linux-renesas-soc.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook
@ 2021-05-14 20:05 marek.vasut
  2021-05-17  7:39 ` Geert Uytterhoeven
  2021-07-17 17:33 ` Bjorn Helgaas
  0 siblings, 2 replies; 18+ messages in thread
From: marek.vasut @ 2021-05-14 20:05 UTC (permalink / raw)
  To: linux-pci
  Cc: Marek Vasut, Bjorn Helgaas, Geert Uytterhoeven,
	Lorenzo Pieralisi, Wolfram Sang, Yoshihiro Shimoda,
	linux-renesas-soc

From: Marek Vasut <marek.vasut+renesas@gmail.com>

The R-Car PCIe controller is capable of handling L0s/L1 link states.
While the controller can enter and exit L0s link state, and exit L1
link state, without any additional action from the driver, to enter
L1 link state, the driver must complete the link state transition by
issuing additional commands to the controller.

The problem is, this transition is not atomic. The controller sets
PMEL1RX bit in PMSR register upon reception of PM_ENTER_L1 DLLP from
the PCIe card, but then the controller enters some sort of inbetween
state. The driver must detect this condition and complete the link
state transition, by setting L1IATN bit in PMCTLR and waiting for
the link state transition to complete.

If a PCIe access happens inside this window, where the controller
is between L0 and L1 link states, the access generates a fault and
the ARM 'imprecise external abort' handler is invoked.

Just like other PCI controller drivers, here we hook the fault handler,
perform the fixup to help the controller enter L1 link state, and then
restart the instruction which triggered the fault. Since the controller
is in L1 link state now, the link can exit from L1 link state to L0 and
successfully complete the access.

While it was suggested to disable L1 link state support completely on
the controller level, this would not prevent the L1 link state entry
initiated by the link partner. This happens e.g. in case a PCIe card
enters D3Hot state, which could be initiated from pci_set_power_state()
if the card indicates D3Hot support, which in turn means link must enter
L1 state. So instead, fix up the L1 link state after all.

Note that this fixup is applicable only to Aarch32 R-Car controllers,
the Aarch64 R-Car perform the same fixup in TFA, see TFA commit [1]
0969397f2 ("rcar_gen3: plat: Prevent PCIe hang during L1X config access")
[1] https://github.com/ARM-software/arm-trusted-firmware/commit/0969397f295621aa26b3d14b76dd397d22be58bf

Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Cc: Wolfram Sang <wsa@the-dreams.de>
Cc: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Cc: linux-renesas-soc@vger.kernel.org
---
V2: - Update commit message, add link to TFA repository commit
    - Handle the LPAE case as in ARM fault.c and fsr-{2,3}level.c
    - Cache clock and check whether they are enabled before register
      access
V3: - Fix commit message according to spellchecker
    - Use of_find_matching_node() to apply hook only on Gen1 and Gen2 RCar
      (in case the kernel is multiplatform)
V4: - Mark rcar_pcie_abort_handler_of_match with __initconst
V5: - Add mutex around rcar_pcie_aarch32_abort_handler()
    - Update commit message again to point out issues with L1/D3Hot states
V6: - Return 1 only if condition cannot be fixed
---
 drivers/pci/controller/pcie-rcar-host.c | 84 +++++++++++++++++++++++++
 drivers/pci/controller/pcie-rcar.h      |  7 +++
 2 files changed, 91 insertions(+)

diff --git a/drivers/pci/controller/pcie-rcar-host.c b/drivers/pci/controller/pcie-rcar-host.c
index 765cf2b45e24..0d3f8dc5ff8a 100644
--- a/drivers/pci/controller/pcie-rcar-host.c
+++ b/drivers/pci/controller/pcie-rcar-host.c
@@ -13,6 +13,7 @@
 
 #include <linux/bitops.h>
 #include <linux/clk.h>
+#include <linux/clk-provider.h>
 #include <linux/delay.h>
 #include <linux/interrupt.h>
 #include <linux/irq.h>
@@ -41,6 +42,21 @@ struct rcar_msi {
 	int irq2;
 };
 
+#ifdef CONFIG_ARM
+/*
+ * Here we keep a static copy of the remapped PCIe controller address.
+ * This is only used on aarch32 systems, all of which have one single
+ * PCIe controller, to provide quick access to the PCIe controller in
+ * the L1 link state fixup function, called from the ARM fault handler.
+ */
+static void __iomem *pcie_base;
+/*
+ * Static copy of bus clock pointer, so we can check whether the clock
+ * is enabled or not.
+ */
+static struct clk *pcie_bus_clk;
+#endif
+
 /* Structure representing the PCIe interface */
 struct rcar_pcie_host {
 	struct rcar_pcie	pcie;
@@ -776,6 +792,12 @@ static int rcar_pcie_get_resources(struct rcar_pcie_host *host)
 	}
 	host->msi.irq2 = i;
 
+#ifdef CONFIG_ARM
+	/* Cache static copy for L1 link state fixup hook on aarch32 */
+	pcie_base = pcie->base;
+	pcie_bus_clk = host->bus_clk;
+#endif
+
 	return 0;
 
 err_irq2:
@@ -1031,4 +1053,66 @@ static struct platform_driver rcar_pcie_driver = {
 	},
 	.probe = rcar_pcie_probe,
 };
+
+#ifdef CONFIG_ARM
+static DEFINE_SPINLOCK(pmsr_lock);
+static int rcar_pcie_aarch32_abort_handler(unsigned long addr,
+		unsigned int fsr, struct pt_regs *regs)
+{
+	unsigned long flags;
+	int ret = 0;
+	u32 pmsr;
+
+	spin_lock_irqsave(&pmsr_lock, flags);
+
+	if (!pcie_base || !__clk_is_enabled(pcie_bus_clk)) {
+		ret = 1;
+		goto unlock_exit;
+	}
+
+	pmsr = readl(pcie_base + PMSR);
+
+	/*
+	 * Test if the PCIe controller received PM_ENTER_L1 DLLP and
+	 * the PCIe controller is not in L1 link state. If true, apply
+	 * fix, which will put the controller into L1 link state, from
+	 * which it can return to L0s/L0 on its own.
+	 */
+	if ((pmsr & PMEL1RX) && ((pmsr & PMSTATE) != PMSTATE_L1)) {
+		writel(L1IATN, pcie_base + PMCTLR);
+		while (!(readl(pcie_base + PMSR) & L1FAEG))
+			;
+		writel(L1FAEG | PMEL1RX, pcie_base + PMSR);
+	}
+
+unlock_exit:
+	spin_unlock_irqrestore(&pmsr_lock, flags);
+	return ret;
+}
+
+static const struct of_device_id rcar_pcie_abort_handler_of_match[] __initconst = {
+	{ .compatible = "renesas,pcie-r8a7779" },
+	{ .compatible = "renesas,pcie-r8a7790" },
+	{ .compatible = "renesas,pcie-r8a7791" },
+	{ .compatible = "renesas,pcie-rcar-gen2" },
+	{},
+};
+
+static int __init rcar_pcie_init(void)
+{
+	if (of_find_matching_node(NULL, rcar_pcie_abort_handler_of_match)) {
+#ifdef CONFIG_ARM_LPAE
+		hook_fault_code(17, rcar_pcie_aarch32_abort_handler, SIGBUS, 0,
+				"asynchronous external abort");
+#else
+		hook_fault_code(22, rcar_pcie_aarch32_abort_handler, SIGBUS, 0,
+				"imprecise external abort");
+#endif
+	}
+
+	return platform_driver_register(&rcar_pcie_driver);
+}
+device_initcall(rcar_pcie_init);
+#else
 builtin_platform_driver(rcar_pcie_driver);
+#endif
diff --git a/drivers/pci/controller/pcie-rcar.h b/drivers/pci/controller/pcie-rcar.h
index d4c698b5f821..9bb125db85c6 100644
--- a/drivers/pci/controller/pcie-rcar.h
+++ b/drivers/pci/controller/pcie-rcar.h
@@ -85,6 +85,13 @@
 #define  LTSMDIS		BIT(31)
 #define  MACCTLR_INIT_VAL	(LTSMDIS | MACCTLR_NFTS_MASK)
 #define PMSR			0x01105c
+#define  L1FAEG			BIT(31)
+#define  PMEL1RX		BIT(23)
+#define  PMSTATE		GENMASK(18, 16)
+#define  PMSTATE_L1		(3 << 16)
+#define PMCTLR			0x011060
+#define  L1IATN			BIT(31)
+
 #define MACS2R			0x011078
 #define MACCGSPSETR		0x011084
 #define  SPCNGRSN		BIT(31)
-- 
2.30.2


^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook
  2021-05-14 20:05 [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook marek.vasut
@ 2021-05-17  7:39 ` Geert Uytterhoeven
  2021-07-17 17:33 ` Bjorn Helgaas
  1 sibling, 0 replies; 18+ messages in thread
From: Geert Uytterhoeven @ 2021-05-17  7:39 UTC (permalink / raw)
  To: Marek Vasut
  Cc: linux-pci, Marek Vasut, Bjorn Helgaas, Lorenzo Pieralisi,
	Wolfram Sang, Yoshihiro Shimoda, Linux-Renesas

On Fri, May 14, 2021 at 10:06 PM <marek.vasut@gmail.com> wrote:
> From: Marek Vasut <marek.vasut+renesas@gmail.com>
>
> The R-Car PCIe controller is capable of handling L0s/L1 link states.
> While the controller can enter and exit L0s link state, and exit L1
> link state, without any additional action from the driver, to enter
> L1 link state, the driver must complete the link state transition by
> issuing additional commands to the controller.
>
> The problem is, this transition is not atomic. The controller sets
> PMEL1RX bit in PMSR register upon reception of PM_ENTER_L1 DLLP from
> the PCIe card, but then the controller enters some sort of inbetween
> state. The driver must detect this condition and complete the link
> state transition, by setting L1IATN bit in PMCTLR and waiting for
> the link state transition to complete.
>
> If a PCIe access happens inside this window, where the controller
> is between L0 and L1 link states, the access generates a fault and
> the ARM 'imprecise external abort' handler is invoked.
>
> Just like other PCI controller drivers, here we hook the fault handler,
> perform the fixup to help the controller enter L1 link state, and then
> restart the instruction which triggered the fault. Since the controller
> is in L1 link state now, the link can exit from L1 link state to L0 and
> successfully complete the access.
>
> While it was suggested to disable L1 link state support completely on
> the controller level, this would not prevent the L1 link state entry
> initiated by the link partner. This happens e.g. in case a PCIe card
> enters D3Hot state, which could be initiated from pci_set_power_state()
> if the card indicates D3Hot support, which in turn means link must enter
> L1 state. So instead, fix up the L1 link state after all.
>
> Note that this fixup is applicable only to Aarch32 R-Car controllers,
> the Aarch64 R-Car perform the same fixup in TFA, see TFA commit [1]
> 0969397f2 ("rcar_gen3: plat: Prevent PCIe hang during L1X config access")
> [1] https://github.com/ARM-software/arm-trusted-firmware/commit/0969397f295621aa26b3d14b76dd397d22be58bf
>
> Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>

Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>

> ---
> V2: - Update commit message, add link to TFA repository commit
>     - Handle the LPAE case as in ARM fault.c and fsr-{2,3}level.c
>     - Cache clock and check whether they are enabled before register
>       access
> V3: - Fix commit message according to spellchecker
>     - Use of_find_matching_node() to apply hook only on Gen1 and Gen2 RCar
>       (in case the kernel is multiplatform)
> V4: - Mark rcar_pcie_abort_handler_of_match with __initconst
> V5: - Add mutex around rcar_pcie_aarch32_abort_handler()

[from my v5 comments] spinlock (used as a mutex ;-)

>     - Update commit message again to point out issues with L1/D3Hot states
> V6: - Return 1 only if condition cannot be fixed

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook
  2021-05-14 20:05 [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook marek.vasut
  2021-05-17  7:39 ` Geert Uytterhoeven
@ 2021-07-17 17:33 ` Bjorn Helgaas
  2021-07-17 18:14   ` Marek Vasut
                     ` (2 more replies)
  1 sibling, 3 replies; 18+ messages in thread
From: Bjorn Helgaas @ 2021-07-17 17:33 UTC (permalink / raw)
  To: marek.vasut
  Cc: linux-pci, Marek Vasut, Bjorn Helgaas, Geert Uytterhoeven,
	Lorenzo Pieralisi, Wolfram Sang, Yoshihiro Shimoda,
	linux-renesas-soc

On Fri, May 14, 2021 at 10:05:49PM +0200, marek.vasut@gmail.com wrote:
> From: Marek Vasut <marek.vasut+renesas@gmail.com>
> 
> The R-Car PCIe controller is capable of handling L0s/L1 link states.
> While the controller can enter and exit L0s link state, and exit L1
> link state, without any additional action from the driver, to enter
> L1 link state, the driver must complete the link state transition by
> issuing additional commands to the controller.
> 
> The problem is, this transition is not atomic. The controller sets
> PMEL1RX bit in PMSR register upon reception of PM_ENTER_L1 DLLP from
> the PCIe card, but then the controller enters some sort of inbetween
> state. The driver must detect this condition and complete the link
> state transition, by setting L1IATN bit in PMCTLR and waiting for
> the link state transition to complete.
> 
> If a PCIe access happens inside this window, where the controller
> is between L0 and L1 link states, the access generates a fault and
> the ARM 'imprecise external abort' handler is invoked.
> 
> Just like other PCI controller drivers, here we hook the fault handler,
> perform the fixup to help the controller enter L1 link state, and then
> restart the instruction which triggered the fault. Since the controller
> is in L1 link state now, the link can exit from L1 link state to L0 and
> successfully complete the access.
> 
> While it was suggested to disable L1 link state support completely on
> the controller level, this would not prevent the L1 link state entry
> initiated by the link partner. This happens e.g. in case a PCIe card
> enters D3Hot state, which could be initiated from pci_set_power_state()
> if the card indicates D3Hot support, which in turn means link must enter
> L1 state. So instead, fix up the L1 link state after all.
> 
> Note that this fixup is applicable only to Aarch32 R-Car controllers,
> the Aarch64 R-Car perform the same fixup in TFA, see TFA commit [1]
> 0969397f2 ("rcar_gen3: plat: Prevent PCIe hang during L1X config access")
> [1] https://github.com/ARM-software/arm-trusted-firmware/commit/0969397f295621aa26b3d14b76dd397d22be58bf

This patch is horribly ugly but it's working around a horrible
hardware problem, and I don't have any better suggestions, so I guess
we don't really have much choice.

