Message ID | 20210310180306.1588376-2-Jonathan.Cameron@huawei.com |
---|---|
State | Superseded |
Headers | show |
Series | PCI Data Object Exchange support + CXL CDAT | expand |
Hey Jonathan, happy to see this, some comments below... On Wed, Mar 10, 2021 at 10:08 AM Jonathan Cameron <Jonathan.Cameron@huawei.com> wrote: > > Introduced in an ECN to the PCI 5.0, DOE provides a config space > based mailbox with standard protocol discovery. Each mailbox > is accessed through a DOE PCIE Extended Capability. > > A device may have 1 or more DOE mailboxes, each of which is allowed > to support any number of protocols (some DOE protocols > specifications apply additional restrictions). A given protocol > may be supported on more than one DOE mailbox on a given function. Are all those protocol instances shared? I'm trying to mental model whether, for example, an auxiliary driver instance could be loaded per DOE mailbox, or if there would need to be coordination of a given protocol no matter how many DOE mailboxes on that device implemented that protocol. > > The current infrastructure is fairly simplistic and pushes the burden > of handling this many-to-many relantionship to the drivers. In many s/relantionship/relationship/ > cases the arrangement will be static, making this straight forward. > > Open questions: > * timeouts: The DOE specification allows for 1 second for some > operations, but notes that specific protocols may have different > requirements. Should we introduce the flexiblity now, or leave s/flexiblity/flexibility/ > that to be implemented when support for such a protocol is added? If the timeout is property of the protocol then perhaps it should wait and not be modeled at the transport level, but that's just an initial reaction. I have not spent quality time with the DOE spec. > * DOE mailboxes may use MSI / MSIX to signal that the have prepared > a response. These require normal conditions are setup by the driver. > Should we move some of this into the DOE support (such as ensuring > bus mastering is enabled)? DOE support seems suitable to just be a library and leave the host-device management to the host driver. > Testing conducted against QEMU using: > > https://lore.kernel.org/qemu-devel/1612900760-7361-1-git-send-email-cbrowy@avery-design.com/ > + fix for interrupt flag mentioned in that thread. > I came across this the other day and made me wonder about SPDM emulation as another test case: https://cfp.osfc.io/media/osfc2020/submissions/ECQ88N/resources/An_open_source_SPDM_implementation_for_secure_devi_kmIgAQe.pdf > Additional testing to be done, particularly around error handling. > > Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> > --- > drivers/pci/pcie/Kconfig | 8 + > drivers/pci/pcie/Makefile | 1 + > drivers/pci/pcie/doe.c | 284 ++++++++++++++++++++++++++++++++++ > include/linux/pcie-doe.h | 35 +++++ > include/uapi/linux/pci_regs.h | 29 +++- > 5 files changed, 356 insertions(+), 1 deletion(-) > > diff --git a/drivers/pci/pcie/Kconfig b/drivers/pci/pcie/Kconfig > index 45a2ef702b45..f1cada7790fd 100644 > --- a/drivers/pci/pcie/Kconfig > +++ b/drivers/pci/pcie/Kconfig > @@ -142,3 +142,11 @@ config PCIE_EDR > the PCI Firmware Specification r3.2. Enable this if you want to > support hybrid DPC model which uses both firmware and OS to > implement DPC. > + > +config PCIE_DOE > + bool "PCI Express Data Object Exchange support" Make this tristate. It's a library that a driver can use and there's nothing in the implementation that I can see that requires this support to be built-in. > + help > + This enables library support PCI Data Object Exchange capability. I'm not sure this option deserves help text to make it selectable by the user. It should only be something that a driver selects. I.e. unlike the other port services (DPC, PME, AER, etc...), nothing happens by default if the user turns this on. > + DOE provides a simple mailbox in PCI express config space that is > + used by a number of different protocols. > + It is defined in he Data Object Exchnage ECN to PCI 5.0. If the help text stays, or gets turned into a comment: s/he Data Object Exchnage/the Data Object Exchange (DOE)/ > diff --git a/drivers/pci/pcie/Makefile b/drivers/pci/pcie/Makefile > index b2980db88cc0..801fdd5fbfc1 100644 > --- a/drivers/pci/pcie/Makefile > +++ b/drivers/pci/pcie/Makefile > @@ -13,3 +13,4 @@ obj-$(CONFIG_PCIE_PME) += pme.o > obj-$(CONFIG_PCIE_DPC) += dpc.o > obj-$(CONFIG_PCIE_PTM) += ptm.o > obj-$(CONFIG_PCIE_EDR) += edr.o > +obj-$(CONFIG_PCIE_DOE) += doe.o > diff --git a/drivers/pci/pcie/doe.c b/drivers/pci/pcie/doe.c > new file mode 100644 > index 000000000000..b091ef379362 > --- /dev/null > +++ b/drivers/pci/pcie/doe.c > @@ -0,0 +1,284 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * Data Object Exchange was added to the PCI spec as an ECN to 5.0. Perhaps just put the ECN link here? > + * > + * Copyright (C) 2021 Huawei > + * Jonathan Cameron <Jonathan.Cameron@huawei.com> > + */ > + > +#include <linux/bitfield.h> > +#include <linux/delay.h> > +#include <linux/jiffies.h> > +#include <linux/mutex.h> > +#include <linux/pci.h> > +#include <linux/pcie-doe.h> > + > +static irqreturn_t doe_irq(int irq, void *data) > +{ > + struct pcie_doe *doe = data; > + struct pci_dev *pdev = doe->pdev; > + u32 val; > + > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, &val); > + if (FIELD_GET(PCI_DOE_STATUS_INT_STATUS, val)) { > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, > + val); > + complete(&doe->c); > + return IRQ_HANDLED; > + } > + /* Leave the error case to be handled outside irq */ > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > + complete(&doe->c); > + return IRQ_HANDLED; > + } Only one DOE command can be outstanding at a time per PCI device? This seems insufficient in the multi-mailbox case / feels like there should be a 'struct pcie_doe_request' object to track what it is to be completed. > + > + return IRQ_NONE; > +} > + > +static int pcie_doe_abort(struct pcie_doe *doe) > +{ > + struct pci_dev *pdev = doe->pdev; > + int retry = 0; > + u32 val; > + > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_CTRL, > + PCI_DOE_CTRL_ABORT); > + /* Abort is allowed to take up to 1 second */ > + do { > + retry++; > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, > + &val); > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val) && > + !FIELD_GET(PCI_DOE_STATUS_BUSY, val)) > + return 0; > + usleep_range(1000, 2000); > + } while (retry < 1000); > + > + return -EIO; What's the state of the mailbox after an abort failure? > +} > + > +/** > + * pcie_doe_init() - Initialise a Data Object Exchange mailbox > + * @doe: state structure for the DOE mailbox > + * @pdev: pci device which has this DOE mailbox > + * @doe_offset: offset in configuration space of the DOE extended capability. > + * @use_int: whether to use the optional interrupt > + * Returns: 0 on success, <0 on error > + * > + * Caller responsible for calling pci_alloc_irq_vectors() including DOE > + * interrupt. > + */ > +int pcie_doe_init(struct pcie_doe *doe, struct pci_dev *pdev, int doe_offset, > + bool use_int) > +{ > + u32 val; > + int rc; > + > + mutex_init(&doe->lock); > + init_completion(&doe->c); > + doe->cap_offset = doe_offset; > + doe->pdev = pdev; > + /* Reset the mailbox by issuing an abort */ > + rc = pcie_doe_abort(doe); > + if (rc) > + return rc; > + > + pci_read_config_dword(pdev, doe_offset + PCI_DOE_CAP, &val); > + > + if (use_int && FIELD_GET(PCI_DOE_CAP_INT, val)) { > + rc = devm_request_irq(&pdev->dev, Lets not hide devm semantics from the caller, so at a minimum this function should be called pcim_pcie_doe_init() to indicate to the caller that it has placed something into the devm stack. However, this may not be convenient for the caller. I'd leave it to the user to call a pcie_doe() unregister routine via devm_add_action_or_reset() if