| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Jun 2024 11:06:36 -0700
From: Daniel Ferguson <danielf@...amperecomputing.com>
To: Shiju Jose <shiju.jose@...wei.com>
Cc: "linux-edac@...r.kernel.org" <linux-edac@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"david@...hat.com" <david@...hat.com>,
"Vilas.Sridharan@....com" <Vilas.Sridharan@....com>,
"leo.duran@....com" <leo.duran@....com>,
"Yazen.Ghannam@....com" <Yazen.Ghannam@....com>,
"rientjes@...gle.com" <rientjes@...gle.com>,
"jiaqiyan@...gle.com" <jiaqiyan@...gle.com>,
"tony.luck@...el.com" <tony.luck@...el.com>,
"Jon.Grimm@....com" <Jon.Grimm@....com>,
"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
"rafael@...nel.org" <rafael@...nel.org>, "lenb@...nel.org"
<lenb@...nel.org>, "naoya.horiguchi@....com" <naoya.horiguchi@....com>,
"james.morse@....com" <james.morse@....com>,
"jthoughton@...gle.com" <jthoughton@...gle.com>,
"somasundaram.a@....com" <somasundaram.a@....com>,
"erdemaktas@...gle.com" <erdemaktas@...gle.com>,
"pgonda@...gle.com" <pgonda@...gle.com>,
"duenwen@...gle.com" <duenwen@...gle.com>,
"mike.malvestuto@...el.com" <mike.malvestuto@...el.com>,
"gthelen@...gle.com" <gthelen@...gle.com>,
"wschwartz@...erecomputing.com" <wschwartz@...erecomputing.com>,
"dferguson@...erecomputing.com" <dferguson@...erecomputing.com>,
"wbs@...amperecomputing.com" <wbs@...amperecomputing.com>,
"nifan.cxl@...il.com" <nifan.cxl@...il.com>,
tanxiaofei <tanxiaofei@...wei.com>, "Zengtao (B)"
<prime.zeng@...ilicon.com>,
"kangkang.shen@...urewei.com" <kangkang.shen@...urewei.com>,
wanghuiqiang <wanghuiqiang@...wei.com>, Linuxarm <linuxarm@...wei.com>,
"ira.weiny@...el.com" <ira.weiny@...el.com>,
"vishal.l.verma@...el.com" <vishal.l.verma@...el.com>,
"alison.schofield@...el.com" <alison.schofield@...el.com>,
"dave.jiang@...el.com" <dave.jiang@...el.com>,
Jonathan Cameron <jonathan.cameron@...wei.com>,
"dave@...olabs.net" <dave@...olabs.net>,
"dan.j.williams@...el.com" <dan.j.williams@...el.com>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
"linux-acpi@...r.kernel.org" <linux-acpi@...r.kernel.org>,
"linux-cxl@...r.kernel.org" <linux-cxl@...r.kernel.org>
Subject: Re: [RFC PATCH v8 10/10] ras: scrub: ACPI RAS2: Add memory ACPI RAS2
driver
On 6/7/2024 8:46 AM, Shiju Jose wrote:
> Hi Daniel,
>
> Thanks for the feedback.
>
>> -----Original Message-----
>> From: Daniel Ferguson <danielf@...amperecomputing.com>
>> Sent: 05 June 2024 22:33
>> To: Shiju Jose <shiju.jose@...wei.com>
>> Cc: linux-edac@...r.kernel.org; linux-kernel@...r.kernel.org;
>> david@...hat.com; Vilas.Sridharan@....com; leo.duran@....com;
>> Yazen.Ghannam@....com; rientjes@...gle.com; jiaqiyan@...gle.com;
>> tony.luck@...el.com; Jon.Grimm@....com; dave.hansen@...ux.intel.com;
>> rafael@...nel.org; lenb@...nel.org; naoya.horiguchi@....com;
>> james.morse@....com; jthoughton@...gle.com; somasundaram.a@....com;
>> erdemaktas@...gle.com; pgonda@...gle.com; duenwen@...gle.com;
>> mike.malvestuto@...el.com; gthelen@...gle.com;
>> wschwartz@...erecomputing.com; dferguson@...erecomputing.com;
>> wbs@...amperecomputing.com; nifan.cxl@...il.com; tanxiaofei
>> <tanxiaofei@...wei.com>; Zengtao (B) <prime.zeng@...ilicon.com>;
>> kangkang.shen@...urewei.com; wanghuiqiang <wanghuiqiang@...wei.com>;
>> Linuxarm <linuxarm@...wei.com>; ira.weiny@...el.com;
>> vishal.l.verma@...el.com; alison.schofield@...el.com; dave.jiang@...el.com;
>> Jonathan Cameron <jonathan.cameron@...wei.com>; dave@...olabs.net;
>> dan.j.williams@...el.com; linux-mm@...ck.org; linux-acpi@...r.kernel.org;
>> linux-cxl@...r.kernel.org