I do think the commit log is a bit glib:

  - "The R-Car PCIe controller is capable of handling L0s/L1 link
    states."  AFAICT every PCIe device is required to handle L0 and L1
    without software assistance.  So saying R-Car is "capable" puts a
    better face on this than seems warranted.

    L0s doesn't seem relevant at all; at least it doesn't seem to play
    a role in the patch.  There's no such thing as "returning to L0s"
    as mentioned in the comment below; L0s is only reachable from L0.
    Returns from L1 only go to L0 (PCIe r5.0, fig 5-1).

  - "The problem is, this transition is not atomic."  I think the
    *problem* is the hardware is broken in the first place.  This
    transition is supposed to be invisible to software.

  - "Just like other PCI controller drivers ..." suggests that this is
    an ordinary situation that we shouldn't be concerned about.  This
    patch may be the best we can do to work around a bad hardware
    defect, but it's definitely not ordinary.

    I think the other hook_fault_code() uses are for reporting
    legitimate PCIe errors, which most controllers log and turn
    into ~0 data responses without generating an abort or machine
    check, not things caused by hardware defects, so they're not
    really comparable.

Has Renesas documented this as an erratum?  Will future devices
require additions to rcar_pcie_abort_handler_of_match[]?

It'd be nice if the commit log mentioned the user-visible effect of
this problem.  I guess it does mention external aborts -- I assume you
see those when downstream devices go to D3hot or when ASPM puts the
link in L1?  And the abort results in a reboot?

To be clear, I'm not objecting to the patch.  It's a hardware problem
and we should work around it as best we can.

> Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
> Cc: Bjorn Helgaas <bhelgaas@google.com>
> Cc: Geert Uytterhoeven <geert+renesas@glider.be>
> Cc: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
> Cc: Wolfram Sang <wsa@the-dreams.de>
> Cc: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
> Cc: linux-renesas-soc@vger.kernel.org
> ---
> V2: - Update commit message, add link to TFA repository commit
>     - Handle the LPAE case as in ARM fault.c and fsr-{2,3}level.c
>     - Cache clock and check whether they are enabled before register
>       access
> V3: - Fix commit message according to spellchecker
>     - Use of_find_matching_node() to apply hook only on Gen1 and Gen2 RCar
>       (in case the kernel is multiplatform)
> V4: - Mark rcar_pcie_abort_handler_of_match with __initconst
> V5: - Add mutex around rcar_pcie_aarch32_abort_handler()
>     - Update commit message again to point out issues with L1/D3Hot states
> V6: - Return 1 only if condition cannot be fixed
> ---
>  drivers/pci/controller/pcie-rcar-host.c | 84 +++++++++++++++++++++++++
>  drivers/pci/controller/pcie-rcar.h      |  7 +++
>  2 files changed, 91 insertions(+)
> 
> diff --git a/drivers/pci/controller/pcie-rcar-host.c b/drivers/pci/controller/pcie-rcar-host.c
> index 765cf2b45e24..0d3f8dc5ff8a 100644
> --- a/drivers/pci/controller/pcie-rcar-host.c
> +++ b/drivers/pci/controller/pcie-rcar-host.c
> @@ -13,6 +13,7 @@
>  
>  #include <linux/bitops.h>
>  #include <linux/clk.h>
> +#include <linux/clk-provider.h>
>  #include <linux/delay.h>
>  #include <linux/interrupt.h>
>  #include <linux/irq.h>
> @@ -41,6 +42,21 @@ struct rcar_msi {
>  	int irq2;
>  };
>  
> +#ifdef CONFIG_ARM
> +/*
> + * Here we keep a static copy of the remapped PCIe controller address.
> + * This is only used on aarch32 systems, all of which have one single
> + * PCIe controller, to provide quick access to the PCIe controller in
> + * the L1 link state fixup function, called from the ARM fault handler.
> + */
> +static void __iomem *pcie_base;
> +/*
> + * Static copy of bus clock pointer, so we can check whether the clock
> + * is enabled or not.
> + */
> +static struct clk *pcie_bus_clk;
> +#endif
> +
>  /* Structure representing the PCIe interface */
>  struct rcar_pcie_host {
>  	struct rcar_pcie	pcie;
> @@ -776,6 +792,12 @@ static int rcar_pcie_get_resources(struct rcar_pcie_host *host)
>  	}
>  	host->msi.irq2 = i;
>  
> +#ifdef CONFIG_ARM
> +	/* Cache static copy for L1 link state fixup hook on aarch32 */
> +	pcie_base = pcie->base;
> +	pcie_bus_clk = host->bus_clk;
> +#endif
> +
>  	return 0;
>  
>  err_irq2:
> @@ -1031,4 +1053,66 @@ static struct platform_driver rcar_pcie_driver = {
>  	},
>  	.probe = rcar_pcie_probe,
>  };
> +
> +#ifdef CONFIG_ARM
> +static DEFINE_SPINLOCK(pmsr_lock);
> +static int rcar_pcie_aarch32_abort_handler(unsigned long addr,
> +		unsigned int fsr, struct pt_regs *regs)
> +{
> +	unsigned long flags;
> +	int ret = 0;
> +	u32 pmsr;
> +
> +	spin_lock_irqsave(&pmsr_lock, flags);
> +
> +	if (!pcie_base || !__clk_is_enabled(pcie_bus_clk)) {
> +		ret = 1;
> +		goto unlock_exit;
> +	}
> +
> +	pmsr = readl(pcie_base + PMSR);
> +
> +	/*
> +	 * Test if the PCIe controller received PM_ENTER_L1 DLLP and
> +	 * the PCIe controller is not in L1 link state. If true, apply
> +	 * fix, which will put the controller into L1 link state, from
> +	 * which it can return to L0s/L0 on its own.
> +	 */
> +	if ((pmsr & PMEL1RX) && ((pmsr & PMSTATE) != PMSTATE_L1)) {
> +		writel(L1IATN, pcie_base + PMCTLR);
> +		while (!(readl(pcie_base + PMSR) & L1FAEG))
> +			;
> +		writel(L1FAEG | PMEL1RX, pcie_base + PMSR);
> +	}
> +
> +unlock_exit:
> +	spin_unlock_irqrestore(&pmsr_lock, flags);
> +	return ret;
> +}
> +
> +static const struct of_device_id rcar_pcie_abort_handler_of_match[] __initconst = {
> +	{ .compatible = "renesas,pcie-r8a7779" },
> +	{ .compatible = "renesas,pcie-r8a7790" },
> +	{ .compatible = "renesas,pcie-r8a7791" },
> +	{ .compatible = "renesas,pcie-rcar-gen2" },
> +	{},
> +};
> +
> +static int __init rcar_pcie_init(void)
> +{
> +	if (of_find_matching_node(NULL, rcar_pcie_abort_handler_of_match)) {
> +#ifdef CONFIG_ARM_LPAE
> +		hook_fault_code(17, rcar_pcie_aarch32_abort_handler, SIGBUS, 0,
> +				"asynchronous external abort");
> +#else
> +		hook_fault_code(22, rcar_pcie_aarch32_abort_handler, SIGBUS, 0,
> +				"imprecise external abort");
> +#endif
> +	}
> +
> +	return platform_driver_register(&rcar_pcie_driver);
> +}
> +device_initcall(rcar_pcie_init);
> +#else
>  builtin_platform_driver(rcar_pcie_driver);
> +#endif
> diff --git a/drivers/pci/controller/pcie-rcar.h b/drivers/pci/controller/pcie-rcar.h
> index d4c698b5f821..9bb125db85c6 100644
> --- a/drivers/pci/controller/pcie-rcar.h
> +++ b/drivers/pci/controller/pcie-rcar.h
> @@ -85,6 +85,13 @@
>  #define  LTSMDIS		BIT(31)
>  #define  MACCTLR_INIT_VAL	(LTSMDIS | MACCTLR_NFTS_MASK)
>  #define PMSR			0x01105c
> +#define  L1FAEG			BIT(31)
> +#define  PMEL1RX		BIT(23)
> +#define  PMSTATE		GENMASK(18, 16)
> +#define  PMSTATE_L1		(3 << 16)
> +#define PMCTLR			0x011060
> +#define  L1IATN			BIT(31)
> +
>  #define MACS2R			0x011078
>  #define MACCGSPSETR		0x011084
>  #define  SPCNGRSN		BIT(31)
> -- 
> 2.30.2
> 

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook
  2021-07-17 17:33 ` Bjorn Helgaas
@ 2021-07-17 18:14   ` Marek Vasut
  2021-07-19  8:59   ` Lorenzo Pieralisi
  2021-07-26 14:47   ` Geert Uytterhoeven
  2 siblings, 0 replies; 18+ messages in thread
From: Marek Vasut @ 2021-07-17 18:14 UTC (permalink / raw)
  To: Bjorn Helgaas
  Cc: linux-pci, Bjorn Helgaas, Geert Uytterhoeven, Lorenzo Pieralisi,
	Wolfram Sang, Yoshihiro Shimoda, linux-renesas-soc

On 7/17/21 7:33 PM, Bjorn Helgaas wrote:
[...]

>> Note that this fixup is applicable only to Aarch32 R-Car controllers,
>> the Aarch64 R-Car perform the same fixup in TFA, see TFA commit [1]
>> 0969397f2 ("rcar_gen3: plat: Prevent PCIe hang during L1X config access")
>> [1] https://github.com/ARM-software/arm-trusted-firmware/commit/0969397f295621aa26b3d14b76dd397d22be58bf
> 
> This patch is horribly ugly but it's working around a horrible
> hardware problem, and I don't have any better suggestions, so I guess
> we don't really have much choice.
> 
> I do think the commit log is a bit glib:

Should I reword the commit message one more time and send V7 ?

>    - "The R-Car PCIe controller is capable of handling L0s/L1 link
>      states."  AFAICT every PCIe device is required to handle L0 and L1
>      without software assistance.  So saying R-Car is "capable" puts a
>      better face on this than seems warranted.
> 
>      L0s doesn't seem relevant at all; at least it doesn't seem to play
>      a role in the patch.  There's no such thing as "returning to L0s"
>      as mentioned in the comment below; L0s is only reachable from L0.
>      Returns from L1 only go to L0 (PCIe r5.0, fig 5-1).
> 
>    - "The problem is, this transition is not atomic."  I think the
>      *problem* is the hardware is broken in the first place.  This
>      transition is supposed to be invisible to software.
> 
>    - "Just like other PCI controller drivers ..." suggests that this is
>      an ordinary situation that we shouldn't be concerned about.  This
>      patch may be the best we can do to work around a bad hardware
>      defect, but it's definitely not ordinary.
> 
>      I think the other hook_fault_code() uses are for reporting
>      legitimate PCIe errors, which most controllers log and turn
>      into ~0 data responses without generating an abort or machine
>      check, not things caused by hardware defects, so they're not
>      really comparable.
> 
> Has Renesas documented this as an erratum?

They are aware of this.

> Will future devices
> require additions to rcar_pcie_abort_handler_of_match[]?

No, this change is for legacy arm32 SoCs only.

> It'd be nice if the commit log mentioned the user-visible effect of
> this problem.  I guess it does mention external aborts -- I assume you
> see those when downstream devices go to D3hot or when ASPM puts the
> link in L1?  And the abort results in a reboot?

It results in a hang.

> To be clear, I'm not objecting to the patch.  It's a hardware problem
> and we should work around it as best we can.

[...]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook
  2021-07-17 17:33 ` Bjorn Helgaas
  2021-07-17 18:14   ` Marek Vasut
@ 2021-07-19  8:59   ` Lorenzo Pieralisi
  2021-07-19 15:38     ` Marek Vasut
  2021-07-19 17:23     ` Pali Rohár
  2021-07-26 14:47   ` Geert Uytterhoeven
  2 siblings, 2 replies; 18+ messages in thread
From: Lorenzo Pieralisi @ 2021-07-19  8:59 UTC (permalink / raw)
  To: Bjorn Helgaas
  Cc: marek.vasut, linux-pci, Marek Vasut, Bjorn Helgaas,
	Geert Uytterhoeven, Wolfram Sang, Yoshihiro Shimoda,
	linux-renesas-soc, pali

[+Pali]

On Sat, Jul 17, 2021 at 12:33:34PM -0500, Bjorn Helgaas wrote:
> On Fri, May 14, 2021 at 10:05:49PM +0200, marek.vasut@gmail.com wrote:
> > From: Marek Vasut <marek.vasut+renesas@gmail.com>
> > 
> > The R-Car PCIe controller is capable of handling L0s/L1 link states.
> > While the controller can enter and exit L0s link state, and exit L1
> > link state, without any additional action from the driver, to enter
> > L1 link state, the driver must complete the link state transition by
> > issuing additional commands to the controller.
> > 
> > The problem is, this transition is not atomic. The controller sets
> > PMEL1RX bit in PMSR register upon reception of PM_ENTER_L1 DLLP from
> > the PCIe card, but then the controller enters some sort of inbetween
> > state. The driver must detect this condition and complete the link
> > state transition, by setting L1IATN bit in PMCTLR and waiting for
> > the link state transition to complete.
> > 
> > If a PCIe access happens inside this window, where the controller
> > is between L0 and L1 link states, the access generates a fault and
> > the ARM 'imprecise external abort' handler is invoked.
> > 
> > Just like other PCI controller drivers, here we hook the fault handler,
> > perform the fixup to help the controller enter L1 link state, and then
> > restart the instruction which triggered the fault. Since the controller
> > is in L1 link state now, the link can exit from L1 link state to L0 and
> > successfully complete the access.
> > 
> > While it was suggested to disable L1 link state support completely on
> > the controller level, this would not prevent the L1 link state entry
> > initiated by the link partner. This happens e.g. in case a PCIe card
> > enters D3Hot state, which could be initiated from pci_set_power_state()
> > if the card indicates D3Hot support, which in turn means link must enter
> > L1 state. So instead, fix up the L1 link state after all.
> > 
> > Note that this fixup is applicable only to Aarch32 R-Car controllers,
> > the Aarch64 R-Car perform the same fixup in TFA, see TFA commit [1]
> > 0969397f2 ("rcar_gen3: plat: Prevent PCIe hang during L1X config access")
> > [1] https://github.com/ARM-software/arm-trusted-firmware/commit/0969397f295621aa26b3d14b76dd397d22be58bf
> 
> This patch is horribly ugly but it's working around a horrible
> hardware problem, and I don't have any better suggestions, so I guess
> we don't really have much choice.