it wants. Lastly, I don't expect _init() routines to fail so perhaps split this into pure "init" and "register" functionality? > + pci_irq_vector(pdev, > + FIELD_GET(PCI_DOE_CAP_IRQ, val)), > + doe_irq, 0, "DOE", doe); > + if (rc) > + return rc; > + > + doe->use_int = use_int; > + pci_write_config_dword(pdev, doe_offset + PCI_DOE_CTRL, > + FIELD_PREP(PCI_DOE_CTRL_INT_EN, 1)); > + } > + > + return 0; > +} > + > + > +/** > + * pcie_doe_exchange() - Send a request and receive a response > + * @doe: DOE mailbox state structure > + * @request: request data to be sent > + * @request_sz: size of request in bytes > + * @response: buffer into which to place the response > + * @response_sz: size of available response buffer in bytes > + * > + * Return: 0 on success, < 0 on error > + * Excess data will be discarded. > + */ > +int pcie_doe_exchange(struct pcie_doe *doe, u32 *request, size_t request_sz, > + u32 *response, size_t response_sz) Are requests made against a specific protocol? This interface feels under-decorated for a public API for host-drivers to use. > +{ > + struct pci_dev *pdev = doe->pdev; > + int ret = 0; > + int i; > + u32 val; > + int retry = -1; > + size_t length; > + > + /* DOE requests must be a whole number of DW */ > + if (request_sz % sizeof(u32)) > + return -EINVAL; > + > + /* Need at least 2 DW to get the length */ > + if (response_sz < 2 * sizeof(u32)) > + return -EINVAL; > + > + mutex_lock(&doe->lock); > + /* > + * Check the DOE busy bit is not set. > + * If it is set, this could indicate someone other than Linux is > + * using the mailbox. > + */ Ugh, makes me think we need to extend the support for blocking pci device MMIO while a driver is attached to config-space as well. How can a communication protocol work if initiators can trample each other's state? > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, &val); > + if (FIELD_GET(PCI_DOE_STATUS_BUSY, val)) { > + ret = -EBUSY; > + goto unlock; > + } > + > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > + ret = pcie_doe_abort(doe); > + if (ret) > + goto unlock; > + } > + > + for (i = 0; i < request_sz / 4; i++) > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_WRITE, > + request[i]); > + > + reinit_completion(&doe->c); > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_CTRL, > + PCI_DOE_CTRL_GO); > + > + if (doe->use_int) { > + /* > + * Timeout of 1 second from 6.xx.1 ECN - Data Object Exchange > + * Note a protocol is allowed to specify a different timeout, so > + * that may need supporting in future. > + */ > + if (!wait_for_completion_timeout(&doe->c, > + msecs_to_jiffies(1000))) { s/msecs_to_jiffies(1000)/HZ/ > + ret = -ETIMEDOUT; > + goto unlock; > + } > + > + pci_read_config_dword(pdev, > + doe->cap_offset + PCI_DOE_STATUS, > + &val); > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > + pcie_doe_abort(doe); > + ret = -EIO; > + goto unlock; > + } > + } else { > + do { > + retry++; > + pci_read_config_dword(pdev, > + doe->cap_offset + PCI_DOE_STATUS, > + &val); > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > + pcie_doe_abort(doe); > + ret = -EIO; > + goto unlock; > + } > + > + if (FIELD_GET(PCI_DOE_STATUS_DATA_OBJECT_READY, val)) > + break; > + usleep_range(1000, 2000); > + } while (retry < 1000); > + if (!FIELD_GET(PCI_DOE_STATUS_DATA_OBJECT_READY, val)) { > + ret = -ETIMEDOUT; > + goto unlock; Rather than a lock and polling loop I'd organize this as a single threaded delayed_workqueue that periodically services requests or immediately runs the workqueue upon receipt of an interrupt. This provides a software queuing model that can optionally be treated as async / sync depending on the use case. > + } > + } > + > + /* Read the first two dwords to get the length */ > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, > + &response[0]); > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, > + &response[1]); > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); > + length = FIELD_GET(PCI_DOE_DATA_OBJECT_HEADER_2_LENGTH, > + response[1]); > + if (length > SZ_1M) > + return -EIO; > + > + for (i = 2; i < min(length, response_sz / 4); i++) { > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, > + &response[i]); > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); > + } > + /* flush excess length */ > + for (; i < length; i++) { > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, > + &val); > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); > + } > + /* Final error check to pick up on any since Data Object Ready */ > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, &val); > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > + pcie_doe_abort(doe); > + ret = -EIO; > + } > +unlock: > + mutex_unlock(&doe->lock); > + > + return ret; > +} > + > + > +static int pcie_doe_discovery(struct pcie_doe *doe, u8 *index, u16 *vid, u8 *protocol) > +{ > + u32 request[3] = { Should this be a proper struct with named fields rather than an array? > + [0] = FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_1_VID, 0001) | > + FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_1_TYPE, 0), > + [1] = FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_2_LENGTH, 3), > + [2] = FIELD_PREP(PCI_DOE_DATA_OBJECT_DISC_REQ_3_INDEX, *index) > + }; > + u32 response[3]; > + int ret; > + > + ret = pcie_doe_exchange(doe, request, sizeof(request), response, sizeof(response)); > + if (ret) > + return ret; > + > + *vid = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_VID, response[2]); > + *protocol = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_PROTOCOL, response[2]); > + *index = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_NEXT_INDEX, response[2]); > + > + return 0; > +} > + > +/** > + * pcie_doe_protocol_check() - check if this DOE mailbox supports specific protocol > + * @doe: DOE state structure > + * @vid: Vendor ID > + * @protocol: Protocol number as defined by Vendor > + * Returns: 0 on success, <0 on error > + */ > +int pcie_doe_protocol_check(struct pcie_doe *doe, u16 vid, u8 protocol) Not clear to me that this is a comfortable API for a driver. I would expect that at registration time all the supported protocols would be retrieved and cached in the 'struct pcie_doe' context and then the host driver could query from there without going back to the device again. > +{ > + u8 index = 0; > + > + do { > + u8 this_protocol; > + u16 this_vid; > + int ret; > + > + ret = pcie_doe_discovery(doe, &index, &this_vid, &this_protocol); > + if (ret) > + return ret; > + if (this_vid == vid && this_protocol == protocol) > + return 0; > + } while (index); > + > + return -ENODEV; > +} > diff --git a/include/linux/pcie-doe.h b/include/linux/pcie-doe.h > new file mode 100644 > index 000000000000..36eaa8532254 > --- /dev/null > +++ b/include/linux/pcie-doe.h > @@ -0,0 +1,35 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > +/* > + * Data Object Exchange was added to the PCI spec as an ECN to 5.0. > + * > + * Copyright (C) 2021 Huawei > + * Jonathan Cameron <Jonathan.Cameron@huawei.com> > + */ > + > +#include <linux/completion.h> > +#include <linux/mutex.h> > + > +#ifndef LINUX_PCIE_DOE_H > +#define LINUX_PCIE_DOE_H > +/** > + * struct pcie_doe - State to support use of DOE mailbox > + * @lock: Ensure users of the mailbox are serialized > + * @cap_offset: Config space offset to base of DOE capability. > + * @pdev: PCI device that hosts this DOE. > + * @c: Completion used for interrupt handling. > + * @use_int: Flage to indicate if interrupts rather than polling used. > + */ > +struct pcie_doe { > + struct mutex lock; > + int cap_offset; s/cap_offset/cap/ ...to save some typing and be more idiomatic with other PCIE capability based drivers. > + struct pci_dev *pdev; > + struct completion c; > + bool use_int; Typically the polarity of this variable is flipped to whether polled operation is enabled or