diff mbox series

[v12,1/6] cxl/mbox: Add GET_POISON_LIST mailbox command

Message ID e87e1792e147a46f348019cc772e06f2ea19e970.1681159309.git.alison.schofield@intel.com
State Superseded
Headers show
Series CXL Poison List Retrieval & Tracing | expand

Commit Message

Alison Schofield April 10, 2023, 8:55 p.m. UTC
From: Alison Schofield <alison.schofield@intel.com>

CXL devices maintain a list of locations that are poisoned or result
in poison if the addresses are accessed by the host.

Per the spec, (CXL 3.0 8.2.9.8.4.1), the device returns this Poison
list as a set of Media Error Records that include the source of the
error, the starting device physical address, and length. The length is
the number of adjacent DPAs in the record and is in units of 64 bytes.

Retrieve the poison list.

Signed-off-by: Alison Schofield <alison.schofield@intel.com>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Ira Weiny <ira.weiny@intel.com>
---
 drivers/cxl/core/mbox.c | 71 +++++++++++++++++++++++++++++++++++++++++
 drivers/cxl/cxlmem.h    | 67 ++++++++++++++++++++++++++++++++++++++
 drivers/cxl/pci.c       |  4 +++
 3 files changed, 142 insertions(+)

Comments

Dan Williams April 12, 2023, 1:47 a.m. UTC | #1
alison.schofield@ wrote:
> From: Alison Schofield <alison.schofield@intel.com>
> 
> CXL devices maintain a list of locations that are poisoned or result
> in poison if the addresses are accessed by the host.
> 
> Per the spec, (CXL 3.0 8.2.9.8.4.1), the device returns this Poison
> list as a set of Media Error Records that include the source of the
> error, the starting device physical address, and length. The length is
> the number of adjacent DPAs in the record and is in units of 64 bytes.
> 
> Retrieve the poison list.
> 
> Signed-off-by: Alison Schofield <alison.schofield@intel.com>
> Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> Reviewed-by: Ira Weiny <ira.weiny@intel.com>
> ---
>  drivers/cxl/core/mbox.c | 71 +++++++++++++++++++++++++++++++++++++++++
>  drivers/cxl/cxlmem.h    | 67 ++++++++++++++++++++++++++++++++++++++
>  drivers/cxl/pci.c       |  4 +++
>  3 files changed, 142 insertions(+)
> 
> diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c
> index f2addb457172..69a5d69dd53b 100644
> --- a/drivers/cxl/core/mbox.c
> +++ b/drivers/cxl/core/mbox.c
> @@ -5,6 +5,8 @@
>  #include <linux/debugfs.h>
>  #include <linux/ktime.h>
>  #include <linux/mutex.h>
> +#include <asm/unaligned.h>
> +#include <cxlpci.h>
>  #include <cxlmem.h>
>  #include <cxl.h>
>  
> @@ -994,6 +996,7 @@ int cxl_dev_state_identify(struct cxl_dev_state *cxlds)
>  	/* See CXL 2.0 Table 175 Identify Memory Device Output Payload */
>  	struct cxl_mbox_identify id;
>  	struct cxl_mbox_cmd mbox_cmd;
> +	u32 val;
>  	int rc;
>  
>  	mbox_cmd = (struct cxl_mbox_cmd) {
> @@ -1017,6 +1020,11 @@ int cxl_dev_state_identify(struct cxl_dev_state *cxlds)
>  	cxlds->lsa_size = le32_to_cpu(id.lsa_size);
>  	memcpy(cxlds->firmware_version, id.fw_revision, sizeof(id.fw_revision));
>  
> +	if (test_bit(CXL_MEM_COMMAND_ID_GET_POISON, cxlds->enabled_cmds)) {
> +		val = get_unaligned_le24(id.poison_list_max_mer);
> +		cxlds->poison.max_errors = min_t(u32, val, CXL_POISON_LIST_MAX);
> +	}
> +

With this new interface I do not expect we want to support user tooling
that wants to retrieve the list via ioctl. So I think this wants a
lead-in patch that deprecates the poison command support so that the
linux-cxl community only has one mechanism to maintain going forward.

Something like the below as a lead-in, and then you would add code to
cxl_walk_cel() to set a flag for the "get poison" machinery.

-- >8 --
From f2cd1d1e09fe6f36255f3b8cd831b2b4903045d4 Mon Sep 17 00:00:00 2001
From: Dan Williams <dan.j.williams@intel.com>
Date: Tue, 11 Apr 2023 17:48:45 -0700
Subject: [PATCH] cxl/mbox: Deprecate poison commands

The CXL subsystem is adding a formal mechanism for retrieving the poison
list. Minimize the maintenance burden going forward, and maximize the
investment in common tooling by deprecating direct user access to issue
this command outside of CXL_MEM_RAW_COMMANDS debug scenarios.

A new cxl_deprecated_commands[] list is created for querying which
command ids defined in previous kernels are now deprecated.

Effectively all of the commands defined in:

87815ee9d006 ("cxl/pci: Add media provisioning required commands")

...were defined prematurely and should have waited until the kernel
implementation was decided. To my knowledge there are no shipping
devices with poison listing support and no known tools that would
regress with this change.

Signed-off-by: Dan Williams <dan.j.williams@intel.com>
---
 drivers/cxl/core/mbox.c      |  3 ---
 include/uapi/linux/cxl_mem.h | 31 ++++++++++++++++++++++++++++---
 2 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c
index f2addb457172..8e24038b8769 100644
--- a/drivers/cxl/core/mbox.c
+++ b/drivers/cxl/core/mbox.c
@@ -61,9 +61,6 @@ static struct cxl_mem_command cxl_mem_commands[CXL_MEM_COMMAND_ID_MAX] = {
 	CXL_CMD(SET_ALERT_CONFIG, 0xc, 0, 0),
 	CXL_CMD(GET_SHUTDOWN_STATE, 0, 0x1, 0),
 	CXL_CMD(SET_SHUTDOWN_STATE, 0x1, 0, 0),
-	CXL_CMD(GET_POISON, 0x10, CXL_VARIABLE_PAYLOAD, 0),
-	CXL_CMD(INJECT_POISON, 0x8, 0, 0),
-	CXL_CMD(CLEAR_POISON, 0x48, 0, 0),
 	CXL_CMD(GET_SCAN_MEDIA_CAPS, 0x10, 0x4, 0),
 	CXL_CMD(SCAN_MEDIA, 0x11, 0, 0),
 	CXL_CMD(GET_SCAN_MEDIA, 0, CXL_VARIABLE_PAYLOAD, 0),
diff --git a/include/uapi/linux/cxl_mem.h b/include/uapi/linux/cxl_mem.h
index 86bbacf2a315..90f17343f1ba 100644
--- a/include/uapi/linux/cxl_mem.h
+++ b/include/uapi/linux/cxl_mem.h
@@ -40,19 +40,22 @@
 	___C(SET_ALERT_CONFIG, "Set Alert Configuration"),                \
 	___C(GET_SHUTDOWN_STATE, "Get Shutdown State"),                   \
 	___C(SET_SHUTDOWN_STATE, "Set Shutdown State"),                   \
-	___C(GET_POISON, "Get Poison List"),                              \
-	___C(INJECT_POISON, "Inject Poison"),                             \
-	___C(CLEAR_POISON, "Clear Poison"),                               \
+	___DEPRECATED(GET_POISON, "Get Poison List"),                     \
+	___DEPRECATED(INJECT_POISON, "Inject Poison"),                    \
+	___DEPRECATED(CLEAR_POISON, "Clear Poison"),                      \
 	___C(GET_SCAN_MEDIA_CAPS, "Get Scan Media Capabilities"),         \
 	___C(SCAN_MEDIA, "Scan Media"),                                   \
 	___C(GET_SCAN_MEDIA, "Get Scan Media Results"),                   \
 	___C(MAX, "invalid / last command")
 
 #define ___C(a, b) CXL_MEM_COMMAND_ID_##a
+#define ___DEPRECATED(a, b) CXL_MEM_DEPRECATED_ID_##a
 enum { CXL_CMDS };
 
 #undef ___C
+#undef ___DEPRECATED
 #define ___C(a, b) { b }
+#define ___DEPRECATED(a, b) { "Deprecated " b }
 static const struct {
 	const char *name;
 } cxl_command_names[] __attribute__((__unused__)) = { CXL_CMDS };
@@ -68,6 +71,28 @@ static const struct {
  */
 