Pali is doing some work on the matter (in particular [1] above) and I
was following that up to see if there was any outcome before merging
this code, I could not follow up myself for lack of time.

Lorenzo

> I do think the commit log is a bit glib:
> 
>   - "The R-Car PCIe controller is capable of handling L0s/L1 link
>     states."  AFAICT every PCIe device is required to handle L0 and L1
>     without software assistance.  So saying R-Car is "capable" puts a
>     better face on this than seems warranted.
> 
>     L0s doesn't seem relevant at all; at least it doesn't seem to play
>     a role in the patch.  There's no such thing as "returning to L0s"
>     as mentioned in the comment below; L0s is only reachable from L0.
>     Returns from L1 only go to L0 (PCIe r5.0, fig 5-1).
> 
>   - "The problem is, this transition is not atomic."  I think the
>     *problem* is the hardware is broken in the first place.  This
>     transition is supposed to be invisible to software.
> 
>   - "Just like other PCI controller drivers ..." suggests that this is
>     an ordinary situation that we shouldn't be concerned about.  This
>     patch may be the best we can do to work around a bad hardware
>     defect, but it's definitely not ordinary.
> 
>     I think the other hook_fault_code() uses are for reporting
>     legitimate PCIe errors, which most controllers log and turn
>     into ~0 data responses without generating an abort or machine
>     check, not things caused by hardware defects, so they're not
>     really comparable.
> 
> Has Renesas documented this as an erratum?  Will future devices
> require additions to rcar_pcie_abort_handler_of_match[]?
> 
> It'd be nice if the commit log mentioned the user-visible effect of
> this problem.  I guess it does mention external aborts -- I assume you
> see those when downstream devices go to D3hot or when ASPM puts the
> link in L1?  And the abort results in a reboot?
> 
> To be clear, I'm not objecting to the patch.  It's a hardware problem
> and we should work around it as best we can.
> 
> > Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
> > Cc: Bjorn Helgaas <bhelgaas@google.com>
> > Cc: Geert Uytterhoeven <geert+renesas@glider.be>
> > Cc: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
> > Cc: Wolfram Sang <wsa@the-dreams.de>
> > Cc: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
> > Cc: linux-renesas-soc@vger.kernel.org
> > ---
> > V2: - Update commit message, add link to TFA repository commit
> >     - Handle the LPAE case as in ARM fault.c and fsr-{2,3}level.c
> >     - Cache clock and check whether they are enabled before register
> >       access
> > V3: - Fix commit message according to spellchecker
> >     - Use of_find_matching_node() to apply hook only on Gen1 and Gen2 RCar
> >       (in case the kernel is multiplatform)
> > V4: - Mark rcar_pcie_abort_handler_of_match with __initconst
> > V5: - Add mutex around rcar_pcie_aarch32_abort_handler()
> >     - Update commit message again to point out issues with L1/D3Hot states
> > V6: - Return 1 only if condition cannot be fixed
> > ---
> >  drivers/pci/controller/pcie-rcar-host.c | 84 +++++++++++++++++++++++++
> >  drivers/pci/controller/pcie-rcar.h      |  7 +++
> >  2 files changed, 91 insertions(+)
> > 
> > diff --git a/drivers/pci/controller/pcie-rcar-host.c b/drivers/pci/controller/pcie-rcar-host.c
> > index 765cf2b45e24..0d3f8dc5ff8a 100644
> > --- a/drivers/pci/controller/pcie-rcar-host.c
> > +++ b/drivers/pci/controller/pcie-rcar-host.c
> > @@ -13,6 +13,7 @@
> >  
> >  #include <linux/bitops.h>
> >  #include <linux/clk.h>
> > +#include <linux/clk-provider.h>
> >  #include <linux/delay.h>
> >  #include <linux/interrupt.h>
> >  #include <linux/irq.h>
> > @@ -41,6 +42,21 @@ struct rcar_msi {
> >  	int irq2;
> >  };
> >  
> > +#ifdef CONFIG_ARM
> > +/*
> > + * Here we keep a static copy of the remapped PCIe controller address.
> > + * This is only used on aarch32 systems, all of which have one single
> > + * PCIe controller, to provide quick access to the PCIe controller in
> > + * the L1 link state fixup function, called from the ARM fault handler.
> > + */
> > +static void __iomem *pcie_base;
> > +/*
> > + * Static copy of bus clock pointer, so we can check whether the clock
> > + * is enabled or not.
> > + */
> > +static struct clk *pcie_bus_clk;
> > +#endif
> > +
> >  /* Structure representing the PCIe interface */
> >  struct rcar_pcie_host {
> >  	struct rcar_pcie	pcie;
> > @@ -776,6 +792,12 @@ static int rcar_pcie_get_resources(struct rcar_pcie_host *host)
> >  	}
> >  	host->msi.irq2 = i;
> >  
> > +#ifdef CONFIG_ARM
> > +	/* Cache static copy for L1 link state fixup hook on aarch32 */
> > +	pcie_base = pcie->base;
> > +	pcie_bus_clk = host->bus_clk;
> > +#endif
> > +
> >  	return 0;
> >  
> >  err_irq2:
> > @@ -1031,4 +1053,66 @@ static struct platform_driver rcar_pcie_driver = {
> >  	},
> >  	.probe = rcar_pcie_probe,
> >  };
> > +
> > +#ifdef CONFIG_ARM
> > +static DEFINE_SPINLOCK(pmsr_lock);
> > +static int rcar_pcie_aarch32_abort_handler(unsigned long addr,
> > +		unsigned int fsr, struct pt_regs *regs)
> > +{
> > +	unsigned long flags;
> > +	int ret = 0;
> > +	u32 pmsr;
> > +
> > +	spin_lock_irqsave(&pmsr_lock, flags);
> > +
> > +	if (!pcie_base || !__clk_is_enabled(pcie_bus_clk)) {
> > +		ret = 1;
> > +		goto unlock_exit;
> > +	}
> > +
> > +	pmsr = readl(pcie_base + PMSR);
> > +
> > +	/*
> > +	 * Test if the PCIe controller received PM_ENTER_L1 DLLP and
> > +	 * the PCIe controller is not in L1 link state. If true, apply
> > +	 * fix, which will put the controller into L1 link state, from
> > +	 * which it can return to L0s/L0 on its own.
> > +	 */
> > +	if ((pmsr & PMEL1RX) && ((pmsr & PMSTATE) != PMSTATE_L1)) {
> > +		writel(L1IATN, pcie_base + PMCTLR);
> > +		while (!(readl(pcie_base + PMSR) & L1FAEG))
> > +			;
> > +		writel(L1FAEG | PMEL1RX, pcie_base + PMSR);
> > +	}
> > +
> > +unlock_exit:
> > +	spin_unlock_irqrestore(&pmsr_lock, flags);
> > +	return ret;
> > +}
> > +
> > +static const struct of_device_id rcar_pcie_abort_handler_of_match[] __initconst = {
> > +	{ .compatible = "renesas,pcie-r8a7779" },
> > +	{ .compatible = "renesas,pcie-r8a7790" },
> > +	{ .compatible = "renesas,pcie-r8a7791" },
> > +	{ .compatible = "renesas,pcie-rcar-gen2" },
> > +	{},
> > +};
> > +
> > +static int __init rcar_pcie_init(void)
> > +{
> > +	if (of_find_matching_node(NULL, rcar_pcie_abort_handler_of_match)) {
> > +#ifdef CONFIG_ARM_LPAE
> > +		hook_fault_code(17, rcar_pcie_aarch32_abort_handler, SIGBUS, 0,
> > +				"asynchronous external abort");
> > +#else
> > +		hook_fault_code(22, rcar_pcie_aarch32_abort_handler, SIGBUS, 0,
> > +				"imprecise external abort");
> > +#endif
> > +	}
> > +
> > +	return platform_driver_register(&rcar_pcie_driver);
> > +}
> > +device_initcall(rcar_pcie_init);
> > +#else
> >  builtin_platform_driver(rcar_pcie_driver);
> > +#endif
> > diff --git a/drivers/pci/controller/pcie-rcar.h b/drivers/pci/controller/pcie-rcar.h
> > index d4c698b5f821..9bb125db85c6 100644
> > --- a/drivers/pci/controller/pcie-rcar.h
> > +++ b/drivers/pci/controller/pcie-rcar.h
> > @@ -85,6 +85,13 @@
> >  #define  LTSMDIS		BIT(31)
> >  #define  MACCTLR_INIT_VAL	(LTSMDIS | MACCTLR_NFTS_MASK)
> >  #define PMSR			0x01105c
> > +#define  L1FAEG			BIT(31)
> > +#define  PMEL1RX		BIT(23)
> > +#define  PMSTATE		GENMASK(18, 16)
> > +#define  PMSTATE_L1		(3 << 16)
> > +#define PMCTLR			0x011060
> > +#define  L1IATN			BIT(31)
> > +
> >  #define MACS2R			0x011078
> >  #define MACCGSPSETR		0x011084
> >  #define  SPCNGRSN		BIT(31)
> > -- 
> > 2.30.2
> > 

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook
  2021-07-19  8:59   ` Lorenzo Pieralisi
@ 2021-07-19 15:38     ` Marek Vasut
  2021-07-19 17:23     ` Pali Rohár
  1 sibling, 0 replies; 18+ messages in thread
From: Marek Vasut @ 2021-07-19 15:38 UTC (permalink / raw)
  To: Lorenzo Pieralisi, Bjorn Helgaas
  Cc: linux-pci, Bjorn Helgaas, Geert Uytterhoeven, Wolfram Sang,
	Yoshihiro Shimoda, linux-renesas-soc, pali

On 7/19/21 10:59 AM, Lorenzo Pieralisi wrote:
> [+Pali]
> 
> On Sat, Jul 17, 2021 at 12:33:34PM -0500, Bjorn Helgaas wrote:
>> On Fri, May 14, 2021 at 10:05:49PM +0200, marek.vasut@gmail.com wrote:
>>> From: Marek Vasut <marek.vasut+renesas@gmail.com>
>>>
>>> The R-Car PCIe controller is capable of handling L0s/L1 link states.
>>> While the controller can enter and exit L0s link state, and exit L1
>>> link state, without any additional action from the driver, to enter
>>> L1 link state, the driver must complete the link state transition by
>>> issuing additional commands to the controller.
>>>
>>> The problem is, this transition is not atomic. The controller sets
>>> PMEL1RX bit in PMSR register upon reception of PM_ENTER_L1 DLLP from
>>> the PCIe card, but then the controller enters some sort of inbetween
>>> state. The driver must detect this condition and complete the link
>>> state transition, by setting L1IATN bit in PMCTLR and waiting for
>>> the link state transition to complete.
>>>
>>> If a PCIe access happens inside this window, where the controller
>>> is between L0 and L1 link states, the access generates a fault and
>>> the ARM 'imprecise external abort' handler is invoked.
>>>
>>> Just like other PCI controller drivers, here we hook the fault handler,
>>> perform the fixup to help the controller enter L1 link state, and then
>>> restart the instruction which triggered the fault. Since the controller
>>> is in L1 link state now, the link can exit from L1 link state to L0 and
>>> successfully complete the access.
>>>
>>> While it was suggested to disable L1 link state support completely on
>>> the controller level, this would not prevent the L1 link state entry
>>> initiated by the link partner. This happens e.g. in case a PCIe card
>>> enters D3Hot state, which could be initiated from pci_set_power_state()
>>> if the card indicates D3Hot support, which in turn means link must enter
>>> L1 state. So instead, fix up the L1 link state after all.
>>>
>>> Note that this fixup is applicable only to Aarch32 R-Car controllers,
>>> the Aarch64 R-Car perform the same fixup in TFA, see TFA commit [1]
>>> 0969397f2 ("rcar_gen3: plat: Prevent PCIe hang during L1X config access")
>>> [1] https://github.com/ARM-software/arm-trusted-firmware/commit/0969397f295621aa26b3d14b76dd397d22be58bf
>>
>> This patch is horribly ugly but it's working around a horrible
>> hardware problem, and I don't have any better suggestions, so I guess
>> we don't really have much choice.
> 
> Pali is doing some work on the matter (in particular [1] above) and I
> was following that up to see if there was any outcome before merging
> this code, I could not follow up myself for lack of time.

arm32 r-car does NOT use atf, so this does not apply here.

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook
  2021-07-19  8:59   ` Lorenzo Pieralisi
  2021-07-19 15:38     ` Marek Vasut
@ 2021-07-19 17:23     ` Pali Rohár
  2021-07-19 18:39       ` Marek Vasut
                         ` (2 more replies)
  1 sibling, 3 replies; 18+ messages in thread
From: Pali Rohár @ 2021-07-19 17:23 UTC (permalink / raw)
  To: Lorenzo Pieralisi
  Cc: Bjorn Helgaas, marek.vasut, linux-pci, Marek Vasut,
	Bjorn Helgaas, Geert Uytterhoeven, Wolfram Sang,
	Yoshihiro Shimoda, linux-renesas-soc

On Monday 19 July 2021 09:59:53 Lorenzo Pieralisi wrote:
> [+Pali]
> 
> On Sat, Jul 17, 2021 at 12:33:34PM -0500, Bjorn Helgaas wrote:
> > On Fri, May 14, 2021 at 10:05:49PM +0200, marek.vasut@gmail.com wrote:
> > > From: Marek Vasut <marek.vasut+renesas@gmail.com>
> > > 
> > > The R-Car PCIe controller is capable of handling L0s/L1 link states.
> > > While the controller can enter and exit L0s link state, and exit L1
> > > link state, without any additional action from the driver, to enter
> > > L1 link state, the driver must complete the link state transition by
> > > issuing additional commands to the controller.
> > > 
> > > The problem is, this transition is not atomic. The controller sets
> > > PMEL1RX bit in PMSR register upon reception of PM_ENTER_L1 DLLP from
> > > the PCIe card, but then the controller enters some sort of inbetween
> > > state. The driver must detect this condition and complete the link
> > > state transition, by setting L1IATN bit in PMCTLR and waiting for
> > > the link state transition to complete.
> > > 
> > > If a PCIe access happens inside this window, where the controller
> > > is between L0 and L1 link states, the access generates a fault and
> > > the ARM 'imprecise external abort' handler is invoked.

