From: mark.rutland@arm.com (Mark Rutland)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 3/9] arm64: mm: install SError abort handler
Date: Fri, 24 Mar 2017 15:16:54 +0000 [thread overview]
Message-ID: <20170324151654.GD29588@leverpostej> (raw)
In-Reply-To: <20170324144632.5896-4-opendmb@gmail.com>
On Fri, Mar 24, 2017 at 07:46:26AM -0700, Doug Berger wrote:
> This commit adds support for minimal handling of SError aborts and
> allows them to be hooked by a driver or other part of the kernel to
> install a custom SError abort handler. The hook function returns
> the previously registered handler so that handlers may be chained if
> desired.
>
> The handler should return the value 0 if the error has been handled,
> otherwise the handler should either call the next handler in the
> chain or return a non-zero value.
... so the order these get calls is completely dependent on probe
order...
> Since the Instruction Specific Syndrome value for SError aborts is
> implementation specific the registerred handlers must implement
> their own parsing of the syndrome.
... and drivers have to be intimately familiar with the CPU, in order to
be able to parse its IMPLEMENTATION DEFINED ESR_ELx.ISS value.
Even then, there's no guarantee there's anything useful there, since it
is IMPLEMENTATION DEFINED and could simply be RES0 or UNKNOWN in all
cases.
I do not think it is a good idea to allow arbitrary drivers to hook
this fault in this manner.
> + .align 6
> +el0_error:
> + kernel_entry 0
> +el0_error_naked:
> + mrs x25, esr_el1 // read the syndrome register
> + lsr x24, x25, #ESR_ELx_EC_SHIFT // exception class
> + cmp x24, #ESR_ELx_EC_SERROR // SError exception in EL0
> + b.ne el0_error_inv
> +el0_serr:
> + mrs x26, far_el1
> + // enable interrupts before calling the main handler
> + enable_dbg_and_irq
... why?
We don't do this for inv_entry today.
> + ct_user_exit
> + bic x0, x26, #(0xff << 56)
> + mov x1, x25
> + mov x2, sp
> + bl do_serr_abort
> + b ret_to_user
> +el0_error_inv:
> + enable_dbg
> + mov x0, sp
> + mov x1, #BAD_ERROR
> + mov x2, x25
> + b bad_mode
> +ENDPROC(el0_error)
Clearly you expect these to be delivered at arbitrary times during
execution. What if a KVM guest is executing at the time the SError is
delivered?
To be quite frank, I don't believe that we can reliably and safely
handle this misfeature in the kernel, and this infrastructure only
provides the illusion that we can.
I do not think it makes sense to do this.
Thanks,
Mark.
WARNING: multiple messages have this Message-ID (diff)
From: Mark Rutland <mark.rutland-5wv7dgnIgG8@public.gmane.org>
To: Doug Berger <opendmb-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: catalin.marinas-5wv7dgnIgG8@public.gmane.org,
robh+dt-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
will.deacon-5wv7dgnIgG8@public.gmane.org,
computersforpeace-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
gregory.0xf0-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
f.fainelli-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
bcm-kernel-feedback-list-dY08KVG/lbpWk0Htik3J/w@public.gmane.org,
wangkefeng.wang-hv44wF8Li93QT0dZR+AlfA@public.gmane.org,
james.morse-5wv7dgnIgG8@public.gmane.org,
vladimir.murzin-5wv7dgnIgG8@public.gmane.org,
panand-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
andre.przywara-5wv7dgnIgG8@public.gmane.org,
cmetcalf-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org,
mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
sandeepa.s.prabhu-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
shijie.huang-5wv7dgnIgG8@public.gmane.org,
linus.walleij-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org,
treding-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org,
jonathanh-DDmLM1+adcrQT0dZR+AlfA@public.gmane.org,
olof-nZhT3qVonbNeoWH0uzbU5w@public.gmane.org,
mirza.krak-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
suzuki.poulose-5wv7dgnIgG8@public.gmane.org,
bgolaszewski-rdvid1DuHRBWk0Htik3J/w@public.gmane.org,
horms+renesas-/R6kz+dDXgpPR4JQBCEnsQ@public.gmane.org,
devicetree-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org
Subject: Re: [PATCH 3/9] arm64: mm: install SError abort handler
Date: Fri, 24 Mar 2017 15:16:54 +0000 [thread overview]
Message-ID: <20170324151654.GD29588@leverpostej> (raw)
In-Reply-To: <20170324144632.5896-4-opendmb-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
On Fri, Mar 24, 2017 at 07:46:26AM -0700, Doug Berger wrote:
> This commit adds support for minimal handling of SError aborts and
> allows them to be hooked by a driver or other part of the kernel to
> install a custom SError abort handler. The hook function returns
> the previously registered handler so that handlers may be chained if
> desired.
>
> The handler should return the value 0 if the error has been handled,
> otherwise the handler should either call the next handler in the
> chain or return a non-zero value.
... so the order these get calls is completely dependent on probe
order...
> Since the Instruction Specific Syndrome value for SError aborts is
> implementation specific the registerred handlers must implement
> their own parsing of the syndrome.
... and drivers have to be intimately familiar with the CPU, in order to
be able to parse its IMPLEMENTATION DEFINED ESR_ELx.ISS value.
Even then, there's no guarantee there's anything useful there, since it
is IMPLEMENTATION DEFINED and could simply be RES0 or UNKNOWN in all
cases.
I do not think it is a good idea to allow arbitrary drivers to hook
this fault in this manner.
> + .align 6
> +el0_error:
> + kernel_entry 0
> +el0_error_naked:
> + mrs x25, esr_el1 // read the syndrome register
> + lsr x24, x25, #ESR_ELx_EC_SHIFT // exception class
> + cmp x24, #ESR_ELx_EC_SERROR // SError exception in EL0
> + b.ne el0_error_inv
> +el0_serr:
> + mrs x26, far_el1
> + // enable interrupts before calling the main handler
> + enable_dbg_and_irq
... why?
We don't do this for inv_entry today.
> + ct_user_exit
> + bic x0, x26, #(0xff << 56)
> + mov x1, x25
> + mov x2, sp
> + bl do_serr_abort
> + b ret_to_user
> +el0_error_inv:
> + enable_dbg
> + mov x0, sp
> + mov x1, #BAD_ERROR
> + mov x2, x25
> + b bad_mode
> +ENDPROC(el0_error)
Clearly you expect these to be delivered at arbitrary times during
execution. What if a KVM guest is executing at the time the SError is
delivered?
To be quite frank, I don't believe that we can reliably and safely
handle this misfeature in the kernel, and this infrastructure only
provides the illusion that we can.
I do not think it makes sense to do this.
Thanks,
Mark.
--
To unsubscribe from this list: send the line "unsubscribe devicetree" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Mark Rutland <mark.rutland@arm.com>
To: Doug Berger <opendmb@gmail.com>
Cc: catalin.marinas@arm.com, robh+dt@kernel.org, will.deacon@arm.com,
computersforpeace@gmail.com, gregory.0xf0@gmail.com,
f.fainelli@gmail.com, bcm-kernel-feedback-list@broadcom.com,
wangkefeng.wang@huawei.com, james.morse@arm.com,
vladimir.murzin@arm.com, panand@redhat.com,
andre.przywara@arm.com, cmetcalf@mellanox.com, mingo@kernel.org,
sandeepa.s.prabhu@gmail.com, shijie.huang@arm.com,
linus.walleij@linaro.org, treding@nvidia.com,
jonathanh@nvidia.com, olof@lixom.net, mirza.krak@gmail.com,
suzuki.poulose@arm.com, bgolaszewski@baylibre.com,
horms+renesas@verge.net.au, devicetree@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH 3/9] arm64: mm: install SError abort handler
Date: Fri, 24 Mar 2017 15:16:54 +0000 [thread overview]
Message-ID: <20170324151654.GD29588@leverpostej> (raw)
In-Reply-To: <20170324144632.5896-4-opendmb@gmail.com>
On Fri, Mar 24, 2017 at 07:46:26AM -0700, Doug Berger wrote:
> This commit adds support for minimal handling of SError aborts and
> allows them to be hooked by a driver or other part of the kernel to
> install a custom SError abort handler. The hook function returns
> the previously registered handler so that handlers may be chained if
> desired.
>
> The handler should return the value 0 if the error has been handled,
> otherwise the handler should either call the next handler in the
> chain or return a non-zero value.
... so the order these get calls is completely dependent on probe
order...
> Since the Instruction Specific Syndrome value for SError aborts is
> implementation specific the registerred handlers must implement
> their own parsing of the syndrome.
... and drivers have to be intimately familiar with the CPU, in order to
be able to parse its IMPLEMENTATION DEFINED ESR_ELx.ISS value.
Even then, there's no guarantee there's anything useful there, since it
is IMPLEMENTATION DEFINED and could simply be RES0 or UNKNOWN in all
cases.
I do not think it is a good idea to allow arbitrary drivers to hook
this fault in this manner.
> + .align 6
> +el0_error:
> + kernel_entry 0
> +el0_error_naked:
> + mrs x25, esr_el1 // read the syndrome register
> + lsr x24, x25, #ESR_ELx_EC_SHIFT // exception class
> + cmp x24, #ESR_ELx_EC_SERROR // SError exception in EL0
> + b.ne el0_error_inv
> +el0_serr:
> + mrs x26, far_el1
> + // enable interrupts before calling the main handler
> + enable_dbg_and_irq
... why?