 #undef ___C
+#undef ___DEPRECATED
+#define ___C(a, b) (0)
+#define ___DEPRECATED(a, b) (1)
+
+static const u8 cxl_deprecated_commands[]
+	__attribute__((__unused__)) = { CXL_CMDS };
+
+/*
+ * Here's how this actually breaks out:
+ * cxl_deprecated_commands[] = {
+ *	[CXL_MEM_COMMAND_ID_INVALID] = 0,
+ *	[CXL_MEM_COMMAND_ID_IDENTIFY] = 0,
+ *	...
+ *	[CXL_MEM_DEPRECATED_ID_GET_POISON] = 1,
+ *	[CXL_MEM_DEPRECATED_ID_INJECT_POISON] = 1,
+ *	[CXL_MEM_DEPRECATED_ID_CLEAR_POISON] = 1,
+ *	...
+ * };
+ */
+
+#undef ___C
+#undef ___DEPRECATED
 
 /**
  * struct cxl_command_info - Command information returned from a query.
Alison Schofield April 12, 2023, 4:45 a.m. UTC | #2
On Tue, Apr 11, 2023 at 06:47:56PM -0700, Dan Williams wrote:
> alison.schofield@ wrote:
> > From: Alison Schofield <alison.schofield@intel.com>
> > 
> > CXL devices maintain a list of locations that are poisoned or result
> > in poison if the addresses are accessed by the host.
> > 
> > Per the spec, (CXL 3.0 8.2.9.8.4.1), the device returns this Poison
> > list as a set of Media Error Records that include the source of the
> > error, the starting device physical address, and length. The length is
> > the number of adjacent DPAs in the record and is in units of 64 bytes.
> > 
> > Retrieve the poison list.
> > 
> > Signed-off-by: Alison Schofield <alison.schofield@intel.com>
> > Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> > Reviewed-by: Ira Weiny <ira.weiny@intel.com>
> > ---
> >  drivers/cxl/core/mbox.c | 71 +++++++++++++++++++++++++++++++++++++++++
> >  drivers/cxl/cxlmem.h    | 67 ++++++++++++++++++++++++++++++++++++++
> >  drivers/cxl/pci.c       |  4 +++
> >  3 files changed, 142 insertions(+)
> > 
> > diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c
> > index f2addb457172..69a5d69dd53b 100644
> > --- a/drivers/cxl/core/mbox.c
> > +++ b/drivers/cxl/core/mbox.c
> > @@ -5,6 +5,8 @@
> >  #include <linux/debugfs.h>
> >  #include <linux/ktime.h>
> >  #include <linux/mutex.h>
> > +#include <asm/unaligned.h>
> > +#include <cxlpci.h>
> >  #include <cxlmem.h>
> >  #include <cxl.h>
> >  
> > @@ -994,6 +996,7 @@ int cxl_dev_state_identify(struct cxl_dev_state *cxlds)
> >  	/* See CXL 2.0 Table 175 Identify Memory Device Output Payload */
> >  	struct cxl_mbox_identify id;
> >  	struct cxl_mbox_cmd mbox_cmd;
> > +	u32 val;
> >  	int rc;
> >  
> >  	mbox_cmd = (struct cxl_mbox_cmd) {
> > @@ -1017,6 +1020,11 @@ int cxl_dev_state_identify(struct cxl_dev_state *cxlds)
> >  	cxlds->lsa_size = le32_to_cpu(id.lsa_size);
> >  	memcpy(cxlds->firmware_version, id.fw_revision, sizeof(id.fw_revision));
> >  
> > +	if (test_bit(CXL_MEM_COMMAND_ID_GET_POISON, cxlds->enabled_cmds)) {
> > +		val = get_unaligned_le24(id.poison_list_max_mer);
> > +		cxlds->poison.max_errors = min_t(u32, val, CXL_POISON_LIST_MAX);
> > +	}
> > +
> 
> With this new interface I do not expect we want to support user tooling
> that wants to retrieve the list via ioctl. So I think this wants a
> lead-in patch that deprecates the poison command support so that the
> linux-cxl community only has one mechanism to maintain going forward.
> 
> Something like the below as a lead-in, and then you would add code to
> cxl_walk_cel() to set a flag for the "get poison" machinery.

In the inject & clear series, I made the commands kernel exclusive (and
also blocked their usage in raw mode).

https://lore.kernel.org/linux-cxl/1576040e-e8db-bc78-2fa3-622c8f7da8ec@intel.com/T/#m5b86f3e88ee7ad5b92843babdb9fd41b7f03cf36

Is that not enough or not the right protection?