And if PCIe MMIO access does not happen, what fixes this issue? In this
patch is implemented only arm32 external abort hook handler (which is
called only when PCIe MMIO access happens and aborts).

> > > Just like other PCI controller drivers, here we hook the fault handler,
> > > perform the fixup to help the controller enter L1 link state, and then
> > > restart the instruction which triggered the fault. Since the controller
> > > is in L1 link state now, the link can exit from L1 link state to L0 and
> > > successfully complete the access.

Link cannot directly goes to L0 from L1. It first goes to Recovery state
and in this state card can "disconnect" or reset...

What would happen if PCIe MMIO access is issued when link is not in some
L* state? (This can be manually triggered by PCIe Hot Reset - toggling
Secondary Bus Reset bit in Bridge Control register on parent PCIe Bridge
device) Is R-Car working in this case and does not crash?

> > > While it was suggested to disable L1 link state support completely on
> > > the controller level, this would not prevent the L1 link state entry
> > > initiated by the link partner. This happens e.g. in case a PCIe card
> > > enters D3Hot state, which could be initiated from pci_set_power_state()
> > > if the card indicates D3Hot support, which in turn means link must enter
> > > L1 state. So instead, fix up the L1 link state after all.
> > > 
> > > Note that this fixup is applicable only to Aarch32 R-Car controllers,
> > > the Aarch64 R-Car perform the same fixup in TFA, see TFA commit [1]
> > > 0969397f2 ("rcar_gen3: plat: Prevent PCIe hang during L1X config access")
> > > [1] https://github.com/ARM-software/arm-trusted-firmware/commit/0969397f295621aa26b3d14b76dd397d22be58bf
> > 
> > This patch is horribly ugly but it's working around a horrible
> > hardware problem, and I don't have any better suggestions, so I guess
> > we don't really have much choice.
> 
> Pali is doing some work on the matter (in particular [1] above) and I
> was following that up to see if there was any outcome before merging
> this code, I could not follow up myself for lack of time.

Yes, I'm in process to remove similar hack / hook for pci aardvark
controller space. Kernel now has better fix for aardvark issue
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f18139966d072dab8e4398c95ce955a9742e04f7
so TF-A part of this hack could be disabled. But this is nothing for
R-Car. The only change which is touching TF-A code outside of pci
aardvark space is de-duplication of external abort handler code.

> Lorenzo
> 
> > I do think the commit log is a bit glib:
> > 
> >   - "The R-Car PCIe controller is capable of handling L0s/L1 link
> >     states."  AFAICT every PCIe device is required to handle L0 and L1
> >     without software assistance.  So saying R-Car is "capable" puts a
> >     better face on this than seems warranted.
> > 
> >     L0s doesn't seem relevant at all; at least it doesn't seem to play
> >     a role in the patch.  There's no such thing as "returning to L0s"
> >     as mentioned in the comment below; L0s is only reachable from L0.
> >     Returns from L1 only go to L0 (PCIe r5.0, fig 5-1).

IIRC from L1 you can only go to Recovery. And from L0s you go to L0 or
Recovery. But I do not know what is or was changed in PCIe r5.0.

> > 
> >   - "The problem is, this transition is not atomic."  I think the
> >     *problem* is the hardware is broken in the first place.  This
> >     transition is supposed to be invisible to software.
> > 
> >   - "Just like other PCI controller drivers ..." suggests that this is
> >     an ordinary situation that we shouldn't be concerned about.  This
> >     patch may be the best we can do to work around a bad hardware
> >     defect, but it's definitely not ordinary.
> > 
> >     I think the other hook_fault_code() uses are for reporting
> >     legitimate PCIe errors, which most controllers log and turn
> >     into ~0 data responses without generating an abort or machine
> >     check, not things caused by hardware defects, so they're not
> >     really comparable.

Yes, other hooks translate read aborts to fabricated 0xFFFFFFFF
response. But this one is totally different "hack" for buggy hw.

> > Has Renesas documented this as an erratum?  Will future devices
> > require additions to rcar_pcie_abort_handler_of_match[]?
> > 
> > It'd be nice if the commit log mentioned the user-visible effect of
> > this problem.  I guess it does mention external aborts -- I assume you
> > see those when downstream devices go to D3hot or when ASPM puts the
> > link in L1?  And the abort results in a reboot?

Normally these abort handlers reset cpu at the end, right? But maybe it
can be configured...

> > To be clear, I'm not objecting to the patch.  It's a hardware problem
> > and we should work around it as best we can.

I'm not sure if current API of hook_fault_code or rather whole usage of
it is prepared to expand into more and more drivers. Last time I looked
at this arm32 part, it was possible to register only one callback from
driver. So extending usage of this hook API can result that two drivers
start fighting who register it earlier...

> > > Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
> > > Cc: Bjorn Helgaas <bhelgaas@google.com>
> > > Cc: Geert Uytterhoeven <geert+renesas@glider.be>
> > > Cc: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
> > > Cc: Wolfram Sang <wsa@the-dreams.de>
> > > Cc: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
> > > Cc: linux-renesas-soc@vger.kernel.org
> > > ---
> > > V2: - Update commit message, add link to TFA repository commit
> > >     - Handle the LPAE case as in ARM fault.c and fsr-{2,3}level.c
> > >     - Cache clock and check whether they are enabled before register
> > >       access
> > > V3: - Fix commit message according to spellchecker
> > >     - Use of_find_matching_node() to apply hook only on Gen1 and Gen2 RCar
> > >       (in case the kernel is multiplatform)
> > > V4: - Mark rcar_pcie_abort_handler_of_match with __initconst
> > > V5: - Add mutex around rcar_pcie_aarch32_abort_handler()
> > >     - Update commit message again to point out issues with L1/D3Hot states
> > > V6: - Return 1 only if condition cannot be fixed
> > > ---
> > >  drivers/pci/controller/pcie-rcar-host.c | 84 +++++++++++++++++++++++++
> > >  drivers/pci/controller/pcie-rcar.h      |  7 +++
> > >  2 files changed, 91 insertions(+)
> > > 
> > > diff --git a/drivers/pci/controller/pcie-rcar-host.c b/drivers/pci/controller/pcie-rcar-host.c
> > > index 765cf2b45e24..0d3f8dc5ff8a 100644
> > > --- a/drivers/pci/controller/pcie-rcar-host.c
> > > +++ b/drivers/pci/controller/pcie-rcar-host.c
> > > @@ -13,6 +13,7 @@
> > >  
> > >  #include <linux/bitops.h>
> > >  #include <linux/clk.h>
> > > +#include <linux/clk-provider.h>
> > >  #include <linux/delay.h>
> > >  #include <linux/interrupt.h>
> > >  #include <linux/irq.h>
> > > @@ -41,6 +42,21 @@ struct rcar_msi {
> > >  	int irq2;
> > >  };
> > >  
> > > +#ifdef CONFIG_ARM
> > > +/*
> > > + * Here we keep a static copy of the remapped PCIe controller address.
> > > + * This is only used on aarch32 systems, all of which have one single
> > > + * PCIe controller, to provide quick access to the PCIe controller in
> > > + * the L1 link state fixup function, called from the ARM fault handler.
> > > + */
> > > +static void __iomem *pcie_base;
> > > +/*
> > > + * Static copy of bus clock pointer, so we can check whether the clock
> > > + * is enabled or not.
> > > + */
> > > +static struct clk *pcie_bus_clk;
> > > +#endif
> > > +
> > >  /* Structure representing the PCIe interface */
> > >  struct rcar_pcie_host {
> > >  	struct rcar_pcie	pcie;
> > > @@ -776,6 +792,12 @@ static int rcar_pcie_get_resources(struct rcar_pcie_host *host)
> > >  	}
> > >  	host->msi.irq2 = i;
> > >  
> > > +#ifdef CONFIG_ARM
> > > +	/* Cache static copy for L1 link state fixup hook on aarch32 */
> > > +	pcie_base = pcie->base;
> > > +	pcie_bus_clk = host->bus_clk;
> > > +#endif

Usage of global variables with address space is ugly and horrible too,
but current hook_fault_code() does not provide nothing better.

> > > +
> > >  	return 0;
> > >  
> > >  err_irq2:
> > > @@ -1031,4 +1053,66 @@ static struct platform_driver rcar_pcie_driver = {
> > >  	},
> > >  	.probe = rcar_pcie_probe,
> > >  };
> > > +
> > > +#ifdef CONFIG_ARM
> > > +static DEFINE_SPINLOCK(pmsr_lock);
> > > +static int rcar_pcie_aarch32_abort_handler(unsigned long addr,
> > > +		unsigned int fsr, struct pt_regs *regs)
> > > +{
> > > +	unsigned long flags;
> > > +	int ret = 0;
> > > +	u32 pmsr;
> > > +
> > > +	spin_lock_irqsave(&pmsr_lock, flags);
> > > +
> > > +	if (!pcie_base || !__clk_is_enabled(pcie_bus_clk)) {
> > > +		ret = 1;
> > > +		goto unlock_exit;
> > > +	}
> > > +
> > > +	pmsr = readl(pcie_base + PMSR);
> > > +
> > > +	/*
> > > +	 * Test if the PCIe controller received PM_ENTER_L1 DLLP and
> > > +	 * the PCIe controller is not in L1 link state. If true, apply
> > > +	 * fix, which will put the controller into L1 link state, from
> > > +	 * which it can return to L0s/L0 on its own.
> > > +	 */
> > > +	if ((pmsr & PMEL1RX) && ((pmsr & PMSTATE) != PMSTATE_L1)) {
> > > +		writel(L1IATN, pcie_base + PMCTLR);
> > > +		while (!(readl(pcie_base + PMSR) & L1FAEG))
> > > +			;

Infinite loop in abort handler is not a good idea. If this software
workaround is not able to fix HW in broken state then it is better to
let kernel finish abort handler and reboot machine (or whatever is
default action for particular abort handler).

> > > +		writel(L1FAEG | PMEL1RX, pcie_base + PMSR);
> > > +	}
> > > +
> > > +unlock_exit:
> > > +	spin_unlock_irqrestore(&pmsr_lock, flags);
> > > +	return ret;
> > > +}
> > > +
> > > +static const struct of_device_id rcar_pcie_abort_handler_of_match[] __initconst = {
> > > +	{ .compatible = "renesas,pcie-r8a7779" },
> > > +	{ .compatible = "renesas,pcie-r8a7790" },
> > > +	{ .compatible = "renesas,pcie-r8a7791" },
> > > +	{ .compatible = "renesas,pcie-rcar-gen2" },
> > > +	{},
> > > +};
> > > +
> > > +static int __init rcar_pcie_init(void)
> > > +{
> > > +	if (of_find_matching_node(NULL, rcar_pcie_abort_handler_of_match)) {
> > > +#ifdef CONFIG_ARM_LPAE
> > > +		hook_fault_code(17, rcar_pcie_aarch32_abort_handler, SIGBUS, 0,
> > > +				"asynchronous external abort");
> > > +#else
> > > +		hook_fault_code(22, rcar_pcie_aarch32_abort_handler, SIGBUS, 0,
> > > +				"imprecise external abort");
> > > +#endif
> > > +	}
> > > +
> > > +	return platform_driver_register(&rcar_pcie_driver);
> > > +}
> > > +device_initcall(rcar_pcie_init);
> > > +#else
> > >  builtin_platform_driver(rcar_pcie_driver);
> > > +#endif
> > > diff --git a/drivers/pci/controller/pcie-rcar.h b/drivers/pci/controller/pcie-rcar.h
> > > index d4c698b5f821..9bb125db85c6 100644
> > > --- a/drivers/pci/controller/pcie-rcar.h
> > > +++ b/drivers/pci/controller/pcie-rcar.h
> > > @@ -85,6 +85,13 @@
> > >  #define  LTSMDIS		BIT(31)
> > >  #define  MACCTLR_INIT_VAL	(LTSMDIS | MACCTLR_NFTS_MASK)
> > >  #define PMSR			0x01105c
> > > +#define  L1FAEG			BIT(31)
> > > +#define  PMEL1RX		BIT(23)
> > > +#define  PMSTATE		GENMASK(18, 16)
> > > +#define  PMSTATE_L1		(3 << 16)
> > > +#define PMCTLR			0x011060
> > > +#define  L1IATN			BIT(31)
> > > +
> > >  #define MACS2R			0x011078
> > >  #define MACCGSPSETR		0x011084
> > >  #define  SPCNGRSN		BIT(31)
> > > -- 
> > > 2.30.2
> > > 

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook
  2021-07-19 17:23     ` Pali Rohár
@ 2021-07-19 18:39       ` Marek Vasut
  2021-07-22 20:31         ` Pali Rohár
  2021-07-19 22:06       ` Bjorn Helgaas
  2021-07-27 16:11       ` Lorenzo Pieralisi
  2 siblings, 1 reply; 18+ messages in thread
From: Marek Vasut @ 2021-07-19 18:39 UTC (permalink / raw)
  To: Pali Rohár, Lorenzo Pieralisi
  Cc: Bjorn Helgaas, linux-pci, Bjorn Helgaas, Geert Uytterhoeven,
	Wolfram Sang, Yoshihiro Shimoda, linux-renesas-soc

On 7/19/21 7:23 PM, Pali Rohár wrote:

[...]

>>>> The R-Car PCIe controller is capable of handling L0s/L1 link states.
>>>> While the controller can enter and exit L0s link state, and exit L1
>>>> link state, without any additional action from the driver, to enter
>>>> L1 link state, the driver must complete the link state transition by
>>>> issuing additional commands to the controller.
>>>>
>>>> The problem is, this transition is not atomic. The controller sets
>>>> PMEL1RX bit in PMSR register upon reception of PM_ENTER_L1 DLLP from
>>>> the PCIe card, but then the controller enters some sort of inbetween
>>>> state. The driver must detect this condition and complete the link
>>>> state transition, by setting L1IATN bit in PMCTLR and waiting for
>>>> the link state transition to complete.
>>>>
>>>> If a PCIe access happens inside this window, where the controller
>>>> is between L0 and L1 link states, the access generates a fault and
>>>> the ARM 'imprecise external abort' handler is invoked.
> 
> And if PCIe MMIO access does not happen, what fixes this issue?

Then you have no problem because you don't hit this fault.

