From: Halil Pasic <pasic@linux.ibm.com>
To: Cornelia Huck <cohuck@redhat.com>
Cc: kvm@vger.kernel.org, linux-s390@vger.kernel.org,
Sebastian Ott <sebott@linux.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
virtualization@lists.linux-foundation.org,
"Michael S. Tsirkin" <mst@redhat.com>,
Christoph Hellwig <hch@infradead.org>,
Thomas Huth <thuth@redhat.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Viktor Mihajlovski <mihajlov@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Janosch Frank <frankja@linux.ibm.com>,
Michael Mueller <mimu@linux.ibm.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
Farhan Ali <alifm@linux.ibm.com>,
Eric Farman <farman@linux.ibm.com>,
"Jason J. Herne" <jjherne@linux.ibm.com>
Subject: Re: [PATCH v4 4/8] s390/airq: use DMA memory for adapter interrupts
Date: Wed, 12 Jun 2019 02:32:31 +0200 [thread overview]
Message-ID: <20190612023231.7da4908c.pasic@linux.ibm.com> (raw)
In-Reply-To: <20190611181944.5bf2b953.cohuck@redhat.com>
On Tue, 11 Jun 2019 18:19:44 +0200
Cornelia Huck <cohuck@redhat.com> wrote:
> On Tue, 11 Jun 2019 16:27:21 +0200
> Halil Pasic <pasic@linux.ibm.com> wrote:
>
> > On Tue, 11 Jun 2019 12:17:21 +0200
> > Cornelia Huck <cohuck@redhat.com> wrote:
> >
> > > On Thu, 6 Jun 2019 13:51:23 +0200
> > > Halil Pasic <pasic@linux.ibm.com> wrote:
> > >
> > > > Protected virtualization guests have to use shared pages for airq
> > > > notifier bit vectors, because hypervisor needs to write these bits.
> > > >
> > > > Let us make sure we allocate DMA memory for the notifier bit vectors by
> > > > replacing the kmem_cache with a dma_cache and kalloc() with
> > > > cio_dma_zalloc().
> > > >
> > > > Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
> > > > Reviewed-by: Sebastian Ott <sebott@linux.ibm.com>
> > > > ---
> > > > arch/s390/include/asm/airq.h | 2 ++
> > > > drivers/s390/cio/airq.c | 32 ++++++++++++++++++++------------
> > > > drivers/s390/cio/cio.h | 2 ++
> > > > drivers/s390/cio/css.c | 1 +
> > > > 4 files changed, 25 insertions(+), 12 deletions(-)
> > > >
> > >
> > > (...)
> > >
> > > > @@ -295,12 +303,12 @@ unsigned long airq_iv_scan(struct airq_iv *iv, unsigned long start,
> > > > }
> > > > EXPORT_SYMBOL(airq_iv_scan);
> > > >
> > > > -static int __init airq_init(void)
> > > > +int __init airq_init(void)
> > > > {
> > > > - airq_iv_cache = ) "airq_iv_cache", cache_line_size(),
> > > > - cache_line_size(), 0, NULL);
> > > > + airq_iv_cache = dma_pool_create("airq_iv_cache", cio_get_dma_css_dev(),
> > > > + cache_line_size(),
> > > > + cache_line_size(), PAGE_SIZE);
> > > > if (!airq_iv_cache)
> > > > return -ENOMEM;
> > >
> > > Sorry about not noticing that in the last iteration; but you may return
> > > an error here if airq_iv_cache could not be allocated...
> > >
> > > > return 0;
> > > > }
> > > > -subsys_initcall(airq_init);
> > >
> > > (...)
> > >
> > > > diff --git a/drivers/s390/cio/css.c b/drivers/s390/cio/css.c
> > > > index 6fc91d534af1..7901c8ed3597 100644
> > > > --- a/drivers/s390/cio/css.c
> > > > +++ b/drivers/s390/cio/css.c
> > > > @@ -1182,6 +1182,7 @@ static int __init css_bus_init(void)
> > > > ret = cio_dma_pool_init();
> > > > if (ret)
> > > > goto out_unregister_pmn;
> > > > + airq_init();
> > >
> > > ...but don't check the return code here. Probably a pathological case,
> > > but shouldn't you handle that error as well?
