From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7ED34C47247 for ; Fri, 8 May 2020 16:11:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5A25221473 for ; Fri, 8 May 2020 16:11:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1588954271; bh=+Dj6jrTOYLupxRVtLVitewJtc0PbRDygPtG2ln55Xpc=; h=Date:From:To:Cc:Subject:In-Reply-To:References:List-ID:From; b=pafU32EIrvu64gPguRq2Wa/V4/WLertgZBdKEWq5nTRlQeNUPrP+Q2pxB7o4s7m9C a8Es6l0RQdStZB3O2iy6KKuO4TSzRzy87hTwxR3ke6oT8cRAse4rNBsny/IMQGZk6i y6jOxc/pMkqkTTOoh/GU0TxzTEblvqI6gY/dePzA= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728053AbgEHQLK (ORCPT ); Fri, 8 May 2020 12:11:10 -0400 Received: from mail.kernel.org ([198.145.29.99]:36796 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726771AbgEHQLK (ORCPT ); Fri, 8 May 2020 12:11:10 -0400 Received: from disco-boy.misterjones.org (disco-boy.misterjones.org [51.254.78.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 00DB921473; Fri, 8 May 2020 16:11:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1588954269; bh=+Dj6jrTOYLupxRVtLVitewJtc0PbRDygPtG2ln55Xpc=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=JXELN/fLbPebCRIywwD00rXbZ9BHZGfygBgpQ2euZKKYkapxCtnNKe7Hdag+nzSFE DFa3keBvrJdp0rsr7J0kuAtl5tPgSfeOWNqto24HtXxuzxuDj1MXrZinawOTTOQ2Ad IvRAy7C8w0jflVrvh4lzr7nQmRWmUdN6FWG4yMWs= Received: from 78.163-31-62.static.virginmediabusiness.co.uk ([62.31.163.78] helo=wait-a-minute.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jX5ad-00Ag0J-9t; Fri, 08 May 2020 17:11:07 +0100 Date: Fri, 08 May 2020 17:11:06 +0100 Message-ID: <87eeru1k6d.wl-maz@kernel.org> From: Marc Zyngier To: Neeraj Upadhyay Cc: julien.thierry.kdev@gmail.com, linux-kernel@vger.kernel.org Subject: Re: Query regarding pseudo nmi support on GIC V3 and request_nmi() In-Reply-To: <2f98a5e2-ac5a-1b22-18b8-d8a2261fc42e@codeaurora.org> References: <2a0d5719-b2c7-1287-e0b5-2dd8b1072e49@codeaurora.org> <87ftca1z9k.wl-maz@kernel.org> <2f41b2e8-925e-3869-da39-fd4ab28ca1b1@codeaurora.org> <20200508132740.2d645ea2@why> <27ecf3b0-4bb4-e89d-2ca9-3828cdcb2834@codeaurora.org> <20200508135306.1936b09b@why> <2f98a5e2-ac5a-1b22-18b8-d8a2261fc42e@codeaurora.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 EasyPG/1.0.0 Emacs/26 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 62.31.163.78 X-SA-Exim-Rcpt-To: neeraju@codeaurora.org, julien.thierry.kdev@gmail.com, linux-kernel@vger.kernel.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 08 May 2020 14:34:10 +0100, Neeraj Upadhyay wrote: > > Hi Marc, > > On 5/8/2020 6:23 PM, Marc Zyngier wrote: > > On Fri, 8 May 2020 18:09:00 +0530 > > Neeraj Upadhyay wrote: > > > >> Hi Marc, > >> > >> On 5/8/2020 5:57 PM, Marc Zyngier wrote: > >>> On Fri, 8 May 2020 16:36:42 +0530 > >>> Neeraj Upadhyay wrote: > >>> > >>>> Hi Marc, > >>>> > >>>> On 5/8/2020 4:15 PM, Marc Zyngier wrote: > >>>>> On Thu, 07 May 2020 17:06:19 +0100, > >>>>> Neeraj Upadhyay wrote: > >>>>>> > >>>>>> Hi, > >>>>>> > >>>>>> I have one query regarding pseudo NMI support on GIC v3; from what I > >>>>>> could understand, GIC v3 supports pseudo NMI setup for SPIs and PPIs. > >>>>>> However the request_nmi() in irq framework requires NMI to be per cpu > >>>>>> interrupt source (it checks for IRQF_PERCPU). Can you please help > >>>>>> understand this part, how SPIs can be configured as NMIs, if there is > >>>>>> a per cpu interrupt source restriction? > >>>>> > >>>>> Let me answer your question by another question: what is the semantic > >>>>> of a NMI if you can't associate it with a particular CPU? > >>>>> >> > >>>> I was actually thinking of a use case, where, we have a watchdog > >>>> interrupt (which is a SPI), which is used for detecting software > >>>> hangs and cause device reset; If that interrupt's current cpu > >>>> affinity is on a core, where interrupts are disabled, we won't be > >>>> able to serve it; so, we need to group that interrupt as an fiq; > >>> > >>> Linux doesn't use Group-0 interrupts, as they are strictly secure > >>> (unless your SoC doesn't have EL3, which I doubt). > >> > >> Yes, we handle that watchdog interrupt as a Group-0 interrupt, which > >> is handled as fiq in EL3. > >> > >>> > >>>> I was thinking, if its feasible to mark that interrupt as pseudo > >>>> NMI and route it to EL1 as