not. I.e. s/use_int/poll/. > +}; > + > +int pcie_doe_init(struct pcie_doe *doe, struct pci_dev *dev, int doe_offset, > + bool use_int); > +int pcie_doe_exchange(struct pcie_doe *doe, u32 *request, size_t request_sz, > + u32 *response, size_t response_sz); > +int pcie_doe_protocol_check(struct pcie_doe *doe, u16 vid, u8 protocol); > +#endif > diff --git a/include/uapi/linux/pci_regs.h b/include/uapi/linux/pci_regs.h > index e709ae8235e7..4d8a5fee2cdf 100644 > --- a/include/uapi/linux/pci_regs.h > +++ b/include/uapi/linux/pci_regs.h > @@ -730,7 +730,8 @@ > #define PCI_EXT_CAP_ID_DVSEC 0x23 /* Designated Vendor-Specific */ > #define PCI_EXT_CAP_ID_DLF 0x25 /* Data Link Feature */ > #define PCI_EXT_CAP_ID_PL_16GT 0x26 /* Physical Layer 16.0 GT/s */ > -#define PCI_EXT_CAP_ID_MAX PCI_EXT_CAP_ID_PL_16GT > +#define PCI_EXT_CAP_ID_DOE 0x2E /* Data Object Exchange */ > +#define PCI_EXT_CAP_ID_MAX PCI_EXT_CAP_ID_DOE > > #define PCI_EXT_CAP_DSN_SIZEOF 12 > #define PCI_EXT_CAP_MCAST_ENDPOINT_SIZEOF 40 > @@ -1092,4 +1093,30 @@ > #define PCI_PL_16GT_LE_CTRL_USP_TX_PRESET_MASK 0x000000F0 > #define PCI_PL_16GT_LE_CTRL_USP_TX_PRESET_SHIFT 4 > > +/* Data Object Exchange */ > +#define PCI_DOE_CAP 0x04 /* DOE Capabilities Register */ > +#define PCI_DOE_CAP_INT 0x00000001 /* Interrupt Support */ > +#define PCI_DOE_CAP_IRQ 0x00000ffe /* Interrupt Message Number */ > +#define PCI_DOE_CTRL 0x08 /* DOE Control Register */ > +#define PCI_DOE_CTRL_ABORT 0x00000001 /* DOE Abort */ > +#define PCI_DOE_CTRL_INT_EN 0x00000002 /* DOE Interrupt Enable */ > +#define PCI_DOE_CTRL_GO 0x80000000 /* DOE Go */ > +#define PCI_DOE_STATUS 0x0C /* DOE Status Register */ > +#define PCI_DOE_STATUS_BUSY 0x00000001 /* DOE Busy */ > +#define PCI_DOE_STATUS_INT_STATUS 0x00000002 /* DOE Interrupt Status */ > +#define PCI_DOE_STATUS_ERROR 0x00000004 /* DOE Error */ > +#define PCI_DOE_STATUS_DATA_OBJECT_READY 0x80000000 /* Data Object Ready */ > +#define PCI_DOE_WRITE 0x10 /* DOE Write Data Mailbox Register */ > +#define PCI_DOE_READ 0x14 /* DOE Read Data Mailbox Register */ > + > +/* DOE Data Object - note not actually registers */ > +#define PCI_DOE_DATA_OBJECT_HEADER_1_VID 0x0000FFFF > +#define PCI_DOE_DATA_OBJECT_HEADER_1_TYPE 0x00FF0000 > +#define PCI_DOE_DATA_OBJECT_HEADER_2_LENGTH 0x0003FFFF > + > +#define PCI_DOE_DATA_OBJECT_DISC_REQ_3_INDEX 0x000000FF > +#define PCI_DOE_DATA_OBJECT_DISC_RSP_3_VID 0x0000FFFF > +#define PCI_DOE_DATA_OBJECT_DISC_RSP_3_PROTOCOL 0x00FF0000 > +#define PCI_DOE_DATA_OBJECT_DISC_RSP_3_NEXT_INDEX 0xFF000000 > + > #endif /* LINUX_PCI_REGS_H */ > -- > 2.19.1 >
On Mon, 15 Mar 2021 12:45:49 -0700 Dan Williams <dan.j.williams@intel.com> wrote: > Hey Jonathan, happy to see this, some comments below... Hi Dan, Thanks for taking a look! > > On Wed, Mar 10, 2021 at 10:08 AM Jonathan Cameron > <Jonathan.Cameron@huawei.com> wrote: > > > > Introduced in an ECN to the PCI 5.0, DOE provides a config space > > based mailbox with standard protocol discovery. Each mailbox > > is accessed through a DOE PCIE Extended Capability. > > > > A device may have 1 or more DOE mailboxes, each of which is allowed > > to support any number of protocols (some DOE protocols > > specifications apply additional restrictions). A given protocol > > may be supported on more than one DOE mailbox on a given function. > > Are all those protocol instances shared? > I'm trying to mental model > whether, for example, an auxiliary driver instance could be loaded per > DOE mailbox, or if there would need to be coordination of a given > protocol no matter how many DOE mailboxes on that device implemented > that protocol. Just to check I've understood corectly, you mean multiple instances of same protocol across different DOE mailboxes on a given device? At DOE ECN level I don't think it is actually defined if they can interact or not. I've trawled though the released protocols that I know of to see if there is a consensus but not finding much information. I would argue however that there would be no reason to have the OS make use of more than one DOE mailbox for the same protocol. Bit fiddly to handle, but doesn't seem impossible to only register a protocol with first DOE that supports it. CMA does talk about use of multiple methods to communicate with the device and the need for results consistency. However that is referring to out of band vs DOE rather than multiple DOEs. Plus it isn't making statements about protocol coordination just responses to particular queries. Things might get crazy if you tried to do IDE setup from two different DOE mailboxes. The IDE ECN refers to "the specific instance of DOE used for..." implying I think that there might be multiple but software should only use one of them? My other gut feeling is that only some of the DOE mailboxes are ever going to be in the control of Linux. IDE calls out models where firmware or a TEE is responsible for it for example. I'm not sure how that is going to be communicated to the OS (can guess of course) Sub drivers are a plausible model that I'll think about some more - but for now it feels like too early to go that way.. > > > > > The current infrastructure is fairly simplistic and pushes the burden > > of handling this many-to-many relantionship to the drivers. In many > > s/relantionship/relationship/ > > > cases the arrangement will be static, making this straight forward. > > > > Open questions: > > * timeouts: The DOE specification allows for 1 second for some > > operations, but notes that specific protocols may have different > > requirements. Should we introduce the flexiblity now, or leave > > s/flexiblity/flexibility/ Gah. One day I'll remember to spell check. Sorry about that. > > > that to be implemented when support for such a protocol is added? > > If the timeout is property of the protocol then perhaps it should wait > and not be modeled at the transport level, but that's just an initial > reaction. I have not spent quality time with the DOE spec. I'm not sure it's possible to do so without breaking the abstraction of DOE request / response into a bunch of messy sub steps. Perhaps there is a clean way of doing it but I can't immediately think of it. If a protocol comes along that varies the timeout we can just add a parameter to say what it is on a call by call basis. > > > * DOE mailboxes may use MSI / MSIX to signal that the have prepared > > a response. These require normal conditions are setup by the driver. > > Should we move some of this into the DOE support (such as ensuring > > bus mastering is enabled)? > > DOE support seems suitable to just be a library and leave the > host-device management to the host driver. Agreed. Though might be worth some debug checks. Speaking from experience it's easy to spend half a day wondering why your interrupts aren't turning up (I was blaming QEMU) because bus mastering wasn't enabled. > > > Testing conducted against QEMU using: > > > > https://lore.kernel.org/qemu-devel/1612900760-7361-1-git-send-email-cbrowy@avery-design.com/ > > + fix for interrupt flag mentioned in that thread. > > > > I came across this the other day and made me wonder about SPDM > emulation as another test case: > > https://cfp.osfc.io/media/osfc2020/submissions/ECQ88N/resources/An_open_source_SPDM_implementation_for_secure_devi_kmIgAQe.pdf Nice! Looking at CMA / IDE emulation was on my todo list and that looks like it might make that job a lot easier. > > > > Additional testing to be done, particularly around error handling. > > > > Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Anything not commented on should be in v2. > > --- > > drivers/pci/pcie/Kconfig | 8 + > > drivers/pci/pcie/Makefile | 1 + > > drivers/pci/pcie/doe.c | 284 ++++++++++++++++++++++++++++++++++ > > include/linux/pcie-doe.h | 35 +++++ > > include/uapi/linux/pci_regs.h | 29 +++- > > 5 files changed, 356 insertions(+), 1 deletion(-) > > > diff --git a/drivers/pci/pcie/Makefile b/drivers/pci/pcie/Makefile > > index b2980db88cc0..801fdd5fbfc1 100644 > > --- a/drivers/pci/pcie/Makefile > > +++ b/drivers/pci/pcie/Makefile > > @@ -13,3 +13,4 @@ obj-$(CONFIG_PCIE_PME) += pme.o > > obj-$(CONFIG_PCIE_DPC) += dpc.o > > obj-$(CONFIG_PCIE_PTM) += ptm.o > > obj-$(CONFIG_PCIE_EDR) += edr.o > > +obj-$(CONFIG_PCIE_DOE) += doe.o > > diff --git a/drivers/pci/pcie/doe.c b/drivers/pci/pcie/doe.c > > new file mode 100644 > > index 000000000000..b091ef379362 > > --- /dev/null > > +++ b/drivers/pci/pcie/doe.c > > @@ -0,0 +1,284 @@ > > +// SPDX-License-Identifier: GPL-2.0 > > +/* > > + * Data Object Exchange was added to the PCI spec as an ECN to 5.0. > > Perhaps just put the ECN link here? It's by number so I've left the title here as well as a link. > > > + * > > + * Copyright (C) 2021 Huawei > > + * Jonathan Cameron <Jonathan.Cameron@huawei.com> > > + */ > > + > > +#include <linux/bitfield.h> > > +#include <linux/delay.h> > > +#include <linux/jiffies.h> > > +#include <linux/mutex.h> > > +#include <linux/pci.h> > > +#include <linux/pcie-doe.h> > > + > > +static irqreturn_t doe_irq(int irq, void *data) > > +{ > > + struct pcie_doe *doe = data; > > + struct pci_dev *pdev = doe->pdev; > > + u32 val; > > + > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, &val); > > + if (FIELD_GET(PCI_DOE_STATUS_INT_STATUS, val)) { > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, > > + val); > > + complete(&doe->c); > > + return IRQ_HANDLED; > > + } > > + /* Leave the error case to be handled outside irq */ > > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > > + complete(&doe->c); > > + return IRQ_HANDLED; > > + } > > Only one DOE command can be outstanding at a time per PCI device? No, unless I'm missing something, that is one command per DOE mailbox at a time. The completion is part of the pcie_doe structure, not the pci_dev. That represents a single DOE mailbox. There can be multiple commands in flight to multiple DOE mailboxes. Not clear that there ever will be in real use cases however. This comes up later wrt to async operation. The mailbox only supports one request / response cycle at a time, they cannot be overlapped. > This > seems insufficient in the multi-mailbox case / feels like there should > be a 'struct pcie_doe_request' object to track what it is to be > completed. No need for the complexity with one request / response in flight per mailbox at a time and each mailbox having separate state maintenance. > > > + > > + return IRQ_NONE; > > +} > > + > > +static int pcie_doe_abort(struct pcie_doe *doe) > > +{ > > + struct pci_dev *pdev = doe->pdev; > > + int retry = 0; > > + u32 val; > > + > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_CTRL, > > + PCI_DOE_CTRL_ABORT); > > + /* Abort is allowed to take up to 1 second */ > > + do { > > + retry++; > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, > > + &val); > > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val) && > > + !FIELD_GET(PCI_DOE_STATUS_BUSY, val)) > > + return 0; > > + usleep_range(1000, 2000); > > + } while (retry < 1000); > > + > > + return -EIO; > > What's the state of the mailbox after an abort failure? Good question. I think the answer to that is dead device, reboot the machine or at least the device if you can do a hard enough slot reset. The specification goes with... "It is strongly recommend that implementations ensure that the functionality of the DOE Abort bit is resilient, including that DOE Abort functionality is maintained even in cases where device firmware is malfunctioning" So cross our fingers everyone obeys that strong recommendation or try to work out what to do? > > > +} > > + > > +/** > > + * pcie_doe_init() - Initialise a Data Object Exchange mailbox > > + * @doe: state structure for the DOE mailbox > > + * @pdev: pci device which has this DOE mailbox > > + * @doe_offset: offset in configuration space of the DOE extended capability. > > + * @use_int: whether to use the optional interrupt > > + * Returns: 0 on success, <0 on error > > + * > > + * Caller responsible for calling pci_alloc_irq_vectors() including DOE > > + * interrupt. > > + */ > > +int pcie_doe_init(struct pcie_doe *doe, struct pci_dev *pdev, int doe_offset, > > + bool use_int) > > +{ > > + u32 val; > > + int rc; > > + > > + mutex_init(&doe->lock); > > + init_completion(&doe->c); > > + doe->cap_offset = doe_offset; > > + doe->pdev = pdev; > > + /* Reset the mailbox by issuing an abort */ > > + rc = pcie_doe_abort(doe); > > + if (rc) > > + return rc; > > + > > + pci_read_config_dword(pdev, doe_offset + PCI_DOE_CAP, &val); > > + > > + if (use_int && FIELD_GET(PCI_DOE_CAP_INT, val)) { > > + rc = devm_request_irq(&pdev->dev, > > Lets not hide devm semantics from the caller, so at a minimum this > function should be called pcim_pcie_doe_init() to indicate to the > caller that it has placed something into the devm stack. However, this > may not be convenient for the caller. I'd leave it to the user to call > a pcie_doe() unregister routine via devm_add_action_or_reset() if it > wants. > > Lastly, I don't expect _init() routines to fail so perhaps split this > into pure "init" and "register" functionality? I'm a bit doubtful on naming of register() but will go with that for v2. It's not registering with anything so that feels a bit wrong as a description for part 2 of setup. Can leave that bike shedding for now though. > > > + pci_irq_vector(pdev, > > + FIELD_GET(PCI_DOE_CAP_IRQ, val)), > > + doe_irq, 0, "DOE", doe); > > + if (rc) > > + return rc; > > + > > + doe->use_int = use_int; > > + pci_write_config_dword(pdev, doe_offset + PCI_DOE_CTRL, > > + FIELD_PREP(PCI_DOE_CTRL_INT_EN, 1)); > > + } > > + > > + return 0; > > +} > > + > > + > > +/** > > + * pcie_doe_exchange() - Send a request and receive a response > > + * @doe: DOE mailbox state structure > > + * @request: request data to be sent > > + * @request_sz: size of request in bytes > > + * @response: buffer into which to place the response > > + * @response_sz: size of available response buffer in bytes > > + * > > + * Return: 0 on success, < 0 on error > > + * Excess data will be discarded. > > + */ > > +int pcie_doe_exchange(struct pcie_doe *doe, u32 *request, size_t request_sz, > > + u32 *response, size_t response_sz) > > Are requests made against a specific protocol? Yes, but the descriptive header is very brea. > > This interface feels under-decorated for a public API for host-drivers to use. I'll see what I can come up with for v2. Likely to look something like int pcie_doe_exchange(struct pci_doe *doe, u16 vid, u8 type, u32 *request_pl, size_t request_pl_sz, u32 *response_pl, size_t response_pl_sz) and return received length or negative on error. The disadvantage is that at least some of the specs just have the header as their first few DW. So there isn't a clear distinction between header and payload. May lead to people getting offsets wrong in a way they wouldn't do if driver was responsible for building the whole message. > > > +{ > > + struct pci_dev *pdev = doe->pdev; > > + int ret = 0; > > + int i; > > + u32 val; > > + int retry = -1; > > + size_t length; > > + > > + /* DOE requests must be a whole number of DW */ > > + if (request_sz % sizeof(u32)) > > + return -EINVAL; > > + > > + /* Need at least 2 DW to get the length */ > > + if (response_sz < 2 * sizeof(u32)) > > + return -EINVAL; > > + > > + mutex_lock(&doe->lock); > > + /* > > + * Check the DOE busy bit is not set. > > + * If it is set, this could indicate someone other than Linux is > > + * using the mailbox. > > + */ > > Ugh, makes me think we need to extend the support for blocking pci > device MMIO while a driver is attached to config-space as well. How > can a communication protocol work if initiators can trample each > other's state? Agreed. It is crazy. At very least we need a means