>> Subject: Re: [RFC PATCH v8 10/10] ras: scrub: ACPI RAS2: Add memory ACPI
>> RAS2 driver
>>
>>> +/* Context - lock must be held */
>>> +static int ras2_get_patrol_scrub_running(struct ras2_scrub_ctx *ras2_ctx,
>>> + bool *running)
>>> +{
>>> + struct acpi_ras2_ps_shared_mem __iomem *ps_sm = (void *)
>>> + ras2_ctx->pcc_subspace-
>>> pcc_comm_addr;
>>> + int ret;
>>> +
>>> + if (ras2_ctx->bg)
>>> + *running = true;
>>> +
>>> + ps_sm->common.set_capabilities[0] =
>> RAS2_SUPPORT_HW_PARTOL_SCRUB;
>>> + ps_sm->params.patrol_scrub_command =
>> RAS2_GET_PATROL_PARAMETERS;
>>
>> Need to reset the address range (base and size). A user may have previously
>> called "Enable Background" where the code zeros out these parameters.
>> ps_sm->params.requested_address_range[0] = ras2_ctx->base;
>> ps_sm->params.requested_address_range[1] = ras2_ctx->size;
> The address range is being set to the above in the ras2_hw_scrub_set_enabled_od(), because they are
> valid for on-demand scrubbing only.
>
> However the ras2_ctx->base and ras2_ctx->size are set to the
> ras2_ctx->base = ps_sm->params.actual_address_range[0];
> ras2_ctx->size = ps_sm->params.actual_address_range[1];
> in the ras2_update_patrol_scrub_params_cache(), which is called after enabling bg scrub and on-demand scrub.
> Thus ras2_ctx->base and ras2_ctx->size may have a 0 or garbage value for bg scrub because address range is not valid for bg scrubbing as perc ACPI specification. I will add checks to retain the cached address range if bg scrub is enabled.
>>
>>
>>> +
>>> + ret = ras2_send_pcc_cmd(ras2_ctx, RAS2_PCC_CMD_EXEC);
>>> + if (ret) {
>>> + dev_err(ras2_ctx->dev, "failed to read parameters\n");
>>> + return ret;
>>> + }
>>> +
>>> + *running = ps_sm->params.flags &
>>> +RAS2_PATROL_SCRUB_FLAG_SCRUBBER_RUNNING;
>>> +
>>> + return 0;
>>> +}
>>> +
>>> +static int ras2_hw_scrub_write_rate(struct device *dev, u64 rate) {
>>> + struct ras2_scrub_ctx *ras2_ctx = dev_get_drvdata(dev);
>>> + bool running;
>>> + int ret;
>>> +
>>> + guard(mutex)(&ras2_ctx->lock);
>>> + ret = ras2_get_patrol_scrub_running(ras2_ctx, &running);
>>> + if (ret)
>>> + return ret;
>>> +
>>> + if (running)
>>> + return -EBUSY;
>>
>>
>> I suggest we do not check if the patrol scrub is running when we are merely
>> updating cached values. More importantly, if we had previously wrote an invalid
>> value (that is only invalidated by firmware after executing a command), then
>> when we try to write a correct value, this "ras2_get_patrol_scrub_running"
>> check will always fail, therefore preventing us from correcting our error.
>
> In our opinion, write the rate and range etc, though updating the cached values, should be allowed only when the scrub is NOT running to avoid confusion thinking they are actually set in the running scrubber, when read them back in the userspace.
It may be that I didn't explain myself properly last time. Let me try
again.
1) This driver code does not currently check to see if an
'addr_range_base' is valid or not. Validation occurs in the platform
firmware, when either GET_PATROL_PARAMETERS or START_PATROL_SCRUBBER is
executed. If our platform firmware detects an invalid address, it raises
an error.
2) Therefore, a user can specify an invalid address, and the user will
not know that the address is invalid until after the cached parameters
(used to check if the patrol scrubber is running) are written to.
3) Now, every time the user attempts to write a value to either base,
size, or rate; the preceding call to ras2_get_patrol_scrub_running will
result in an error, and the attempt to write a different value fails.