Alison

> 
> -- >8 --
> From f2cd1d1e09fe6f36255f3b8cd831b2b4903045d4 Mon Sep 17 00:00:00 2001
> From: Dan Williams <dan.j.williams@intel.com>
> Date: Tue, 11 Apr 2023 17:48:45 -0700
> Subject: [PATCH] cxl/mbox: Deprecate poison commands
> 
> The CXL subsystem is adding a formal mechanism for retrieving the poison
> list. Minimize the maintenance burden going forward, and maximize the
> investment in common tooling by deprecating direct user access to issue
> this command outside of CXL_MEM_RAW_COMMANDS debug scenarios.
> 
> A new cxl_deprecated_commands[] list is created for querying which
> command ids defined in previous kernels are now deprecated.
> 
> Effectively all of the commands defined in:
> 
> 87815ee9d006 ("cxl/pci: Add media provisioning required commands")
> 
> ...were defined prematurely and should have waited until the kernel
> implementation was decided. To my knowledge there are no shipping
> devices with poison listing support and no known tools that would
> regress with this change.
> 
> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> ---
>  drivers/cxl/core/mbox.c      |  3 ---
>  include/uapi/linux/cxl_mem.h | 31 ++++++++++++++++++++++++++++---
>  2 files changed, 28 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c
> index f2addb457172..8e24038b8769 100644
> --- a/drivers/cxl/core/mbox.c
> +++ b/drivers/cxl/core/mbox.c
> @@ -61,9 +61,6 @@ static struct cxl_mem_command cxl_mem_commands[CXL_MEM_COMMAND_ID_MAX] = {
>  	CXL_CMD(SET_ALERT_CONFIG, 0xc, 0, 0),
>  	CXL_CMD(GET_SHUTDOWN_STATE, 0, 0x1, 0),
>  	CXL_CMD(SET_SHUTDOWN_STATE, 0x1, 0, 0),
> -	CXL_CMD(GET_POISON, 0x10, CXL_VARIABLE_PAYLOAD, 0),
> -	CXL_CMD(INJECT_POISON, 0x8, 0, 0),
> -	CXL_CMD(CLEAR_POISON, 0x48, 0, 0),
>  	CXL_CMD(GET_SCAN_MEDIA_CAPS, 0x10, 0x4, 0),
>  	CXL_CMD(SCAN_MEDIA, 0x11, 0, 0),
>  	CXL_CMD(GET_SCAN_MEDIA, 0, CXL_VARIABLE_PAYLOAD, 0),
> diff --git a/include/uapi/linux/cxl_mem.h b/include/uapi/linux/cxl_mem.h
> index 86bbacf2a315..90f17343f1ba 100644
> --- a/include/uapi/linux/cxl_mem.h
> +++ b/include/uapi/linux/cxl_mem.h
> @@ -40,19 +40,22 @@
>  	___C(SET_ALERT_CONFIG, "Set Alert Configuration"),                \
>  	___C(GET_SHUTDOWN_STATE, "Get Shutdown State"),                   \
>  	___C(SET_SHUTDOWN_STATE, "Set Shutdown State"),                   \
> -	___C(GET_POISON, "Get Poison List"),                              \
> -	___C(INJECT_POISON, "Inject Poison"),                             \
> -	___C(CLEAR_POISON, "Clear Poison"),                               \
> +	___DEPRECATED(GET_POISON, "Get Poison List"),                     \
> +	___DEPRECATED(INJECT_POISON, "Inject Poison"),                    \
> +	___DEPRECATED(CLEAR_POISON, "Clear Poison"),                      \
>  	___C(GET_SCAN_MEDIA_CAPS, "Get Scan Media Capabilities"),         \
>  	___C(SCAN_MEDIA, "Scan Media"),                                   \
>  	___C(GET_SCAN_MEDIA, "Get Scan Media Results"),                   \
>  	___C(MAX, "invalid / last command")
>  
>  #define ___C(a, b) CXL_MEM_COMMAND_ID_##a
> +#define ___DEPRECATED(a, b) CXL_MEM_DEPRECATED_ID_##a
>  enum { CXL_CMDS };
>  
>  #undef ___C
> +#undef ___DEPRECATED
>  #define ___C(a, b) { b }
> +#define ___DEPRECATED(a, b) { "Deprecated " b }
>  static const struct {
>  	const char *name;
>  } cxl_command_names[] __attribute__((__unused__)) = { CXL_CMDS };
> @@ -68,6 +71,28 @@ static const struct {
>   */
>  
>  #undef ___C
> +#undef ___DEPRECATED
> +#define ___C(a, b) (0)
> +#define ___DEPRECATED(a, b) (1)
> +
> +static const u8 cxl_deprecated_commands[]
> +	__attribute__((__unused__)) = { CXL_CMDS };
> +
> +/*
> + * Here's how this actually breaks out:
> + * cxl_deprecated_commands[] = {
> + *	[CXL_MEM_COMMAND_ID_INVALID] = 0,
> + *	[CXL_MEM_COMMAND_ID_IDENTIFY] = 0,
> + *	...
> + *	[CXL_MEM_DEPRECATED_ID_GET_POISON] = 1,
> + *	[CXL_MEM_DEPRECATED_ID_INJECT_POISON] = 1,
> + *	[CXL_MEM_DEPRECATED_ID_CLEAR_POISON] = 1,
> + *	...
> + * };
> + */
> +
> +#undef ___C
> +#undef ___DEPRECATED
>  
>  /**
>   * struct cxl_command_info - Command information returned from a query.
> -- 
> 2.39.2
> -- 8< --
> 
> >  	return 0;
> >  }
> >  EXPORT_SYMBOL_NS_GPL(cxl_dev_state_identify, CXL);
> > @@ -1107,6 +1115,69 @@ int cxl_set_timestamp(struct cxl_dev_state *cxlds)
> >  }
> >  EXPORT_SYMBOL_NS_GPL(cxl_set_timestamp, CXL);
> >  
> > +int cxl_mem_get_poison(struct cxl_memdev *cxlmd, u64 offset, u64 len,
> > +		       struct cxl_region *cxlr)
> > +{
> > +	struct cxl_dev_state *cxlds = cxlmd->cxlds;
> > +	struct cxl_mbox_poison_out *po;
> > +	struct cxl_mbox_poison_in pi;
> > +	struct cxl_mbox_cmd mbox_cmd;
> > +	int nr_records = 0;
> > +	int rc;
> > +
> > +	rc = mutex_lock_interruptible(&cxlds->poison.lock);
> > +	if (rc)
> > +		return rc;
> > +
> > +	po = cxlds->poison.list_out;
> > +	pi.offset = cpu_to_le64(offset);
> > +	pi.length = cpu_to_le64(len / CXL_POISON_LEN_MULT);
> > +
> > +	mbox_cmd = (struct cxl_mbox_cmd) {
> > +		.opcode = CXL_MBOX_OP_GET_POISON,
> > +		.size_in = sizeof(pi),
> > +		.payload_in = &pi,
> > +		.size_out = cxlds->payload_size,
> > +		.payload_out = po,
> > +		.min_out = struct_size(po, record, 0),
> > +	};
> > +
> > +	do {
> > +		rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
> > +		if (rc)
> > +			break;
> > +
> > +		/* TODO TRACE the media error records */
> > +
> > +		/* Protect against an uncleared _FLAG_MORE */
> > +		nr_records = nr_records + le16_to_cpu(po->count);
> > +		if (nr_records >= cxlds->poison.max_errors) {
> > +			dev_dbg(&cxlmd->dev, "Max Error Records reached: %d\n",
> > +				nr_records);
> > +			break;
> > +		}
> > +	} while (po->flags & CXL_POISON_FLAG_MORE);
> > +
> > +	mutex_unlock(&cxlds->poison.lock);
> > +	return rc;
> > +}
> > +EXPORT_SYMBOL_NS_GPL(cxl_mem_get_poison, CXL);
> > +
> > +int cxl_poison_state_init(struct cxl_dev_state *cxlds)
> > +{
> > +	if (!test_bit(CXL_MEM_COMMAND_ID_GET_POISON, cxlds->enabled_cmds))
> > +		return 0;
> > +
> > +	cxlds->poison.list_out = devm_kzalloc(cxlds->dev, cxlds->payload_size,
> > +					      GFP_KERNEL);
> 
> Given the payload can be multiple pages in size use kvmalloc() like
> cxl_mem_alloc_event_buf().
> 
> > +	if (!cxlds->poison.list_out)
> > +		return -ENOMEM;
> > +
> > +	mutex_init(&cxlds->poison.lock);
> > +	return 0;
> > +}
> > +EXPORT_SYMBOL_NS_GPL(cxl_poison_state_init, CXL);
> > +
> >  struct cxl_dev_state *cxl_dev_state_create(struct device *dev)
> >  {
> >  	struct cxl_dev_state *cxlds;
> > diff --git a/drivers/cxl/cxlmem.h b/drivers/cxl/cxlmem.h
> > index ccbafc05a636..a3033c8dd8e2 100644
> > --- a/drivers/cxl/cxlmem.h
> > +++ b/drivers/cxl/cxlmem.h
> > @@ -215,6 +215,24 @@ struct cxl_event_state {
> >  	struct mutex log_lock;
> >  };
> >  
> > +/**
> > + * struct cxl_poison_state - Driver poison state info
> > + *
> > + * @max_errors: Maximum media error records held in device cache
> > + * @list_out: The poison list payload returned by device
> > + * @lock: Protect reads of the poison list
> > + *
> > + * Reads of the poison list are synchronized to ensure that a reader
> > + * does not get an incomplete list because their request overlapped
> > + * (was interrupted or preceded by) another read request of the same
> > + * DPA range. CXL Spec 3.0 Section 8.2.9.8.4.1
> > + */
> > +struct cxl_poison_state {
> > +	u32 max_errors;
> > +	struct cxl_mbox_poison_out *list_out;
> > +	struct mutex lock;  /* Protect reads of poison list */
> > +};
> > +
> >  /**
> >   * struct cxl_dev_state - The driver device state
> >   *
> > @@ -251,6 +269,7 @@ struct cxl_event_state {
> >   * @serial: PCIe Device Serial Number
> >   * @doe_mbs: PCI DOE mailbox array
> >   * @event: event log driver state
> > + * @poison: poison driver state info
> >   * @mbox_send: @dev specific transport for transmitting mailbox commands
> >   *
> >   * See section 8.2.9.5.2 Capacity Configuration and Label Storage for
> > @@ -290,6 +309,7 @@ struct cxl_dev_state {
> >  	struct xarray doe_mbs;
> >  
> >  	struct cxl_event_state event;
> > +	struct cxl_poison_state poison;
> >  
> >  	int (*mbox_send)(struct cxl_dev_state *cxlds, struct cxl_mbox_cmd *cmd);
> >  };
> > @@ -538,6 +558,50 @@ struct cxl_mbox_set_timestamp_in {
> >  
> >  } __packed;
> >  
> > +/* Get Poison List  CXL 3.0 Spec 8.2.9.8.4.1 */
> > +struct cxl_mbox_poison_in {
> > +	__le64 offset;
> > +	__le64 length;
> > +} __packed;
> > +
> > +struct cxl_mbox_poison_out {
> > +	u8 flags;
> > +	u8 rsvd1;
> > +	__le64 overflow_t;
> 
> I was wondering what the "_t" meant, I always read that as "type". Perhaps
> "_ts" or even just spell out "_timestamp".
> 
> Aside from the minor fixups and reworking the enumeration mechanism per
> above, this looks good to me.
Dan Williams April 12, 2023, 5:18 a.m. UTC | #3
Alison Schofield wrote:
> On Tue, Apr 11, 2023 at 06:47:56PM -0700, Dan Williams wrote:
> > alison.schofield@ wrote:
> > > From: Alison Schofield <alison.schofield@intel.com>
> > > 
> > > CXL devices maintain a list of locations that are poisoned or result
> > > in poison if the addresses are accessed by the host.
> > > 
> > > Per the spec, (CXL 3.0 8.2.9.8.4.1), the device returns this Poison
> > > list as a set of Media Error Records that include the source of the
> > > error, the starting device physical address, and length. The length is
> > > the number of adjacent DPAs in the record and is in units of 64 bytes.
> > > 
> > > Retrieve the poison list.
> > > 
> > > Signed-off-by: Alison Schofield <alison.schofield@intel.com>
> > > Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> > > Reviewed-by: Ira Weiny <ira.weiny@intel.com>
> > > ---
> > >  drivers/cxl/core/mbox.c | 71 +++++++++++++++++++++++++++++++++++++++++
> > >  drivers/cxl/cxlmem.h    | 67 ++++++++++++++++++++++++++++++++++++++
> > >  drivers/cxl/pci.c       |  4 +++
> > >  3 files changed, 142 insertions(+)
> > > 
> > > diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c
> > > index f2addb457172..69a5d69dd53b 100644
> > > --- a/drivers/cxl/core/mbox.c
> > > +++ b/drivers/cxl/core/mbox.c
> > > @@ -5,6 +5,8 @@
> > >  #include <linux/debugfs.h>
> > >  #include <linux/ktime.h>
> > >  #include <linux/mutex.h>
> > > +#include <asm/unaligned.h>
> > > +#include <cxlpci.h>
> > >  #include <cxlmem.h>
> > >  #include <cxl.h>
> > >  
> > > @@ -994,6 +996,7 @@ int cxl_dev_state_identify(struct cxl_dev_state *cxlds)
> > >  	/* See CXL 2.0 Table 175 Identify Memory Device Output Payload */
> > >  	struct cxl_mbox_identify id;
> > >  	struct cxl_mbox_cmd mbox_cmd;
> > > +	u32 val;
> > >  	int rc;
> > >  
> > >  	mbox_cmd = (struct cxl_mbox_cmd) {
> > > @@ -1017,6 +1020,11 @@ int cxl_dev_state_identify(struct cxl_dev_state *cxlds)
> > >  	cxlds->lsa_size = le32_to_cpu(id.lsa_size);
> > >  	memcpy(cxlds->firmware_version, id.fw_revision, sizeof(id.fw_revision));
> > >  
> > > +	if (test_bit(CXL_MEM_COMMAND_ID_GET_POISON, cxlds->enabled_cmds)) {
> > > +		val = get_unaligned_le24(id.poison_list_max_mer);
> > > +		cxlds->poison.max_errors = min_t(u32, val, CXL_POISON_LIST_MAX);
> > > +	}
> > > +
> > 
> > With this new interface I do not expect we want to support user tooling
> > that wants to retrieve the list via ioctl. So I think this wants a
> > lead-in patch that deprecates the poison command support so that the
> > linux-cxl community only has one mechanism to maintain going forward.
> > 
> > Something like the below as a lead-in, and then you would add code to
> > cxl_walk_cel() to set a flag for the "get poison" machinery.
> 
> In the inject & clear series, I made the commands kernel exclusive (and
> also blocked their usage in raw mode).
> 
> https://lore.kernel.org/linux-cxl/1576040e-e8db-bc78-2fa3-622c8f7da8ec@intel.com/T/#m5b86f3e88ee7ad5b92843babdb9fd41b7f03cf36
> 
> Is that not enough or not the right protection?