of saying keep your hands off this DOE to the OS. We can't do it on a per protocol basis, which was what I was previously thinking, because we can't call the discovery protocol to see what a given DOE is for. > > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, &val); > > + if (FIELD_GET(PCI_DOE_STATUS_BUSY, val)) { > > + ret = -EBUSY; > > + goto unlock; > > + } > > + > > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > > + ret = pcie_doe_abort(doe); > > + if (ret) > > + goto unlock; > > + } > > + > > + for (i = 0; i < request_sz / 4; i++) > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_WRITE, > > + request[i]); > > + > > + reinit_completion(&doe->c); > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_CTRL, > > + PCI_DOE_CTRL_GO); > > + > > + if (doe->use_int) { > > + /* > > + * Timeout of 1 second from 6.xx.1 ECN - Data Object Exchange > > + * Note a protocol is allowed to specify a different timeout, so > > + * that may need supporting in future. > > + */ > > + if (!wait_for_completion_timeout(&doe->c, > > + msecs_to_jiffies(1000))) { > > s/msecs_to_jiffies(1000)/HZ/ huh. Missed that :) > > > + ret = -ETIMEDOUT; > > + goto unlock; > > + } > > + > > + pci_read_config_dword(pdev, > > + doe->cap_offset + PCI_DOE_STATUS, > > + &val); > > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > > + pcie_doe_abort(doe); > > + ret = -EIO; > > + goto unlock; > > + } > > + } else { > > + do { > > + retry++; > > + pci_read_config_dword(pdev, > > + doe->cap_offset + PCI_DOE_STATUS, > > + &val); > > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > > + pcie_doe_abort(doe); > > + ret = -EIO; > > + goto unlock; > > + } > > + > > + if (FIELD_GET(PCI_DOE_STATUS_DATA_OBJECT_READY, val)) > > + break; > > + usleep_range(1000, 2000); > > + } while (retry < 1000); > > + if (!FIELD_GET(PCI_DOE_STATUS_DATA_OBJECT_READY, val)) { > > + ret = -ETIMEDOUT; > > + goto unlock; > > Rather than a lock and polling loop I'd organize this as a single > threaded delayed_workqueue that periodically services requests or > immediately runs the workqueue upon receipt of an interrupt. This > provides a software queuing model that can optionally be treated as > async / sync depending on the use case. Given it's single element in flight I don't think there is any benefit to enabling async. The lock has to be held throughout anyway. It is always possible a particular caller wants to overlap this transaction with some other actions, but I'd rather put the burden on that clever caller which can spin this out to a thread of one type or another. We can revisit and split this in half if we have a user who benefits from the complexity. > > > > + } > > + } > > + > > + /* Read the first two dwords to get the length */ > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, > > + &response[0]); > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, > > + &response[1]); > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); > > + length = FIELD_GET(PCI_DOE_DATA_OBJECT_HEADER_2_LENGTH, > > + response[1]); > > + if (length > SZ_1M) oops. That's exiting with mutex held. Fixed in v2. > > + return -EIO; > > + > > + for (i = 2; i < min(length, response_sz / 4); i++) { > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, > > + &response[i]); > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); > > + } > > + /* flush excess length */ > > + for (; i < length; i++) { > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, > > + &val); > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); > > + } > > + /* Final error check to pick up on any since Data Object Ready */ > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, &val); > > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > > + pcie_doe_abort(doe); > > + ret = -EIO; > > + } > > +unlock: > > + mutex_unlock(&doe->lock); > > + > > + return ret; > > +} > > + > > + > > +static int pcie_doe_discovery(struct pcie_doe *doe, u8 *index, u16 *vid, u8 *protocol) > > +{ > > + u32 request[3] = { > > Should this be a proper struct with named fields rather than an array? Well the field names are going to end up as dw0 dw1 etc as there isn't a lot more meaningful to call them. We also want to keep them as u32 values throughout to avoid fiddly packing manipulation on different endian machines. This becomes rather simpler when it's just the payload due to changes in the interface in v2. > > > + [0] = FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_1_VID, 0001) | > > + FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_1_TYPE, 0), > > + [1] = FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_2_LENGTH, 3), > > + [2] = FIELD_PREP(PCI_DOE_DATA_OBJECT_DISC_REQ_3_INDEX, *index) > > + }; > > + u32 response[3]; > > + int ret; > > + > > + ret = pcie_doe_exchange(doe, request, sizeof(request), response, sizeof(response)); > > + if (ret) > > + return ret; > > + > > + *vid = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_VID, response[2]); > > + *protocol = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_PROTOCOL, response[2]); > > + *index = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_NEXT_INDEX, response[2]); > > + > > + return 0; > > +} > > + > > +/** > > + * pcie_doe_protocol_check() - check if this DOE mailbox supports specific protocol > > + * @doe: DOE state structure > > + * @vid: Vendor ID > > + * @protocol: Protocol number as defined by Vendor > > + * Returns: 0 on success, <0 on error > > + */ > > +int pcie_doe_protocol_check(struct pcie_doe *doe, u16 vid, u8 protocol) > > Not clear to me that this is a comfortable API for a driver. I would > expect that at registration time all the supported protocols would be > retrieved and cached in the 'struct pcie_doe' context and then the > host driver could query from there without going back to the device > again. I'm not sure I follow. Any driver will fall into one of the following categories: a) Already knows what protocols are available on a given DOE instance perhaps because that's a characteristic of the hardware supported, in which case it has no reason to check (unless driver writer is paranoid) b) It has no way to know (e.g. class driver), then it makes sense to query the DOE instance to find out what protocols are available. Absolutely we could cache them, but it wouldn't change the interface presented to the driver. I think doing so at this stage is premature optimization. We could present this at a different level and wrap it up as a find_doe that will return a DOE instance that supports the desired protocol, but then that puts the burden of reference counting etc for the different DOE instances on the core - the one thing I think we want to avoid. So far we have no evidence any device will actually need that. Of the existing protocols, only a few are allowed to coexist with each other and in well defined sets (CMA and IDE for example). An alternative model we could look at (which is much more complex) is to have something like the following: struct pcie_doe_set - Central location which is responsible for all DOE mailboxes on a PCI device. At init that scans all DOE mailboxes and builds a look up table from [vid, protocol] to [struct pcie_doe] Note this is 1 to 1, so if a protocol is supported on multiple mailboxes we use the first one. pcie_doe_exchange(struct pcie_doe_set, u16 vid, u8 protocol...) Looks up the relevant DOE instance and does exchange on that. So far I'm not convinced we should engage in this complexity. Nothing stops us adding it if and when it becomes apparent we actually need it. An intermediate point would be to add basic list and reference counting infrastructure so that a driver can call struct pcie_doe *pcie_doe_get(struct pci_dev, u16 vid, u8 protocol) void pci_doe_put(struct pci_doe *doe); That means at least a list_head and possibly a lock being added to pci_dev. Not sure how Bjorn will feel about