> In this
> patch is implemented only arm32 external abort hook handler (which is
> called only when PCIe MMIO access happens and aborts).

Yes, for the aarch64 rcar the same fix is implemented in atf (see below).

>>>> Just like other PCI controller drivers, here we hook the fault handler,
>>>> perform the fixup to help the controller enter L1 link state, and then
>>>> restart the instruction which triggered the fault. Since the controller
>>>> is in L1 link state now, the link can exit from L1 link state to L0 and
>>>> successfully complete the access.
> 
> Link cannot directly goes to L0 from L1. It first goes to Recovery state
> and in this state card can "disconnect" or reset...
> 
> What would happen if PCIe MMIO access is issued when link is not in some
> L* state? (This can be manually triggered by PCIe Hot Reset - toggling
> Secondary Bus Reset bit in Bridge Control register on parent PCIe Bridge
> device) Is R-Car working in this case and does not crash?

This seems to be exactly the situation the commit message describes -- 
the controller is stuck between L states and needs manual register write 
to proceed.

[...]

>>> To be clear, I'm not objecting to the patch.  It's a hardware problem
>>> and we should work around it as best we can.
> 
> I'm not sure if current API of hook_fault_code or rather whole usage of
> it is prepared to expand into more and more drivers. Last time I looked
> at this arm32 part, it was possible to register only one callback from
> driver. So extending usage of this hook API can result that two drivers
> start fighting who register it earlier...

There doesn't seem to be much ongoing HW development on the arm32 r-car, 
so I don't expect this list of hooks to grow much on this platform.

[...]

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook
  2021-07-19 17:23     ` Pali Rohár
  2021-07-19 18:39       ` Marek Vasut
@ 2021-07-19 22:06       ` Bjorn Helgaas
  2021-07-27 16:11       ` Lorenzo Pieralisi
  2 siblings, 0 replies; 18+ messages in thread
From: Bjorn Helgaas @ 2021-07-19 22:06 UTC (permalink / raw)
  To: Pali Rohár
  Cc: Lorenzo Pieralisi, marek.vasut, linux-pci, Marek Vasut,
	Bjorn Helgaas, Geert Uytterhoeven, Wolfram Sang,
	Yoshihiro Shimoda, linux-renesas-soc

On Mon, Jul 19, 2021 at 07:23:40PM +0200, Pali Rohár wrote:
> > On Sat, Jul 17, 2021 at 12:33:34PM -0500, Bjorn Helgaas wrote:

> > >   - "The R-Car PCIe controller is capable of handling L0s/L1 link
> > >     states."  AFAICT every PCIe device is required to handle L0 and L1
> > >     without software assistance.  So saying R-Car is "capable" puts a
> > >     better face on this than seems warranted.
> > > 
> > >     L0s doesn't seem relevant at all; at least it doesn't seem to play
> > >     a role in the patch.  There's no such thing as "returning to L0s"
> > >     as mentioned in the comment below; L0s is only reachable from L0.
> > >     Returns from L1 only go to L0 (PCIe r5.0, fig 5-1).
> 
> IIRC from L1 you can only go to Recovery. And from L0s you go to L0 or
> Recovery. But I do not know what is or was changed in PCIe r5.0.

Yes.  Per PCIe r5.0, fig 4-26, the LTSSM state diagram, that's still
the same.  The overview in Fig 5-1 doesn't include Recovery, Detect,
and othef LTSSM states.

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook
  2021-07-19 18:39       ` Marek Vasut
@ 2021-07-22 20:31         ` Pali Rohár
  0 siblings, 0 replies; 18+ messages in thread
From: Pali Rohár @ 2021-07-22 20:31 UTC (permalink / raw)
  To: Marek Vasut
  Cc: Lorenzo Pieralisi, Bjorn Helgaas, linux-pci, Bjorn Helgaas,
	Geert Uytterhoeven, Wolfram Sang, Yoshihiro Shimoda,
	linux-renesas-soc

On Monday 19 July 2021 20:39:13 Marek Vasut wrote:
> On 7/19/21 7:23 PM, Pali Rohár wrote:
> 
> [...]
> 
> > > > > The R-Car PCIe controller is capable of handling L0s/L1 link states.
> > > > > While the controller can enter and exit L0s link state, and exit L1
> > > > > link state, without any additional action from the driver, to enter
> > > > > L1 link state, the driver must complete the link state transition by
> > > > > issuing additional commands to the controller.
> > > > > 
> > > > > The problem is, this transition is not atomic. The controller sets
> > > > > PMEL1RX bit in PMSR register upon reception of PM_ENTER_L1 DLLP from
> > > > > the PCIe card, but then the controller enters some sort of inbetween
> > > > > state. The driver must detect this condition and complete the link
> > > > > state transition, by setting L1IATN bit in PMCTLR and waiting for
> > > > > the link state transition to complete.
> > > > > 
> > > > > If a PCIe access happens inside this window, where the controller
> > > > > is between L0 and L1 link states, the access generates a fault and
> > > > > the ARM 'imprecise external abort' handler is invoked.
> > 
> > And if PCIe MMIO access does not happen, what fixes this issue?
> 
> Then you have no problem because you don't hit this fault.

When controller stucks in some "unknown" state you have a problem. And
it does not matter if you are doing MMIO or not. If controller is in
Recovery or Configuration state then endpoint card cannot send neither
interrupt nor memory read / write messages to system.

Driver for endpoint card does not have to do active polling to check if
something in endpoint card happened. It can just wait for interrupt and
then do some stuff (which is IIRC preferred design if events are not too
frequent). And in this case card is in dead state and you have this
problem, right?

> > In this
> > patch is implemented only arm32 external abort hook handler (which is
> > called only when PCIe MMIO access happens and aborts).
> 
> Yes, for the aarch64 rcar the same fix is implemented in atf (see below).
> 
> > > > > Just like other PCI controller drivers, here we hook the fault handler,
> > > > > perform the fixup to help the controller enter L1 link state, and then
> > > > > restart the instruction which triggered the fault. Since the controller
> > > > > is in L1 link state now, the link can exit from L1 link state to L0 and
> > > > > successfully complete the access.
> > 
> > Link cannot directly goes to L0 from L1. It first goes to Recovery state
> > and in this state card can "disconnect" or reset...
> > 
> > What would happen if PCIe MMIO access is issued when link is not in some
> > L* state? (This can be manually triggered by PCIe Hot Reset - toggling
> > Secondary Bus Reset bit in Bridge Control register on parent PCIe Bridge
> > device) Is R-Car working in this case and does not crash?
> 
> This seems to be exactly the situation the commit message describes -- the
> controller is stuck between L states and needs manual register write to
> proceed.

No, I asked what happen when is *not* in L state. Commit message does
not describe it.

So what happen if you try to do MMIO e.g. during Hot Reset state? (This
state can be easily "forced", so easy to test) Does it crash too (and
therefore needs some other "hack")? Or it is working fine without any
crash? Read operation in most cases returns all-ones and write just do
nothing (as write has no response).

> [...]
> 
> > > > To be clear, I'm not objecting to the patch.  It's a hardware problem
> > > > and we should work around it as best we can.
> > 
> > I'm not sure if current API of hook_fault_code or rather whole usage of
> > it is prepared to expand into more and more drivers. Last time I looked
> > at this arm32 part, it was possible to register only one callback from
> > driver. So extending usage of this hook API can result that two drivers
> > start fighting who register it earlier...
> 
> There doesn't seem to be much ongoing HW development on the arm32 r-car, so
> I don't expect this list of hooks to grow much on this platform.

For R-Car it then fine. This was just general comment as arm32 is still
actively developed platform.

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook
  2021-07-17 17:33 ` Bjorn Helgaas
  2021-07-17 18:14   ` Marek Vasut
  2021-07-19  8:59   ` Lorenzo Pieralisi
@ 2021-07-26 14:47   ` Geert Uytterhoeven
  2021-07-26 17:49     ` Bjorn Helgaas
  2 siblings, 1 reply; 18+ messages in thread
From: Geert Uytterhoeven @ 2021-07-26 14:47 UTC (permalink / raw)
  To: Bjorn Helgaas
  Cc: Marek Vasut, linux-pci, Marek Vasut, Bjorn Helgaas,
	Lorenzo Pieralisi, Wolfram Sang, Yoshihiro Shimoda,
	Linux-Renesas

Hi Bjorn,

On Sat, Jul 17, 2021 at 7:33 PM Bjorn Helgaas <helgaas@kernel.org> wrote:
> On Fri, May 14, 2021 at 10:05:49PM +0200, marek.vasut@gmail.com wrote:
> > From: Marek Vasut <marek.vasut+renesas@gmail.com>
> >
> > The R-Car PCIe controller is capable of handling L0s/L1 link states.
> > While the controller can enter and exit L0s link state, and exit L1
> > link state, without any additional action from the driver, to enter
> > L1 link state, the driver must complete the link state transition by
> > issuing additional commands to the controller.
> >
> > The problem is, this transition is not atomic. The controller sets
> > PMEL1RX bit in PMSR register upon reception of PM_ENTER_L1 DLLP from
> > the PCIe card, but then the controller enters some sort of inbetween
> > state. The driver must detect this condition and complete the link
> > state transition, by setting L1IATN bit in PMCTLR and waiting for
> > the link state transition to complete.
> >
> > If a PCIe access happens inside this window, where the controller
> > is between L0 and L1 link states, the access generates a fault and
> > the ARM 'imprecise external abort' handler is invoked.
> >
> > Just like other PCI controller drivers, here we hook the fault handler,
> > perform the fixup to help the controller enter L1 link state, and then
> > restart the instruction which triggered the fault. Since the controller
> > is in L1 link state now, the link can exit from L1 link state to L0 and
> > successfully complete the access.
> >
> > While it was suggested to disable L1 link state support completely on
> > the controller level, this would not prevent the L1 link state entry
> > initiated by the link partner. This happens e.g. in case a PCIe card
> > enters D3Hot state, which could be initiated from pci_set_power_state()
> > if the card indicates D3Hot support, which in turn means link must enter
> > L1 state. So instead, fix up the L1 link state after all.
> >
> > Note that this fixup is applicable only to Aarch32 R-Car controllers,
> > the Aarch64 R-Car perform the same fixup in TFA, see TFA commit [1]
> > 0969397f2 ("rcar_gen3: plat: Prevent PCIe hang during L1X config access")
> > [1] https://github.com/ARM-software/arm-trusted-firmware/commit/0969397f295621aa26b3d14b76dd397d22be58bf
>
> This patch is horribly ugly but it's working around a horrible
> hardware problem, and I don't have any better suggestions, so I guess
> we don't really have much choice.
>
> I do think the commit log is a bit glib:
>
>   - "The R-Car PCIe controller is capable of handling L0s/L1 link
>     states."  AFAICT every PCIe device is required to handle L0 and L1
>     without software assistance.  So saying R-Car is "capable" puts a
>     better face on this than seems warranted.
>
>     L0s doesn't seem relevant at all; at least it doesn't seem to play
>     a role in the patch.  There's no such thing as "returning to L0s"
>     as mentioned in the comment below; L0s is only reachable from L0.
>     Returns from L1 only go to L0 (PCIe r5.0, fig 5-1).
>
>   - "The problem is, this transition is not atomic."  I think the
>     *problem* is the hardware is broken in the first place.  This
>     transition is supposed to be invisible to software.
>
>   - "Just like other PCI controller drivers ..." suggests that this is
>     an ordinary situation that we shouldn't be concerned about.  This
>     patch may be the best we can do to work around a bad hardware
>     defect, but it's definitely not ordinary.
>
>     I think the other hook_fault_code() uses are for reporting
>     legitimate PCIe errors, which most controllers log and turn
>     into ~0 data responses without generating an abort or machine
>     check, not things caused by hardware defects, so they're not
>     really comparable.
>
> Has Renesas documented this as an erratum?  Will future devices
> require additions to rcar_pcie_abort_handler_of_match[]?
>
> It'd be nice if the commit log mentioned the user-visible effect of
> this problem.  I guess it does mention external aborts -- I assume you
> see those when downstream devices go to D3hot or when ASPM puts the
> link in L1?  And the abort results in a reboot?
>
> To be clear, I'm not objecting to the patch.  It's a hardware problem
> and we should work around it as best we can.

Cool! So what's missing for this patch, which we have been polishing
for almost one year, to be applied, so innocent people can no longer
lock up an R-Car system just by inserting an ubiquitous Intel Ethernet
card, and suspending the system?

Thanks!

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook
  2021-07-26 14:47   ` Geert Uytterhoeven
@ 2021-07-26 17:49     ` Bjorn Helgaas
  2021-07-27 16:32       ` Lorenzo Pieralisi
  2021-07-27 17:08       ` Marek Vasut
  0 siblings, 2 replies; 18+ messages in thread
From: Bjorn Helgaas @ 2021-07-26 17:49 UTC (permalink / raw)
  To: Geert Uytterhoeven
  Cc: Marek Vasut, linux-pci, Marek Vasut, Bjorn Helgaas,
	Lorenzo Pieralisi, Wolfram Sang, Yoshihiro Shimoda,
	Linux-Renesas

On Mon, Jul 26, 2021 at 04:47:54PM +0200, Geert Uytterhoeven wrote:
> Hi Bjorn,
> 
> On Sat, Jul 17, 2021 at 7:33 PM Bjorn Helgaas <helgaas@kernel.org> wrote:
> > On Fri, May 14, 2021 at 10:05:49PM +0200, marek.vasut@gmail.com wrote:
> > > From: Marek Vasut <marek.vasut+renesas@gmail.com>
> > >
> > > The R-Car PCIe controller is capable of handling L0s/L1 link states.
> > > While the controller can enter and exit L0s link state, and exit L1
> > > link state, without any additional action from the driver, to enter
> > > L1 link state, the driver must complete the link state transition by
> > > issuing additional commands to the controller.
> > >
> > > The problem is, this transition is not atomic. The controller sets
> > > PMEL1RX bit in PMSR register upon reception of PM_ENTER_L1 DLLP from
> > > the PCIe card, but then the controller enters some sort of inbetween
> > > state. The driver must detect this condition and complete the link
> > > state transition, by setting L1IATN bit in PMCTLR and waiting for
> > > the link state transition to complete.
> > >
> > > If a PCIe access happens inside this window, where the controller
> > > is between L0 and L1 link states, the access generates a fault and
> > > the ARM 'imprecise external abort' handler is invoked.
> > >
> > > Just like other PCI controller drivers, here we hook the fault handler,
> > > perform the fixup to help the controller enter L1 link state, and then
> > > restart the instruction which triggered the fault. Since the controller
> > > is in L1 link state now, the link can exit from L1 link state to L0 and
> > > successfully complete the access.
> > >
> > > While it was suggested to disable L1 link state support completely on
> > > the controller level, this would not prevent the L1 link state entry
> > > initiated by the link partner. This happens e.g. in case a PCIe card
> > > enters D3Hot state, which could be initiated from pci_set_power_state()
> > > if the card indicates D3Hot support, which in turn means link must enter
> > > L1 state. So instead, fix up the L1 link state after all.
> > >
> > > Note that this fixup is applicable only to Aarch32 R-Car controllers,
> > > the Aarch64 R-Car perform the same fixup in TFA, see TFA commit [1]
> > > 0969397f2 ("rcar_gen3: plat: Prevent PCIe hang during L1X config access")
> > > [1] https://github.com/ARM-software/arm-trusted-firmware/commit/0969397f295621aa26b3d14b76dd397d22be58bf
> >
> > This patch is horribly ugly but it's working around a horrible
> > hardware problem, and I don't have any better suggestions, so I guess
> > we don't really have much choice.
> >
> > I do think the commit log is a bit glib:
> >
> >   - "The R-Car PCIe controller is capable of handling L0s/L1 link
> >     states."  AFAICT every PCIe device is required to handle L0 and L1
> >     without software assistance.  So saying R-Car is "capable" puts a
> >     better face on this than seems warranted.
> >
> >     L0s doesn't seem relevant at all; at least it doesn't seem to play
> >     a role in the patch.  There's no such thing as "returning to L0s"
> >     as mentioned in the comment below; L0s is only reachable from L0.
> >     Returns from L1 only go to L0 (PCIe r5.0, fig 5-1).
> >
> >   - "The problem is, this transition is not atomic."  I think the
> >     *problem* is the hardware is broken in the first place.  This
> >     transition is supposed to be invisible to software.
> >
> >   - "Just like other PCI controller drivers ..." suggests that this is
> >     an ordinary situation that we shouldn't be concerned about.  This
> >     patch may be the best we can do to work around a bad hardware
> >     defect, but it's definitely not ordinary.
> >
> >     I think the other hook_fault_code() uses are for reporting
> >     legitimate PCIe errors, which most controllers log and turn
> >     into ~0 data responses without generating an abort or machine
> >     check, not things caused by hardware defects, so they're not
> >     really comparable.
> >
> > Has Renesas documented this as an erratum?  Will future devices
> > require additions to rcar_pcie_abort_handler_of_match[]?
> >
> > It'd be nice if the commit log mentioned the user-visible effect of
> > this problem.  I guess it does mention external aborts -- I assume you
> > see those when downstream devices go to D3hot or when ASPM puts the
> > link in L1?  And the abort results in a reboot?
> >
> > To be clear, I'm not objecting to the patch.  It's a hardware problem
> > and we should work around it as best we can.
> 
> Cool! So what's missing for this patch, which we have been polishing
> for almost one year, to be applied, so innocent people can no longer
> lock up an R-Car system just by inserting an ubiquitous Intel Ethernet
> card, and suspending the system?

Nothing missing from my point of view, so if Lorenzo is OK with it,
he'll apply it.  If I were applying it, I would make the commit log
something like this:

  When the link is in L1, hardware should return it to L0
  automatically whenever a transaction targets a component on the
  other end of the link (PCIe r5.0, sec 5.2).

  The R-Car PCIe controller doesn't handle this transition correctly.
  If the link is not in L0, an MMIO transaction targeting a downstream
  device fails, and the controller reports an ARM imprecise external
  abort.

  Work around this by hooking the abort handler so the driver can
  detect this situation and help the hardware complete the link state
  transition.

  When the R-Car controller receives a PM_ENTER_L1 DLLP from the
  downstream component, it sets PMEL1RX bit in PMSR register, but then
  the controller enters some sort of in-between state.  A subsequent
  MMIO transaction will fail, resulting in the external abort.  The
  abort handler detects this condition and completes the link state
  transition by setting the L1IATN bit in PMCTLR and waiting for the
  link state transition to complete.

I assume that on the PCIe side, there must be an error like
Unsupported Request or Malformed TLP, and the R-Car controller is
logging that and turning it into the ARM external abort?

I didn't see a clear response to Pali's question about what happens if
there's no MMIO access, e.g., what if the downstream device initiates
a DMA or MSI transaction?

Bjorn

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook
  2021-07-19 17:23     ` Pali Rohár
  2021-07-19 18:39       ` Marek Vasut
  2021-07-19 22:06       ` Bjorn Helgaas
@ 2021-07-27 16:11       ` Lorenzo Pieralisi
  2021-07-27 16:16         ` Geert Uytterhoeven
  2 siblings, 1 reply; 18+ messages in thread
From: Lorenzo Pieralisi @ 2021-07-27 16:11 UTC (permalink / raw)
  To: Pali Rohár
  Cc: Bjorn Helgaas, marek.vasut, linux-pci, Marek Vasut,
	Bjorn Helgaas, Geert Uytterhoeven, Wolfram Sang,
	Yoshihiro Shimoda, linux-renesas-soc

On Mon, Jul 19, 2021 at 07:23:40PM +0200, Pali Rohár wrote:

[...]

> > > > +#ifdef CONFIG_ARM
> > > > +static DEFINE_SPINLOCK(pmsr_lock);
> > > > +static int rcar_pcie_aarch32_abort_handler(unsigned long addr,
> > > > +		unsigned int fsr, struct pt_regs *regs)
> > > > +{
> > > > +	unsigned long flags;
> > > > +	int ret = 0;
> > > > +	u32 pmsr;
> > > > +
> > > > +	spin_lock_irqsave(&pmsr_lock, flags);
> > > > +
> > > > +	if (!pcie_base || !__clk_is_enabled(pcie_bus_clk)) {
> > > > +		ret = 1;
> > > > +		goto unlock_exit;
> > > > +	}
> > > > +
> > > > +	pmsr = readl(pcie_base + PMSR);
> > > > +
> > > > +	/*
> > > > +	 * Test if the PCIe controller received PM_ENTER_L1 DLLP and
> > > > +	 * the PCIe controller is not in L1 link state. If true, apply
> > > > +	 * fix, which will put the controller into L1 link state, from
> > > > +	 * which it can return to L0s/L0 on its own.
> > > > +	 */
> > > > +	if ((pmsr & PMEL1RX) && ((pmsr & PMSTATE) != PMSTATE_L1)) {
> > > > +		writel(L1IATN, pcie_base + PMCTLR);
> > > > +		while (!(readl(pcie_base + PMSR) & L1FAEG))
> > > > +			;
> 
> Infinite loop in abort handler is not a good idea. If this software
> workaround is not able to fix HW in broken state then it is better to
> let kernel finish abort handler and reboot machine (or whatever is
> default action for particular abort handler).

Probably worth adding a timeout, I can do it before merging it.

Lorenzo

> > > > +		writel(L1FAEG | PMEL1RX, pcie_base + PMSR);
> > > > +	}
> > > > +
> > > > +unlock_exit:
> > > > +	spin_unlock_irqrestore(&pmsr_lock, flags);
> > > > +	return ret;
> > > > +}
> > > > +
> > > > +static const struct of_device_id rcar_pcie_abort_handler_of_match[] __initconst = {
> > > > +	{ .compatible = "renesas,pcie-r8a7779" },
> > > > +	{ .compatible = "renesas,pcie-r8a7790" },
> > > > +	{ .compatible = "renesas,pcie-r8a7791" },
> > > > +	{ .compatible = "renesas,pcie-rcar-gen2" },
> > > > +	{},
> > > > +};
> > > > +
> > > > +static int __init rcar_pcie_init(void)
> > > > +{
> > > > +	if (of_find_matching_node(NULL, rcar_pcie_abort_handler_of_match)) {
> > > > +#ifdef CONFIG_ARM_LPAE
> > > > +		hook_fault_code(17, rcar_pcie_aarch32_abort_handler, SIGBUS, 0,
> > > > +				"asynchronous external abort");
> > > > +#else
> > > > +		hook_fault_code(22, rcar_pcie_aarch32_abort_handler, SIGBUS, 0,
> > > > +				"imprecise external abort");
> > > > +#endif
> > > > +	}
> > > > +
> > > > +	return platform_driver_register(&rcar_pcie_driver);
> > > > +}
> > > > +device_initcall(rcar_pcie_init);
> > > > +#else
> > > >  builtin_platform_driver(rcar_pcie_driver);
> > > > +#endif
> > > > diff --git a/drivers/pci/controller/pcie-rcar.h b/drivers/pci/controller/pcie-rcar.h
> > > > index d4c698b5f821..9bb125db85c6 100644
> > > > --- a/drivers/pci/controller/pcie-rcar.h
> > > > +++ b/drivers/pci/controller/pcie-rcar.h
> > > > @@ -85,6 +85,13 @@
> > > >  #define  LTSMDIS		BIT(31)
> > > >  #define  MACCTLR_INIT_VAL	(LTSMDIS | MACCTLR_NFTS_MASK)
> > > >  #define PMSR			0x01105c
> > > > +#define  L1FAEG			BIT(31)
> > > > +#define  PMEL1RX		BIT(23)
> > > > +#define  PMSTATE		GENMASK(18, 16)
> > > > +#define  PMSTATE_L1		(3 << 16)
> > > > +#define PMCTLR			0x011060
> > > > +#define  L1IATN			BIT(31)
> > > > +
> > > >  #define MACS2R			0x011078
> > > >  #define MACCGSPSETR		0x011084
> > > >  #define  SPCNGRSN		BIT(31)
> > > > -- 
> > > > 2.30.2
> > > > 

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook
  2021-07-27 16:11       ` Lorenzo Pieralisi
@ 2021-07-27 16:16         ` Geert Uytterhoeven
  0 siblings, 0 replies; 18+ messages in thread
From: Geert Uytterhoeven @ 2021-07-27 16:16 UTC (permalink / raw)
  To: Lorenzo Pieralisi
  Cc: Pali Rohár, Bjorn Helgaas, Marek Vasut, linux-pci,
	Marek Vasut, Bjorn Helgaas, Geert Uytterhoeven, Wolfram Sang,
	Yoshihiro Shimoda, Linux-Renesas

Hi Lorenzo,

On Tue, Jul 27, 2021 at 6:11 PM Lorenzo Pieralisi
<lorenzo.pieralisi@arm.com> wrote:
> On Mon, Jul 19, 2021 at 07:23:40PM +0200, Pali Rohár wrote:
>
> [...]
>
> > > > > +#ifdef CONFIG_ARM
> > > > > +static DEFINE_SPINLOCK(pmsr_lock);
> > > > > +static int rcar_pcie_aarch32_abort_handler(unsigned long addr,
> > > > > +               unsigned int fsr, struct pt_regs *regs)
> > > > > +{
> > > > > +       unsigned long flags;
> > > > > +       int ret = 0;
> > > > > +       u32 pmsr;
> > > > > +
> > > > > +       spin_lock_irqsave(&pmsr_lock, flags);
> > > > > +
> > > > > +       if (!pcie_base || !__clk_is_enabled(pcie_bus_clk)) {
> > > > > +               ret = 1;
> > > > > +               goto unlock_exit;
> > > > > +       }
> > > > > +
> > > > > +       pmsr = readl(pcie_base + PMSR);
> > > > > +
> > > > > +       /*
> > > > > +        * Test if the PCIe controller received PM_ENTER_L1 DLLP and
> > > > > +        * the PCIe controller is not in L1 link state. If true, apply
> > > > > +        * fix, which will put the controller into L1 link state, from
> > > > > +        * which it can return to L0s/L0 on its own.
> > > > > +        */
> > > > > +       if ((pmsr & PMEL1RX) && ((pmsr & PMSTATE) != PMSTATE_L1)) {
> > > > > +               writel(L1IATN, pcie_base + PMCTLR);
> > > > > +               while (!(readl(pcie_base + PMSR) & L1FAEG))
> > > > > +                       ;
> >
> > Infinite loop in abort handler is not a good idea. If this software
> > workaround is not able to fix HW in broken state then it is better to
> > let kernel finish abort handler and reboot machine (or whatever is
> > default action for particular abort handler).

The default action is to crash with an imprecise external abort.

> Probably worth adding a timeout, I can do it before merging it.

