On 14/07/2020, Bjorn Helgaas <helgaas@xxxxxxxxxx> wrote: >> >> a) callers of the high-level config space accessors >> pci_{write,read}_config_{byte,word,dword}, mostly in device >> drivers. >> b) low-level implementation of the config space accessors >> through struct pci_ops >> c) all other occurrences of these constants >> >> Starting with a), my first question is whether any high-level >> drivers even need to care about errors from these functions. I see >> 4913 callers that ignore the return code, and 576 that actually >> check it, and almost none care about the specific error (as you >> found as well). Unless we conclude that most PCI drivers are wrong, >> could we just change the return type to 'void' and assume they never >> fail for valid arguments on a valid pci_device* ? > > I really like this idea. > > pci_write_config_*() has one return value, and only 100ish of 2500 > callers check for errors. It's sometimes possible for config > accessors to detect PCI errors and return failure, e.g., device was > removed or didn't respond, but most of them don't, and detecting these > errors is not really that valuable. > > pci_read_config_*() is much more interesting because it returns two > things, the function return value and the value read from the PCI > device, and it's complicated to check both. > > Again it's sometimes possible for config read accessors to detect PCI > errors, but in most cases a PCI error means the accessor returns > success and the value from PCI is ~0. > > Checking the function return value catches programming errors (bad > alignment, etc) but misses most of the interesting errors (device was > unplugged or reported a PCI error). > > Checking the value returned from PCI is tricky because ~0 is a valid > value for some config registers, and only the driver knows for sure. > If the driver knows that ~0 is a possible value, it would have to do > something else, e.g., another config read of a register that *cannot* > be ~0, to see whether it's really an error. > > I suspect that if we had a single value to look at it would be easier > to get right. Error checking with current interface would look like > this: > > err = pci_read_config_word(dev, addr, &val); > if (err) > return -EINVAL; > > if (PCI_POSSIBLE_ERROR(val)) { > /* if driver knows ~0 is invalid */ > return -EINVAL; > > /* if ~0 is potentially a valid value */ > err = pci_read_config_word(dev, PCI_VENDOR_ID, &val2); > if (err) > return -EINVAL; > > if (PCI_POSSIBLE_ERROR(val2)) > return -EINVAL; > } > > Error checking with a possible interface that returned only a single > value could look like this: > > val = pci_config_read_word(dev, addr); > if (PCI_POSSIBLE_ERROR(val)) { > /* if driver knows ~0 is invalid */ > return -EINVAL; > > /* if ~0 is potentially a valid value */ > val2 = pci_config_read_word(dev, PCI_VENDOR_ID); > if (PCI_POSSIBLE_ERROR(val2)) > return -EINVAL; > } > > Am I understanding you correctly? Let us not do this. Reading config space is really expensive on some architectures. Requiring a driver to do it twice on some values does not improve upon that situation. And is quite redundant if the Root Complex driver already knows that the first access has failed. Additionally since multiple config accesses to the same devices is not allowed in the spec, the hardware must block and wait for a timeout if a config access does not get a response. (Can happen if a intermediate link between the RC and endpoint has to retrain) Having to block twice is very much not ideal. And in the case with retraining the secondary access might even succeed. As the link might recover between reading the first config word and reading PCI_VENDOR_ID. Thus allowing the driver to accept invalid data from the device. > >> For b), it might be nice to also change other aspects of the >> interface, e.g. passing a pci_host_bridge pointer plus bus number >> instead of a pci_bus pointer, or having the callback in the >> pci_host_bridge structure. > > I like this idea a lot, too. I think the fact that > pci_bus_read_config_word() requires a pci_bus * complicates things in > a few places. > > I think it's completely separate, as you say, and we should defer it > for now because even part a) is a lot of work. I added it to my list > of possible future projects. > What about strange PCI devices such as Non-Transparent bridges? They will require their own PCI Config space accessors that is not connected to a host bridge if one wants to do some sort of punch-through enumeration. I guess the kernel doesn't care much about them? Best regards, Kjetil Oftedal