Re: [RFC PATCH 0/1] DOE usage with pcie/portdrv

Linux PCI subsystem development
 help / color / mirror / Atom feed

From: Lukas Wunner <lukas@wunner.de>
To: Dan Williams <dan.j.williams@intel.com>
Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>,
	Gavin Hindman <gavin.hindman@intel.com>,
	Linuxarm <linuxarm@huawei.com>,
	"Weiny, Ira" <ira.weiny@intel.com>,
	Linux PCI <linux-pci@vger.kernel.org>,
	linux-cxl@vger.kernel.org, CHUCK_LEVER <chuck.lever@oracle.com>
Subject: Re: [RFC PATCH 0/1] DOE usage with pcie/portdrv
Date: Sat, 14 May 2022 15:31:14 +0200	[thread overview]
Message-ID: <20220514133114.GA14833@wunner.de> (raw)
In-Reply-To: <CAPcyv4idjqiY9CV=sghDbWqQS_PM2Z0xWxr2MsrMxS-XqU1F=w@mail.gmail.com>

On Wed, May 11, 2022 at 12:42:24PM -0700, Dan Williams wrote:
> I think power-management effects relative to IDE is a soft spot of the
> specification.

When resuming from system sleep, the kernel restores a device's
config space in pci_pm_resume_noirq(), then calls the driver's
->resume_noirq() callback.  The driver is free to assume that
the device is accessible und usable at that point.

IDE breaks that contract if establishment of an SPDM session
depends on user space.  We can't call out to user space for
authentication during the resume_noirq phase because interrupts
are still disabled.

Drivers would have to be aware that IDE has not yet been
re-established and refrain from accessing the device.
Any child devices of the PCI device cannot be resumed
until then.

Ideally we'd want IDE to be transparent to drivers.
That's impossible if their access to devices is forbidden
after system sleep for an indefinite amount of time.

Runtime PM has similar issues as system sleep if the device
was in D3cold.

Reliance on user space also entails a risk of deadlocks:
Let's say user space process A accesses a PCI device,
the kernel runtime resumes the device and calls out to
user space process B to authenticate it.  If A is holding
a resource that B requires, the two tasks deadlock and
the device never becomes accessible.

The more I think about it, the more attractive does Jonathan's
in-kernel SPDM approach look.  Performing SPDM authentication and
IDE setup in the kernel would allow us to retain all existing
assumptions and behavior around power management and reset recovery,
avoid driver awareness of IDE and avoid deadlocks.

> > If setting up an SPDM session is dependent on user space, the kernel
> > would have to leave a device in an inoperable state after runtime resume
> > or reset, until user space gets around to initiate SPDM.
> 
> Yes, this seems acceptable from the perspective of server platforms
> that can make the power management vs security tradeoff.

It seems likely that IDE will not only be used on server platforms.

I'll see to to it that I provide more review feedback to Jonathan's RFC
series so that we can move forward with this.

Thanks,

Lukas

next prev parent reply	other threads:[~2022-05-14 13:31 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-03 15:34 [RFC PATCH 0/1] DOE usage with pcie/portdrv Jonathan Cameron
2022-05-03 15:34 ` [RFC PATCH 1/1] pcie/portdrv: Hack in DOE and CDAT support Jonathan Cameron
2022-05-06 22:40 ` [RFC PATCH 0/1] DOE usage with pcie/portdrv Dan Williams
2022-05-07 10:18   ` Lukas Wunner
2022-05-09  9:48     ` Jonathan Cameron
2022-05-11 19:13       ` Lukas Wunner
2022-05-11 19:19         ` Lukas Wunner
2022-05-11 19:43           ` Dan Williams
2022-05-14 13:55             ` Lukas Wunner
2022-05-16 17:01               ` Dan Williams
2022-05-27  9:39                 ` Lukas Wunner
2022-05-18 13:43               ` Christoph Hellwig
2022-05-18 15:08                 ` Dan Williams
2022-05-20  5:42                 ` Lukas Wunner
2022-05-20 15:37                   ` Dan Williams
2022-05-20 15:42                     ` Chuck Lever III
2022-05-11 19:42         ` Dan Williams
2022-05-11 20:22           ` Hindman, Gavin
2022-05-11 21:04             ` Dan Williams
2022-05-14 13:31           ` Lukas Wunner [this message]
2022-05-16 16:53             ` Dan Williams
2022-05-09  9:33   ` Jonathan Cameron

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220514133114.GA14833@wunner.de \
    --to=lukas@wunner.de \
    --cc=Jonathan.Cameron@huawei.com \
    --cc=chuck.lever@oracle.com \
    --cc=dan.j.williams@intel.com \
    --cc=gavin.hindman@intel.com \
    --cc=ira.weiny@intel.com \
    --cc=linux-cxl@vger.kernel.org \
    --cc=linux-pci@vger.kernel.org \
    --cc=linuxarm@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox