Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp1592529rbb; Mon, 26 Feb 2024 14:52:49 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVoBBUYYLcgi0sr8sBDxGUbYkkwvvSj4TtEkf5X8K9RW/V+2vvWC1iXAETEhPC52FcOhOA573QaORWnEQbJVsZ3b59cXtlmbTT6SXXClw== X-Google-Smtp-Source: AGHT+IFmKj3SdwQGMBP1R/yhJ8LFpSqeoM3ZGY+qYRhTfgTEf3D8B2G0hQ9spj0XVJS6IlOoHMUn X-Received: by 2002:a05:620a:5dd0:b0:787:2acd:c37b with SMTP id xy16-20020a05620a5dd000b007872acdc37bmr493080qkn.21.1708987969706; Mon, 26 Feb 2024 14:52:49 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708987969; cv=pass; d=google.com; s=arc-20160816; b=OT71ekBKwwPnD+xTJzOpdOT1b1X9SJKj27Mz4JpmwQjjy2R3XpYMAJ/XbACFZgfMnd aFhVc8PSoLej/wQy5CBsF+6gJX1Cesdqbq6A/Ll6SwgpEVyR+h2HG6PCyW6JmLhzy0KO F3ZkBy8lfHZW6r9s5hoU4iTpivAnKW+Jt8DC82pDMrHQysTHEl3L3bMNUx4X6PXK2uD1 BrnrvJVZU5av2PGVwaTcNRpFz8NWYiZP7UbgKSKE6RCYgnzbgo7rUsmO9zNtuaJc1Vy5 uZCmdZ61Yp4mwB3hpMUQmtIzP8x6hljE9+N4p+d8IWnmthI1VVkJYkuymMtA7kXjb6P/ eASA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:subject:cc:to:from :date:dkim-signature; bh=8AjkMKAN9HUgCKY+gWdFFtPUYdxdKrSF/B0ogy8wVxg=; fh=WPz2RUZkYiEXFPUnc4mkxF4ctBpcIlstjep7nk0O3ns=; b=L7S+tkjDic4ALY1bBQr7hvm2Cq1Triwy27+UbLhS1OpGW9LUiHFZnLkQEzBldsJX/d GiN/W9+W7ltRDiU4YiSeB+k6RP4f8sLUuKiuNxqHpd4nbLEQQ8KATztyMmLzyCTuBo+9 JknqyCtQCIkeC+U+cI3/bvgpFqLj3vIwDvHjjBz+XirGpYF0af2/RUSYevBVFbaoEa4n 9udLD6cG0cLet+V8JoCYudTkGgBRhQGDPX+CrfiCDHueFEjPiyeTDQg6HZaWtLmn5IyY JvIjX5G5CF8ocM3v6JmMIhdKgwF+ISy9amreIp/YD6PiEhmVHj4Dt4AWJyyhdUT7/OjU hVdw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=t3CJzSQI; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-82424-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-82424-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id bk2-20020a05620a1a0200b007876f55c2a5si6712309qkb.752.2024.02.26.14.52.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Feb 2024 14:52:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-82424-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=t3CJzSQI; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-82424-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-82424-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 691DE1C22370 for ; Mon, 26 Feb 2024 22:52:49 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 85F9D135413; Mon, 26 Feb 2024 22:52:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="t3CJzSQI" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F6531350EC; Mon, 26 Feb 2024 22:52:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708987956; cv=none; b=gzjUKs14HMlXb9vV/b07VWOZIqlt0YR53mNfjX0Hr63AwxIy9UsTEM1p00swM1/XHrsC6ZAkk1EAehzE6PiiPI5VdxBVasYpR1Ifx55Ep3+/3WnTdCZqsaneVz9pZJUTJP3nnEKIGsKjOyEIJQuhJjxs1M8P29lheULZKmNUTqk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708987956; c=relaxed/simple; bh=mrRr/EHnd3wBCeJZAJCzY7rS3AcxSJscvT6+BbwH4nc=; h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition:In-Reply-To; b=oFrjQQSGScmOTluncjt9nQ9bDUZMbDGOfFbAy3d/aishPoj04MtA4znNHXOs9sK+hyORg/G0KzZ/Fw6z/RshBk9LHMB41qTtpO8On0jNE2huBHTMm39Yq3fM47paJ306OVT0DRJLLWhOvEslZ9SCLHOtWT1qH7kqvSSpMvDEnAo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=t3CJzSQI; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0C771C433F1; Mon, 26 Feb 2024 