that. I might see how bad this looks for v2. > > > +{ > > + u8 index = 0; > > + > > + do { > > + u8 this_protocol; > > + u16 this_vid; > > + int ret; > > + > > + ret = pcie_doe_discovery(doe, &index, &this_vid, &this_protocol); > > + if (ret) > > + return ret; > > + if (this_vid == vid && this_protocol == protocol) > > + return 0; > > + } while (index); > > + > > + return -ENODEV; > > +} > > diff --git a/include/linux/pcie-doe.h b/include/linux/pcie-doe.h > > new file mode 100644 > > index 000000000000..36eaa8532254 > > --- /dev/null > > +++ b/include/linux/pcie-doe.h > > @@ -0,0 +1,35 @@ > > +/* SPDX-License-Identifier: GPL-2.0 */ > > +/* > > + * Data Object Exchange was added to the PCI spec as an ECN to 5.0. > > + * > > + * Copyright (C) 2021 Huawei > > + * Jonathan Cameron <Jonathan.Cameron@huawei.com> > > + */ > > + > > +#include <linux/completion.h> > > +#include <linux/mutex.h> > > + > > +#ifndef LINUX_PCIE_DOE_H > > +#define LINUX_PCIE_DOE_H > > +/** > > + * struct pcie_doe - State to support use of DOE mailbox > > + * @lock: Ensure users of the mailbox are serialized > > + * @cap_offset: Config space offset to base of DOE capability. > > + * @pdev: PCI device that hosts this DOE. > > + * @c: Completion used for interrupt handling. > > + * @use_int: Flage to indicate if interrupts rather than polling used. > > + */ > > +struct pcie_doe { > > + struct mutex lock; > > + int cap_offset; > > s/cap_offset/cap/ > > ...to save some typing and be more idiomatic with other PCIE > capability based drivers. > > > + struct pci_dev *pdev; > > + struct completion c; > > + bool use_int; > > Typically the polarity of this variable is flipped to whether polled > operation is enabled or not. I.e. s/use_int/poll/. This went away in v2 as we now store the irq to allow it to be removed in _unregister. I did change to poll as a parameter to relevant functions > > > +}; > > + > > +int pcie_doe_init(struct pcie_doe *doe, struct pci_dev *dev, int doe_offset, > > + bool use_int); > > +int pcie_doe_exchange(struct pcie_doe *doe, u32 *request, size_t request_sz, > > + u32 *response, size_t response_sz); > > +int pcie_doe_protocol_check(struct pcie_doe *doe, u16 vid, u8 protocol); > > > > +#endif I'll work up a v2 with the above changes and have a mess with list based handling and reference counting for the DOE instances. Jonathan
On Tue, 16 Mar 2021 16:29:52 +0000 Jonathan Cameron <Jonathan.Cameron@Huawei.com> wrote: > > > > > + [0] = FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_1_VID, 0001) | > > > + FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_1_TYPE, 0), > > > + [1] = FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_2_LENGTH, 3), > > > + [2] = FIELD_PREP(PCI_DOE_DATA_OBJECT_DISC_REQ_3_INDEX, *index) > > > + }; > > > + u32 response[3]; > > > + int ret; > > > + > > > + ret = pcie_doe_exchange(doe, request, sizeof(request), response, sizeof(response)); > > > + if (ret) > > > + return ret; > > > + > > > + *vid = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_VID, response[2]); > > > + *protocol = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_PROTOCOL, response[2]); > > > + *index = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_NEXT_INDEX, response[2]); > > > + > > > + return 0; > > > +} > > > + > > > +/** > > > + * pcie_doe_protocol_check() - check if this DOE mailbox supports specific protocol > > > + * @doe: DOE state structure > > > + * @vid: Vendor ID > > > + * @protocol: Protocol number as defined by Vendor > > > + * Returns: 0 on success, <0 on error > > > + */ > > > +int pcie_doe_protocol_check(struct pcie_doe *doe, u16 vid, u8 protocol) > > > > Not clear to me that this is a comfortable API for a driver. I would > > expect that at registration time all the supported protocols would be > > retrieved and cached in the 'struct pcie_doe' context and then the > > host driver could query from there without going back to the device > > again. > > I'm not sure I follow. > > Any driver will fall into one of the following categories: > a) Already knows what protocols are available on a > given DOE instance perhaps because that's a characteristic of the hardware > supported, in which case it has no reason to check (unless driver writer > is paranoid) > b) It has no way to know (e.g. class driver), then it makes sense to query > the DOE instance to find out what protocols are available. > > Absolutely we could cache them, but it wouldn't change the interface > presented to the driver. I think doing so at this stage is > premature optimization. > > We could present this at a different level and wrap it up as a > find_doe that will return a DOE instance that supports the desired > protocol, but then that puts the burden of reference counting etc > for the different DOE instances on the core - the one thing I think > we want to avoid. > > So far we have no evidence any device will actually need that. > > Of the existing protocols, only a few are allowed to coexist with > each other and in well defined sets (CMA and IDE for example). > > An alternative model we could look at (which is much more complex) > is to have something like the following: > > struct pcie_doe_set - Central location which is responsible for > all DOE mailboxes on a PCI device. > > At init that scans all DOE mailboxes and builds a look up table > from [vid, protocol] to [struct pcie_doe] > Note this is 1 to 1, so if a protocol is supported on multiple > mailboxes we use the first one. > > pcie_doe_exchange(struct pcie_doe_set, u16 vid, u8 protocol...) > Looks up the relevant DOE instance and does exchange on that. > > So far I'm not convinced we should engage in this complexity. > Nothing stops us adding it if and when it becomes apparent we > actually need it. > > An intermediate point would be to add basic list and reference > counting infrastructure so that a driver can call > > struct pcie_doe *pcie_doe_get(struct pci_dev, u16 vid, u8 protocol) > void pci_doe_put(struct pci_doe *doe); > > That means at least a list_head and possibly a lock being added > to pci_dev. Not sure how Bjorn will feel about that. > > I might see how bad this looks for v2. Lifetime element of the DOE could be avoided by simply having pcie_doe_register_all() and pcie_doe_unregister_all() and so managing all DOE instances in one unit. I'm not sure I like it, but certainly makes things simple. After pcie_doe_register_all() call, all DOEs are ready to use and we can have simple pcie_doe_find() to get one with appropriate protocols. There is never any need to specifically release it because they are all cleaned up together in remove /release path. I'll put this together for a v2 and we can see how it shapes up. Jonathan