irq. However, looks like that is not the > >>>> semantic of a NMI and we would need something like pseudo NMI ipi > >>>> for this. > >>> > >>> Sending a NMI IPI from another NMI handler? Even once I've added > >>> these, there is no way this will work for that particular scenario. > >>> Just look at the restrictions we impose on NMIs. > >>> > >> > >> Sending a pseudo NMI IPI (to EL1) from fiq handler (which runs in > >> EL3); I will check, but do you think, that might not work? > > > > How do you know, from EL3, what to write in memory so that the NMI > > handler knows what you want to do? Are you going to parse the S1 page > > tables? Hard-code the behaviour of some random Linux version in your > > legendary non-updatable firmware? This isn't an acceptable behaviour. > > > > Ok, I understand; > > Initial thought was to use watchdog SPI as pseudo NMI; however, as > pseudo NMIs are only per CPU sources, we were exploring the > possibility of using an unused ipi (using the work which is done in > [1] and [2] for SGIs) as pseudo NMI, which EL3 sends to EL1, on > receiving watchdog fiq. The pseudo NMI handler would collect required > debug information, to help indentify the lockup cause. We weren't > thinking of communicating any information from EL3 fiq handler to > EL1. What if the operating system running at EL1/EL2 is *not* Linux? > > However, from this discussion, I realize that calling irq handler from > fiq handler, would not be possible. So, the approach looks flawed. > > I believe, allowing a non-percpu pseudo NMI is not acceptable to community? No, I really don't want to entertain this idea, because the semantics are way too loosely defined and you'd end up with everyone wanting something mildly different. > > An IPI is between two CPUs used by the same SW entitiy. What runs at > > EL3 is completely alien to Linux, and so is Linux to EL3. If you want > > to IPI, send Group-0 IPIs that are private to the firmware. > > > > Ok got it; however, I wonder what's the use case of sending > SGI to EL1, from secure world, using ICC_ASGI1R. I thought it > allowed communication between EL1 and EL3; but, looks like I > understood in wrong. There is what the GIC architecture can do, and there is what is sensible for Linux. The GIC allows IPIs from S-to-NS as well as the opposite. This doesn't make it a good idea (it actually is a terrible idea, and I really hope that future versions of the architecture will simply kill the feature). The idea was that you'd make SGIs an first class ABI between S and NS. Given that the two are developed separately and that nobody ever standardised what the SGI numbers mean, this idea is completely dead. > > > If you want to inject NMI-type exceptions into EL1, you can always try > > SDEI (did I actually write this? Help!). But given your use case below, > > that wouldn't work either. > > > > Ok. > > >>> Frankly, if all you need to do is to reset the SoC, use EL3 > >>> firmware. That is what it is for. > >>> > >> > >> Before triggering SoC reset, we want to collect certain EL1 debug > >> information like stack trace for CPUs and other debug information. > > > > Frankly, if you are going to reset the SoC because EL1/EL2 has gone > > bust, how can you trust it to do anything sensible when injecting an > > interrupt?. Once you take a SPI at EL3, gather whatever state you want > > from EL3. Do not involve EL1 at all. > > > > M. > > > > Agree that it might not work for all cases. But, for the cases like, > some kernel code is stuck after disabling local irqs; pseudo NMI might > still be able to run and capture stack and other debug info, to help > detect the cause of lockups. And for that we'll have pseudo-NMI IPIs, initiated from the kernel itself as part of the normal debugging infrastructure. It is the EL3 initiated IPI to EL1 that I strongly oppose against. Not to mention that if the kernel locks up with PSTATE.I set (which still happens on exception entry), the pseudo-NMI won't work either. As I said, you only have two options: either implement everything in EL3 (and the NS OS doesn't need to know anything at all), or use SDEI as the architected way to inject an exception into the NS world (and Linux already supports it). M. -- Without deviation from the norm, progress is not possible.