I think I'm having deja vu and maybe we talked about this already and I
forgot the outcome?

The concern is having a consistent approach across the commands that are
valid from userspace all the time, those that are valid sometimes
(temporarily marked exclusive), and those that are unsupported from
userspace (unsupported via raw command being a special case of that).

For recent new mailbox functionality like CXL_MBOX_OP_GET_EVENT_RECORD
and the DCD commands, that are only expected to be executed from the
kernel, those are kept out of the CXL_CMDS list, not marked exclusive.

The commands marked exclusive like the label commands return EBUSY, but
only while libnvdimm owns the label area. If libnvdimm is disconnected
(echo pmemX > /sys/bus/cxl/drivers/cxl_pmem/unbind), then those commands
stop being exclusive.

So, I think I want to keep "exclusive" as a set of commands that are
suitable to build into a user tool just that the tool needs to know the
rules about when those commands might be busy.

For poison the user tool is expected to use sysfs + trace-events, so
including it in the list of available commands returned by
CXL_MEM_QUERY_COMMANDS only to never be able to execute it seems wrong.

Marking it deprecated as a "whoops" feels more honest and brings it in
line with the other commands that are permanently kernel exclusive.
Alison Schofield April 12, 2023, 6:01 p.m. UTC | #4
On Tue, Apr 11, 2023 at 10:18:40PM -0700, Dan Williams wrote:
> Alison Schofield wrote:
> > On Tue, Apr 11, 2023 at 06:47:56PM -0700, Dan Williams wrote:
> > > alison.schofield@ wrote:
> > > > From: Alison Schofield <alison.schofield@intel.com>
> > > > 

snip

> > > 
> > > With this new interface I do not expect we want to support user tooling
> > > that wants to retrieve the list via ioctl. So I think this wants a
> > > lead-in patch that deprecates the poison command support so that the
> > > linux-cxl community only has one mechanism to maintain going forward.
> > > 
> > > Something like the below as a lead-in, and then you would add code to
> > > cxl_walk_cel() to set a flag for the "get poison" machinery.
> > 
> > In the inject & clear series, I made the commands kernel exclusive (and
> > also blocked their usage in raw mode).
> > 
> > https://lore.kernel.org/linux-cxl/1576040e-e8db-bc78-2fa3-622c8f7da8ec@intel.com/T/#m5b86f3e88ee7ad5b92843babdb9fd41b7f03cf36
> > 
> > Is that not enough or not the right protection?
> 
> I think I'm having deja vu and maybe we talked about this already and I
> forgot the outcome?
> 
> The concern is having a consistent approach across the commands that are
> valid from userspace all the time, those that are valid sometimes
> (temporarily marked exclusive), and those that are unsupported from
> userspace (unsupported via raw command being a special case of that).
> 
> For recent new mailbox functionality like CXL_MBOX_OP_GET_EVENT_RECORD
> and the DCD commands, that are only expected to be executed from the
> kernel, those are kept out of the CXL_CMDS list, not marked exclusive.
> 
> The commands marked exclusive like the label commands return EBUSY, but
> only while libnvdimm owns the label area. If libnvdimm is disconnected
> (echo pmemX > /sys/bus/cxl/drivers/cxl_pmem/unbind), then those commands
> stop being exclusive.
> 
> So, I think I want to keep "exclusive" as a set of commands that are
> suitable to build into a user tool just that the tool needs to know the
> rules about when those commands might be busy.
> 
> For poison the user tool is expected to use sysfs + trace-events, so
> including it in the list of available commands returned by
> CXL_MEM_QUERY_COMMANDS only to never be able to execute it seems wrong.
> 
> Marking it deprecated as a "whoops" feels more honest and brings it in
> line with the other commands that are permanently kernel exclusive.


Yes, we were here previously w Inject & Clear series, and didn't close on
it. My last words were were in a inject/clear changelog:

>>  I didn't deprecate the ioctls as Dan suggested. Instead, I followed
>>  on Ira's recent clean up wrt enabled and exclusive commands, deciding
>>  that the honest response to a cxl_query() would be 'Enabled' (if hardware
>>  supports) and kernel 'Exclusive' (always). Please take a look.

Once we deprecate, is there a way for users to determine what commands a
device supports?

Can you post that deprecate patch preemptively? I'll update the affected
series to follow it.

Please include SCAN_MEDIA & GET_SCAN_MEDIA in your patch for the same reason. 
SCAN_MEDIA_CAPS is harmless.

 	___C(GET_SCAN_MEDIA_CAPS, "Get Scan Media Capabilities"),         \
-	___C(SCAN_MEDIA, "Scan Media"),                                   \
-	___C(GET_SCAN_MEDIA, "Get Scan Media Results"),                   \
+	___DEPRECATED(SCAN_MEDIA, "Scan Media"),                          \
+	___DEPRECATED(GET_SCAN_MEDIA, "Get Scan Media Results"),          \
 	___C(MAX, "invalid / last command")

Alison
Alison Schofield April 12, 2023, 6:06 p.m. UTC | #5
On Tue, Apr 11, 2023 at 06:47:56PM -0700, Dan Williams wrote:

responding to the non-deprecate-related feedback...

> alison.schofield@ wrote:
> > From: Alison Schofield <alison.schofield@intel.com>
> > 

snip

> > +
> > +int cxl_poison_state_init(struct cxl_dev_state *cxlds)
> > +{
> > +	if (!test_bit(CXL_MEM_COMMAND_ID_GET_POISON, cxlds->enabled_cmds))
> > +		return 0;
> > +
> > +	cxlds->poison.list_out = devm_kzalloc(cxlds->dev, cxlds->payload_size,
> > +					      GFP_KERNEL);
> 
> Given the payload can be multiple pages in size use kvmalloc() like
> cxl_mem_alloc_event_buf().

Got it, thanks.

> 
> > +	if (!cxlds->poison.list_out)
> > +		return -ENOMEM;
> > +
> > +	mutex_init(&cxlds->poison.lock);
> > +	return 0;
> > +}

> > +struct cxl_mbox_poison_in {
> > +	__le64 offset;
> > +	__le64 length;
> > +} __packed;
> > +
> > +struct cxl_mbox_poison_out {
> > +	u8 flags;
> > +	u8 rsvd1;
> > +	__le64 overflow_t;
> 
> I was wondering what the "_t" meant, I always read that as "type". Perhaps
> "_ts" or even just spell out "_timestamp".
>

Sure, picking overflow_ts


> Aside from the minor fixups and reworking the enumeration mechanism per
> above, this looks good to me.
Dan Williams April 12, 2023, 7:16 p.m. UTC | #6
Alison Schofield wrote:
[..]
> Once we deprecate, is there a way for users to determine what commands a
> device supports?

