On 2022-08-22 12:26, Christoph Hellwig wrote:
On Mon, Aug 22, 2022 at 10:49:09AM +0100, Robin Murphy wrote:
Hmm, it's possible this might be quietly fixed by 20347fca71a3, but either
way I'm not sure why we would need to panic *before* we've even tried to
allocate anything, when we could simply return with no harm done? If we've
ended up calculating (or being told) a buffer size which is too small to be
usable, that should be no different to disabling SWIOTLB entirely.
Hmm. I think this might be a philosophical question, but I think
failing the boot with a clear error report for a configuration that is
supposed to work but can't is way better than just panicing later on.
Depends which context of "supposed to work" you mean there. The most
logical reason to end up with a tiny SWIOTLB size is because you don't
expect to need SWIOTLB, therefore if there's now a functional minimum
size limit, failing gracefully such that the system keeps working as
before is correct in that context. Even if we assume the expectation
goes the other way, then it should be on SWIOTLB to adjust the initial
allocation size to whatever minimum it now needs, which as I say it
looks like 20347fca71a3 might do anyway. Creating new breakage by
panicking instead of making a decision one way or the other was never
the right answer.
Historically, passing "swiotlb=1" on the command line has been used to save
memory when the user knows SWIOTLB isn't needed. That should definitely not
be allowed to start panicking.
I've never seen swiotlb=1 advertized as a way to disable swiotlb.
That's always been swiotlb=noforce, which cleanly disables it.
No, it's probably not been advertised as such, but it's what clearly
fell out of the available options before "noforce" was added (which was
considerably more recently than "always"), and the fact is that people
*are* still using it even today (presumably copy-pasted through Android
BSPs since before 4.10).
Thanks,
Robin.