On Tue, Mar 16, 2021 at 9:31 AM Jonathan Cameron <Jonathan.Cameron@huawei.com> wrote: > > On Mon, 15 Mar 2021 12:45:49 -0700 > Dan Williams <dan.j.williams@intel.com> wrote: > > > Hey Jonathan, happy to see this, some comments below... > > Hi Dan, > > Thanks for taking a look! > > > > > On Wed, Mar 10, 2021 at 10:08 AM Jonathan Cameron > > <Jonathan.Cameron@huawei.com> wrote: > > > > > > Introduced in an ECN to the PCI 5.0, DOE provides a config space > > > based mailbox with standard protocol discovery. Each mailbox > > > is accessed through a DOE PCIE Extended Capability. > > > > > > A device may have 1 or more DOE mailboxes, each of which is allowed > > > to support any number of protocols (some DOE protocols > > > specifications apply additional restrictions). A given protocol > > > may be supported on more than one DOE mailbox on a given function. > > > > Are all those protocol instances shared? > > I'm trying to mental model > > whether, for example, an auxiliary driver instance could be loaded per > > DOE mailbox, or if there would need to be coordination of a given > > protocol no matter how many DOE mailboxes on that device implemented > > that protocol. > > Just to check I've understood corectly, you mean multiple instances of same > protocol across different DOE mailboxes on a given device? > Right. > At DOE ECN level I don't think it is actually defined if they can > interact or not. I've trawled though the released protocols that I know of > to see if there is a consensus but not finding much information. > > I would argue however that there would be no reason to have the OS make > use of more than one DOE mailbox for the same protocol. Bit fiddly to > handle, but doesn't seem impossible to only register a protocol with first > DOE that supports it. > > CMA does talk about use of multiple methods to communicate with the device > and the need for results consistency. However that is referring to out of > band vs DOE rather than multiple DOEs. Plus it isn't making statements > about protocol coordination just responses to particular queries. > > Things might get crazy if you tried to do IDE setup from two different DOE > mailboxes. The IDE ECN refers to "the specific instance of DOE used for..." > implying I think that there might be multiple but software should only > use one of them? > > My other gut feeling is that only some of the DOE mailboxes are ever going > to be in the control of Linux. IDE calls out models where firmware or a TEE is > responsible for it for example. I'm not sure how that is going to be communicated > to the OS (can guess of course) > > Sub drivers are a plausible model that I'll think about some more - but > for now it feels like too early to go that way.. Ok, fair enough. > > > > > > > > > The current infrastructure is fairly simplistic and pushes the burden > > > of handling this many-to-many relantionship to the drivers. In many > > > > s/relantionship/relationship/ > > > > > cases the arrangement will be static, making this straight forward. > > > > > > Open questions: > > > * timeouts: The DOE specification allows for 1 second for some > > > operations, but notes that specific protocols may have different > > > requirements. Should we introduce the flexiblity now, or leave > > > > s/flexiblity/flexibility/ > > Gah. One day I'll remember to spell check. Sorry about that. > > > > > > that to be implemented when support for such a protocol is added? > > > > If the timeout is property of the protocol then perhaps it should wait > > and not be modeled at the transport level, but that's just an initial > > reaction. I have not spent quality time with the DOE spec. > > I'm not sure it's possible to do so without breaking the abstraction of > DOE request / response into a bunch of messy sub steps. Perhaps there is > a clean way of doing it but I can't immediately think of it. > > If a protocol comes along that varies the timeout we can just add > a parameter to say what it is on a call by call basis. Now that I've had a chance to take a look the spec seems to unequivocally mandate the timeouts in "6.xx.1 Operation", where was the per-protocol timeout implied? > > > * DOE mailboxes may use MSI / MSIX to signal that the have prepared > > > a response. These require normal conditions are setup by the driver. > > > Should we move some of this into the DOE support (such as ensuring > > > bus mastering is enabled)? > > > > DOE support seems suitable to just be a library and leave the > > host-device management to the host driver. > > Agreed. Though might be worth some debug checks. > > Speaking from experience it's easy to spend half a day wondering why your > interrupts aren't turning up (I was blaming QEMU) because bus mastering > wasn't enabled. Sure, no concern about validating assumptions in the library, but leave control to the host. > > > Testing conducted against QEMU using: > > > > > > https://lore.kernel.org/qemu-devel/1612900760-7361-1-git-send-email-cbrowy@avery-design.com/ > > > + fix for interrupt flag mentioned in that thread. > > > > > > > I came across this the other day and made me wonder about SPDM > > emulation as another test case: > > > > https://cfp.osfc.io/media/osfc2020/submissions/ECQ88N/resources/An_open_source_SPDM_implementation_for_secure_devi_kmIgAQe.pdf > > Nice! Looking at CMA / IDE emulation was on my todo list and that looks like > it might make that job a lot easier. > > > > > > > > Additional testing to be done, particularly around error handling. > > > > > > Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> > > Anything not commented on should be in v2. > > > > --- > > > drivers/pci/pcie/Kconfig | 8 + > > > drivers/pci/pcie/Makefile | 1 + > > > drivers/pci/pcie/doe.c | 284 ++++++++++++++++++++++++++++++++++ > > > include/linux/pcie-doe.h | 35 +++++ > > > include/uapi/linux/pci_regs.h | 29 +++- > > > 5 files changed, 356 insertions(+), 1 deletion(-) > > > > > diff --git a/drivers/pci/pcie/Makefile b/drivers/pci/pcie/Makefile > > > index b2980db88cc0..801fdd5fbfc1 100644 > > > --- a/drivers/pci/pcie/Makefile > > > +++ b/drivers/pci/pcie/Makefile > > > @@ -13,3 +13,4 @@ obj-$(CONFIG_PCIE_PME) += pme.o > > > obj-$(CONFIG_PCIE_DPC) += dpc.o > > > obj-$(CONFIG_PCIE_PTM) += ptm.o > > > obj-$(CONFIG_PCIE_EDR) += edr.o > > > +obj-$(CONFIG_PCIE_DOE) += doe.o > > > diff --git a/drivers/pci/pcie/doe.c b/drivers/pci/pcie/doe.c > > > new file mode 100644 > > > index 000000000000..b091ef379362 > > > --- /dev/null > > > +++ b/drivers/pci/pcie/doe.c > > > @@ -0,0 +1,284 @@ > > > +// SPDX-License-Identifier: GPL-2.0 > > > +/* > > > + * Data Object Exchange was added to the PCI spec as an ECN to 5.0. > > > > Perhaps just put the ECN link here? > > It's by number so I've left the title here as well as a link. Ok. > > > > > > + * > > > + * Copyright (C) 2021 Huawei > > > + * Jonathan Cameron <Jonathan.Cameron@huawei.com> > > > + */ > > > + > > > +#include <linux/bitfield.h> > > > +#include <linux/delay.h> > > > +#include <linux/jiffies.h> > > > +#include <linux/mutex.h> > > > +#include <linux/pci.h> > > > +#include <linux/pcie-doe.h> > > > + > > > +static irqreturn_t doe_irq(int irq, void *data) > > > +{ > > > + struct pcie_doe *doe = data; > > > + struct pci_dev *pdev = doe->pdev; > > > + u32 val; > > > + > > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, &val); > > > + if (FIELD_GET(PCI_DOE_STATUS_INT_STATUS, val)) { > > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, > > > + val); > > > + complete(&doe->c); > > > + return IRQ_HANDLED; > > > + } > > > + /* Leave the error case to be handled outside irq */ > > > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > > > + complete(&doe->c); > > > + return IRQ_HANDLED; > > > + } > > > > Only one DOE command can be outstanding at a time per PCI device? > > No, unless I'm missing something, that is one command per DOE mailbox at a time. > The completion is part of the pcie_doe structure, not the pci_dev. > That represents a single DOE mailbox. > > There can be multiple commands in flight to multiple DOE mailboxes. Not clear > that there ever will be in real use cases however. > > This comes up later wrt to async operation. The mailbox only > supports one request / response cycle at a time, they cannot be overlapped. "6.xx.1 Operation" says "If a single DOE instance supports multiple data object protocols, system firmware/software is permitted to interleave requests/responses with different data object protocols." ...although I must say I don't understand how system software tracks which response belongs to which request if the transactions are interleaved. > > This > > seems insufficient in the multi-mailbox case / feels like there should > > be a 'struct pcie_doe_request' object to track what it is to be > > completed. > > No need for the complexity with one request / response in flight per > mailbox at a time and each mailbox having separate state maintenance. I think the workqueue proposal removes the need for pcie_doe_request, but still allows for the possibility of