To Conclude:
If a user specifies an invalid address, the only way to correct the
invalid address is to reboot or module reload. To me, that seems like a
show-stopper.
>>
>>> +
>>> + if (rate < ras2_ctx->rate_min || rate > ras2_ctx->rate_max)
>>> + return -EINVAL;
>>> +
>>> + ras2_ctx->rate = rate;
>>> +
>>> + return 0;
>>> +}
>>> +
>>> +static int ras2_hw_scrub_read_rate(struct device *dev, u64 *rate) {
>>> + struct ras2_scrub_ctx *ras2_ctx = dev_get_drvdata(dev);
>>> +
>>> + *rate = ras2_ctx->rate;
>>> +
>>> + return 0;
>>> +}
>>> +
>>> +static int ras2_hw_scrub_read_rate_avail(struct device *dev, u64
>>> +*min, u64 *max) {
>>> + struct ras2_scrub_ctx *ras2_ctx = dev_get_drvdata(dev);
>>> +
>>> + *min = ras2_ctx->rate_min;
>>> + *max = ras2_ctx->rate_max;
>>> +
>>> + return 0;
>>> +}
>>> +
>>> +static int ras2_hw_scrub_read_range(struct device *dev, u64 *base,
>>> +u64 *size) {
>>> + struct ras2_scrub_ctx *ras2_ctx = dev_get_drvdata(dev);
>>> +
>>> + *base = ras2_ctx->base;
>>> + *size = ras2_ctx->size;
>>> +
>>> + return 0;
>>> +}
>>> +
>>> +static int ras2_hw_scrub_write_range(struct device *dev, u64 base,
>>> +u64 size) {
>>> + struct ras2_scrub_ctx *ras2_ctx = dev_get_drvdata(dev);
>>> + bool running;
>>> + int ret;
>>> +
>>> + guard(mutex)(&ras2_ctx->lock);
>>> + ret = ras2_get_patrol_scrub_running(ras2_ctx, &running);
>>> + if (ret)
>>> + return ret;
>>> +
>>> + if (running)
>>> + return -EBUSY;
>>
>> I suggest we do not check if the patrol scrub is running. See previous comment
>> above.
> Same as above.
>
>>
>>> +
>>> + ras2_ctx->base = base;
>>> + ras2_ctx->size = size;
>>> +
>>> + return 0;
>>> +}
>>> +
>>> +static int ras2_hw_scrub_set_enabled_bg(struct device *dev, bool
>>> +enable) {
>>> + struct ras2_scrub_ctx *ras2_ctx = dev_get_drvdata(dev);
>>> + struct acpi_ras2_ps_shared_mem __iomem *ps_sm = (void *)
>>> + ras2_ctx->pcc_subspace-
>>> pcc_comm_addr;
>>> + int ret;
>>> +
>>> + guard(mutex)(&ras2_ctx->lock);
>>> + ps_sm->common.set_capabilities[0] =
>> RAS2_SUPPORT_HW_PARTOL_SCRUB;
>>> + if (enable) {
>>> + ps_sm->params.requested_address_range[0] = 0;
>>> + ps_sm->params.requested_address_range[1] = 0;
>>> + ps_sm->params.scrub_params_in &=
>> ~RAS2_PATROL_SCRUB_RATE_IN_MASK;
>>> + ps_sm->params.scrub_params_in |=
>> FIELD_PREP(RAS2_PATROL_SCRUB_RATE_IN_MASK,
>>> + ras2_ctx->rate);
>>> + ps_sm->params.patrol_scrub_command =
>> RAS2_START_PATROL_SCRUBBER;
>>> + } else {
>>> + ps_sm->params.patrol_scrub_command =
>> RAS2_STOP_PATROL_SCRUBBER;
>>> + }
>>> + ps_sm->params.scrub_params_in &=
>> ~RAS2_PATROL_SCRUB_EN_BACKGROUND;
>>> + ps_sm->params.scrub_params_in |=
>> FIELD_PREP(RAS2_PATROL_SCRUB_EN_BACKGROUND,
>>> + enable);
>>> +
>>> + ret = ras2_send_pcc_cmd(ras2_ctx, RAS2_PCC_CMD_EXEC);
>>> + if (ret) {
>>> + dev_err(ras2_ctx->dev, "%s: failed to enable(%d) background
>> scrubbing\n",
>>> + __func__, enable);
>>> + return ret;
>>> + }
>>> + ras2_ctx->bg = true;
>>> +
>>> + /* Update the cache to account for rounding of supplied parameters and
>> similar */
>>> + return ras2_update_patrol_scrub_params_cache(ras2_ctx);
>>> +}
>>> +
>>> +static int ras2_hw_scrub_get_enabled_bg(struct device *dev, bool
>>> +*enabled) {
>>> + struct ras2_scrub_ctx *ras2_ctx = dev_get_drvdata(dev);