Indeed, better to lock up with a message than without ;-)

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook
  2021-07-26 17:49     ` Bjorn Helgaas
@ 2021-07-27 16:32       ` Lorenzo Pieralisi
  2021-08-05 18:30         ` Pali Rohár
  2021-07-27 17:08       ` Marek Vasut
  1 sibling, 1 reply; 18+ messages in thread
From: Lorenzo Pieralisi @ 2021-07-27 16:32 UTC (permalink / raw)
  To: Bjorn Helgaas
  Cc: Geert Uytterhoeven, Marek Vasut, linux-pci, Marek Vasut,
	Bjorn Helgaas, Wolfram Sang, Yoshihiro Shimoda, Linux-Renesas

On Mon, Jul 26, 2021 at 12:49:25PM -0500, Bjorn Helgaas wrote:
> On Mon, Jul 26, 2021 at 04:47:54PM +0200, Geert Uytterhoeven wrote:
> > Hi Bjorn,
> > 
> > On Sat, Jul 17, 2021 at 7:33 PM Bjorn Helgaas <helgaas@kernel.org> wrote:
> > > On Fri, May 14, 2021 at 10:05:49PM +0200, marek.vasut@gmail.com wrote:
> > > > From: Marek Vasut <marek.vasut+renesas@gmail.com>
> > > >
> > > > The R-Car PCIe controller is capable of handling L0s/L1 link states.
> > > > While the controller can enter and exit L0s link state, and exit L1
> > > > link state, without any additional action from the driver, to enter
> > > > L1 link state, the driver must complete the link state transition by
> > > > issuing additional commands to the controller.
> > > >
> > > > The problem is, this transition is not atomic. The controller sets
> > > > PMEL1RX bit in PMSR register upon reception of PM_ENTER_L1 DLLP from
> > > > the PCIe card, but then the controller enters some sort of inbetween
> > > > state. The driver must detect this condition and complete the link
> > > > state transition, by setting L1IATN bit in PMCTLR and waiting for
> > > > the link state transition to complete.
> > > >
> > > > If a PCIe access happens inside this window, where the controller
> > > > is between L0 and L1 link states, the access generates a fault and
> > > > the ARM 'imprecise external abort' handler is invoked.
> > > >
> > > > Just like other PCI controller drivers, here we hook the fault handler,
> > > > perform the fixup to help the controller enter L1 link state, and then
> > > > restart the instruction which triggered the fault. Since the controller
> > > > is in L1 link state now, the link can exit from L1 link state to L0 and
> > > > successfully complete the access.
> > > >
> > > > While it was suggested to disable L1 link state support completely on
> > > > the controller level, this would not prevent the L1 link state entry
> > > > initiated by the link partner. This happens e.g. in case a PCIe card
> > > > enters D3Hot state, which could be initiated from pci_set_power_state()
> > > > if the card indicates D3Hot support, which in turn means link must enter
> > > > L1 state. So instead, fix up the L1 link state after all.
> > > >
> > > > Note that this fixup is applicable only to Aarch32 R-Car controllers,
> > > > the Aarch64 R-Car perform the same fixup in TFA, see TFA commit [1]
> > > > 0969397f2 ("rcar_gen3: plat: Prevent PCIe hang during L1X config access")
> > > > [1] https://github.com/ARM-software/arm-trusted-firmware/commit/0969397f295621aa26b3d14b76dd397d22be58bf
> > >
> > > This patch is horribly ugly but it's working around a horrible
> > > hardware problem, and I don't have any better suggestions, so I guess
> > > we don't really have much choice.
> > >
> > > I do think the commit log is a bit glib:
> > >
> > >   - "The R-Car PCIe controller is capable of handling L0s/L1 link
> > >     states."  AFAICT every PCIe device is required to handle L0 and L1
> > >     without software assistance.  So saying R-Car is "capable" puts a
> > >     better face on this than seems warranted.
> > >
> > >     L0s doesn't seem relevant at all; at least it doesn't seem to play
> > >     a role in the patch.  There's no such thing as "returning to L0s"
> > >     as mentioned in the comment below; L0s is only reachable from L0.
> > >     Returns from L1 only go to L0 (PCIe r5.0, fig 5-1).
> > >
> > >   - "The problem is, this transition is not atomic."  I think the
> > >     *problem* is the hardware is broken in the first place.  This
> > >     transition is supposed to be invisible to software.
> > >
> > >   - "Just like other PCI controller drivers ..." suggests that this is
> > >     an ordinary situation that we shouldn't be concerned about.  This
> > >     patch may be the best we can do to work around a bad hardware
> > >     defect, but it's definitely not ordinary.
> > >
> > >     I think the other hook_fault_code() uses are for reporting
> > >     legitimate PCIe errors, which most controllers log and turn
> > >     into ~0 data responses without generating an abort or machine
> > >     check, not things caused by hardware defects, so they're not
> > >     really comparable.
> > >
> > > Has Renesas documented this as an erratum?  Will future devices
> > > require additions to rcar_pcie_abort_handler_of_match[]?
> > >
> > > It'd be nice if the commit log mentioned the user-visible effect of
> > > this problem.  I guess it does mention external aborts -- I assume you
> > > see those when downstream devices go to D3hot or when ASPM puts the
> > > link in L1?  And the abort results in a reboot?
> > >
> > > To be clear, I'm not objecting to the patch.  It's a hardware problem
> > > and we should work around it as best we can.
> > 
> > Cool! So what's missing for this patch, which we have been polishing
> > for almost one year, to be applied, so innocent people can no longer
> > lock up an R-Car system just by inserting an ubiquitous Intel Ethernet
> > card, and suspending the system?
> 
> Nothing missing from my point of view, so if Lorenzo is OK with it,
> he'll apply it.

I will apply it at some point for v5.15 - there is still some details I
would like to investigate (disclaimer: I am not picking on this
particular patch - it is just a really thorny issue and I want to
understand what's the best way forward); I will update the patch and log
accordingly, no need for a v7 (which I can post myself publicly so that
you can have a look before I merge it).

> If I were applying it, I would make the commit log
> something like this:

I will do it myself, see above.

>   When the link is in L1, hardware should return it to L0
>   automatically whenever a transaction targets a component on the
>   other end of the link (PCIe r5.0, sec 5.2).
> 
>   The R-Car PCIe controller doesn't handle this transition correctly.
>   If the link is not in L0, an MMIO transaction targeting a downstream
>   device fails, and the controller reports an ARM imprecise external
>   abort.
> 
>   Work around this by hooking the abort handler so the driver can
>   detect this situation and help the hardware complete the link state
>   transition.
> 
>   When the R-Car controller receives a PM_ENTER_L1 DLLP from the
>   downstream component, it sets PMEL1RX bit in PMSR register, but then
>   the controller enters some sort of in-between state.  A subsequent
>   MMIO transaction will fail, resulting in the external abort.  The
>   abort handler detects this condition and completes the link state
>   transition by setting the L1IATN bit in PMCTLR and waiting for the
>   link state transition to complete.
> 
> I assume that on the PCIe side, there must be an error like
> Unsupported Request or Malformed TLP, and the R-Car controller is
> logging that and turning it into the ARM external abort?
> 
> I didn't see a clear response to Pali's question about what happens if
> there's no MMIO access, e.g., what if the downstream device initiates
> a DMA or MSI transaction?

It'd be great if I could update the log with these questions answered -
along with others Pali asked [1] and that are very relevant.

Thanks,
Lorenzo

[1] https://lore.kernel.org/linux-pci/20210719172340.vvtnddbli2vgxndi@pali

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook
  2021-07-26 17:49     ` Bjorn Helgaas
  2021-07-27 16:32       ` Lorenzo Pieralisi
@ 2021-07-27 17:08       ` Marek Vasut
  2021-08-04 11:06         ` Lorenzo Pieralisi
  1 sibling, 1 reply; 18+ messages in thread
From: Marek Vasut @ 2021-07-27 17:08 UTC (permalink / raw)
  To: Bjorn Helgaas, Geert Uytterhoeven
  Cc: linux-pci, Bjorn Helgaas, Lorenzo Pieralisi, Wolfram Sang,
	Yoshihiro Shimoda, Linux-Renesas

On 7/26/21 7:49 PM, Bjorn Helgaas wrote:
> On Mon, Jul 26, 2021 at 04:47:54PM +0200, Geert Uytterhoeven wrote:
[...]
>>>> The R-Car PCIe controller is capable of handling L0s/L1 link states.
>>>> While the controller can enter and exit L0s link state, and exit L1
>>>> link state, without any additional action from the driver, to enter
>>>> L1 link state, the driver must complete the link state transition by
>>>> issuing additional commands to the controller.
>>>>
>>>> The problem is, this transition is not atomic. The controller sets
>>>> PMEL1RX bit in PMSR register upon reception of PM_ENTER_L1 DLLP from
>>>> the PCIe card, but then the controller enters some sort of inbetween
>>>> state. The driver must detect this condition and complete the link
>>>> state transition, by setting L1IATN bit in PMCTLR and waiting for
>>>> the link state transition to complete.
>>>>
>>>> If a PCIe access happens inside this window, where the controller
>>>> is between L0 and L1 link states, the access generates a fault and
>>>> the ARM 'imprecise external abort' handler is invoked.
>>>>
>>>> Just like other PCI controller drivers, here we hook the fault handler,
>>>> perform the fixup to help the controller enter L1 link state, and then
>>>> restart the instruction which triggered the fault. Since the controller
>>>> is in L1 link state now, the link can exit from L1 link state to L0 and
>>>> successfully complete the access.
>>>>
>>>> While it was suggested to disable L1 link state support completely on
>>>> the controller level, this would not prevent the L1 link state entry
>>>> initiated by the link partner. This happens e.g. in case a PCIe card
>>>> enters D3Hot state, which could be initiated from pci_set_power_state()
>>>> if the card indicates D3Hot support, which in turn means link must enter
>>>> L1 state. So instead, fix up the L1 link state after all.
>>>>
>>>> Note that this fixup is applicable only to Aarch32 R-Car controllers,
>>>> the Aarch64 R-Car perform the same fixup in TFA, see TFA commit [1]
>>>> 0969397f2 ("rcar_gen3: plat: Prevent PCIe hang during L1X config access")
>>>> [1] https://github.com/ARM-software/arm-trusted-firmware/commit/0969397f295621aa26b3d14b76dd397d22be58bf
>>>
>>> This patch is horribly ugly but it's working around a horrible
>>> hardware problem, and I don't have any better suggestions, so I guess
>>> we don't really have much choice.
>>>
>>> I do think the commit log is a bit glib:
>>>
>>>    - "The R-Car PCIe controller is capable of handling L0s/L1 link
>>>      states."  AFAICT every PCIe device is required to handle L0 and L1
>>>      without software assistance.  So saying R-Car is "capable" puts a
>>>      better face on this than seems warranted.
>>>
>>>      L0s doesn't seem relevant at all; at least it doesn't seem to play
>>>      a role in the patch.  There's no such thing as "returning to L0s"
>>>      as mentioned in the comment below; L0s is only reachable from L0.
>>>      Returns from L1 only go to L0 (PCIe r5.0, fig 5-1).
>>>
>>>    - "The problem is, this transition is not atomic."  I think the
>>>      *problem* is the hardware is broken in the first place.  This
>>>      transition is supposed to be invisible to software.
>>>
>>>    - "Just like other PCI controller drivers ..." suggests that this is
>>>      an ordinary situation that we shouldn't be concerned about.  This
>>>      patch may be the best we can do to work around a bad hardware
>>>      defect, but it's definitely not ordinary.
>>>
>>>      I think the other hook_fault_code() uses are for reporting
>>>      legitimate PCIe errors, which most controllers log and turn
>>>      into ~0 data responses without generating an abort or machine
>>>      check, not things caused by hardware defects, so they're not
>>>      really comparable.
>>>
>>> Has Renesas documented this as an erratum?  Will future devices
>>> require additions to rcar_pcie_abort_handler_of_match[]?
>>>
>>> It'd be nice if the commit log mentioned the user-visible effect of
>>> this problem.  I guess it does mention external aborts -- I assume you
>>> see those when downstream devices go to D3hot or when ASPM puts the
>>> link in L1?  And the abort results in a reboot?
>>>
>>> To be clear, I'm not objecting to the patch.  It's a hardware problem
>>> and we should work around it as best we can.
>>
>> Cool! So what's missing for this patch, which we have been polishing
>> for almost one year, to be applied, so innocent people can no longer
>> lock up an R-Car system just by inserting an ubiquitous Intel Ethernet
>> card, and suspending the system?
> 
> Nothing missing from my point of view, so if Lorenzo is OK with it,
> he'll apply it.  If I were applying it, I would make the commit log
> something like this:
> 
>    When the link is in L1, hardware should return it to L0
>    automatically whenever a transaction targets a component on the
>    other end of the link (PCIe r5.0, sec 5.2).
> 
>    The R-Car PCIe controller doesn't handle this transition correctly.
>    If the link is not in L0, an MMIO transaction targeting a downstream
>    device fails, and the controller reports an ARM imprecise external
>    abort.
> 
>    Work around this by hooking the abort handler so the driver can
>    detect this situation and help the hardware complete the link state
>    transition.
> 
>    When the R-Car controller receives a PM_ENTER_L1 DLLP from the
>    downstream component, it sets PMEL1RX bit in PMSR register, but then
>    the controller enters some sort of in-between state.  A subsequent
>    MMIO transaction will fail, resulting in the external abort.  The
>    abort handler detects this condition and completes the link state
>    transition by setting the L1IATN bit in PMCTLR and waiting for the
>    link state transition to complete.

OK, should I submit V7 and just copy-paste this commit message in, or 
wait for Lorenzo to provide clear direction ?

> I assume that on the PCIe side, there must be an error like
> Unsupported Request or Malformed TLP, and the R-Car controller is
> logging that and turning it into the ARM external abort?
> 
> I didn't see a clear response to Pali's question about what happens if
> there's no MMIO access, e.g., what if the downstream device initiates
> a DMA or MSI transaction?

If the link is in this state, the packet won't reach the root complex, 
so nothing happens. And I don't see a good way to fix that option.

