lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <YQApJBcXV+ZoU9Nd@unreal>
Date:   Tue, 27 Jul 2021 18:41:24 +0300
From:   Leon Romanovsky <leon@...nel.org>
To:     Dongdong Liu <liudongdong3@...wei.com>
Cc:     Logan Gunthorpe <logang@...tatee.com>, helgaas@...nel.org,
        hch@...radead.org, kw@...ux.com, linux-pci@...r.kernel.org,
        rajur@...lsio.com, hverkuil-cisco@...all.nl,
        linux-media@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH V6 7/8] PCI: Add "pci=disable_10bit_tag=" parameter for
 peer-to-peer support

On Tue, Jul 27, 2021 at 10:30:40PM +0800, Dongdong Liu wrote:
> 
> 
> On 2021/7/27 19:05, Leon Romanovsky wrote:
> > On Mon, Jul 26, 2021 at 09:48:57AM -0600, Logan Gunthorpe wrote:
> > > 
> > > 
> > > On 2021-07-25 12:39 a.m., Leon Romanovsky wrote:
> > > > On Fri, Jul 23, 2021 at 10:20:50AM -0600, Logan Gunthorpe wrote:
> > > > > 
> > > > > 
> > > > > 
> > > > > On 2021-07-23 5:32 a.m., Leon Romanovsky wrote:
> > > > > > On Fri, Jul 23, 2021 at 07:06:41PM +0800, Dongdong Liu wrote:
> > > > > > > PCIe spec 5.0 r1.0 section 2.2.6.2 says that if an Endpoint supports
> > > > > > > sending Requests to other Endpoints (as opposed to host memory), the
> > > > > > > Endpoint must not send 10-Bit Tag Requests to another given Endpoint
> > > > > > > unless an implementation-specific mechanism determines that the Endpoint
> > > > > > > supports 10-Bit Tag Completer capability. Add "pci=disable_10bit_tag="
> > > > > > > parameter to disable 10-Bit Tag Requester if the peer device does not
> > > > > > > support the 10-Bit Tag Completer. This will make P2P traffic safe.
> > > > > > > 
> > > > > > > Signed-off-by: Dongdong Liu <liudongdong3@...wei.com>
> > > > > > > ---
> > > > > > >  Documentation/admin-guide/kernel-parameters.txt |  7 ++++
> > > > > > >  drivers/pci/pci.c                               | 56 +++++++++++++++++++++++++
> > > > > > >  drivers/pci/pci.h                               |  1 +
> > > > > > >  drivers/pci/pcie/portdrv_pci.c                  | 13 +++---
> > > > > > >  drivers/pci/probe.c                             |  9 ++--
> > > > > > >  5 files changed, 78 insertions(+), 8 deletions(-)
> > > > > > > 
> > > > > > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> > > > > > > index bdb2200..c2c4585 100644
> > > > > > > --- a/Documentation/admin-guide/kernel-parameters.txt
> > > > > > > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > > > > > > @@ -4019,6 +4019,13 @@
> > > > > > >  				bridges without forcing it upstream. Note:
> > > > > > >  				this removes isolation between devices and
> > > > > > >  				may put more devices in an IOMMU group.
> > > > > > > +		disable_10bit_tag=<pci_dev>[; ...]
> > > > > > > +				  Specify one or more PCI devices (in the format
> > > > > > > +				  specified above) separated by semicolons.
> > > > > > > +				  Disable 10-Bit Tag Requester if the peer
> > > > > > > +				  device does not support the 10-Bit Tag
> > > > > > > +				  Completer.This will make P2P traffic safe.
> > > > > > 
> > > > > > I can't imagine more awkward user experience than such kernel parameter.
> > > > > > 
> > > > > > As a user, I will need to boot the system, hope for the best that system
> > > > > > works, write down all PCI device numbers, guess which one doesn't work
> > > > > > properly, update grub with new command line argument and reboot the
> > > > > > system. Any HW change and this dance should be repeated.
> > > > > 
> > > > > There are already two such PCI parameters with this pattern and they are
> > > > > not that awkward. pci_dev may be specified with either vendor/device IDS
> > > > > or with a path of BDFs (which protects against renumbering).
> > > > 
> > > > Unfortunately, in the real world, BDF is not so stable. It changes with
> > > > addition of new hardware, BIOS upgrades and even broken servers.
> > > 
> > > That's why it supports using a *path* of BDFs which tends not to catch
> > > the wrong device if the topology changes.
> > > 
> > > > Vendor/device IDs doesn't work if you have multiple devices of same