We don't do this for inv_entry today.
> + ct_user_exit
> + bic x0, x26, #(0xff << 56)
> + mov x1, x25
> + mov x2, sp
> + bl do_serr_abort
> + b ret_to_user
> +el0_error_inv:
> + enable_dbg
> + mov x0, sp
> + mov x1, #BAD_ERROR
> + mov x2, x25
> + b bad_mode
> +ENDPROC(el0_error)
Clearly you expect these to be delivered at arbitrary times during
execution. What if a KVM guest is executing at the time the SError is
delivered?
To be quite frank, I don't believe that we can reliably and safely
handle this misfeature in the kernel, and this infrastructure only
provides the illusion that we can.
I do not think it makes sense to do this.
Thanks,
Mark.
next prev parent reply other threads:[~2017-03-24 15:16 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-24 14:46 [PATCH 0/9] bus: brcmstb_gisb: add support for GISBv7 arbiter Doug Berger
2017-03-24 14:46 ` Doug Berger
2017-03-24 14:46 ` Doug Berger
2017-03-24 14:46 ` [PATCH 1/9] arm64: mm: Allow installation of memory abort handlers Doug Berger
2017-03-24 14:46 ` Doug Berger
2017-03-24 14:46 ` [PATCH 2/9] arm64: mm: mark fault_info __ro_after_init Doug Berger
2017-03-24 14:46 ` Doug Berger
2017-03-24 14:46 ` Doug Berger
2017-03-24 14:46 ` [PATCH 3/9] arm64: mm: install SError abort handler Doug Berger
2017-03-24 14:46 ` Doug Berger
2017-03-24 14:46 ` Doug Berger
2017-03-24 15:16 ` Mark Rutland [this message]
2017-03-24 15:16 ` Mark Rutland
2017-03-24 15:16 ` Mark Rutland
2017-03-24 16:48 ` Doug Berger
2017-03-24 16:48 ` Doug Berger
2017-03-24 16:48 ` Doug Berger
2017-03-24 17:35 ` Mark Rutland
2017-03-24 17:35 ` Mark Rutland
2017-03-24 17:35 ` Mark Rutland
2017-03-24 17:53 ` Florian Fainelli
2017-03-24 17:53 ` Florian Fainelli
2017-03-24 17:53 ` Florian Fainelli
2017-03-24 18:31 ` Mark Rutland
2017-03-24 18:31 ` Mark Rutland
2017-03-24 18:31 ` Mark Rutland
2017-03-24 19:02 ` Florian Fainelli
2017-03-24 19:02 ` Florian Fainelli
2017-03-24 19:02 ` Florian Fainelli
2017-03-25 10:06 ` Marc Zyngier
2017-03-25 10:06 ` Marc Zyngier
2017-03-27 20:19 ` Florian Fainelli
2017-03-27 20:19 ` Florian Fainelli
2017-03-27 20:19 ` Florian Fainelli
2017-03-24 14:46 ` [PATCH 4/9] bus: brcmstb_gisb: Use register offsets with writes too Doug Berger
2017-03-24 14:46 ` Doug Berger
2017-03-24 14:46 ` Doug Berger
2017-03-25 5:21 ` Gregory Fong
2017-03-25 5:21 ` Gregory Fong
2017-03-25 5:21 ` Gregory Fong
2017-03-24 14:46 ` [PATCH 5/9] bus: brcmstb_gisb: Correct hooking of ARM aborts Doug Berger
2017-03-24 14:46 ` Doug Berger
2017-03-24 14:46 ` [PATCH 6/9] bus: brcmstb_gisb: correct support for 64-bit address output Doug Berger
2017-03-24 14:46 ` Doug Berger
2017-03-24 14:46 ` Doug Berger
2017-03-25 5:36 ` Gregory Fong
2017-03-25 5:36 ` Gregory Fong
2017-03-25 5:36 ` Gregory Fong
2017-03-24 14:46 ` [PATCH 7/9] bus: brcmstb_gisb: Add ARM64 support Doug Berger
2017-03-24 14:46 ` Doug Berger
2017-03-24 14:46 ` [PATCH 8/9] bus: brcmstb_gisb: add ARM64 SError support Doug Berger
2017-03-24 14:46 ` Doug Berger
2017-03-24 14:46 ` [PATCH 9/9] bus: brcmstb_gisb: update to support new revision Doug Berger
2017-03-24 14:46 ` Doug Berger
2017-03-24 15:03 ` [PATCH 0/9] bus: brcmstb_gisb: add support for GISBv7 arbiter Mark Rutland
2017-03-24 15:03 ` Mark Rutland
2017-03-24 16:02 ` Doug Berger
2017-03-24 16:02 ` Doug Berger
2017-03-24 16:02 ` Doug Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170324151654.GD29588@leverpostej \
--to=mark.rutland@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.