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook
  2021-07-27 17:08       ` Marek Vasut
@ 2021-08-04 11:06         ` Lorenzo Pieralisi
  0 siblings, 0 replies; 18+ messages in thread
From: Lorenzo Pieralisi @ 2021-08-04 11:06 UTC (permalink / raw)
  To: Marek Vasut
  Cc: Bjorn Helgaas, Geert Uytterhoeven, linux-pci, Bjorn Helgaas,
	Wolfram Sang, Yoshihiro Shimoda, Linux-Renesas

On Tue, Jul 27, 2021 at 07:08:17PM +0200, Marek Vasut wrote:
> On 7/26/21 7:49 PM, Bjorn Helgaas wrote:
> > On Mon, Jul 26, 2021 at 04:47:54PM +0200, Geert Uytterhoeven wrote:
> [...]
> > > > > The R-Car PCIe controller is capable of handling L0s/L1 link states.
> > > > > While the controller can enter and exit L0s link state, and exit L1
> > > > > link state, without any additional action from the driver, to enter
> > > > > L1 link state, the driver must complete the link state transition by
> > > > > issuing additional commands to the controller.
> > > > > 
> > > > > The problem is, this transition is not atomic. The controller sets
> > > > > PMEL1RX bit in PMSR register upon reception of PM_ENTER_L1 DLLP from
> > > > > the PCIe card, but then the controller enters some sort of inbetween
> > > > > state. The driver must detect this condition and complete the link
> > > > > state transition, by setting L1IATN bit in PMCTLR and waiting for
> > > > > the link state transition to complete.
> > > > > 
> > > > > If a PCIe access happens inside this window, where the controller
> > > > > is between L0 and L1 link states, the access generates a fault and
> > > > > the ARM 'imprecise external abort' handler is invoked.
> > > > > 
> > > > > Just like other PCI controller drivers, here we hook the fault handler,
> > > > > perform the fixup to help the controller enter L1 link state, and then
> > > > > restart the instruction which triggered the fault. Since the controller
> > > > > is in L1 link state now, the link can exit from L1 link state to L0 and
> > > > > successfully complete the access.
> > > > > 
> > > > > While it was suggested to disable L1 link state support completely on
> > > > > the controller level, this would not prevent the L1 link state entry
> > > > > initiated by the link partner. This happens e.g. in case a PCIe card
> > > > > enters D3Hot state, which could be initiated from pci_set_power_state()
> > > > > if the card indicates D3Hot support, which in turn means link must enter
> > > > > L1 state. So instead, fix up the L1 link state after all.
> > > > > 
> > > > > Note that this fixup is applicable only to Aarch32 R-Car controllers,
> > > > > the Aarch64 R-Car perform the same fixup in TFA, see TFA commit [1]
> > > > > 0969397f2 ("rcar_gen3: plat: Prevent PCIe hang during L1X config access")
> > > > > [1] https://github.com/ARM-software/arm-trusted-firmware/commit/0969397f295621aa26b3d14b76dd397d22be58bf
> > > > 
> > > > This patch is horribly ugly but it's working around a horrible
> > > > hardware problem, and I don't have any better suggestions, so I guess
> > > > we don't really have much choice.
> > > > 
> > > > I do think the commit log is a bit glib:
> > > > 
> > > >    - "The R-Car PCIe controller is capable of handling L0s/L1 link
> > > >      states."  AFAICT every PCIe device is required to handle L0 and L1
> > > >      without software assistance.  So saying R-Car is "capable" puts a
> > > >      better face on this than seems warranted.
> > > > 
> > > >      L0s doesn't seem relevant at all; at least it doesn't seem to play
> > > >      a role in the patch.  There's no such thing as "returning to L0s"
> > > >      as mentioned in the comment below; L0s is only reachable from L0.
> > > >      Returns from L1 only go to L0 (PCIe r5.0, fig 5-1).
> > > > 
> > > >    - "The problem is, this transition is not atomic."  I think the
> > > >      *problem* is the hardware is broken in the first place.  This
> > > >      transition is supposed to be invisible to software.
> > > > 
> > > >    - "Just like other PCI controller drivers ..." suggests that this is
> > > >      an ordinary situation that we shouldn't be concerned about.  This
> > > >      patch may be the best we can do to work around a bad hardware
> > > >      defect, but it's definitely not ordinary.
> > > > 
> > > >      I think the other hook_fault_code() uses are for reporting
> > > >      legitimate PCIe errors, which most controllers log and turn
> > > >      into ~0 data responses without generating an abort or machine
> > > >      check, not things caused by hardware defects, so they're not
> > > >      really comparable.
> > > > 
> > > > Has Renesas documented this as an erratum?  Will future devices
> > > > require additions to rcar_pcie_abort_handler_of_match[]?
> > > > 
> > > > It'd be nice if the commit log mentioned the user-visible effect of
> > > > this problem.  I guess it does mention external aborts -- I assume you
> > > > see those when downstream devices go to D3hot or when ASPM puts the
> > > > link in L1?  And the abort results in a reboot?
> > > > 
> > > > To be clear, I'm not objecting to the patch.  It's a hardware problem
> > > > and we should work around it as best we can.
> > > 
> > > Cool! So what's missing for this patch, which we have been polishing
> > > for almost one year, to be applied, so innocent people can no longer
> > > lock up an R-Car system just by inserting an ubiquitous Intel Ethernet
> > > card, and suspending the system?
> > 
> > Nothing missing from my point of view, so if Lorenzo is OK with it,
> > he'll apply it.  If I were applying it, I would make the commit log
> > something like this:
> > 
> >    When the link is in L1, hardware should return it to L0
> >    automatically whenever a transaction targets a component on the
> >    other end of the link (PCIe r5.0, sec 5.2).
> > 
> >    The R-Car PCIe controller doesn't handle this transition correctly.
> >    If the link is not in L0, an MMIO transaction targeting a downstream
> >    device fails, and the controller reports an ARM imprecise external
> >    abort.
> > 
> >    Work around this by hooking the abort handler so the driver can
> >    detect this situation and help the hardware complete the link state
> >    transition.
> > 
> >    When the R-Car controller receives a PM_ENTER_L1 DLLP from the
> >    downstream component, it sets PMEL1RX bit in PMSR register, but then
> >    the controller enters some sort of in-between state.  A subsequent
> >    MMIO transaction will fail, resulting in the external abort.  The
> >    abort handler detects this condition and completes the link state
> >    transition by setting the L1IATN bit in PMCTLR and waiting for the
> >    link state transition to complete.
> 
> OK, should I submit V7 and just copy-paste this commit message in, or wait
> for Lorenzo to provide clear direction ?

Hi Marek,

may I ask you please to update the log as Bjorn requested, add a timeout
in the trap handler to avoid an infinite loop on failure and repost a v7
?

I will merge it straight away sorry for all this back and forth.

Thanks,
Lorenzo

> > I assume that on the PCIe side, there must be an error like
> > Unsupported Request or Malformed TLP, and the R-Car controller is
> > logging that and turning it into the ARM external abort?
> > 
> > I didn't see a clear response to Pali's question about what happens if
> > there's no MMIO access, e.g., what if the downstream device initiates
> > a DMA or MSI transaction?
> 
> If the link is in this state, the packet won't reach the root complex, so
> nothing happens. And I don't see a good way to fix that option.

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook
  2021-07-27 16:32       ` Lorenzo Pieralisi
@ 2021-08-05 18:30         ` Pali Rohár
  0 siblings, 0 replies; 18+ messages in thread
From: Pali Rohár @ 2021-08-05 18:30 UTC (permalink / raw)
  To: Lorenzo Pieralisi
  Cc: Bjorn Helgaas, Geert Uytterhoeven, Marek Vasut, linux-pci,
	Marek Vasut, Bjorn Helgaas, Wolfram Sang, Yoshihiro Shimoda,
	Linux-Renesas

On Tuesday 27 July 2021 17:32:12 Lorenzo Pieralisi wrote:
> On Mon, Jul 26, 2021 at 12:49:25PM -0500, Bjorn Helgaas wrote:
> > On Mon, Jul 26, 2021 at 04:47:54PM +0200, Geert Uytterhoeven wrote:
> > > Hi Bjorn,
> > > 
> > > On Sat, Jul 17, 2021 at 7:33 PM Bjorn Helgaas <helgaas@kernel.org> wrote:
> > > > On Fri, May 14, 2021 at 10:05:49PM +0200, marek.vasut@gmail.com wrote:
> > > > > From: Marek Vasut <marek.vasut+renesas@gmail.com>
> > > > >
> > > > > The R-Car PCIe controller is capable of handling L0s/L1 link states.
> > > > > While the controller can enter and exit L0s link state, and exit L1
> > > > > link state, without any additional action from the driver, to enter
> > > > > L1 link state, the driver must complete the link state transition by
> > > > > issuing additional commands to the controller.
> > > > >
> > > > > The problem is, this transition is not atomic. The controller sets
> > > > > PMEL1RX bit in PMSR register upon reception of PM_ENTER_L1 DLLP from
> > > > > the PCIe card, but then the controller enters some sort of inbetween
> > > > > state. The driver must detect this condition and complete the link
> > > > > state transition, by setting L1IATN bit in PMCTLR and waiting for
> > > > > the link state transition to complete.
> > > > >
> > > > > If a PCIe access happens inside this window, where the controller
> > > > > is between L0 and L1 link states, the access generates a fault and
> > > > > the ARM 'imprecise external abort' handler is invoked.
> > > > >
> > > > > Just like other PCI controller drivers, here we hook the fault handler,
> > > > > perform the fixup to help the controller enter L1 link state, and then
> > > > > restart the instruction which triggered the fault. Since the controller
> > > > > is in L1 link state now, the link can exit from L1 link state to L0 and
> > > > > successfully complete the access.
> > > > >
> > > > > While it was suggested to disable L1 link state support completely on
> > > > > the controller level, this would not prevent the L1 link state entry
> > > > > initiated by the link partner. This happens e.g. in case a PCIe card
> > > > > enters D3Hot state, which could be initiated from pci_set_power_state()
> > > > > if the card indicates D3Hot support, which in turn means link must enter
> > > > > L1 state. So instead, fix up the L1 link state after all.
> > > > >
> > > > > Note that this fixup is applicable only to Aarch32 R-Car controllers,
> > > > > the Aarch64 R-Car perform the same fixup in TFA, see TFA commit [1]
> > > > > 0969397f2 ("rcar_gen3: plat: Prevent PCIe hang during L1X config access")
> > > > > [1] https://github.com/ARM-software/arm-trusted-firmware/commit/0969397f295621aa26b3d14b76dd397d22be58bf
> > > >
> > > > This patch is horribly ugly but it's working around a horrible
> > > > hardware problem, and I don't have any better suggestions, so I guess
> > > > we don't really have much choice.
> > > >
> > > > I do think the commit log is a bit glib:
> > > >
> > > >   - "The R-Car PCIe controller is capable of handling L0s/L1 link
> > > >     states."  AFAICT every PCIe device is required to handle L0 and L1
> > > >     without software assistance.  So saying R-Car is "capable" puts a
> > > >     better face on this than seems warranted.
> > > >
> > > >     L0s doesn't seem relevant at all; at least it doesn't seem to play
> > > >     a role in the patch.  There's no such thing as "returning to L0s"
> > > >     as mentioned in the comment below; L0s is only reachable from L0.
> > > >     Returns from L1 only go to L0 (PCIe r5.0, fig 5-1).
> > > >
> > > >   - "The problem is, this transition is not atomic."  I think the
> > > >     *problem* is the hardware is broken in the first place.  This
> > > >     transition is supposed to be invisible to software.
> > > >
> > > >   - "Just like other PCI controller drivers ..." suggests that this is
> > > >     an ordinary situation that we shouldn't be concerned about.  This
> > > >     patch may be the best we can do to work around a bad hardware
> > > >     defect, but it's definitely not ordinary.
> > > >
> > > >     I think the other hook_fault_code() uses are for reporting
> > > >     legitimate PCIe errors, which most controllers log and turn
> > > >     into ~0 data responses without generating an abort or machine
> > > >     check, not things caused by hardware defects, so they're not
> > > >     really comparable.
> > > >
> > > > Has Renesas documented this as an erratum?  Will future devices
> > > > require additions to rcar_pcie_abort_handler_of_match[]?
> > > >
> > > > It'd be nice if the commit log mentioned the user-visible effect of
> > > > this problem.  I guess it does mention external aborts -- I assume you
> > > > see those when downstream devices go to D3hot or when ASPM puts the
> > > > link in L1?  And the abort results in a reboot?
> > > >
> > > > To be clear, I'm not objecting to the patch.  It's a hardware problem
> > > > and we should work around it as best we can.
> > > 
> > > Cool! So what's missing for this patch, which we have been polishing
> > > for almost one year, to be applied, so innocent people can no longer
> > > lock up an R-Car system just by inserting an ubiquitous Intel Ethernet
> > > card, and suspending the system?
> > 
> > Nothing missing from my point of view, so if Lorenzo is OK with it,
> > he'll apply it.
> 
> I will apply it at some point for v5.15 - there is still some details I
> would like to investigate (disclaimer: I am not picking on this
> particular patch - it is just a really thorny issue and I want to
> understand what's the best way forward); I will update the patch and log
> accordingly, no need for a v7 (which I can post myself publicly so that
> you can have a look before I merge it).
> 
> > If I were applying it, I would make the commit log
> > something like this:
> 
> I will do it myself, see above.
> 
> >   When the link is in L1, hardware should return it to L0
> >   automatically whenever a transaction targets a component on the
> >   other end of the link (PCIe r5.0, sec 5.2).
> > 
> >   The R-Car PCIe controller doesn't handle this transition correctly.
> >   If the link is not in L0, an MMIO transaction targeting a downstream
> >   device fails, and the controller reports an ARM imprecise external
> >   abort.
> > 
> >   Work around this by hooking the abort handler so the driver can
> >   detect this situation and help the hardware complete the link state
> >   transition.
> > 
> >   When the R-Car controller receives a PM_ENTER_L1 DLLP from the
> >   downstream component, it sets PMEL1RX bit in PMSR register, but then
> >   the controller enters some sort of in-between state.  A subsequent
> >   MMIO transaction will fail, resulting in the external abort.  The
> >   abort handler detects this condition and completes the link state
> >   transition by setting the L1IATN bit in PMCTLR and waiting for the
> >   link state transition to complete.
> > 
> > I assume that on the PCIe side, there must be an error like
> > Unsupported Request or Malformed TLP, and the R-Car controller is
> > logging that and turning it into the ARM external abort?
> > 
> > I didn't see a clear response to Pali's question about what happens if
> > there's no MMIO access, e.g., what if the downstream device initiates
> > a DMA or MSI transaction?
> 
> It'd be great if I could update the log with these questions answered -
> along with others Pali asked [1] and that are very relevant.
> 
> Thanks,
> Lorenzo
> 
> [1] https://lore.kernel.org/linux-pci/20210719172340.vvtnddbli2vgxndi@pali

And also there is still unanswered question what happens with MMIO
during non-L* states (e.g. Hot Reset, Detect, Polling)?
https://lore.kernel.org/linux-pci/20210722203151.heytxzup2uti4noi@pali/

^ permalink raw reply	[flat|nested] 18+ messages in thread

end of thread, other threads:[~2021-08-05 18:30 UTC | newest]

Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-14 20:05 [PATCH V6] PCI: rcar: Add L1 link state fix into data abort hook marek.vasut
2021-05-17  7:39 ` Geert Uytterhoeven
2021-07-17 17:33 ` Bjorn Helgaas
2021-07-17 18:14   ` Marek Vasut
2021-07-19  8:59   ` Lorenzo Pieralisi
2021-07-19 15:38     ` Marek Vasut
2021-07-19 17:23     ` Pali Rohár
2021-07-19 18:39       ` Marek Vasut
2021-07-22 20:31         ` Pali Rohár
2021-07-19 22:06       ` Bjorn Helgaas
2021-07-27 16:11       ` Lorenzo Pieralisi
2021-07-27 16:16         ` Geert Uytterhoeven
2021-07-26 14:47   ` Geert Uytterhoeven
2021-07-26 17:49     ` Bjorn Helgaas
2021-07-27 16:32       ` Lorenzo Pieralisi
2021-08-05 18:30         ` Pali Rohár
2021-07-27 17:08       ` Marek Vasut
2021-08-04 11:06         ` Lorenzo Pieralisi

This is a public inbox, see mirroring instructions
on how to clone and mirror all data and code used for this inbox