lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 12 Dec 2022 14:41:11 +0530
From:   Siddharth Vadapalli <s-vadapalli@...com>
To:     Nathan Rossi <nathan@...hanrossi.com>,
        Bjorn Helgaas <helgaas@...nel.org>
CC:     <linux-pci@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        Nathan Rossi <nathan.rossi@...i.com>,
        Bjorn Helgaas <bhelgaas@...gle.com>,
        "Maciej W. Rozycki" <macro@...am.me.uk>, <s-vadapalli@...com>
Subject: Re: [PATCH] PCI/ASPM: Wait for data link active after retraining

Hello,

On 14/11/22 09:29, Nathan Rossi wrote:
> On Thu, 10 Nov 2022 at 03:34, Bjorn Helgaas <helgaas@...nel.org> wrote:
>>
>> [+cc Maciej for similar retrain issue]
>>
>> On Tue, Nov 08, 2022 at 04:29:44PM -0600, Bjorn Helgaas wrote:
>>> On Thu, Jun 02, 2022 at 06:55:44AM +0000, Nathan Rossi wrote:
>>>> From: Nathan Rossi <nathan.rossi@...i.com>
>>>>
>>>> When retraining the link either the child or the parent device may have
>>>> the data link layer state machine of the respective devices move out of
>>>> the active state despite the physical link training being completed.
>>>> Depending on how long is takes for the devices to return to the active
>>>> state, the device may not be ready and any further reads/writes to the
>>>> device can fail.
>>>>
>>>> This issue is present with the pci-mvebu controller paired with a device
>>>> supporting ASPM but without advertising the Slot Clock, where during
>>>> boot the pcie_aspm_cap_init call would cause common clocks to be made
>>>> consistent and then retrain the link. However the data link layer would
>>>> not be active before any device initialization (e.g. ASPM capability
>>>> queries, BAR configuration) causing improper configuration of the device
>>>> without error.
>>>>
>>>> To ensure the child device is accessible, after the link retraining use
>>>> pcie_wait_for_link to perform the associated state checks and any needed
>>>> delays.
>>>>
>>>> Signed-off-by: Nathan Rossi <nathan.rossi@...i.com>
>>>> ---
>>>>  drivers/pci/pcie/aspm.c | 3 ++-
>>>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c
>>>> index a96b7424c9..4b8a1810be 100644
>>>> --- a/drivers/pci/pcie/aspm.c
>>>> +++ b/drivers/pci/pcie/aspm.c
>>>> @@ -288,7 +288,8 @@ static void pcie_aspm_configure_common_clock(struct pcie_link_state *link)
>>>>             reg16 &= ~PCI_EXP_LNKCTL_CCC;
>>>>     pcie_capability_write_word(parent, PCI_EXP_LNKCTL, reg16);
>>>>
>>>> -   if (pcie_retrain_link(link))
>>>> +   /* Retrain link and then wait for the link to become active */
>>>> +   if (pcie_retrain_link(link) && pcie_wait_for_link(parent, true))
>>>
>>> pcie_retrain_link() waits for PCI_EXP_LNKSTA_LT (Link Training) to be
>>> cleared, which means the LTSSM has exited the Configuration/Recovery
>>> state.  pcie_wait_for_link() waits for PCI_EXP_LNKSTA_DLLLA (Data Link
>>> Layer Link Active) to be set, which means the link is in DL_Active.
>>>
>>> I don't see an explicit procedure in the spec for determining when
>>> a link retrain is complete, but from PCIe r6.0, sec 6.2.11 (DPC):
>>>
>>>   After software releases the Downstream Port from DPC, the Port’s
>>>   LTSSM must transition to the Detect state, where the Link will
>>>   attempt to retrain. Software can use Data Link Layer State Changed
>>>   interrupts, DL_ACTIVE ERR_COR signaling, or both, to signal when the
>>>   Link reaches the DL_Active state again.
>>>
>>> and sec 6.6:
>>>
>>>   On the completion of Link Training (entering the DL_Active state,
>>>   see Section 3.2), a component must be able to receive and process
>>>   TLPs and DLLPs.
>>>
>>> The only use mentioned in the spec for the Link Training bit is the
>>> implementation note in sec 7.5.3.7 about avoiding race conditions when
>>> using the Retrain Link bit, where software should poll Link Training
>>> until it returns to zero before setting the Retrain Link bit to change
>>> link parameters.
>>>
>>> And I think you're absolutely right that what we *want* here is the
>>> data link layer DL_Active state, not just the link layer L0 state.
>>>
>>> This all makes me think that checking the Link Training bit might be
>>> the wrong thing to begin with.
>>>
>>> Of course, the Data Link Layer Link Active bit wasn't added until PCIe
>>> r1.1, and even now it's optional.  Without it, I don't know if there's
>>> a way to make sure the link is in DL_Active.
> 
> My understanding is there is no way to check for the DL_Active state
> on these devices. Which is why pcie_wait_for_link_delay uses a fixed
> delay in that case.

In TI's J721E SoC, the PCIe controller doesn't report the Data Link
State. The bit is hardwired to zero. However, the status of the Data
Link is reported via a set of user specific registers, which aren't a
part of the standard PCIe registers. With this, I was able to observe
that despite the PCI_EXP_LNKSTA_LT bit being cleared, the Data Link
initialization was still ongoing. This leads to a race condition if it
isn't ensured that the Data Link initialization is complete before the
PCI core attempts to obtain the configuration space addresses via the
map_bus call. Based on the scheduling, it is possible for the kernel to
crash, and I was able to observe this in my setup.

With this patch applied, the issue is fixed.

Tested-by: Siddharth Vadapalli <s-vadapalli@...com>

Regards,
Siddharth.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