From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8A9CC00140 for ; Mon, 15 Aug 2022 14:55:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232011AbiHOOzZ (ORCPT ); Mon, 15 Aug 2022 10:55:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34086 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233272AbiHOOzX (ORCPT ); Mon, 15 Aug 2022 10:55:23 -0400 Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 78292B9B for ; Mon, 15 Aug 2022 07:55:20 -0700 (PDT) Received: from fraeml707-chm.china.huawei.com (unknown [172.18.147.206]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4M5y1G4Yjjz67tG2; Mon, 15 Aug 2022 22:52:18 +0800 (CST) Received: from lhrpeml500005.china.huawei.com (7.191.163.240) by fraeml707-chm.china.huawei.com (10.206.15.35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Mon, 15 Aug 2022 16:55:17 +0200 Received: from localhost (10.202.226.42) by lhrpeml500005.china.huawei.com (7.191.163.240) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Mon, 15 Aug 2022 15:55:17 +0100 Date: Mon, 15 Aug 2022 15:55:16 +0100 From: Jonathan Cameron To: Jonathan Cameron via CC: Jonathan Cameron , Dan Williams , Bobo WL , , Subject: Re: [BUG] cxl can not create region Message-ID: <20220815155516.00007ebf@huawei.com> In-Reply-To: <20220815151809.0000294c@huawei.com> References: <20220808133727.00001171@huawei.com> <20220809170825.00001b61@huawei.com> <20220811180857.00005e67@huawei.com> <20220812164403.00001654@huawei.com> <62f679b67828f_992102942@dwillia2-xfh.jf.intel.com.notmuch> <20220812171509.00006034@huawei.com> <20220815151809.0000294c@huawei.com> X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.29; i686-w64-mingw32) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.202.226.42] X-ClientProxiedBy: lhrpeml100002.china.huawei.com (7.191.160.241) To lhrpeml500005.china.huawei.com (7.191.163.240) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-cxl@vger.kernel.org On Mon, 15 Aug 2022 15:18:09 +0100 Jonathan Cameron via wrote: > On Fri, 12 Aug 2022 17:15:09 +0100 > Jonathan Cameron wrote: > > > On Fri, 12 Aug 2022 09:03:02 -0700 > > Dan Williams wrote: > > > > > Jonathan Cameron wrote: > > > > On Thu, 11 Aug 2022 18:08:57 +0100 > > > > Jonathan Cameron via wrote: > > > > > > > > > On Tue, 9 Aug 2022 17:08:25 +0100 > > > > > Jonathan Cameron wrote: > > > > > > > > > > > On Tue, 9 Aug 2022 21:07:06 +0800 > > > > > > Bobo WL wrote: > > > > > > > > > > > > > Hi Jonathan > > > > > > > > > > > > > > Thanks for your reply! > > > > > > > > > > > > > > On Mon, Aug 8, 2022 at 8:37 PM Jonathan Cameron > > > > > > > wrote: > > > > > > > > > > > > > > > > Probably not related to your problem, but there is a disconnect in QEMU / > > > > > > > > kernel assumptionsaround the presence of an HDM decoder when a HB only > > > > > > > > has a single root port. Spec allows it to be provided or not as an implementation choice. > > > > > > > > Kernel assumes it isn't provide. Qemu assumes it is. > > > > > > > > > > > > > > > > The temporary solution is to throw in a second root port on the HB and not > > > > > > > > connect anything to it. Longer term I may special case this so that the particular > > > > > > > > decoder defaults to pass through settings in QEMU if there is only one root port. > > > > > > > > > > > > > > > > > > > > > > You are right! After adding an extra HB in qemu, I can create a x1 > > > > > > > region successfully. > > > > > > > But have some errors in Nvdimm: > > > > > > > > > > > > > > [ 74.925838] Unknown online node for memory at 0x10000000000, assuming node 0 > > > > > > > [ 74.925846] Unknown target node for memory at 0x10000000000, assuming node 0 > > > > > > > [ 74.927470] nd_region region0: nmem0: is disabled, failing probe > > > > > > > > > > > > Ah. I've seen this one, but not chased it down yet. Was on my todo list to chase > > > > > > down. Once I reach this state I can verify the HDM Decode is correct which is what > > > > > > I've been using to test (Which wasn't true until earlier this week). > > > > > > I'm currently testing via devmem, more for historical reasons than because it makes > > > > > > that much sense anymore. > > > > > > > > > > *embarassed cough*. We haven't fully hooked the LSA up in qemu yet. > > > > > I'd