From: "Leizhen (ThunderTown)" <thunder.leizhen@huawei.com>
To: Robin Murphy <robin.murphy@arm.com>,
Will Deacon <will.deacon@arm.com>, Joerg Roedel <joro@8bytes.org>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
iommu <iommu@lists.linux-foundation.org>,
linux-kernel <linux-kernel@vger.kernel.org>
Cc: LinuxArm <linuxarm@huawei.com>, Hanjun Guo <guohanjun@huawei.com>,
Libin <huawei.libin@huawei.com>,
John Garry <john.garry@huawei.com>
Subject: Re: [PATCH v3 1/2] iommu/arm-smmu-v3: fix unexpected CMD_SYNC timeout
Date: Thu, 16 Aug 2018 16:21:17 +0800 [thread overview]
Message-ID: <5B7533FD.20903@huawei.com> (raw)
In-Reply-To: <6027cd67-7c76-673c-082f-8dd0b7a575b0@arm.com>
On 2018/8/15 20:26, Robin Murphy wrote:
> On 15/08/18 11:23, Zhen Lei wrote:
>> The condition "(int)(VAL - sync_idx) >= 0" to break loop in function
>> __arm_smmu_sync_poll_msi requires that sync_idx must be increased
>> monotonously according to the sequence of the CMDs in the cmdq.
>>
>> But ".msidata = atomic_inc_return_relaxed(&smmu->sync_nr)" is not protected
>> by spinlock, so the following scenarios may appear:
>> cpu0 cpu1
>> msidata=0
>> msidata=1
>> insert cmd1
>> insert cmd0
>> smmu execute cmd1
>> smmu execute cmd0
>> poll timeout, because msidata=1 is overridden by
>> cmd0, that means VAL=0, sync_idx=1.
>>
>> This is not a functional problem, just make the caller wait for a long
>> time until TIMEOUT. It's rare to happen, because any other CMD_SYNCs
>> during the waiting period will break it.
>>
>> Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
>> ---
>> drivers/iommu/arm-smmu-v3.c | 12 ++++++++----
>> 1 file changed, 8 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c
>> index 1d64710..3f5c236 100644
>> --- a/drivers/iommu/arm-smmu-v3.c
>> +++ b/drivers/iommu/arm-smmu-v3.c
>> @@ -566,7 +566,7 @@ struct arm_smmu_device {
>>
>> int gerr_irq;
>> int combined_irq;
>> - atomic_t sync_nr;
>> + u32 sync_nr;
>>
>> unsigned long ias; /* IPA */
>> unsigned long oas; /* PA */
>> @@ -775,6 +775,11 @@ static int queue_remove_raw(struct arm_smmu_queue *q, u64 *ent)
>> return 0;
>> }
>>
>> +static inline void arm_smmu_cmdq_sync_set_msidata(u64 *cmd, u32 msidata)
>
> If we *are* going to go down this route then I think it would make sense to move the msiaddr and CMDQ_SYNC_0_CS_MSI logic here as well; i.e. arm_smmu_cmdq_build_cmd() always generates a "normal" SEV-based sync command, then calling this guy would convert it to an MSI-based one. As-is, having bits of mutually-dependent data handled across two separate places just seems too messy and error-prone.
Yes, How about create a new function "arm_smmu_cmdq_build_sync_msi_cmd"?
static inline
void arm_smmu_cmdq_build_sync_msi_cmd(u64 *cmd, struct arm_smmu_cmdq_ent *ent)
{
cmd[0] = FIELD_PREP(CMDQ_0_OP, ent->opcode);
cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_CS, CMDQ_SYNC_0_CS_IRQ);
cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSH, ARM_SMMU_SH_ISH);
cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSIATTR, ARM_SMMU_MEMATTR_OIWB);
cmd[1] = ent->sync.msiaddr & CMDQ_SYNC_1_MSIADDR_MASK;
}
>
> That said, I still don't think that just building the whole command under the lock is really all that bad - even when it doesn't get optimised into one of the assignments that memset you call out is only a single "stp xzr, xzr, ...", and a couple of extra branches doesn't seem a huge deal compared to the DSB and MMIO accesses (and potentially polling) that we're about to do anyway. I've tried hacking things up enough to convince GCC to inline a specialisation of the relevant switch case when ent->opcode is known, and that reduces the "overhead" down to just a handful of ALU instructions. I still need to try cleaning said hack up and double-check that it doesn't have any adverse impact on all the other SMMUv3 stuff in development, but watch this space...