> > >
> >
> > Tricky business... The problem is that the airq stuff ain't 'private' to
> > the CIO subsystem (e.g. zPCI). I'm afraid failing to init css won't
> > really prevent all usages.
>
> Architecture-wise, there's an unfortunate tie-in of some things like
> zPCI with the channel subsystem (most of that seems to come in via chsc
> and machine checks; but as you say, airq as well). I'd basically
> consider css to be a base system for virtually any I/O on s390...
>
I tend to agree.
> >
> > My first thought was, that this is more or less analogous to what we
> > had before. Namely kmem_cache_create() and dma_pool_create() should fail
> > under similar circumstances, and the return value of airq_init() was
> > ignored in do_initcall_level(). So I was like ignoring it seems to be
> > consistent with previous state.
> >
> > But, ouch, there is a big difference! While kmem_cache_zalloc() seems
> > to tolerate the first argument (pointer to kmem_cache) being NULL the
> > dma_pool_zalloc() does not.
>
> Yeah. While previously continuing with a failed allocation simply was
> not very workable, now we actually would end up with crashes :(
>
Nod.
> >
> > IMHO the cleanest thing to do at this stage is to check if the
> > airq_iv_cache is NULL and fail the allocation if it is (to preserve
> > previous behavior).
>
> That's probably the least invasive fix for now. Did you check whether
> any of the other dma pools this series introduces have a similar
> problem due to init not failing?
>
Good question!
I did a quick check. virtio_ccw_init() should be OK, because we don't
register the driver if allocation fails, so the thing is going to end
up dysfunctional as expected.
If however cio_dma_pool_init() fails, then we end up with the same
problem with airqs, just on the !AIRQ_IV_CACHELINE code path. It can be
fixed analogously: make cio_dma_zalloc() fail all allocation if
cio_dma_pool_init() failed before.
The rest should be OK.
> >
> > I would prefer having a separate discussion on eventually changing
> > the behavior (e.g. fail css initialization).
>
> I did a quick check of the common I/O layer code and one place that
> looks dangerous is the chsc initialization (where we get two pages that
> are later accessed unconditionally by the code).
>
> All of this is related to not being able to fulfill some basic memory
> availability requirements early during boot and then discovering that
> pulling the emergency break did not actually stop the train. I'd vote
> for calling panic() if the common I/O layer cannot perform its setup;
> but as this is really a pathological case I also think we should solve
> that independently of this patch series.
>
panic() sounds very reasonable to me. As an user I would like to see a
message that tells me, I'm trying to boot with insufficient RAM. Is there
such a message somewhere?
> >
> > Connie, would that work with you? Thanks for spotting this!
>
> Yeah, let's give your approach a try.
>
OK. I intend to send out v5 with these changes tomorrow in the
afternoon:
diff --git a/drivers/s390/cio/airq.c b/drivers/s390/cio/airq.c
index 89d26e43004d..427b2e24a8ce 100644
--- a/drivers/s390/cio/airq.c
+++ b/drivers/s390/cio/airq.c
@@ -142,7 +142,8 @@ struct airq_iv *airq_iv_create(unsigned long bits, unsigned long flags)
size = iv_size(bits);
if (flags & AIRQ_IV_CACHELINE) {
- if ((cache_line_size() * BITS_PER_BYTE) < bits)
+ if ((cache_line_size() * BITS_PER_BYTE) < bits
+ || !airq_iv_cache)
goto out_free;
iv->vector = dma_pool_zalloc(airq_iv_cache, GFP_KERNEL,
@@ -186,7 +187,7 @@ struct airq_iv *airq_iv_create(unsigned long bits, unsigned long flags)