forgotten that was still on the todo list. I don't think it will > > > > > be particularly hard to do and will take a look in next few days. > > > > > > > > > > Very very indirectly this error is causing a driver probe fail that means that > > > > > we hit a code path that has a rather odd looking check on NDD_LABELING. > > > > > Should not have gotten near that path though - hence the problem is actually > > > > > when we call cxl_pmem_get_config_data() and it returns an error because > > > > > we haven't fully connected up the command in QEMU. > > > > > > > > So a least one bug in QEMU. We were not supporting variable length payloads on mailbox > > > > inputs (but were on outputs). That hasn't mattered until we get to LSA writes. > > > > We just need to relax condition on the supplied length. > > > > > > > > diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c > > > > index c352a935c4..fdda9529fe 100644 > > > > --- a/hw/cxl/cxl-mailbox-utils.c > > > > +++ b/hw/cxl/cxl-mailbox-utils.c > > > > @@ -510,7 +510,7 @@ void cxl_process_mailbox(CXLDeviceState *cxl_dstate) > > > > cxl_cmd = &cxl_cmd_set[set][cmd]; > > > > h = cxl_cmd->handler; > > > > if (h) { > > > > - if (len == cxl_cmd->in) { > > > > + if (len == cxl_cmd->in || !cxl_cmd->in) { > > > > cxl_cmd->payload = cxl_dstate->mbox_reg_state + > > > > A_CXL_DEV_CMD_PAYLOAD; > > > > ret = (*h)(cxl_cmd, cxl_dstate, &len); > > > > > > > > > > > > This lets the nvdimm/region probe fine, but I'm getting some issues with > > > > namespace capacity so I'll look at what is causing that next. > > > > Unfortunately I'm not that familiar with the driver/nvdimm side of things > > > > so it's take a while to figure out what kicks off what! > > > > > > The whirlwind tour is that 'struct nd_region' instances that represent a > > > persitent memory address range are composed of one more mappings of > > > 'struct nvdimm' objects. The nvdimm object is driven by the dimm driver > > > in drivers/nvdimm/dimm.c. That driver is mainly charged with unlocking > > > the dimm (if locked) and interrogating the label area to look for > > > namespace labels. > > > > > > The label command calls are routed to the '->ndctl()' callback that was > > > registered when the CXL nvdimm_bus_descriptor was created. That callback > > > handles both 'bus' scope calls, currently none for CXL, and per nvdimm > > > calls. cxl_pmem_nvdimm_ctl() translates those generic LIBNVDIMM commands > > > to CXL commands. > > > > > > The 'struct nvdimm' objects that the CXL side registers have the > > > NDD_LABELING flag set which means that namespaces need to be explicitly > > > created / provisioned from region capacity. Otherwise, if > > > drivers/nvdimm/dimm.c does not find a namespace-label-index block then > > > the region reverts to label-less mode and a default namespace equal to > > > the size of the region is instantiated. > > > > > > If you are seeing small mismatches in namespace capacity then it may > > > just be the fact that by default 'ndctl create-namespace' results in an > > > 'fsdax' mode namespace which just means that it is a block device where > > > 1.5% of the capacity is reserved for 'struct page' metadata. You should > > > be able to see namespace capacity == region capacity by doing "ndctl > > > create-namespace -m raw", and disable DAX operation. > > > > Currently ndctl create-namespace crashes qemu ;) > > Which isn't ideal! > > > > Found a cause for this one. Mailbox payload may be as small as 256 bytes. > We have code in kernel sanity checking that output payload fits in the > mailbox, but nothing on the input payload. Symptom is that we write just > off the end whatever size the payload is. Note doing this shouldn't crash > qemu - so I need to fix a range check somewhere. > > I think this is because cxl_pmem_get_config_size() returns the mailbox > payload size as being the available LSA size, forgetting to remove the > size of the headers on the set_lsa side of things. > https://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl.git/tree/drivers/cxl/pmem.c?h=next#n110 > > I've hacked the max_payload to be -8 > > Now we still don't succeed in creating the namespace, but bonus is it doesn't crash any more. In the interests of