>
> Robin.
>
>> +{
>> + cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSIDATA, msidata);
>> +}
>> +
>> /* High-level queue accessors */
>> static int arm_smmu_cmdq_build_cmd(u64 *cmd, struct arm_smmu_cmdq_ent *ent)
>> {
>> @@ -836,7 +841,6 @@ static int arm_smmu_cmdq_build_cmd(u64 *cmd, struct arm_smmu_cmdq_ent *ent)
>> cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_CS, CMDQ_SYNC_0_CS_SEV);
>> cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSH, ARM_SMMU_SH_ISH);
>> cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSIATTR, ARM_SMMU_MEMATTR_OIWB);
>> - cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSIDATA, ent->sync.msidata);
>> cmd[1] |= ent->sync.msiaddr & CMDQ_SYNC_1_MSIADDR_MASK;
>> break;
>> default:
>> @@ -947,7 +951,6 @@ static int __arm_smmu_cmdq_issue_sync_msi(struct arm_smmu_device *smmu)
>> struct arm_smmu_cmdq_ent ent = {
>> .opcode = CMDQ_OP_CMD_SYNC,
>> .sync = {
>> - .msidata = atomic_inc_return_relaxed(&smmu->sync_nr),
>> .msiaddr = virt_to_phys(&smmu->sync_count),
>> },
>> };
>> @@ -955,6 +958,8 @@ static int __arm_smmu_cmdq_issue_sync_msi(struct arm_smmu_device *smmu)
>> arm_smmu_cmdq_build_cmd(cmd, &ent);
>>
>> spin_lock_irqsave(&smmu->cmdq.lock, flags);
>> + ent.sync.msidata = ++smmu->sync_nr;
>> + arm_smmu_cmdq_sync_set_msidata(cmd, ent.sync.msidata);
>> arm_smmu_cmdq_insert_cmd(smmu, cmd);
>> spin_unlock_irqrestore(&smmu->cmdq.lock, flags);
>>
>> @@ -2179,7 +2184,6 @@ static int arm_smmu_init_structures(struct arm_smmu_device *smmu)
>> {
>> int ret;
>>
>> - atomic_set(&smmu->sync_nr, 0);
>> ret = arm_smmu_init_queues(smmu);
>> if (ret)
>> return ret;
>> --
>> 1.8.3
>>
>>
>
> .
>
--
Thanks!
BestRegards
WARNING: multiple messages have this Message-ID (diff)
From: thunder.leizhen@huawei.com (Leizhen (ThunderTown))
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v3 1/2] iommu/arm-smmu-v3: fix unexpected CMD_SYNC timeout
Date: Thu, 16 Aug 2018 16:21:17 +0800 [thread overview]
Message-ID: <5B7533FD.20903@huawei.com> (raw)
In-Reply-To: <6027cd67-7c76-673c-082f-8dd0b7a575b0@arm.com>
On 2018/8/15 20:26, Robin Murphy wrote:
> On 15/08/18 11:23, Zhen Lei wrote:
>> The condition "(int)(VAL - sync_idx) >= 0" to break loop in function
>> __arm_smmu_sync_poll_msi requires that sync_idx must be increased
>> monotonously according to the sequence of the CMDs in the cmdq.
>>
>> But ".msidata = atomic_inc_return_relaxed(&smmu->sync_nr)" is not protected
>> by spinlock, so the following scenarios may appear:
>> cpu0 cpu1
>> msidata=0
>> msidata=1
>> insert cmd1
>> insert cmd0
>> smmu execute cmd1
>> smmu execute cmd0
>> poll timeout, because msidata=1 is overridden by
>> cmd0, that means VAL=0, sync_idx=1.