kfree(iv->ptr);
kfree(iv->bitlock);
kfree(iv->avail);
- if (iv->flags & AIRQ_IV_CACHELINE)
+ if (iv->flags & AIRQ_IV_CACHELINE && iv->vector)
dma_pool_free(airq_iv_cache, iv->vector, iv->vector_dma);
else
cio_dma_free(iv->vector, size);
diff --git a/drivers/s390/cio/css.c b/drivers/s390/cio/css.c
index 7901c8ed3597..d709bd8545f2 100644
--- a/drivers/s390/cio/css.c
+++ b/drivers/s390/cio/css.c
@@ -1128,6 +1128,8 @@ void cio_gp_dma_free(struct gen_pool *gp_dma, void *cpu_addr, size_t size)
*/
void *cio_dma_zalloc(size_t size)
{
+ if (!cio_dma_pool)
+ return NULL;
return cio_gp_dma_zalloc(cio_dma_pool, cio_get_dma_css_dev(), size);
}
WARNING: multiple messages have this Message-ID (diff)
From: Halil Pasic <pasic@linux.ibm.com>
To: Cornelia Huck <cohuck@redhat.com>
Cc: Vasily Gorbik <gor@linux.ibm.com>,
linux-s390@vger.kernel.org, Thomas Huth <thuth@redhat.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
kvm@vger.kernel.org, Sebastian Ott <sebott@linux.ibm.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
Farhan Ali <alifm@linux.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Eric Farman <farman@linux.ibm.com>,
virtualization@lists.linux-foundation.org,
Christoph Hellwig <hch@infradead.org>,
Christian Borntraeger <borntraeger@de.ibm.com>,
"Jason J. Herne" <jjherne@linux.ibm.com>,
Michael Mueller <mimu@linux.ibm.com>,
Viktor Mihajlovski <mihajlov@linux.ibm.com>,
Janosch Frank <frankja@linux.ibm.com>
Subject: Re: [PATCH v4 4/8] s390/airq: use DMA memory for adapter interrupts
Date: Wed, 12 Jun 2019 02:32:31 +0200 [thread overview]
Message-ID: <20190612023231.7da4908c.pasic@linux.ibm.com> (raw)
In-Reply-To: <20190611181944.5bf2b953.cohuck@redhat.com>
On Tue, 11 Jun 2019 18:19:44 +0200
Cornelia Huck <cohuck@redhat.com> wrote:
> On Tue, 11 Jun 2019 16:27:21 +0200
> Halil Pasic <pasic@linux.ibm.com> wrote:
>
> > On Tue, 11 Jun 2019 12:17:21 +0200
> > Cornelia Huck <cohuck@redhat.com> wrote:
> >
> > > On Thu, 6 Jun 2019 13:51:23 +0200
> > > Halil Pasic <pasic@linux.ibm.com> wrote:
> > >
> > > > Protected virtualization guests have to use shared pages for airq
> > > > notifier bit vectors, because hypervisor needs to write these bits.
> > > >
> > > > Let us make sure we allocate DMA memory for the notifier bit vectors by
> > > > replacing the kmem_cache with a dma_cache and kalloc() with
> > > > cio_dma_zalloc().
> > > >
> > > > Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
> > > > Reviewed-by: Sebastian Ott <sebott@linux.ibm.com>
> > > > ---
> > > > arch/s390/include/asm/airq.h | 2 ++
> > > > drivers/s390/cio/airq.c | 32 ++++++++++++++++++++------------
> > > > drivers/s390/cio/cio.h | 2 ++
> > > > drivers/s390/cio/css.c | 1 +
> > > > 4 files changed, 25 insertions(+), 12 deletions(-)
> > > >
> > >
> > > (...)
> > >
> > > > @@ -295,12 +303,12 @@ unsigned long airq_iv_scan(struct airq_iv *iv, unsigned long start,
> > > > }
> > > > EXPORT_SYMBOL(airq_iv_scan);
> > > >
> > > > -static int __init airq_init(void)
> > > > +int __init airq_init(void)
> > > > {
> > > > - airq_iv_cache = ) "airq_iv_cache", cache_line_size(),
> > > > - cache_line_size(), 0, NULL);
> > > > + airq_iv_cache = dma_pool_create("airq_iv_cache", cio_get_dma_css_dev(),
> > > > + cache_line_size(),
> > > > + cache_line_size(), PAGE_SIZE);
> > > > if (!airq_iv_cache)
> > > > return -ENOMEM;
> > >
> > > Sorry about not noticing that in the last iteration; but you may return
> > > an error here if airq_iv_cache could not be allocated...
> > >
> > > > return 0;
> > > > }
> > > > -subsys_initcall(airq_init);
> > >
> > > (...)