defensive / correct handling from QEMU I took a look into why it was crashing. Turns out that providing a NULL write callback for the memory device region (that the above overlarge write was spilling into) isn't a safe thing to do. Needs a stub. Oops. On plus side we might never have noticed this was going wrong without the crash *silver lining in every cloud* Fix to follow... Jonathan > > > Jonathan > > > > > > > > > Hope that helps. > > Got me looking at the right code. Thanks! > > > > Jonathan > > > > > > From mboxrd@z Thu Jan 1 00:00:00 1970 Received: by 2002:a17:906:3b11:0:0:0:0 with SMTP id g17csp1238569ejf; Mon, 15 Aug 2022 07:56:00 -0700 (PDT) X-Google-Smtp-Source: AA6agR5+aJFWDYndzq6RkUDjcEt2ugRolzvc9VxMWJUfSZGEWKtqq5VEae4SfIUaS5aqMhXGBA1e X-Received: by 2002:ac8:58d2:0:b0:344:5698:a2e8 with SMTP id u18-20020ac858d2000000b003445698a2e8mr6232832qta.392.1660575360248; Mon, 15 Aug 2022 07:56:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1660575360; cv=none; d=google.com; s=arc-20160816; b=i8hGJWxbhoKV83fy7Se6VqS3gfZGvoawZM2YJw1oA/QnyfOYmhiHJ9+7D6pJ5PS8eZ asHwJ4Q8nSkYq0niRVstLUFxJMDfkEYst4n3phwV8gJQlBidBoifJyWrN4eMuJjUviHD IOp0L57er3lDVG10Q+nmj00JfOIuf3HX92uD0AZhKvQJZ+VUcKX61FhkLXzWea6SIpB8 7LkxplL39KZUzepdJ0e4h1jMsv8WU2dbneu7roXyWnOyIwY7M+uB1Ll7zYD6+EengX22 uKC2yyUOa9FCQmFbNgF06ciU/7TXt/BPeup8oKxMkZQJovEhLCL8nY7lBh/2LCYNuJiY w/+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=from:reply-to:sender:errors-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence :content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:date; bh=TPdTj4tzCr/EeuVECpxGmuqeoxr6M+8ub50zwJQ5SEo=; b=jS8vvYjV205WOXWNXD7ArMCW1mjdMyrWtWw5K+UZ7/qRCck0jEDoSw2evcszOi+IWi EmvoW1yeuV8jsKS4h8kQ3wIDi8hrgTKqJM3pigXgnlpxqbmmjs00aICbh03kFEVGjkYJ KywiLfCDa+yFmNwQ1bdsDjqu4LjmZfY1bNj8XHlALruv+2199n/A+FHjpy9UmF7o3A/A 1TDUawQHz80CNyEE8qGa0FEIE1aZVM9lFfc+rsFxilzTtD49arfSHioHQejZtIW+mA+c i08EAEW4DPvZ/MTkVdOTZcrfqbZFnqGGp9DEElX73wT1bJOZuE8ydq9Deu8GsHH2Kofy pKkw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-arm-bounces+alex.bennee=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-arm-bounces+alex.bennee=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id s2-20020a05620a030200b006b571a0dba2si4531176qkm.94.2022.08.15.07.56.00 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Mon, 15 Aug 2022 07:56:00 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-arm-bounces+alex.bennee=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-arm-bounces+alex.bennee=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-arm-bounces+alex.bennee=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nongnu.org Received: from localhost ([::1]:44244 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oNbVX-0001sE-NY for alex.bennee@linaro.org; Mon, 15 Aug 2022 10:55:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44120) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oNbV1-0001oX-Cy; Mon, 15 Aug 2022 10:55:27 -0400 Received: from frasgout.his.huawei.com ([185.176.79.56]:2674) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oNbUx-00012D-VK; Mon, 15 Aug 2022 10:55:27 -0400 Received: from fraeml707-chm.china.huawei.com (unknown [172.18.147.206]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4M5y1G4Yjjz67tG2; Mon, 15 Aug 2022 22:52:18 +0800 (CST) Received: from lhrpeml500005.china.huawei.com (7.191.163.240) by fraeml707-chm.china.huawei.com (10.206.15.35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Mon, 15 Aug 2022 16:55:17 +0200 Received: from localhost (10.202.226.42) by lhrpeml500005.china.huawei.com (7.191.163.240) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Mon, 15 Aug 2022 15:55:17 +0100 Date: Mon, 15 Aug 2022 15:55:16 +0100 To: Jonathan Cameron via CC: Jonathan Cameron , Dan Williams , Bobo WL , , Subject: Re: [BUG] cxl can not create region Message-ID: <20220815155516.00007ebf@huawei.com> In-Reply-To: <20220815151809.0000294c@huawei.com> References: <20220808133727.00001171@huawei.com> <20220809170825.00001b61@huawei.com> <20220811180857.00005e67@huawei.com> <20220812164403.00001654@huawei.com> <62f679b67828f_992102942@dwillia2-xfh.jf.intel.com.notmuch> <20220812171509.00006034@huawei.com> <20220815151809.0000294c@huawei.com> X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.29; i686-w64-mingw32) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.202.226.42] X-ClientProxiedBy: lhrpeml100002.china.huawei.com (7.191.160.241) To lhrpeml500005.china.huawei.com (7.191.163.240) X-CFilter-Loop: Reflected Received-SPF: pass client-ip=185.176.79.56; envelope-from=jonathan.cameron@huawei.com; helo=frasgout.his.huawei.