>>
>> This is not a functional problem, just make the caller wait for a long
>> time until TIMEOUT. It's rare to happen, because any other CMD_SYNCs
>> during the waiting period will break it.
>>
>> Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
>> ---
>> drivers/iommu/arm-smmu-v3.c | 12 ++++++++----
>> 1 file changed, 8 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c
>> index 1d64710..3f5c236 100644
>> --- a/drivers/iommu/arm-smmu-v3.c
>> +++ b/drivers/iommu/arm-smmu-v3.c
>> @@ -566,7 +566,7 @@ struct arm_smmu_device {
>>
>> int gerr_irq;
>> int combined_irq;
>> - atomic_t sync_nr;
>> + u32 sync_nr;
>>
>> unsigned long ias; /* IPA */
>> unsigned long oas; /* PA */
>> @@ -775,6 +775,11 @@ static int queue_remove_raw(struct arm_smmu_queue *q, u64 *ent)
>> return 0;
>> }
>>
>> +static inline void arm_smmu_cmdq_sync_set_msidata(u64 *cmd, u32 msidata)
>
> If we *are* going to go down this route then I think it would make sense to move the msiaddr and CMDQ_SYNC_0_CS_MSI logic here as well; i.e. arm_smmu_cmdq_build_cmd() always generates a "normal" SEV-based sync command, then calling this guy would convert it to an MSI-based one. As-is, having bits of mutually-dependent data handled across two separate places just seems too messy and error-prone.
Yes, How about create a new function "arm_smmu_cmdq_build_sync_msi_cmd"?
static inline
void arm_smmu_cmdq_build_sync_msi_cmd(u64 *cmd, struct arm_smmu_cmdq_ent *ent)
{
cmd[0] = FIELD_PREP(CMDQ_0_OP, ent->opcode);
cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_CS, CMDQ_SYNC_0_CS_IRQ);
cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSH, ARM_SMMU_SH_ISH);
cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSIATTR, ARM_SMMU_MEMATTR_OIWB);
cmd[1] = ent->sync.msiaddr & CMDQ_SYNC_1_MSIADDR_MASK;
}
>
> That said, I still don't think that just building the whole command under the lock is really all that bad - even when it doesn't get optimised into one of the assignments that memset you call out is only a single "stp xzr, xzr, ...", and a couple of extra branches doesn't seem a huge deal compared to the DSB and MMIO accesses (and potentially polling) that we're about to do anyway. I've tried hacking things up enough to convince GCC to inline a specialisation of the relevant switch case when ent->opcode is known, and that reduces the "overhead" down to just a handful of ALU instructions. I still need to try cleaning said hack up and double-check that it doesn't have any adverse impact on all the other SMMUv3 stuff in development, but watch this space...
>
> Robin.
>
>> +{
>> + cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSIDATA, msidata);
>> +}
>> +
>> /* High-level queue accessors */
>> static int arm_smmu_cmdq_build_cmd(u64 *cmd, struct arm_smmu_cmdq_ent *ent)
>> {
>> @@ -836,7 +841,6 @@ static int arm_smmu_cmdq_build_cmd(u64 *cmd, struct arm_smmu_cmdq_ent *ent)
>> cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_CS, CMDQ_SYNC_0_CS_SEV);
>> cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSH, ARM_SMMU_SH_ISH);
>> cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSIATTR, ARM_SMMU_MEMATTR_OIWB);
>> - cmd[0] |= FIELD_PREP(CMDQ_SYNC_0_MSIDATA, ent->sync.msidata);
>> cmd[1] |= ent->sync.msiaddr & CMDQ_SYNC_1_MSIADDR_MASK;
>> break;
>> default:
>> @@ -947,7 +951,6 @@ static int __arm_smmu_cmdq_issue_sync_msi(struct arm_smmu_device *smmu)
>> struct arm_smmu_cmdq_ent ent = {
>> .opcode = CMDQ_OP_CMD_SYNC,
>> .sync = {
>> - .msidata = atomic_inc_return_relaxed(&smmu->sync_nr),
>> .msiaddr = virt_to_phys(&smmu->sync_count),
>> },
>> };
>> @@ -955,6 +958,8 @@ static int __arm_smmu_cmdq_issue_sync_msi(struct arm_smmu_device *smmu)
>> arm_smmu_cmdq_build_cmd(cmd, &ent);
>>
>> spin_lock_irqsave(&smmu->cmdq.lock, flags);
>> + ent.sync.msidata = ++smmu->sync_nr;
>> + arm_smmu_cmdq_sync_set_msidata(cmd, ent.sync.msidata);
>> arm_smmu_cmdq_insert_cmd(smmu, cmd);
>> spin_unlock_irqrestore(&smmu->cmdq.lock, flags);
>>
>> @@ -2179,7 +2184,6 @@ static int arm_smmu_init_structures(struct arm_smmu_device *smmu)
>> {
>> int ret;
>>
>> - atomic_set(&smmu->sync_nr, 0);
>> ret = arm_smmu_init_queues(smmu);
>> if (ret)
>> return ret;
>> --
>> 1.8.3
>>
>>
>
> .