22:52:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1708987956; bh=mrRr/EHnd3wBCeJZAJCzY7rS3AcxSJscvT6+BbwH4nc=; h=Date:From:To:Cc:Subject:In-Reply-To:From; b=t3CJzSQI05cfDnfujywkQCUbfZodHKyhFzY3h1RF0ZYR3FAOnYEtvfyf8pJT+kU4F iRAdOL6j6Z8LQOV/O9tQVbmLGRV1OT1sSZ5XQyuGXp2damrJDlVrWl9xsPVqPVm+zu kGgPjqy1p9Tc4q/FE32M15a5yV3blEQXkVlvuRkcb6nvdoTFoQC8Ueoa8XTPvNbHTt 5RUkGXA36hf4q0BP/qvfAkYd0SL10Tlz7pMZA64MaIg28BUBQDuFO6oXChJUbes0qX cXrXevmtepdFCWRyoJk1wdUEoVvNqGGhEADZ4kO/ZpH16NdXfMwtHoTZXxVtGozpj6 Nhh+sqtHzlnsQ== Date: Mon, 26 Feb 2024 16:52:34 -0600 From: Bjorn Helgaas To: Ethan Zhao Cc: Dan Carpenter , baolu.lu@linux.intel.com, bhelgaas@google.com, robin.murphy@arm.com, jgg@ziepe.ca, kevin.tian@intel.com, dwmw2@infradead.org, will@kernel.org, lukas@wunner.de, yi.l.liu@intel.com, iommu@lists.linux.dev, linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org Subject: Re: [PATCH v13 3/3] iommu/vt-d: improve ITE fault handling if target device isn't valid Message-ID: <20240226225234.GA211745@bhelgaas> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2d1788da-521c-4531-a159-81d2fb801d6c@linux.intel.com> On Fri, Feb 23, 2024 at 10:29:28AM +0800, Ethan Zhao wrote: > On 2/22/2024 7:24 PM, Dan Carpenter wrote: > > On Thu, Feb 22, 2024 at 04:02:51AM -0500, Ethan Zhao wrote: > > > Because surprise removal could happen anytime, e.g. user could request safe > > > removal to EP(endpoint device) via sysfs and brings its link down to do > > > surprise removal cocurrently. such aggressive cases would cause ATS > > > invalidation request issued to non-existence target device, then deadly > > > loop to retry that request after ITE fault triggered in interrupt context. > > > this patch aims to optimize the ITE handling by checking the target device > > > presence state to avoid retrying the timeout request blindly, thus avoid > > > hard lockup or system hang. > > > > > > Devices are valid ATS invalidation request target only when they reside > > > in the iommu->device_rbtree (probed, not released) and present. > > > > "valid invalidation" is awkward wording. Can we instead say: > > If you read them together, sounds like tongue twister. but here "ATS > invalidation request target" is one term in PCIe spec. "ATS invalidation request target" does not appear in the PCIe spec. I think you're trying to avoid sending ATS Invalidate Requests when you know they will not be completed. It is impossible to reliably determine whether a device will be present and able to complete an Invalidate Request. No matter what you check to determine that a device is present *now*, it may be removed before an Invalidate Request reaches it. If an Invalidate Request to a non-existent device causes a "deadly loop" (I'm not sure what that means) or a hard lockup or a system hang, something is wrong with the hardware. There should be a mechanism to recover from a timeout in that situation. You can avoid sending Invalidate Requests to devices that have been removed, and that will reduce the number of timeout cases. But if you rely on a check like pci_device_is_present() or pci_dev_is_disconnected(), there is *always* an unavoidable race between a device removal and the Invalidate Request. > > > @@ -1273,6 +1273,9 @@ static int qi_check_fault(struct intel_iommu *iommu, int index, int wait_index) > > > { > > > u32 fault; > > > int head, tail; > > > + u64 iqe_err, ite_sid; > > > + struct device *dev = NULL; > > > + struct pci_dev *pdev = NULL; > > > struct q_inval *qi = iommu->qi; > > > int shift = qi_shift(iommu); > > > @@ -1317,6 +1320,13 @@ static int qi_check_fault(struct intel_iommu *iommu, int index, int wait_index) > > > tail = readl(iommu->reg + DMAR_IQT_REG); > > > tail = ((tail >> shift) - 1 + QI_LENGTH) % QI_LENGTH; > > > + /* > > > + * SID field is valid only when the ITE field is Set in FSTS_REG > > > + * see Intel VT-d spec r4.1, section 11.4.9.9 > > > + */ > > > + iqe_err = dmar_readq(iommu->reg + DMAR_IQER_REG); > > > + ite_sid = DMAR_IQER_REG_ITESID(iqe_err); > > > + > > > writel(DMA_FSTS_ITE, iommu->reg + DMAR_FSTS_REG); > > > pr_info("Invalidation Time-out Error (ITE) cleared\n"); > > > @@ -1326,6 +1336,21 @@ static int qi_check_fault(struct intel_iommu *iommu, int index, int wait_index) > > > head = (head - 2 + QI_LENGTH) % QI_LENGTH; > > > } while (head != tail); > > > + /* > > > + * If got ITE, we need to check if the sid of ITE is one of the > > > + * current valid ATS invalidation target devices, if no, or the > > > + * target device isn't presnet, don't try this request anymore. > > > + * 0 value of ite_sid means old VT-d device, no ite_sid value. > > > + */ > > This comment is kind of confusing. > > Really confusing ? this is typo there, resnet-> "present" > > > > > /* > > * If we have an ITE, then we need to check whether the sid of the ITE > > * is in the rbtree (meaning it is probed and not released), and that > > * the PCI device is present. > > */ > > > > My comment is slightly shorter but I think it has the necessary > > information. > > > > > + if (ite_sid) { > > > + dev = device_rbtree_find(iommu, ite_sid); > > > + if (!dev || !dev_is_pci(dev)) > > > + return -ETIMEDOUT; > > -ETIMEDOUT is weird. The callers don't care which error code we return. > > Change this to -ENODEV or something > > -ETIMEDOUT means prior ATS invalidation request hit timeout fault, and the > caller really cares about the returned value. > > > > > > + pdev = to_pci_dev(dev); > > > + if (!pci_device_is_present(pdev) && > > > + ite_sid == pci_dev_id(pci_physfn(pdev))) > > The && confused me, but then I realized that probably "ite_sid == > > pci_dev_id(pci_physfn(pdev))" is always true. Can we delete that part? > > Here is the fault handling, just double confirm nothing else goes wrong -- > beyond the assumption. > > > > > pdev = to_pci_dev(dev); > > if (!pci_device_is_present(pdev)) > > return -ENODEV; > > > > > > > + return -ETIMEDOUT; > > -ENODEV. > > The ATS invalidation request could be sent from userland in later code, > the userland code will care about the returned value, -ENODEV is one aspect > of the fact (target device not present), while -ETIMEDOUT is another > (timeout happened). we couldn't return them both. > > > > > > + } > > > if (qi->desc_status[wait_index] == QI_ABORT) > > > return -EAGAIN; > > > } > > Sorry, again for nit picking a v13 patch. I'm not a domain expert but > > this patchset seems reasonable to me. > > Though this is the v13, it is based on new rbtree code, you are welcome. > > Thanks, > Ethan > > > regards, > > dan carpenter