> > >
> > > > diff --git a/drivers/s390/cio/css.c b/drivers/s390/cio/css.c
> > > > index 6fc91d534af1..7901c8ed3597 100644
> > > > --- a/drivers/s390/cio/css.c
> > > > +++ b/drivers/s390/cio/css.c
> > > > @@ -1182,6 +1182,7 @@ static int __init css_bus_init(void)
> > > > ret = cio_dma_pool_init();
> > > > if (ret)
> > > > goto out_unregister_pmn;
> > > > + airq_init();
> > >
> > > ...but don't check the return code here. Probably a pathological case,
> > > but shouldn't you handle that error as well?
> > >
> >
> > Tricky business... The problem is that the airq stuff ain't 'private' to
> > the CIO subsystem (e.g. zPCI). I'm afraid failing to init css won't
> > really prevent all usages.
>
> Architecture-wise, there's an unfortunate tie-in of some things like
> zPCI with the channel subsystem (most of that seems to come in via chsc
> and machine checks; but as you say, airq as well). I'd basically
> consider css to be a base system for virtually any I/O on s390...
>
I tend to agree.
> >
> > My first thought was, that this is more or less analogous to what we
> > had before. Namely kmem_cache_create() and dma_pool_create() should fail
> > under similar circumstances, and the return value of airq_init() was
> > ignored in do_initcall_level(). So I was like ignoring it seems to be
> > consistent with previous state.
> >
> > But, ouch, there is a big difference! While kmem_cache_zalloc() seems
> > to tolerate the first argument (pointer to kmem_cache) being NULL the
> > dma_pool_zalloc() does not.
>
> Yeah. While previously continuing with a failed allocation simply was
> not very workable, now we actually would end up with crashes :(
>
Nod.
> >
> > IMHO the cleanest thing to do at this stage is to check if the
> > airq_iv_cache is NULL and fail the allocation if it is (to preserve
> > previous behavior).
>
> That's probably the least invasive fix for now. Did you check whether
> any of the other dma pools this series introduces have a similar
> problem due to init not failing?
>
Good question!
I did a quick check. virtio_ccw_init() should be OK, because we don't
register the driver if allocation fails, so the thing is going to end
up dysfunctional as expected.
If however cio_dma_pool_init() fails, then we end up with the same
problem with airqs, just on the !AIRQ_IV_CACHELINE code path. It can be
fixed analogously: make cio_dma_zalloc() fail all allocation if
cio_dma_pool_init() failed before.
The rest should be OK.
> >
> > I would prefer having a separate discussion on eventually changing
> > the behavior (e.g. fail css initialization).
>
> I did a quick check of the common I/O layer code and one place that
> looks dangerous is the chsc initialization (where we get two pages that
> are later accessed unconditionally by the code).
>
> All of this is related to not being able to fulfill some basic memory
> availability requirements early during boot and then discovering that
> pulling the emergency break did not actually stop the train. I'd vote
> for calling panic() if the common I/O layer cannot perform its setup;
> but as this is really a pathological case I also think we should solve
> that independently of this patch series.
>
panic() sounds very reasonable to me. As an user I would like to see a
message that tells me, I'm trying to boot with insufficient RAM. Is there
such a message somewhere?
> >
> > Connie, would that work with you? Thanks for spotting this!
>
> Yeah, let's give your approach a try.
>
OK. I intend to send out v5 with these changes tomorrow in the
afternoon:
diff --git a/drivers/s390/cio/airq.c b/drivers/s390/cio/airq.c
index 89d26e43004d..427b2e24a8ce 100644
--- a/drivers/s390/cio/airq.c
+++ b/drivers/s390/cio/airq.c
@@ -142,7 +142,8 @@ struct airq_iv *airq_iv_create(unsigned long bits, unsigned long flags)
