From: "Oliver O'Halloran" <oohall@gmail.com>
To: Bjorn Helgaas <helgaas@kernel.org>
Cc: "Pali Rohár" <pali@kernel.org>,
"Aaron Ma" <aaron.ma@canonical.com>,
jesse.brandeburg@intel.com, anthony.l.nguyen@intel.com,
"David S. Miller" <davem@davemloft.net>,
"Jakub Kicinski" <kuba@kernel.org>,
intel-wired-lan@lists.osuosl.org, netdev@vger.kernel.org,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
"Krzysztof Wilczyński" <kw@linux.com>,
linux-pci <linux-pci@vger.kernel.org>
Subject: Re: [PATCH 1/2] igc: don't rd/wr iomem when PCI is removed
Date: Mon, 19 Jul 2021 02:31:10 +1000 [thread overview]
Message-ID: <CAOSf1CHtHLyEHC58jwemZS6j=jAU2OrrYitkUYmdisJtuFu4dw@mail.gmail.com> (raw)
In-Reply-To: <20210708154550.GA1019947@bjorn-Precision-5520>
On Fri, Jul 9, 2021 at 1:45 AM Bjorn Helgaas <helgaas@kernel.org> wrote:
>
> *snip*
>
> Apologies for rehashing what's probably obvious to everybody but me.
> I'm trying to get a better handle on benign vs poisonous errors.
>
> MMIO means CPU reads or writes to the device. In PCI, writes are
> posted and don't receive a response, so a driver will never see
> writel() return an error (although an error may be reported
> asynchronously via AER or similar).
>
> So I think we're mostly talking about CPU reads here. We expect a PCI
> response containing the data. Sometimes there's no response or an
> error response. The behavior of the host bridge in these error cases
> is not defined by PCI, so what the CPU sees is not consistent across
> platforms. In some cases, the bridge handles this as a catastrophic
> error that forces a system restart.
>
> But in most cases, at least on x86, the bridge logs an error and
> fabricates ~0 data so the CPU read can complete. Then it's up to
> software to recognize that an error occurred and decide what to do
> about it. Is this a benign or a poisonous error?
>
> I'd say this is a benign error. It certainly can't be ignored, but as
> long as the driver recognizes the error, it should be able to deal
> with it without crashing the whole system and forcing a restart.
I was thinking more in terms of what the driver author sees rather
than what's happening on the CPU side. The crash seen in the OP
appears to be because the code is "doing an MMIO." However, the
reasons for the crash have nothing to do with the actual mechanics of
the operation (which should be benign). The point I was making is that
the pattern of:
if (is_disconnected())
return failure;
return do_mmio_read(addr);
does have some utility as a last-ditch attempt to prevent crashes in
the face of obnoxious bridges or bad hardware. Granted, that should be
a platform concern rather than something that should ever appear in
driver code, but considering drivers open-code readl()/writel() calls
there's not really any place to put that sort of workaround.
That all said, the case in the OP is due to an entirely avoidable
driver bug and that sort of hack is absolutely the wrong thing to do.
Oliver
WARNING: multiple messages have this Message-ID (diff)
From: Oliver O'Halloran <oohall@gmail.com>
To: intel-wired-lan@osuosl.org
Subject: [Intel-wired-lan] [PATCH 1/2] igc: don't rd/wr iomem when PCI is removed
Date: Mon, 19 Jul 2021 02:31:10 +1000 [thread overview]
Message-ID: <CAOSf1CHtHLyEHC58jwemZS6j=jAU2OrrYitkUYmdisJtuFu4dw@mail.gmail.com> (raw)
In-Reply-To: <20210708154550.GA1019947@bjorn-Precision-5520>
On Fri, Jul 9, 2021 at 1:45 AM Bjorn Helgaas <helgaas@kernel.org> wrote:
>
> *snip*
>
> Apologies for rehashing what's probably obvious to everybody but me.
> I'm trying to get a better handle on benign vs poisonous errors.
>
> MMIO means CPU reads or writes to the device. In PCI, writes are
> posted and don't receive a response, so a driver will never see
> writel() return an error (although an error may be reported
> asynchronously via AER or similar).
>
> So I think we're mostly talking about CPU reads here. We expect a PCI
> response containing the data. Sometimes there's no response or an
> error response. The behavior of the host bridge in these error cases
> is not defined by PCI, so what the CPU sees is not consistent across
> platforms. In some cases, the bridge handles this as a catastrophic
> error that forces a system restart.
>
> But in most cases, at least on x86, the bridge logs an error and
> fabricates ~0 data so the CPU read can complete. Then it's up to
> software to recognize that an error occurred and decide what to do
> about it. Is this a benign or a poisonous error?
>
> I'd say this is a benign error. It certainly can't be ignored, but as
> long as the driver recognizes the error, it should be able to deal
> with it without crashing the whole system and forcing a restart.
I was thinking more in terms of what the driver author sees rather
than what's happening on the CPU side. The crash seen in the OP
appears to be because the code is "doing an MMIO." However, the
reasons for the crash have nothing to do with the actual mechanics of
the operation (which should be benign). The point I was making is that
the pattern of:
if (is_disconnected())
return failure;
return do_mmio_read(addr);
does have some utility as a last-ditch attempt to prevent crashes in
the face of obnoxious bridges or bad hardware. Granted, that should be
a platform concern rather than something that should ever appear in
driver code, but considering drivers open-code readl()/writel() calls
there's not really any place to put that sort of workaround.
