On 12/29/2023 4:06 PM, Tian, Kevin wrote:
From: Ethan Zhao <haifeng.zhao@xxxxxxxxxxxxxxx>
Sent: Thursday, December 28, 2023 9:03 PM
On 12/28/2023 4:30 PM, Tian, Kevin wrote:
From: Ethan Zhao <haifeng.zhao@xxxxxxxxxxxxxxx>
Sent: Thursday, December 28, 2023 8:17 AM
For those endpoint devices connect to system via hotplug capable ports,
users could request a warm reset to the device by flapping device's link
through setting the slot's link control register, as pciehp_ist() DLLSC
interrupt sequence response, pciehp will unload the device driver and
then power it off. thus cause an IOMMU device-TLB invalidation (Intel
VT-d spec, or ATS Invalidation in PCIe spec r6.1) request for device to
be sent and a long time completion/timeout waiting in interrupt context.
is above describing the behavior of safe removal or surprise removal?
bring the link down is a kind of surprise removal for hotplug capable
device.
then it's better to make it clear from beginning that this is about surprise
removal in which device is removed and cannot respond to on-going
ATS invalidation request incurred in the removal process.
This case, customer insisted he wasn't meant to do "surprise removal", but
did a warm reset, perhas by chance, they populated adapters in the hotplug
capable slots.
typical surprise removal doesn't include such case in my understanding.
1. pull out adapter directly
2. request power off via sysfs.
but the behaviour of pciehp (hotplug driver) is exactly the same as other
surprise removal operation, so just classify it as "surprise removal" , no
items in PCIe spec mentioned this is one typical surprise removal.
perhaps no one did surprise removal via setpci tool to access pci
config space to flap power/link state, why not just pull it out.
safe removal should be immune from this problem as the device is still
responsive in the whole removal process.
Yup, agree.
[ 4223.822628] Call Trace:
[ 4223.822628] qi_flush_dev_iotlb+0xb1/0xd0
[ 4223.822628] __dmar_remove_one_dev_info+0x224/0x250
[ 4223.822629] dmar_remove_one_dev_info+0x3e/0x50
[ 4223.822629] intel_iommu_release_device+0x1f/0x30
[ 4223.822629] iommu_release_device+0x33/0x60
[ 4223.822629] iommu_bus_notifier+0x7f/0x90
[ 4223.822630] blocking_notifier_call_chain+0x60/0x90
[ 4223.822630] device_del+0x2e5/0x420
[ 4223.822630] pci_remove_bus_device+0x70/0x110
[ 4223.822630] pciehp_unconfigure_device+0x7c/0x130
I'm curious why this doesn't occur earlier when the device is
detached from the driver. At that point presumably the device
should be detached from the DMA domain which involves
ATS invalidation too.
well, that is not weird as I know
I am sure the device driver was unloaded already before user
tries to do a warm reset to the device.
In fact, customer uses a firmware tool called "mlxfwreset"
the steps that tool executed
1. send reset command to firmware
2. stop driver
3. reset pci (via setpci , then hang here).
Thanks,
Ethan
while (qi->desc_status[wait_index] != QI_DONE) {
+ /*
+ * if the device-TLB invalidation target device is gone, don't
+ * wait anymore, it might take up to 1min+50%, causes
system
+ * hang. (see Implementation Note in PCIe spec r6.1 sec
10.3.1)
+ */
+ if ((type == QI_DIOTLB_TYPE || type == QI_DEIOTLB_TYPE)
&& pdev)
+ if (!pci_device_is_present(pdev))
+ break;
I'm not sure it's the right thing to do. Such check should be put in the
caller which has the device pointer and can already know it's absent
to not call those cache invalidation helpers.
Here is to handle such case, the invalidation request is sent, but the
device is just pulled out at that moment.
one problem - the caller could pass multiple descriptors while type
only refers to the 1st descriptor.
btw is it an Intel specific problem? A quick glance at smmu driver
suggests the same problem too:
arm_smmu_atc_inv_domain()
arm_smmu_cmdq_batch_submit()
arm_smmu_cmdq_issue_cmdlist()
arm_smmu_cmdq_poll_until_sync()
__arm_smmu_cmdq_poll_until_consumed()
/*
* Wait until the SMMU cons index passes llq->prod.
* Must be called with the cmdq lock held in some capacity.
*/
static int __arm_smmu_cmdq_poll_until_consumed(struct arm_smmu_device *smmu,
struct arm_smmu_ll_queue *llq)
is there a more general way to solve it?