I think this discussion needs to be careful about the word "command"
there's the Linux CXL command ids and there are the device mailbox
command opcodes. The Linux commands ids are usually, but not always, a 1:1
match with the mailbox commands, but the functionality that the mailbox
command implements need not be wrapped by a Linux command id.

For poison retrieval the user will know that the device supports it
because the poison sysfs entries will pop up. For DCD the user will know
that the device supports the commands because the DCD region info will
show up in sysfs. So, CXL_MEM_QUERY_COMMANDS is only a mechanism to
enumerate the Linux command ids, the way to query device functionality
is via a combination of CXL_MEM_QUERY_COMMANDS and sysfs.

> 
> Can you post that deprecate patch preemptively? I'll update the affected
> series to follow it.
> 
> Please include SCAN_MEDIA & GET_SCAN_MEDIA in your patch for the same reason. 
> SCAN_MEDIA_CAPS is harmless.

I was going to say wait until the scan media kernel implementation shows
up, but you're right the sooner we deprecate the better.

>  	___C(GET_SCAN_MEDIA_CAPS, "Get Scan Media Capabilities"),         \
> -	___C(SCAN_MEDIA, "Scan Media"),                                   \
> -	___C(GET_SCAN_MEDIA, "Get Scan Media Results"),                   \
> +	___DEPRECATED(SCAN_MEDIA, "Scan Media"),                          \
> +	___DEPRECATED(GET_SCAN_MEDIA, "Get Scan Media Results"),          \
>  	___C(MAX, "invalid / last command")

I was thinking you would pick up that patch in your next posting, so go
ahead and pull in that update.
Alison Schofield April 13, 2023, 4:48 p.m. UTC | #7
On Tue, Apr 11, 2023 at 06:47:56PM -0700, Dan Williams wrote:
> alison.schofield@ wrote:
> > From: Alison Schofield <alison.schofield@intel.com>
> > 

follow up on the deprecate patch...

snip

> 
> With this new interface I do not expect we want to support user tooling
> that wants to retrieve the list via ioctl. So I think this wants a
> lead-in patch that deprecates the poison command support so that the
> linux-cxl community only has one mechanism to maintain going forward.
> 
> Something like the below as a lead-in, and then you would add code to
> cxl_walk_cel() to set a flag for the "get poison" machinery.
> 
> -- >8 --
> From f2cd1d1e09fe6f36255f3b8cd831b2b4903045d4 Mon Sep 17 00:00:00 2001
> From: Dan Williams <dan.j.williams@intel.com>
> Date: Tue, 11 Apr 2023 17:48:45 -0700
> Subject: [PATCH] cxl/mbox: Deprecate poison commands
> 
> The CXL subsystem is adding a formal mechanism for retrieving the poison
> list. Minimize the maintenance burden going forward, and maximize the
> investment in common tooling by deprecating direct user access to issue
> this command outside of CXL_MEM_RAW_COMMANDS debug scenarios.

I'm expanding the scope of this deprecate patch to include Scan
commands, and want to make above statement correct, wrt what is
allowed in raw mode.

Today, Scan Media (& Results) are not allowed in raw.
It seems like in the spirit of raw, we should allow the scans. That
would be same as the raw allowed commands Get Poison, Inject & Clear.

Thoughts?

Alison

> 
> A new cxl_deprecated_commands[] list is created for querying which
> command ids defined in previous kernels are now deprecated.
> 
> Effectively all of the commands defined in:
> 
> 87815ee9d006 ("cxl/pci: Add media provisioning required commands")
> 
> ...were defined prematurely and should have waited until the kernel
> implementation was decided. To my knowledge there are no shipping
> devices with poison listing support and no known tools that would
> regress with this change.
> 
> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> ---
>  drivers/cxl/core/mbox.c      |  3 ---
>  include/uapi/linux/cxl_mem.h | 31 ++++++++++++++++++++++++++++---
>  2 files changed, 28 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c
> index f2addb457172..8e24038b8769 100644
> --- a/drivers/cxl/core/mbox.c
> +++ b/drivers/cxl/core/mbox.c
> @@ -61,9 +61,6 @@ static struct cxl_mem_command cxl_mem_commands[CXL_MEM_COMMAND_ID_MAX] = {
>  	CXL_CMD(SET_ALERT_CONFIG, 0xc, 0, 0),
>  	CXL_CMD(GET_SHUTDOWN_STATE, 0, 0x1, 0),
>  	CXL_CMD(SET_SHUTDOWN_STATE, 0x1, 0, 0),
> -	CXL_CMD(GET_POISON, 0x10, CXL_VARIABLE_PAYLOAD, 0),
> -	CXL_CMD(INJECT_POISON, 0x8, 0, 0),
> -	CXL_CMD(CLEAR_POISON, 0x48, 0, 0),
>  	CXL_CMD(GET_SCAN_MEDIA_CAPS, 0x10, 0x4, 0),
>  	CXL_CMD(SCAN_MEDIA, 0x11, 0, 0),
>  	CXL_CMD(GET_SCAN_MEDIA, 0, CXL_VARIABLE_PAYLOAD, 0),
> diff --git a/include/uapi/linux/cxl_mem.h b/include/uapi/linux/cxl_mem.h
> index 86bbacf2a315..90f17343f1ba 100644
> --- a/include/uapi/linux/cxl_mem.h
> +++ b/include/uapi/linux/cxl_mem.h
> @@ -40,19 +40,22 @@
>  	___C(SET_ALERT_CONFIG, "Set Alert Configuration"),                \
>  	___C(GET_SHUTDOWN_STATE, "Get Shutdown State"),                   \
>  	___C(SET_SHUTDOWN_STATE, "Set Shutdown State"),                   \
> -	___C(GET_POISON, "Get Poison List"),                              \
> -	___C(INJECT_POISON, "Inject Poison"),                             \
> -	___C(CLEAR_POISON, "Clear Poison"),                               \
> +	___DEPRECATED(GET_POISON, "Get Poison List"),                     \
> +	___DEPRECATED(INJECT_POISON, "Inject Poison"),                    \
> +	___DEPRECATED(CLEAR_POISON, "Clear Poison"),                      \
>  	___C(GET_SCAN_MEDIA_CAPS, "Get Scan Media Capabilities"),         \
>  	___C(SCAN_MEDIA, "Scan Media"),                                   \
>  	___C(GET_SCAN_MEDIA, "Get Scan Media Results"),                   \
>  	___C(MAX, "invalid / last command")
>  
>  #define ___C(a, b) CXL_MEM_COMMAND_ID_##a
> +#define ___DEPRECATED(a, b) CXL_MEM_DEPRECATED_ID_##a
>  enum { CXL_CMDS };
>  
>  #undef ___C
> +#undef ___DEPRECATED
>  #define ___C(a, b) { b }
> +#define ___DEPRECATED(a, b) { "Deprecated " b }
>  static const struct {
>  	const char *name;
>  } cxl_command_names[] __attribute__((__unused__)) = { CXL_CMDS };
> @@ -68,6 +71,28 @@ static const struct {
>   */
>  
>  #undef ___C
> +#undef ___DEPRECATED
> +#define ___C(a, b) (0)
> +#define ___DEPRECATED(a, b) (1)
> +
> +static const u8 cxl_deprecated_commands[]
> +	__attribute__((__unused__)) = { CXL_CMDS };
> +
> +/*
> + * Here's how this actually breaks out:
> + * cxl_deprecated_commands[] = {
> + *	[CXL_MEM_COMMAND_ID_INVALID] = 0,
> + *	[CXL_MEM_COMMAND_ID_IDENTIFY] = 0,
> + *	...
> + *	[CXL_MEM_DEPRECATED_ID_GET_POISON] = 1,
> + *	[CXL_MEM_DEPRECATED_ID_INJECT_POISON] = 1,
> + *	[CXL_MEM_DEPRECATED_ID_CLEAR_POISON] = 1,
> + *	...
> + * };
> + */
> +
> +#undef ___C
> +#undef ___DEPRECATED
>  
>  /**
>   * struct cxl_command_info - Command information returned from a query.
> -- 
> 2.39.2
Dan Williams April 13, 2023, 6:34 p.m. UTC | #8
Alison Schofield wrote:
> On Tue, Apr 11, 2023 at 06:47:56PM -0700, Dan Williams wrote:
> > alison.schofield@ wrote:
> > > From: Alison Schofield <alison.schofield@intel.com>
> > > 
> 
> follow up on the deprecate patch...
> 
> snip
> 
> > 
> > With this new interface I do not expect we want to support user tooling
> > that wants to retrieve the list via ioctl. So I think this wants a
> > lead-in patch that deprecates the poison command support so that the
> > linux-cxl community only has one mechanism to maintain going forward.
> > 
> > Something like the below as a lead-in, and then you would add code to
> > cxl_walk_cel() to set a flag for the "get poison" machinery.
> > 
> > -- >8 --
> > From f2cd1d1e09fe6f36255f3b8cd831b2b4903045d4 Mon Sep 17 00:00:00 2001
> > From: Dan Williams <dan.j.williams@intel.com>
> > Date: Tue, 11 Apr 2023 17:48:45 -0700
> > Subject: [PATCH] cxl/mbox: Deprecate poison commands
> > 
> > The CXL subsystem is adding a formal mechanism for retrieving the poison
> > list. Minimize the maintenance burden going forward, and maximize the
> > investment in common tooling by deprecating direct user access to issue
> > this command outside of CXL_MEM_RAW_COMMANDS debug scenarios.
> 
> I'm expanding the scope of this deprecate patch to include Scan
> commands, and want to make above statement correct, wrt what is
> allowed in raw mode.
> 
> Today, Scan Media (& Results) are not allowed in raw.
> It seems like in the spirit of raw, we should allow the scans. That
> would be same as the raw allowed commands Get Poison, Inject & Clear.
> 
> Thoughts?

