> >> > function 0 to test changes I am making to the ioctl path itself.
> >> >> > The sysfs has nothing to do with that path and cannot be used
> >> >> > to serve this purpose.
> >> >> >
> >> >> > And since the content of sysfs has been edited it also can not be
> >> >> > used as a basic test of firmware.
> >> >> >
> >> >> > What is the downside to allowing the calling of function 0?
> >> >>
> >> >> It needlessly expands the kernel ABI. I would suggest, if you want to
> >> >
> >> > No. It is not needless. It is not an ABI extension.
> >> > Same goes for the override feature.
> >>
> >> If the need is testing then we have a tools/testing/nvdimm for that.
> >
> >
> >
> >> Of course it's an ABI extension, it allows userspace to discover DSM
> >> function numbers the kernel didn't know about at compile time.
> >
> >
> > A modification to a library or kernel that changes the results of a
> > function (or system call) doesn't necessarily break (or extend) an ABI.
> > An obvious example is that of a random number generator function.
> > A library/kernel is completely free to change the implementation
> > of the random number generator (and the values it returns)
> > without breaking the ABI provided all other rules of ABI preservation
> > are followed.
> >
> > Now lets look at problem at hand. The pass thru mechanism has very
> > little semantic overhead. Fill in the nd_cmd_pkg as described in ndctl.h,
> > call the ioctl w/ argument with ND_CMD_CALL, and the kernel will marshal
> > up the arguments, call the DSM and return the results. The values
> > of nd_command could be any value and it is for the DSM to either accept
> > or reject the input argument. I wrote this interface and this is how
> > I defined it.
> >
> > The user application is not changing irrespective of if the kernel applies
> > a mask to the passed in nd_command argument. The data structures are not
> > changing at either source level or binary level. The calling convention is not
> > changing. No object file changes are required. Nothing related to ABI
> > preservation is impacted. The only question is whether the application
> > of a mask to special case function 0 breaks/extends the ABI.
> >
> > It turns out that this point doesn't really matter as your position
> > is invalid either way.
> >
> > The argument for this not being an API breakage/extension:
> >
> > A DSM could either implement or not a function index for any value of N.
> > So, a correctly written application must take into account that for
> > any value of N, the DSM may return error or not. Preserving an ABI
> > doesn't require the library/kernel preserve incorrect application
> > behavior.
> >
> > Now, assume that the special casing of function zero does constitute
> > a breakage/extension of the ABI:
> >
> > I'm not the one wishing to special case function 0, you are.
> > So, to this point I say, Dan please don't make needless extension to
> > the ABI. Its and extension and you've provided no valid reason
> > for making it.
> >
> > Your argument to disallow function zero is invalid.
> >
> > There is nothing harmful per se to allow function 0. All DSMs that return
> > non zero are required to have it. By excluding it, you actually create the
> > impression that the underlying DSM is violating the DSM specification.
>
> This goes back to the original reasoning for pushing back on the
> override for the leaf-level _DSM methods. Specifically the ability to
> bypass the standardization process to ship vendor-specific behavior.
You're conflating the two contested patches. Allowing function 0 and
allowing the override.
While similar in most respects, function index 0 and function index != 0,
there is a key difference, function 0 is defined by ACPI for all DSMs.
So, there can be no bypassing of standardization process with function 0
as it is already defined.
As for the addition of new DSM functions in the future, remember that
the DSM is governed by a guid that is defined in the ACPI spec. While
it is technically true that any one who writes firmware could create
firmware that hijacks the DSM interface to add new functions not currently
defined it would be foolish for them to do so as they risk collisions with
updates from the ACPI forum. (They could also modify already defined
and allowed by linux functions. But again, foolish.)
> Now, the other side of the argument is that if the next spec adds new
> _DSMs a simple override can enable them. I am more sympathetic to the
> override for the leaf / DIMM level because those _DSMs truly are
> DIMM-vendor specific, but the root device is not. Also, none of the
> root-level DSMs added for 6.2 are in any way critical for proper
> operation of the platform, and I do not see any bus-level
> functionality on the horizon that we need to aggressively pre-enable.
> It was a mistake to use _DSM for common root-level functionality, and
> we shouldn't double down on that mistake by allowing unfettered
As to the moral aspects of ACPI's decision to standardiz the DSM for NVDIMM,
I take no position on whether it was a good thing or a bad thing; but it
is a thing. We need to handle it. I see no particular benefit to
making our own lives more difficult.
> definition of new interfaces. NVDIMM is not so special that it needs
> to bypass the standard ACPI-to-kernel development pipeline.
--
-----------------------------------------------------------------------------
Jerry Hoemann Software Engineer Hewlett Packard Enterprise
-----------------------------------------------------------------------------
On Wed, Jul 5, 2017 at 4:14 PM, Jerry Hoemann <[email protected]> wrote:
> On Wed, Jul 05, 2017 at 09:35:48AM -0700, Dan Williams wrote:
[..]
>> It was a mistake to use _DSM for common root-level functionality, and
>> we shouldn't double down on that mistake by allowing unfettered
>
> As to the moral aspects of ACPI's decision to standardiz the DSM for NVDIMM,
> I take no position on whether it was a good thing or a bad thing; but it
> is a thing. We need to handle it. I see no particular benefit to
> making our own lives more difficult.
We do handle everything we need to. Making future updates move at the
same pace as standard ACPI enabing is the goal as well as not adding
any momentum to continue abusing _DSM when we should be creating named
methods for bus-level generic functionality. As a maintainer of this
subsystem I'm fine with the burden of continuing to touch the code as
the specification evolves and that stance matches standard Linux
practice.