size = iv_size(bits);
if (flags & AIRQ_IV_CACHELINE) {
- if ((cache_line_size() * BITS_PER_BYTE) < bits)
+ if ((cache_line_size() * BITS_PER_BYTE) < bits
+ || !airq_iv_cache)
goto out_free;
iv->vector = dma_pool_zalloc(airq_iv_cache, GFP_KERNEL,
@@ -186,7 +187,7 @@ struct airq_iv *airq_iv_create(unsigned long bits, unsigned long flags)
kfree(iv->ptr);
kfree(iv->bitlock);
kfree(iv->avail);
- if (iv->flags & AIRQ_IV_CACHELINE)
+ if (iv->flags & AIRQ_IV_CACHELINE && iv->vector)
dma_pool_free(airq_iv_cache, iv->vector, iv->vector_dma);
else
cio_dma_free(iv->vector, size);
diff --git a/drivers/s390/cio/css.c b/drivers/s390/cio/css.c
index 7901c8ed3597..d709bd8545f2 100644
--- a/drivers/s390/cio/css.c
+++ b/drivers/s390/cio/css.c
@@ -1128,6 +1128,8 @@ void cio_gp_dma_free(struct gen_pool *gp_dma, void *cpu_addr, size_t size)
*/
void *cio_dma_zalloc(size_t size)
{
+ if (!cio_dma_pool)
+ return NULL;
return cio_gp_dma_zalloc(cio_dma_pool, cio_get_dma_css_dev(), size);
}
next prev parent reply other threads:[~2019-06-12 0:32 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-06 11:51 [PATCH v4 0/8] s390: virtio: support protected virtualization Halil Pasic
2019-06-06 11:51 ` Halil Pasic
2019-06-06 11:51 ` [PATCH v4 1/8] s390/mm: force swiotlb for " Halil Pasic
2019-06-06 11:51 ` Halil Pasic
2019-06-06 11:51 ` [PATCH v4 2/8] s390/cio: introduce DMA pools to cio Halil Pasic
2019-06-06 11:51 ` Halil Pasic
2019-06-11 9:55 ` Cornelia Huck
2019-06-11 9:55 ` Cornelia Huck
2019-06-12 6:30 ` Cornelia Huck
2019-06-12 6:30 ` Cornelia Huck
2019-06-06 11:51 ` [PATCH v4 3/8] s390/cio: add basic protected virtualization support Halil Pasic
2019-06-06 11:51 ` Halil Pasic
2019-06-06 11:51 ` [PATCH v4 4/8] s390/airq: use DMA memory for adapter interrupts Halil Pasic
2019-06-06 11:51 ` Halil Pasic
2019-06-11 10:17 ` Cornelia Huck
2019-06-11 10:17 ` Cornelia Huck
2019-06-11 14:27 ` Halil Pasic
2019-06-11 14:27 ` Halil Pasic
2019-06-11 16:19 ` Cornelia Huck
2019-06-11 16:19 ` Cornelia Huck
2019-06-12 0:32 ` Halil Pasic [this message]
2019-06-12 0:32 ` Halil Pasic
2019-06-12 6:21 ` Cornelia Huck
2019-06-12 6:21 ` Cornelia Huck
2019-06-12 13:33 ` Halil Pasic
2019-06-12 13:33 ` Halil Pasic
2019-06-12 13:46 ` Cornelia Huck
2019-06-12 13:46 ` Cornelia Huck
2019-06-06 11:51 ` [PATCH v4 5/8] virtio/s390: use cacheline aligned airq bit vectors Halil Pasic
2019-06-06 11:51 ` Halil Pasic
2019-06-06 11:51 ` [PATCH v4 6/8] virtio/s390: add indirection to indicators access Halil Pasic
2019-06-06 11:51 ` Halil Pasic
2019-06-06 11:51 ` [PATCH v4 7/8] virtio/s390: use DMA memory for ccw I/O and classic notifiers Halil Pasic
2019-06-06 11:51 ` Halil Pasic
2019-06-11 10:30 ` Cornelia Huck
2019-06-11 10:30 ` Cornelia Huck
2019-06-06 11:51 ` [PATCH v4 8/8] virtio/s390: make airq summary indicators DMA Halil Pasic
2019-06-06 11:51 ` Halil Pasic
2019-06-11 10:19 ` Cornelia Huck
2019-06-11 10:19 ` Cornelia Huck
2019-06-11 10:37 ` [PATCH v4 0/8] s390: virtio: support protected virtualization Cornelia Huck
2019-06-11 10:37 ` Cornelia Huck
2019-06-11 10:44 ` Michael S. Tsirkin
2019-06-11 10:44 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190612023231.7da4908c.pasic@linux.ibm.com \
--to=pasic@linux.ibm.com \
--cc=alifm@linux.ibm.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=farman@linux.ibm.com \
--cc=frankja@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hch@infradead.org \
--cc=heiko.carstens@de.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=jjherne@linux.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=mihajlov@linux.ibm.com \
--cc=mimu@linux.ibm.com \
--cc=mst@redhat.com \
--cc=sebott@linux.ibm.com \
--cc=thuth@redhat.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.