That all said, the case in the OP is due to an entirely avoidable
driver bug and that sort of hack is absolutely the wrong thing to do.
Oliver
next prev parent reply other threads:[~2021-07-18 16:31 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-02 4:51 [PATCH 1/2] igc: don't rd/wr iomem when PCI is removed Aaron Ma
2021-07-02 4:51 ` [Intel-wired-lan] " Aaron Ma
2021-07-02 4:51 ` [PATCH 2/2] igc: wait for the MAC copy when enabled MAC passthrough Aaron Ma
2021-07-02 4:51 ` [Intel-wired-lan] " Aaron Ma
2021-07-04 5:36 ` Neftin, Sasha
2021-07-04 5:36 ` Neftin, Sasha
2021-07-05 7:38 ` Aaron Ma
2021-07-05 7:38 ` Aaron Ma
2021-07-05 11:54 ` Neftin, Sasha
2021-07-05 11:54 ` Neftin, Sasha
2021-07-06 6:46 ` Aaron Ma
2021-07-06 6:46 ` Aaron Ma
2021-07-08 4:24 ` Neftin, Sasha
2021-07-08 4:24 ` Neftin, Sasha
2021-07-13 13:45 ` Aaron Ma
2021-07-13 13:45 ` Aaron Ma
2021-07-14 9:13 ` Ruinskiy, Dima
2021-07-14 9:13 ` Ruinskiy, Dima
2021-07-04 14:28 ` [PATCH 1/2] igc: don't rd/wr iomem when PCI is removed Pali Rohár
2021-07-04 14:28 ` [Intel-wired-lan] " Pali =?unknown-8bit?q?Roh=C3=A1r?=
2021-07-05 7:23 ` Aaron Ma
2021-07-05 7:23 ` [Intel-wired-lan] " Aaron Ma
2021-07-05 23:02 ` Krzysztof Wilczyński
2021-07-05 23:02 ` [Intel-wired-lan] " Krzysztof =?unknown-8bit?q?Wilczy=C5=84ski?=
2021-07-06 14:23 ` Pali Rohár
2021-07-06 14:23 ` [Intel-wired-lan] " Pali =?unknown-8bit?q?Roh=C3=A1r?=
2021-07-05 7:47 ` Dave Airlie
2021-07-05 7:47 ` [Intel-wired-lan] " Dave Airlie
2021-07-06 6:42 ` Aaron Ma
2021-07-06 6:42 ` [Intel-wired-lan] " Aaron Ma
2021-07-06 20:12 ` Bjorn Helgaas
2021-07-06 20:12 ` [Intel-wired-lan] " Bjorn Helgaas
2021-07-07 21:53 ` Pali Rohár
2021-07-07 21:53 ` [Intel-wired-lan] " Pali =?unknown-8bit?q?Roh=C3=A1r?=
2021-07-07 22:10 ` Bjorn Helgaas
2021-07-07 22:10 ` [Intel-wired-lan] " Bjorn Helgaas
2021-07-08 2:04 ` Oliver O'Halloran
2021-07-08 2:04 ` [Intel-wired-lan] " Oliver O'Halloran
2021-07-08 15:45 ` Bjorn Helgaas
2021-07-08 15:45 ` [Intel-wired-lan] " Bjorn Helgaas
2021-07-18 16:31 ` Oliver O'Halloran [this message]
2021-07-18 16:31 ` Oliver O'Halloran
2021-07-18 22:50 ` Pali Rohár
2021-07-18 22:50 ` [Intel-wired-lan] " Pali =?unknown-8bit?q?Roh=C3=A1r?=
2021-07-19 2:49 ` Oliver O'Halloran
2021-07-19 2:49 ` [Intel-wired-lan] " Oliver O'Halloran
2021-07-19 8:13 ` Pali Rohár
2021-07-19 8:13 ` [Intel-wired-lan] " Pali =?unknown-8bit?q?Roh=C3=A1r?=
2021-07-20 0:17 ` Bjorn Helgaas
2021-07-20 0:17 ` [Intel-wired-lan] " Bjorn Helgaas
2021-07-13 13:00 ` [PATCH v2] igc: fix page fault when thunderbolt is unplugged Aaron Ma
2021-07-13 13:00 ` [Intel-wired-lan] " Aaron Ma
2021-08-04 12:06 ` Fuxbrumer, Dvora
2021-08-04 12:06 ` Fuxbrumer, Dvora
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAOSf1CHtHLyEHC58jwemZS6j=jAU2OrrYitkUYmdisJtuFu4dw@mail.gmail.com' \
--to=oohall@gmail.com \
--cc=aaron.ma@canonical.com \
--cc=anthony.l.nguyen@intel.com \
--cc=davem@davemloft.net \
--cc=helgaas@kernel.org \
--cc=intel-wired-lan@lists.osuosl.org \
--cc=jesse.brandeburg@intel.com \
--cc=kuba@kernel.org \
--cc=kw@linux.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pali@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.