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-arm@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-arm-bounces+alex.bennee=linaro.org@nongnu.org Sender: "Qemu-arm" Reply-to: Jonathan Cameron From: Jonathan Cameron via X-TUID: Wh0PUyoSlCd5 On Mon, 15 Aug 2022 15:18:09 +0100 Jonathan Cameron via wrote: > On Fri, 12 Aug 2022 17:15:09 +0100 > Jonathan Cameron wrote: > > > On Fri, 12 Aug 2022 09:03:02 -0700 > > Dan Williams wrote: > > > > > Jonathan Cameron wrote: > > > > On Thu, 11 Aug 2022 18:08:57 +0100 > > > > Jonathan Cameron via wrote: > > > > > > > > > On Tue, 9 Aug 2022 17:08:25 +0100 > > > > > Jonathan Cameron wrote: > > > > > > > > > > > On Tue, 9 Aug 2022 21:07:06 +0800 > > > > > > Bobo WL wrote: > > > > > > > > > > > > > Hi Jonathan > > > > > > > > > > > > > > Thanks for your reply! > > > > > > > > > > > > > > On Mon, Aug 8, 2022 at 8:37 PM Jonathan Cameron > > > > > > > wrote: > > > > > > > > > > > > > > > > Probably not related to your problem, but there is a disconnect in QEMU / > > > > > > > > kernel assumptionsaround the presence of an HDM decoder when a HB only > > > > > > > > has a single root port. Spec allows it to be provided or not as an implementation choice. > > > > > > > > Kernel assumes it isn't provide. Qemu assumes it is. > > > > > > > > > > > > > > > > The temporary solution is to throw in a second root port on the HB and not > > > > > > > > connect anything to it. Longer term I may special case this so that the particular > > > > > > > > decoder defaults to pass through settings in QEMU if there is only one root port. > > > > > > > > > > > > > > > > > > > > > > You are right! After adding an extra HB in qemu, I can create a x1 > > > > > > > region successfully. > > > > > > > But have some errors in Nvdimm: > > > > > > > > > > > > > > [ 74.925838] Unknown online node for memory at 0x10000000000, assuming node 0 > > > > > > > [ 74.925846] Unknown target node for memory at 0x10000000000, assuming node 0 > > > > > > > [ 74.927470] nd_region region0: nmem0: is disabled, failing probe > > > > > > > > > > > > Ah. I've seen this one, but not chased it down yet. Was on my todo list to chase > > > > > > down. Once I reach this state I can verify the HDM Decode is correct which is what > > > > > > I've been using to test (Which wasn't true until earlier this week). > > > > > > I'm currently testing via devmem, more for historical reasons than because it makes > > > > > > that much sense anymore. > > > > > > > > > > *embarassed cough*. We haven't fully hooked the LSA up in qemu yet. > > > > > I'd forgotten that was still on the todo list. I don't think it will > > > > > be particularly hard to do and will take a look in next few days. > > > > > > > > > > Very very indirectly this error is causing a driver probe fail that means that > > > > > we hit a code path that has a rather odd looking check on NDD_LABELING. > > > > > Should not have gotten near that path though - hence the problem is actually > > > > > when we call cxl_pmem_get_config_data() and it returns an error because > > > > > we haven't fully connected up the command in QEMU. > > > > > > > > So a least one bug in QEMU. We were not supporting variable length payloads on mailbox > > > > inputs (but were on outputs). That hasn't mattered until we get to LSA writes. > > > > We just need to relax condition on the supplied length. > > > > > > > > diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c > > > > index c352a935c4..fdda9529fe 100644 > > > > --- a/hw/cxl/cxl-mailbox-utils.c > > > > +++ b/hw/cxl/cxl-mailbox-utils.c > > > > @@ -510,7 +510,7 @@ void cxl_process_mailbox(CXLDeviceState *cxl_dstate) > > > > cxl_cmd = &cxl_cmd_set[set][cmd]; > > > > h = cxl_cmd->handler; > > > > if (h) { > > > > - if (len == cxl_cmd->in) { > > > > + if (len == cxl_cmd->in || !cxl_cmd->in) { > > > > cxl_cmd->payload = cxl_dstate->mbox_reg_state + > > > > A_CXL_DEV_CMD_PAYLOAD; > > > > ret = (*h)(cxl_cmd, cxl_dstate, &len); > > > > > > > > > > > > This lets the nvdimm/region probe fine, but I'm getting some issues with > > > > namespace capacity so I'll look at what is causing that next. > > > > Unfortunately I'm not that familiar with the driver/nvdimm side of things > > > > so it's take a while to figure out what kicks off what! > > > > > > The whirlwind tour is that 'struct nd_region' instances that represent a > > > persitent memory address range are composed of one more mappings of > > > 'struct nvdimm' objects. The nvdimm object is driven by the dimm driver > > > in drivers/nvdimm/dimm.c. That driver is mainly charged with unlocking > > > the dimm (if locked) and interrogating the label area to look for > > > namespace labels. > > > > > > The label command calls are routed to the '->ndctl()' callback that was > > > registered when the CXL nvdimm_bus_descriptor was created. That callback > > > handles both 'bus' scope calls, currently none for CXL, and per nvdimm > > > calls. cxl_pmem_nvdimm_ctl() translates those generic LIBNVDIMM commands > > > to CXL commands. > > > > > > The 'struct nvdimm' objects that the CXL side registers have the > > > NDD_LABELING flag set which means that namespaces need to be explicitly > > > created / provisioned from region capacity. Otherwise, if > > > drivers/nvdimm/dimm.c does not find a namespace-label-index block then > > > the region reverts to label-less mode and a default namespace equal to > > > the size of the region is instantiated. > > > > > > If you are seeing small mismatches in namespace capacity then it may > > > just be the fact that by default 'ndctl create-namespace' results in an > > > 'fsdax' mode namespace which just means that it is a block device where > > > 1.5% of the capacity is reserved for 'struct page' metadata. You should > > > be able to see namespace capacity == region capacity by doing "ndctl > > > create-namespace -m raw", and disable DAX operation. > > > > Currently ndctl create-namespace crashes qemu ;) > > Which isn't ideal! > > > > Found a cause for this one. Mailbox payload may be as small as 256 bytes. > We have code in kernel sanity checking that output payload fits in the > mailbox, but nothing on the input payload. Symptom is that we write just > off the end whatever size the payload is. Note doing this shouldn't crash > qemu - so I need to fix a range check somewhere. > > I think this is because cxl_pmem_get_config_size() returns the mailbox > payload size as being the available LSA size, forgetting to remove the > size of the headers on the set_lsa side of things. > https://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl.git/tree/drivers/cxl/pmem.c?h=next#n110 > > I've hacked the max_payload to be -8 > > Now we still don't succeed in creating the namespace, but bonus is it doesn't crash any more. In the interests of defensive / correct handling from QEMU I took a look into why it was crashing. Turns out that providing a NULL write callback for the memory device region (that the above overlarge write was spilling into) isn't a safe thing to do. Needs a stub. Oops. On plus side we might never have noticed this was going wrong without the crash *silver lining in every cloud* Fix to follow... Jonathan > > > Jonathan > > > > > > > > > Hope that helps. > > Got me looking at the right code. Thanks! > > > > Jonathan > > > > > > From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8EA3CC00140 for ; Mon, 15 Aug 2022 14:57:09 +0000 (UTC) Received: from localhost ([::1]:32772 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oNbWe-0003G9-JT for qemu-devel@archiver.kernel.org; Mon, 15 Aug 2022 10:57:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44120) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oNbV1-0001oX-Cy; Mon, 15 Aug 2022 10:55:27 -0400 Received: from frasgout.his.huawei.com ([185.176.79.56]:2674) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oNbUx-00012D-VK; Mon, 15 Aug 2022 10:55:27 -0400 Received: from fraeml707-chm.china.huawei.com (unknown [172.18.147.206]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4M5y1G4Yjjz67tG2; Mon, 15 Aug 2022 22:52:18 +0800 (CST) Received: from lhrpeml500005.china.huawei.com (7.191.163.240) by fraeml707-chm.china.huawei.com (10.206.15.35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Mon, 15 Aug 2022 16:55:17 +0200 Received: from localhost (10.202.226.42) by lhrpeml500005.china.huawei.com (7.191.163.240) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Mon, 15 Aug 2022 15:55:17 +0100 Date: Mon, 15 Aug 2022 15:55:16 +0100 To: Jonathan Cameron via CC: Jonathan Cameron , Dan Williams , Bobo WL , , Subject: Re: [BUG] cxl can not create region Message-ID: <20220815155516.00007ebf@huawei.com> In-Reply-To: <20220815151809.0000294c@huawei.com> References: <20220808133727.00001171@huawei.com> <20220809170825.00001b61@huawei.com> <20220811180857.00005e67@huawei.com> <20220812164403.00001654@huawei.com> <62f679b67828f_992102942@dwillia2-xfh.jf.intel.com.notmuch> <20220812171509.00006034@huawei.com> <20220815151809.0000294c@huawei.com> X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.29; i686-w64-mingw32) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.202.226.42] X-ClientProxiedBy: lhrpeml100002.china.huawei.com (7.191.160.241) To lhrpeml500005.china.huawei.com (7.191.163.240) X-CFilter-Loop: Reflected Received-SPF: pass client-ip=185.176.79.56; envelope-from=jonathan.cameron@huawei.com; helo=frasgout.his.huawei.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Reply-to: Jonathan Cameron From: Jonathan Cameron via On Mon, 15 Aug 2022 15:18:09 +0100 Jonathan Cameron via wrote: > On Fri, 12 Aug 2022 17:15:09 +0100 > Jonathan Cameron wrote: > > > On Fri, 12 Aug 2022 09:03:02 -0700 > > Dan Williams wrote: > > > > > Jonathan Cameron wrote: > > > > On Thu, 11 Aug 2022 18:08:57 +0100 > > > > Jonathan Cameron via wrote: > > > > > > > > > On Tue, 9 Aug 2022 17:08:25 +0100 > > > > > Jonathan Cameron wrote: > > > > > > > > > > > On Tue, 9 Aug 2022 21:07:06 +0800 > > > > > > Bobo WL wrote: > > > > > > > > > > > > > Hi Jonathan > > > > > > > > > > > > > > Thanks for your reply! > > > > > > > > > > > > > > On Mon, Aug 8, 2022 at 8:37 PM Jonathan Cameron > > > > > > > wrote: > > > > > > > > > > > > > > > > Probably not related to your problem, but there is a disconnect in QEMU / > > > > > > > > kernel assumptionsaround the presence of an HDM decoder when a HB only > > > > > > > > has a single root port. Spec allows it to be provided or not as an implementation choice. > > > > > > > > Kernel assumes it isn't provide. Qemu assumes it is. > > > > > > > > > > > > > > > > The temporary solution is to throw in a second root port on the HB and not > > > > > > > > connect anything to it. Longer term I may special case this so that the particular > > > > > > > > decoder defaults to pass through settings in QEMU if there is only one root port. > > > > > > > > > > > > > > > > > > > > > > You are right! After adding an extra HB in qemu, I can create a x1 > > > > > > > region successfully. > > > > > > > But have some errors in Nvdimm: > > > > > > > > > > > > > > [ 74.925838] Unknown online node for memory at 0x10000000000, assuming node 0 > > > > > > > [ 74.925846] Unknown target node for memory at 0x10000000000, assuming node 0 > > > > > > > [ 74.927470] nd_region region0: nmem0: is disabled, failing probe > > > > > > > > > > > > Ah. I've seen this one, but not chased it down yet. Was on my todo list to chase > > > > > > down. Once I reach this state I can verify the HDM Decode is correct which is what > > > > > > I've been using to test (Which wasn't true until earlier this week). > > > > > > I'm currently testing via devmem, more for historical reasons than because it makes > > > > > > that much sense anymore. > > > > > > > > > > *embarassed cough*. We haven't fully hooked the LSA up in qemu yet. > > > > > I'd forgotten that was still on the todo list. I don't think it will > > > > > be particularly hard to do and will take a look in next few days. > > > > > > > > > > Very very indirectly this error is causing a driver probe fail that means that > > > > > we hit a code path that has a rather odd looking check on NDD_LABELING. > > > > > Should not have gotten near that path though - hence the problem is actually > > > > > when we call cxl_pmem_get_config_data() and it returns an error because > > > > > we