The goal of blocking commands even for raw access is for the kernel to
say "hey, there's a formal interface for this, use that instead". At the
same time there is the "raw_allow_all" mechanism for those debug
scenarios to opt-in and say "I really know what I am doing". I think the
raw_allow_all hurdle is high enough to prevent splintering of user
tooling and encourage collaboration on the commons.

So I would say feel free to continue to list commands in
cxl_disabled_raw_commands as a way to document the commands that we,
linux-cxl@ community, believe need to be kernel managed. Rely on
raw_allow_all as the release valve for expert debugging.
Alison Schofield April 17, 2023, 4:32 p.m. UTC | #9
Dan, Vishal,

Following up on using the new deprecated list ...

On Tue, Apr 11, 2023 at 06:47:56PM -0700, Dan Williams wrote:
> alison.schofield@ wrote:
> > From: Alison Schofield <alison.schofield@intel.com>
> > 
> > CXL devices maintain a list of locations that are poisoned or result
> > in poison if the addresses are accessed by the host.
> > 
> > Per the spec, (CXL 3.0 8.2.9.8.4.1), the device returns this Poison
> > list as a set of Media Error Records that include the source of the
> > error, the starting device physical address, and length. The length is
> > the number of adjacent DPAs in the record and is in units of 64 bytes.
> > 
> > Retrieve the poison list.
> > 
> > Signed-off-by: Alison Schofield <alison.schofield@intel.com>
> > Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> > Reviewed-by: Ira Weiny <ira.weiny@intel.com>
> > ---
> >  drivers/cxl/core/mbox.c | 71 +++++++++++++++++++++++++++++++++++++++++
> >  drivers/cxl/cxlmem.h    | 67 ++++++++++++++++++++++++++++++++++++++
> >  drivers/cxl/pci.c       |  4 +++
> >  3 files changed, 142 insertions(+)
> > 
> > diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c
> > index f2addb457172..69a5d69dd53b 100644
> > --- a/drivers/cxl/core/mbox.c
> > +++ b/drivers/cxl/core/mbox.c
> > @@ -5,6 +5,8 @@
> >  #include <linux/debugfs.h>
> >  #include <linux/ktime.h>
> >  #include <linux/mutex.h>
> > +#include <asm/unaligned.h>
> > +#include <cxlpci.h>
> >  #include <cxlmem.h>
> >  #include <cxl.h>
> >  
> > @@ -994,6 +996,7 @@ int cxl_dev_state_identify(struct cxl_dev_state *cxlds)
> >  	/* See CXL 2.0 Table 175 Identify Memory Device Output Payload */
> >  	struct cxl_mbox_identify id;
> >  	struct cxl_mbox_cmd mbox_cmd;
> > +	u32 val;
> >  	int rc;
> >  
> >  	mbox_cmd = (struct cxl_mbox_cmd) {
> > @@ -1017,6 +1020,11 @@ int cxl_dev_state_identify(struct cxl_dev_state *cxlds)
> >  	cxlds->lsa_size = le32_to_cpu(id.lsa_size);
> >  	memcpy(cxlds->firmware_version, id.fw_revision, sizeof(id.fw_revision));
> >  
> > +	if (test_bit(CXL_MEM_COMMAND_ID_GET_POISON, cxlds->enabled_cmds)) {
> > +		val = get_unaligned_le24(id.poison_list_max_mer);
> > +		cxlds->poison.max_errors = min_t(u32, val, CXL_POISON_LIST_MAX);
> > +	}
> > +
> 
> With this new interface I do not expect we want to support user tooling
> that wants to retrieve the list via ioctl. So I think this wants a
> lead-in patch that deprecates the poison command support so that the
> linux-cxl community only has one mechanism to maintain going forward.
> 
> Something like the below as a lead-in, and then you would add code to
> cxl_walk_cel() to set a flag for the "get poison" machinery.
> 
> -- >8 --
> From f2cd1d1e09fe6f36255f3b8cd831b2b4903045d4 Mon Sep 17 00:00:00 2001
> From: Dan Williams <dan.j.williams@intel.com>
> Date: Tue, 11 Apr 2023 17:48:45 -0700
> Subject: [PATCH] cxl/mbox: Deprecate poison commands
> 
> The CXL subsystem is adding a formal mechanism for retrieving the poison
> list. Minimize the maintenance burden going forward, and maximize the
> investment in common tooling by deprecating direct user access to issue
> this command outside of CXL_MEM_RAW_COMMANDS debug scenarios.
> 
> A new cxl_deprecated_commands[] list is created for querying which
> command ids defined in previous kernels are now deprecated.

Dan, Vishal,

With the driver no longer returning these commands in the
cxl_mem_commands[] list, they will appear as -EOPNOTSUPP in
the ndctl:libcxl cxl_query().

Is there something else we need to do to actually show these
cmds as deprecated? Something like query the deprecated list
and add a new status to cxl_query(). 

At the moment, my goal is to do what is needed in the driver
now, and pick up any accompanying libcxl changes after the
driver changes are merged. A bit worried I'm leaving something
undone in driver today.