>>> +
>>> + *enabled = ras2_ctx->bg;
>>> +
>>> + return 0;
>>> +}
>>> +
>>> +static int ras2_hw_scrub_set_enabled_od(struct device *dev, bool
>>> +enable) {
>>> + struct ras2_scrub_ctx *ras2_ctx = dev_get_drvdata(dev);
>>> + struct acpi_ras2_ps_shared_mem __iomem *ps_sm = (void *)
>>> + ras2_ctx->pcc_subspace-
>>> pcc_comm_addr;
>>> + bool enabled;
>>> + int ret;
>>> +
>>> + guard(mutex)(&ras2_ctx->lock);
>>> + ps_sm->common.set_capabilities[0] =
>> RAS2_SUPPORT_HW_PARTOL_SCRUB;
>>> + if (enable) {
>>> + if (!ras2_ctx->size) {
>>> + dev_warn(ras2_ctx->dev,
>>> + "%s: Invalid requested address range,
>> requested_address_range[0]=0x%llx "
>>> + "requested_address_range[1]=0x%llx\n",
>> __func__,
>>> + ps_sm->params.requested_address_range[0],
>>> + ps_sm->params.requested_address_range[1]);
>>> + return -ERANGE;
>>> + }
>>> + ret = ras2_get_patrol_scrub_running(ras2_ctx, &enabled);
>>> + if (ret)
>>> + return ret;
>>> +
>>> + if (enabled)
>>> + return 0;
>>> +
>>> + ps_sm->params.scrub_params_in &=
>> ~RAS2_PATROL_SCRUB_RATE_IN_MASK;
>>> + ps_sm->params.scrub_params_in |=
>> FIELD_PREP(RAS2_PATROL_SCRUB_RATE_IN_MASK,
>>> + ras2_ctx->rate);
>>> + ps_sm->params.requested_address_range[0] = ras2_ctx->base;
>>> + ps_sm->params.requested_address_range[1] = ras2_ctx->size;
>>
>>
>> We need to clear the RAS2_PATROL_SCRUB_EN_BACKGROUND bit in the input
>> parameters.
>> This is in case "Enable Background" was previously called, and this bit was set.
>>
>> ps_sm->params.scrub_params_in &=
>> ~RAS2_PATROL_SCRUB_EN_BACKGROUND;
> We need to stop background scrub if it is already running before start an on-demand scrubbing.
> The RAS2_PATROL_SCRUB_EN_BACKGROUND bit would be cleared with disable bg scrub
> with the following code
> in ras2_hw_scrub_set_enabled_bg() when disable background scrub('enable' is 0 in this case).
> ps_sm->params.scrub_params_in &= ~RAS2_PATROL_SCRUB_EN_BACKGROUND;
> ps_sm->params.scrub_params_in |= FIELD_PREP(RAS2_PATROL_SCRUB_EN_BACKGROUND,
> enable);
> Hope it make sense?
Yes, this makes sense. But, on our platform, we automatically enable
background when on-demand finishes(or is stopped). Similarly, if we
enable on-demand then we automatically disable background. So, some sort
of patrol is always on-going. The user is unable to turn them both off
at the same time.
Due to our implementation choices, this causes some weirdness with how
the driver represents enable_background and enable_on_demand
independently, since our scrubbers are not independent.
I'm going to leave this conversation here for now, because on different
platforms, maybe having independent control for background and on-demand
is desired.
>>
>>
>>> + ps_sm->params.patrol_scrub_command =
>> RAS2_START_PATROL_SCRUBBER;
>>> + } else {
>>> + ps_sm->params.patrol_scrub_command =
>> RAS2_STOP_PATROL_SCRUBBER;
>>> + }
>>> +
>>> + ret = ras2_send_pcc_cmd(ras2_ctx, RAS2_PCC_CMD_EXEC);
>>> + if (ret) {
>>> + dev_err(ras2_ctx->dev, "failed to enable(%d) the demand
>> scrubbing\n", enable);
>>> + return ret;
>>> + }
>>> + ras2_ctx->bg = false;
>>> +
>>> + return ras2_update_patrol_scrub_params_cache(ras2_ctx);
>>> +}
>>
>>
> Thanks,
> Shiju
Powered by blists - more mailing lists