haven't fully connected up the command in QEMU. > > > > > > > > So a least one bug in QEMU. We were not supporting variable length payloads on mailbox > > > > inputs (but were on outputs). That hasn't mattered until we get to LSA writes. > > > > We just need to relax condition on the supplied length. > > > > > > > > diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c > > > > index c352a935c4..fdda9529fe 100644 > > > > --- a/hw/cxl/cxl-mailbox-utils.c > > > > +++ b/hw/cxl/cxl-mailbox-utils.c > > > > @@ -510,7 +510,7 @@ void cxl_process_mailbox(CXLDeviceState *cxl_dstate) > > > > cxl_cmd = &cxl_cmd_set[set][cmd]; > > > > h = cxl_cmd->handler; > > > > if (h) { > > > > - if (len == cxl_cmd->in) { > > > > + if (len == cxl_cmd->in || !cxl_cmd->in) { > > > > cxl_cmd->payload = cxl_dstate->mbox_reg_state + > > > > A_CXL_DEV_CMD_PAYLOAD; > > > > ret = (*h)(cxl_cmd, cxl_dstate, &len); > > > > > > > > > > > > This lets the nvdimm/region probe fine, but I'm getting some issues with > > > > namespace capacity so I'll look at what is causing that next. > > > > Unfortunately I'm not that familiar with the driver/nvdimm side of things > > > > so it's take a while to figure out what kicks off what! > > > > > > The whirlwind tour is that 'struct nd_region' instances that represent a > > > persitent memory address range are composed of one more mappings of > > > 'struct nvdimm' objects. The nvdimm object is driven by the dimm driver > > > in drivers/nvdimm/dimm.c. That driver is mainly charged with unlocking > > > the dimm (if locked) and interrogating the label area to look for > > > namespace labels. > > > > > > The label command calls are routed to the '->ndctl()' callback that was > > > registered when the CXL nvdimm_bus_descriptor was created. That callback > > > handles both 'bus' scope calls, currently none for CXL, and per nvdimm > > > calls. cxl_pmem_nvdimm_ctl() translates those generic LIBNVDIMM commands > > > to CXL commands. > > > > > > The 'struct nvdimm' objects that the CXL side registers have the > > > NDD_LABELING flag set which means that namespaces need to be explicitly > > > created / provisioned from region capacity. Otherwise, if > > > drivers/nvdimm/dimm.c does not find a namespace-label-index block then > > > the region reverts to label-less mode and a default namespace equal to > > > the size of the region is instantiated. > > > > > > If you are seeing small mismatches in namespace capacity then it may > > > just be the fact that by default 'ndctl create-namespace' results in an > > > 'fsdax' mode namespace which just means that it is a block device where > > > 1.5% of the capacity is reserved for 'struct page' metadata. You should > > > be able to see namespace capacity == region capacity by doing "ndctl > > > create-namespace -m raw", and disable DAX operation. > > > > Currently ndctl create-namespace crashes qemu ;) > > Which isn't ideal! > > > > Found a cause for this one. Mailbox payload may be as small as 256 bytes. > We have code in kernel sanity checking that output payload fits in the > mailbox, but nothing on the input payload. Symptom is that we write just > off the end whatever size the payload is. Note doing this shouldn't crash > qemu - so I need to fix a range check somewhere. > > I think this is because cxl_pmem_get_config_size() returns the mailbox > payload size as being the available LSA size, forgetting to remove the > size of the headers on the set_lsa side of things. > https://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl.git/tree/drivers/cxl/pmem.c?h=next#n110 > > I've hacked the max_payload to be -8 > > Now we still don't succeed in creating the namespace, but bonus is it doesn't crash any more. In the interests of defensive / correct handling from QEMU I took a look into why it was crashing. Turns out that providing a NULL write callback for the memory device region (that the above overlarge write was spilling into) isn't a safe thing to do. Needs a stub. Oops. On plus side we might never have noticed this was going wrong without the crash *silver lining in every cloud* Fix to follow... Jonathan > > > Jonathan > > > > > > > > > Hope that helps. > > Got me looking at the right code. Thanks! > > > > Jonathan > > > > > >