Thanks,
Alison

> 
> Effectively all of the commands defined in:
> 
> 87815ee9d006 ("cxl/pci: Add media provisioning required commands")
> 
> ...were defined prematurely and should have waited until the kernel
> implementation was decided. To my knowledge there are no shipping
> devices with poison listing support and no known tools that would
> regress with this change.
> 
> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> ---
>  drivers/cxl/core/mbox.c      |  3 ---
>  include/uapi/linux/cxl_mem.h | 31 ++++++++++++++++++++++++++++---
>  2 files changed, 28 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c
> index f2addb457172..8e24038b8769 100644
> --- a/drivers/cxl/core/mbox.c
> +++ b/drivers/cxl/core/mbox.c
> @@ -61,9 +61,6 @@ static struct cxl_mem_command cxl_mem_commands[CXL_MEM_COMMAND_ID_MAX] = {
>  	CXL_CMD(SET_ALERT_CONFIG, 0xc, 0, 0),
>  	CXL_CMD(GET_SHUTDOWN_STATE, 0, 0x1, 0),
>  	CXL_CMD(SET_SHUTDOWN_STATE, 0x1, 0, 0),
> -	CXL_CMD(GET_POISON, 0x10, CXL_VARIABLE_PAYLOAD, 0),
> -	CXL_CMD(INJECT_POISON, 0x8, 0, 0),
> -	CXL_CMD(CLEAR_POISON, 0x48, 0, 0),
>  	CXL_CMD(GET_SCAN_MEDIA_CAPS, 0x10, 0x4, 0),
>  	CXL_CMD(SCAN_MEDIA, 0x11, 0, 0),
>  	CXL_CMD(GET_SCAN_MEDIA, 0, CXL_VARIABLE_PAYLOAD, 0),
> diff --git a/include/uapi/linux/cxl_mem.h b/include/uapi/linux/cxl_mem.h
> index 86bbacf2a315..90f17343f1ba 100644
> --- a/include/uapi/linux/cxl_mem.h
> +++ b/include/uapi/linux/cxl_mem.h
> @@ -40,19 +40,22 @@
>  	___C(SET_ALERT_CONFIG, "Set Alert Configuration"),                \
>  	___C(GET_SHUTDOWN_STATE, "Get Shutdown State"),                   \
>  	___C(SET_SHUTDOWN_STATE, "Set Shutdown State"),                   \
> -	___C(GET_POISON, "Get Poison List"),                              \
> -	___C(INJECT_POISON, "Inject Poison"),                             \
> -	___C(CLEAR_POISON, "Clear Poison"),                               \
> +	___DEPRECATED(GET_POISON, "Get Poison List"),                     \
> +	___DEPRECATED(INJECT_POISON, "Inject Poison"),                    \
> +	___DEPRECATED(CLEAR_POISON, "Clear Poison"),                      \
>  	___C(GET_SCAN_MEDIA_CAPS, "Get Scan Media Capabilities"),         \
>  	___C(SCAN_MEDIA, "Scan Media"),                                   \
>  	___C(GET_SCAN_MEDIA, "Get Scan Media Results"),                   \
>  	___C(MAX, "invalid / last command")
>  
>  #define ___C(a, b) CXL_MEM_COMMAND_ID_##a
> +#define ___DEPRECATED(a, b) CXL_MEM_DEPRECATED_ID_##a
>  enum { CXL_CMDS };
>  
>  #undef ___C
> +#undef ___DEPRECATED
>  #define ___C(a, b) { b }
> +#define ___DEPRECATED(a, b) { "Deprecated " b }
>  static const struct {
>  	const char *name;
>  } cxl_command_names[] __attribute__((__unused__)) = { CXL_CMDS };
> @@ -68,6 +71,28 @@ static const struct {
>   */
>  
>  #undef ___C
> +#undef ___DEPRECATED
> +#define ___C(a, b) (0)
> +#define ___DEPRECATED(a, b) (1)
> +
> +static const u8 cxl_deprecated_commands[]
> +	__attribute__((__unused__)) = { CXL_CMDS };
> +
> +/*
> + * Here's how this actually breaks out:
> + * cxl_deprecated_commands[] = {
> + *	[CXL_MEM_COMMAND_ID_INVALID] = 0,
> + *	[CXL_MEM_COMMAND_ID_IDENTIFY] = 0,
> + *	...
> + *	[CXL_MEM_DEPRECATED_ID_GET_POISON] = 1,
> + *	[CXL_MEM_DEPRECATED_ID_INJECT_POISON] = 1,
> + *	[CXL_MEM_DEPRECATED_ID_CLEAR_POISON] = 1,
> + *	...
> + * };
> + */
> +
> +#undef ___C
> +#undef ___DEPRECATED
>  
>  /**
>   * struct cxl_command_info - Command information returned from a query.
> -- 
> 2.39.2
> -- 8< --

snip
Dan Williams April 17, 2023, 7:39 p.m. UTC | #10
Alison Schofield wrote:
> 
> Dan, Vishal,
> 
> Following up on using the new deprecated list ...
> 
> On Tue, Apr 11, 2023 at 06:47:56PM -0700, Dan Williams wrote:
> > alison.schofield@ wrote:
> > > From: Alison Schofield <alison.schofield@intel.com>
> > > 
> > > CXL devices maintain a list of locations that are poisoned or result
> > > in poison if the addresses are accessed by the host.
> > > 
> > > Per the spec, (CXL 3.0 8.2.9.8.4.1), the device returns this Poison
> > > list as a set of Media Error Records that include the source of the
> > > error, the starting device physical address, and length. The length is
> > > the number of adjacent DPAs in the record and is in units of 64 bytes.
> > > 
> > > Retrieve the poison list.
> > > 
> > > Signed-off-by: Alison Schofield <alison.schofield@intel.com>
> > > Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> > > Reviewed-by: Ira Weiny <ira.weiny@intel.com>
> > > ---
> > >  drivers/cxl/core/mbox.c | 71 +++++++++++++++++++++++++++++++++++++++++
> > >  drivers/cxl/cxlmem.h    | 67 ++++++++++++++++++++++++++++++++++++++
> > >  drivers/cxl/pci.c       |  4 +++
> > >  3 files changed, 142 insertions(+)
> > > 
> > > diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c
> > > index f2addb457172..69a5d69dd53b 100644
> > > --- a/drivers/cxl/core/mbox.c
> > > +++ b/drivers/cxl/core/mbox.c
> > > @@ -5,6 +5,8 @@
> > >  #include <linux/debugfs.h>
> > >  #include <linux/ktime.h>
> > >  #include <linux/mutex.h>
> > > +#include <asm/unaligned.h>
> > > +#include <cxlpci.h>
> > >  #include <cxlmem.h>
> > >  #include <cxl.h>
> > >  
> > > @@ -994,6 +996,7 @@ int cxl_dev_state_identify(struct cxl_dev_state *cxlds)
> > >  	/* See CXL 2.0 Table 175 Identify Memory Device Output Payload */
> > >  	struct cxl_mbox_identify id;
> > >  	struct cxl_mbox_cmd mbox_cmd;
> > > +	u32 val;
> > >  	int rc;
> > >  
> > >  	mbox_cmd = (struct cxl_mbox_cmd) {
> > > @@ -1017,6 +1020,11 @@ int cxl_dev_state_identify(struct cxl_dev_state *cxlds)
> > >  	cxlds->lsa_size = le32_to_cpu(id.lsa_size);
> > >  	memcpy(cxlds->firmware_version, id.fw_revision, sizeof(id.fw_revision));
> > >  
> > > +	if (test_bit(CXL_MEM_COMMAND_ID_GET_POISON, cxlds->enabled_cmds)) {
> > > +		val = get_unaligned_le24(id.poison_list_max_mer);
> > > +		cxlds->poison.max_errors = min_t(u32, val, CXL_POISON_LIST_MAX);
> > > +	}
> > > +
> > 
> > With this new interface I do not expect we want to support user tooling
> > that wants to retrieve the list via ioctl. So I think this wants a
> > lead-in patch that deprecates the poison command support so that the
> > linux-cxl community only has one mechanism to maintain going forward.
> > 
> > Something like the below as a lead-in, and then you would add code to
> > cxl_walk_cel() to set a flag for the "get poison" machinery.
> > 
> > -- >8 --
> > From f2cd1d1e09fe6f36255f3b8cd831b2b4903045d4 Mon Sep 17 00:00:00 2001
> > From: Dan Williams <dan.j.williams@intel.com>
> > Date: Tue, 11 Apr 2023 17:48:45 -0700
> > Subject: [PATCH] cxl/mbox: Deprecate poison commands
> > 
> > The CXL subsystem is adding a formal mechanism for retrieving the poison
> > list. Minimize the maintenance burden going forward, and maximize the
> > investment in common tooling by deprecating direct user access to issue
> > this command outside of CXL_MEM_RAW_COMMANDS debug scenarios.
> > 
> > A new cxl_deprecated_commands[] list is created for querying which
> > command ids defined in previous kernels are now deprecated.
> 
> Dan, Vishal,
> 
> With the driver no longer returning these commands in the
> cxl_mem_commands[] list, they will appear as -EOPNOTSUPP in
> the ndctl:libcxl cxl_query().
> 
> Is there something else we need to do to actually show these
> cmds as deprecated? Something like query the deprecated list
> and add a new status to cxl_query(). 

No, because any software written before the deprecation does not know to
look to see if they are deprecated, and software written afterwards can
read the latest header file. So an EOPNOTSUPP return is all that is
needed.

> At the moment, my goal is to do what is needed in the driver
> now, and pick up any accompanying libcxl changes after the
> driver changes are merged. A bit worried I'm leaving something
> undone in driver today.