> > > > vendor in the system.
> > > 
> > > Yes, but it's fine for some use cases. That's why there's a range of
> > > options.
> > 
> > The thing is that you are adding PCI parameter that is applicable to everyone.
> > 
> > We probably see different usage models for this feature. In my world, users
> > have thousands of servers that runs 24x7, with VMs on top, some of them perform
> > FW upgrades without stopping anything. The idea that you can reboot such server
> > any time, simply doesn't exist.
> > 
> > So if I need to enable/disable this feature for one of the VFs, I will be stuck.
> > 
> > > 
> > > > > 
> > > > > This flag is only useful in P2PDMA traffic, and if the user attempts
> > > > > such a transfer, it prints a warning (see the next patch) with the exact
> > > > > parameter that needs to be added to the command line.
> > > > 
> > > > Dongdong citied PCI spec and it was very clear - don't enable this
> > > > feature unless you clearly know that it is safe to enable. This is
> > > > completely opposite to the proposal here - always enable and disable
> > > > if something is printed to the dmesg.
> > > 
> > > Quoting from patch 4:
> > > 
> > > "For platforms where the RC supports 10-Bit Tag Completer capability,
> > > it is highly recommended for platform firmware or operating software
> > > that configures PCIe hierarchies to Set the 10-Bit Tag Requester Enable
> > > bit automatically in Endpoints with 10-Bit Tag Requester capability.
> > > This enables the important class of 10-Bit Tag capable adapters that
> > > send Memory Read Requests only to host memory."
> > > 
> > > Notice the last sentence. It's saying that devices who only talk to host
> > > memory should have 10-bit tags enabled. In the kernel we call devices
> > > that talk to things besides host memory "P2PDMA". So the spec is saying
> > > not to enable 10bit tags for devices participating in P2PDMA. The kernel
> > > needs a way to allow users to do that. The kernel parameter only stops
> > > the feature from being enabled for a specific device, and the only
> > > use-case is P2PDMA which is not that common and requires the user to be
> > > aware of their topology. So I really don't think this is that big a problem.
> > 
> > I'm not question the feature and the need of configuration. My concern
> > is just *how* this feature is configured.
> > 
> > > 
> > > > > 
> > > > > This has worked well for disable_acs_redir and was used for
> > > > > resource_alignment before that for quite some time. So save a better
> > > > > suggestion I think this is more than acceptable.
> > > > 
> > > > I don't know about other parameters and their history, but we are not in
> > > > 90s anymore and addition of modules parameters (for the PCI it is kernel
> > > > cmdline arguments) are better to be changed to some configuration tool/sysfs.
> > > 
> > > The problem was that the ACS bits had to be set before the kernel
> > > enumerated the devices. The IOMMU code simply was not able to support
> > > dynamic adjustments to its groups. I assume changing 10bit tags
> > > dynamically is similarly tricky -- but if it's not then, yes a sysfs
> > > interface in addition to the kernel parameter would be a good idea.
> > 
> > I think that it is doable with combination of drivers_autoprobe disable
> > and some sysfs knob to enable/disable this feature before driver bind.
> > 
> > It should be very similar to that we did for the dynamic MSI-X, see
> > /sys/bus/pci/devices/.../sriov_vf_msix_count
> 
> Many thanks for your suggestion.
> 
> Seems a sysfs could be work ok,  but need to make sure 10-Bit Tag Requester
> to be set before binding the device driver as
> PCIe spec 5.0 section 7.5.3.16 Device Control 2 Register
> 10-Bit Tag Requester Enable says that
> If software changes the value of this bit while the Function
> has outstanding Non-Posted Requests, the result is undefined.

This is where drivers_autoprobe will help.

Thanks


> 
> Thanks,
> Dongdong
> > 
> > Thanks
> > 
> > > 
> > > Logan
> > .
> >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