>
--
Thanks!
BestRegards
next prev parent reply other threads:[~2018-08-16 8:21 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-15 10:23 [PATCH v3 0/2] bugfix and optimization about CMD_SYNC Zhen Lei
2018-08-15 10:23 ` Zhen Lei
2018-08-15 10:23 ` Zhen Lei
2018-08-15 10:23 ` [PATCH v3 1/2] iommu/arm-smmu-v3: fix unexpected CMD_SYNC timeout Zhen Lei
2018-08-15 10:23 ` Zhen Lei
[not found] ` <1534328582-17664-2-git-send-email-thunder.leizhen-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2018-08-15 12:26 ` Robin Murphy
2018-08-15 12:26 ` Robin Murphy
2018-08-15 12:26 ` Robin Murphy
[not found] ` <6027cd67-7c76-673c-082f-8dd0b7a575b0-5wv7dgnIgG8@public.gmane.org>
2018-08-15 13:00 ` Will Deacon
2018-08-15 13:00 ` Will Deacon
2018-08-15 13:00 ` Will Deacon
2018-08-15 18:08 ` John Garry
2018-08-15 18:08 ` John Garry
[not found] ` <5961191f-f913-9bbf-5d0d-81800bec36a1-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2018-08-16 4:11 ` Leizhen (ThunderTown)
2018-08-16 4:11 ` Leizhen (ThunderTown)
2018-08-16 4:11 ` Leizhen (ThunderTown)
2018-08-16 8:21 ` Leizhen (ThunderTown) [this message]
2018-08-16 8:21 ` Leizhen (ThunderTown)
2018-08-16 9:18 ` Will Deacon
2018-08-16 9:18 ` Will Deacon
2018-08-16 9:27 ` Robin Murphy
2018-08-16 9:27 ` Robin Murphy
[not found] ` <ad5bd6c0-20bd-9581-a12a-4464e5ec69f6-5wv7dgnIgG8@public.gmane.org>
2018-08-19 7:02 ` Leizhen (ThunderTown)
2018-08-19 7:02 ` Leizhen (ThunderTown)
2018-08-19 7:02 ` Leizhen (ThunderTown)
2018-09-05 1:46 ` Leizhen (ThunderTown)
2018-09-05 1:46 ` Leizhen (ThunderTown)
2018-08-15 10:23 ` [PATCH v3 2/2] iommu/arm-smmu-v3: avoid redundant CMD_SYNCs if possible Zhen Lei
2018-08-15 10:23 ` Zhen Lei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5B7533FD.20903@huawei.com \
--to=thunder.leizhen@huawei.com \
--cc=guohanjun@huawei.com \
--cc=huawei.libin@huawei.com \
--cc=iommu@lists.linux-foundation.org \
--cc=john.garry@huawei.com \
--cc=joro@8bytes.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxarm@huawei.com \
--cc=robin.murphy@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.