As long as there are users with new needs the driver will always have
undone corner cases. I think this series is in good shape.
diff mbox series

Patch

diff --git a/drivers/cxl/core/mbox.c b/drivers/cxl/core/mbox.c
index f2addb457172..69a5d69dd53b 100644
--- a/drivers/cxl/core/mbox.c
+++ b/drivers/cxl/core/mbox.c
@@ -5,6 +5,8 @@ 
 #include <linux/debugfs.h>
 #include <linux/ktime.h>
 #include <linux/mutex.h>
+#include <asm/unaligned.h>
+#include <cxlpci.h>
 #include <cxlmem.h>
 #include <cxl.h>
 
@@ -994,6 +996,7 @@  int cxl_dev_state_identify(struct cxl_dev_state *cxlds)
 	/* See CXL 2.0 Table 175 Identify Memory Device Output Payload */
 	struct cxl_mbox_identify id;
 	struct cxl_mbox_cmd mbox_cmd;
+	u32 val;
 	int rc;
 
 	mbox_cmd = (struct cxl_mbox_cmd) {
@@ -1017,6 +1020,11 @@  int cxl_dev_state_identify(struct cxl_dev_state *cxlds)
 	cxlds->lsa_size = le32_to_cpu(id.lsa_size);
 	memcpy(cxlds->firmware_version, id.fw_revision, sizeof(id.fw_revision));
 
+	if (test_bit(CXL_MEM_COMMAND_ID_GET_POISON, cxlds->enabled_cmds)) {
+		val = get_unaligned_le24(id.poison_list_max_mer);
+		cxlds->poison.max_errors = min_t(u32, val, CXL_POISON_LIST_MAX);
+	}
+
 	return 0;
 }
 EXPORT_SYMBOL_NS_GPL(cxl_dev_state_identify, CXL);
@@ -1107,6 +1115,69 @@  int cxl_set_timestamp(struct cxl_dev_state *cxlds)
 }
 EXPORT_SYMBOL_NS_GPL(cxl_set_timestamp, CXL);
 
+int cxl_mem_get_poison(struct cxl_memdev *cxlmd, u64 offset, u64 len,
+		       struct cxl_region *cxlr)
+{
+	struct cxl_dev_state *cxlds = cxlmd->cxlds;
+	struct cxl_mbox_poison_out *po;
+	struct cxl_mbox_poison_in pi;
+	struct cxl_mbox_cmd mbox_cmd;
+	int nr_records = 0;
+	int rc;
+
+	rc = mutex_lock_interruptible(&cxlds->poison.lock);
+	if (rc)
+		return rc;
+
+	po = cxlds->poison.list_out;
+	pi.offset = cpu_to_le64(offset);
+	pi.length = cpu_to_le64(len / CXL_POISON_LEN_MULT);
+
+	mbox_cmd = (struct cxl_mbox_cmd) {
+		.opcode = CXL_MBOX_OP_GET_POISON,
+		.size_in = sizeof(pi),
+		.payload_in = &pi,
+		.size_out = cxlds->payload_size,
+		.payload_out = po,
+		.min_out = struct_size(po, record, 0),
+	};
+
+	do {
+		rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
+		if (rc)
+			break;
+
+		/* TODO TRACE the media error records */
+
+		/* Protect against an uncleared _FLAG_MORE */
+		nr_records = nr_records + le16_to_cpu(po->count);
+		if (nr_records >= cxlds->poison.max_errors) {
+			dev_dbg(&cxlmd->dev, "Max Error Records reached: %d\n",
+				nr_records);
+			break;
+		}
+	} while (po->flags & CXL_POISON_FLAG_MORE);
+
+	mutex_unlock(&cxlds->poison.lock);
+	return rc;
+}
+EXPORT_SYMBOL_NS_GPL(cxl_mem_get_poison, CXL);
+
+int cxl_poison_state_init(struct cxl_dev_state *cxlds)
+{
+	if (!test_bit(CXL_MEM_COMMAND_ID_GET_POISON, cxlds->enabled_cmds))
+		return 0;
+
+	cxlds->poison.list_out = devm_kzalloc(cxlds->dev, cxlds->payload_size,
+					      GFP_KERNEL);
+	if (!cxlds->poison.list_out)
+		return -ENOMEM;
+
+	mutex_init(&cxlds->poison.lock);
+	return 0;
+}
+EXPORT_SYMBOL_NS_GPL(cxl_poison_state_init, CXL);
+
 struct cxl_dev_state *cxl_dev_state_create(struct device *dev)
 {
 	struct cxl_dev_state *cxlds;
diff --git a/drivers/cxl/cxlmem.h b/drivers/cxl/cxlmem.h
index ccbafc05a636..a3033c8dd8e2 100644
--- a/drivers/cxl/cxlmem.h
+++ b/drivers/cxl/cxlmem.h
@@ -215,6 +215,24 @@  struct cxl_event_state {
 	struct mutex log_lock;
 };
 
+/**
+ * struct cxl_poison_state - Driver poison state info
+ *
+ * @max_errors: Maximum media error records held in device cache
+ * @list_out: The poison list payload returned by device
+ * @lock: Protect reads of the poison list
+ *
+ * Reads of the poison list are synchronized to ensure that a reader
+ * does not get an incomplete list because their request overlapped
+ * (was interrupted or preceded by) another read request of the same
+ * DPA range. CXL Spec 3.0 Section 8.2.9.8.4.1
+ */
+struct cxl_poison_state {
+	u32 max_errors;
+	struct cxl_mbox_poison_out *list_out;
+	struct mutex lock;  /* Protect reads of poison list */
+};
+
 /**
  * struct cxl_dev_state - The driver device state
  *
@@ -251,6 +269,7 @@  struct cxl_event_state {
  * @serial: PCIe Device Serial Number
  * @doe_mbs: PCI DOE mailbox array
  * @event: event log driver state
+ * @poison: poison driver state info
  * @mbox_send: @dev specific transport for transmitting mailbox commands
  *
  * See section 8.2.9.5.2 Capacity Configuration and Label Storage for
@@ -290,6 +309,7 @@  struct cxl_dev_state {
 	struct xarray doe_mbs;
 
 	struct cxl_event_state event;
+	struct cxl_poison_state poison;
 
 	int (*mbox_send)(struct cxl_dev_state *cxlds, struct cxl_mbox_cmd *cmd);
 };
@@ -538,6 +558,50 @@  struct cxl_mbox_set_timestamp_in {
 
 } __packed;
 
+/* Get Poison List  CXL 3.0 Spec 8.2.9.8.4.1 */
+struct cxl_mbox_poison_in {
+	__le64 offset;
+	__le64 length;
+} __packed;
+
+struct cxl_mbox_poison_out {
+	u8 flags;
+	u8 rsvd1;
+	__le64 overflow_t;
+	__le16 count;
+	u8 rsvd2[20];
+	struct cxl_poison_record {
+		__le64 address;
+		__le32 length;
+		__le32 rsvd;
+	} __packed record[];
+} __packed;
+
+/*
+ * Get Poison List address field encodes the starting
+ * address of poison, and the source of the poison.
+ */
+#define CXL_POISON_START_MASK		GENMASK_ULL(63, 6)
+#define CXL_POISON_SOURCE_MASK		GENMASK(2, 0)
+
+/* Get Poison List record length is in units of 64 bytes */
+#define CXL_POISON_LEN_MULT	64
+
+/* Kernel defined maximum for a list of poison errors */
+#define CXL_POISON_LIST_MAX	1024
+
+/* Get Poison List: Payload out flags */
+#define CXL_POISON_FLAG_MORE            BIT(0)
+#define CXL_POISON_FLAG_OVERFLOW        BIT(1)
+#define CXL_POISON_FLAG_SCANNING        BIT(2)
+
+/* Get Poison List: Poison Source */
+#define CXL_POISON_SOURCE_UNKNOWN	0
+#define CXL_POISON_SOURCE_EXTERNAL	1
+#define CXL_POISON_SOURCE_INTERNAL	2
+#define CXL_POISON_SOURCE_INJECTED	3
+#define CXL_POISON_SOURCE_VENDOR	7
+
 /**
  * struct cxl_mem_command - Driver representation of a memory device command
  * @info: Command information as it exists for the UAPI
@@ -608,6 +672,9 @@  void set_exclusive_cxl_commands(struct cxl_dev_state *cxlds, unsigned long *cmds
 void clear_exclusive_cxl_commands(struct cxl_dev_state *cxlds, unsigned long *cmds);
 void cxl_mem_get_event_records(struct cxl_dev_state *cxlds, u32 status);
 int cxl_set_timestamp(struct cxl_dev_state *cxlds);
+int cxl_poison_state_init(struct cxl_dev_state *cxlds);
+int cxl_mem_get_poison(struct cxl_memdev *cxlmd, u64 offset, u64 len,
+		       struct cxl_region *cxlr);
 
 #ifdef CONFIG_CXL_SUSPEND
 void cxl_mem_active_inc(void);
diff --git a/drivers/cxl/pci.c b/drivers/cxl/pci.c
index 60b23624d167..827ea0895778 100644
--- a/drivers/cxl/pci.c
+++ b/drivers/cxl/pci.c
@@ -769,6 +769,10 @@  static int cxl_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
 	if (rc)
 		return rc;
 
+	rc = cxl_poison_state_init(cxlds);
+	if (rc)
+		return rc;
+
 	rc = cxl_dev_state_identify(cxlds);
 	if (rc)
 		return rc;