interleaving requests. > > > > > > + > > > + return IRQ_NONE; > > > +} > > > + > > > +static int pcie_doe_abort(struct pcie_doe *doe) > > > +{ > > > + struct pci_dev *pdev = doe->pdev; > > > + int retry = 0; > > > + u32 val; > > > + > > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_CTRL, > > > + PCI_DOE_CTRL_ABORT); > > > + /* Abort is allowed to take up to 1 second */ > > > + do { > > > + retry++; > > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, > > > + &val); > > > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val) && > > > + !FIELD_GET(PCI_DOE_STATUS_BUSY, val)) > > > + return 0; > > > + usleep_range(1000, 2000); > > > + } while (retry < 1000); > > > + > > > + return -EIO; > > > > What's the state of the mailbox after an abort failure? > > Good question. I think the answer to that is dead device, reboot the machine > or at least the device if you can do a hard enough slot reset. ...and hopefully that device is not part of an active interleave otherwise a reset can take down "System RAM". > > The specification goes with... > "It is strongly recommend that implementations ensure that the functionality > of the DOE Abort bit is resilient, including that DOE Abort functionality is > maintained even in cases where device firmware is malfunctioning" Ok. > > So cross our fingers everyone obeys that strong recommendation or try to > work out what to do? What's the worst that can happen? </famous last words> > > > > > > +} > > > + > > > +/** > > > + * pcie_doe_init() - Initialise a Data Object Exchange mailbox > > > + * @doe: state structure for the DOE mailbox > > > + * @pdev: pci device which has this DOE mailbox > > > + * @doe_offset: offset in configuration space of the DOE extended capability. > > > + * @use_int: whether to use the optional interrupt > > > + * Returns: 0 on success, <0 on error > > > + * > > > + * Caller responsible for calling pci_alloc_irq_vectors() including DOE > > > + * interrupt. > > > + */ > > > +int pcie_doe_init(struct pcie_doe *doe, struct pci_dev *pdev, int doe_offset, > > > + bool use_int) > > > +{ > > > + u32 val; > > > + int rc; > > > + > > > + mutex_init(&doe->lock); > > > + init_completion(&doe->c); > > > + doe->cap_offset = doe_offset; > > > + doe->pdev = pdev; > > > + /* Reset the mailbox by issuing an abort */ > > > + rc = pcie_doe_abort(doe); > > > + if (rc) > > > + return rc; > > > + > > > + pci_read_config_dword(pdev, doe_offset + PCI_DOE_CAP, &val); > > > + > > > + if (use_int && FIELD_GET(PCI_DOE_CAP_INT, val)) { > > > + rc = devm_request_irq(&pdev->dev, > > > > Lets not hide devm semantics from the caller, so at a minimum this > > function should be called pcim_pcie_doe_init() to indicate to the > > caller that it has placed something into the devm stack. However, this > > may not be convenient for the caller. I'd leave it to the user to call > > a pcie_doe() unregister routine via devm_add_action_or_reset() if it > > wants. > > > > > Lastly, I don't expect _init() routines to fail so perhaps split this > > into pure "init" and "register" functionality? > > I'm a bit doubtful on naming of register() but will go with that for v2. > > It's not registering with anything so that feels a bit wrong as a description > for part 2 of setup. Can leave that bike shedding for now though. > Ok, just searching for a name that implies symmetrical teardown register/unregister, enable/disable, ... etc. init/deinit doesn't do it for me. > > > > > + pci_irq_vector(pdev, > > > + FIELD_GET(PCI_DOE_CAP_IRQ, val)), > > > + doe_irq, 0, "DOE", doe); > > > + if (rc) > > > + return rc; > > > + > > > + doe->use_int = use_int; > > > + pci_write_config_dword(pdev, doe_offset + PCI_DOE_CTRL, > > > + FIELD_PREP(PCI_DOE_CTRL_INT_EN, 1)); > > > + } > > > + > > > + return 0; > > > +} > > > + > > > + > > > +/** > > > + * pcie_doe_exchange() - Send a request and receive a response > > > + * @doe: DOE mailbox state structure > > > + * @request: request data to be sent > > > + * @request_sz: size of request in bytes > > > + * @response: buffer into which to place the response > > > + * @response_sz: size of available response buffer in bytes > > > + * > > > + * Return: 0 on success, < 0 on error > > > + * Excess data will be discarded. > > > + */ > > > +int pcie_doe_exchange(struct pcie_doe *doe, u32 *request, size_t request_sz, > > > + u32 *response, size_t response_sz) > > > > Are requests made against a specific protocol? > > Yes, but the descriptive header is very brea. > > > > > This interface feels under-decorated for a public API for host-drivers to use. > > I'll see what I can come up with for v2. > Likely to look something like > > int pcie_doe_exchange(struct pci_doe *doe, u16 vid, u8 type, > u32 *request_pl, size_t request_pl_sz, > u32 *response_pl, size_t response_pl_sz) I was thinking something like 'struct pcie_doe_object' pointers rather than u32 arrays. > > and return received length or negative on error. > > The disadvantage is that at least some of the specs just have the > header as their first few DW. So there isn't a clear distinction > between header and payload. May lead to people getting offsets wrong > in a way they wouldn't do if driver was responsible for building the > whole message. Aren't they more likely to get offsets wrong with u32 arrays rather than data structures? > > > > > > +{ > > > + struct pci_dev *pdev = doe->pdev; > > > + int ret = 0; > > > + int i; > > > + u32 val; > > > + int retry = -1; > > > + size_t length; > > > + > > > + /* DOE requests must be a whole number of DW */ > > > + if (request_sz % sizeof(u32)) > > > + return -EINVAL; > > > + > > > + /* Need at least 2 DW to get the length */ > > > + if (response_sz < 2 * sizeof(u32)) > > > + return -EINVAL; > > > + > > > + mutex_lock(&doe->lock); > > > + /* > > > + * Check the DOE busy bit is not set. > > > + * If it is set, this could indicate someone other than Linux is > > > + * using the mailbox. > > > + */ > > > > Ugh, makes me think we need to extend the support for blocking pci > > device MMIO while a driver is attached to config-space as well. How > > can a communication protocol work if initiators can trample each > > other's state? > > Agreed. It is crazy. At very least we need a means of saying > keep your hands off this DOE to the OS. > > We can't do it on a per protocol basis, which was what I was previously > thinking, because we can't call the discovery protocol to see what > a given DOE is for. I'm specifically thinking of a mechanism that blocks pci-sysfs from initiating config-cycles if a driver has claimed that range. However, these MCTP to DOE tunnels that the SPDM presentation alluded to make me nervous as there is no protocol to prevent an OS driver agent and an MCTP agent from clobbering each other. > > > > > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, &val); > > > + if (FIELD_GET(PCI_DOE_STATUS_BUSY, val)) { > > > + ret = -EBUSY; > > > + goto unlock; > > > + } > > > + > > > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > > > + ret = pcie_doe_abort(doe); > > > + if (ret) > > > + goto unlock; > > > + } > > > + > > > + for (i = 0; i < request_sz / 4; i++) > > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_WRITE, > > > + request[i]); > > > + > > > + reinit_completion(&doe->c); > > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_CTRL, > > > + PCI_DOE_CTRL_GO); > > > + > > > + if (doe->use_int) { > > > + /* > > > + * Timeout of 1 second from 6.xx.1 ECN - Data Object Exchange > > > + * Note a protocol is allowed to specify a different timeout, so > > > + * that may need supporting in future. > > > + */ > > > + if (!wait_for_completion_timeout(&doe->c, > > > + msecs_to_jiffies(1000))) { > > > > s/msecs_to_jiffies(1000)/HZ/ > > huh. Missed that :) Yeah, the shorthand that X*HZ == "X seconds worth of jiffies" is just something I picked up from other drivers not explicit documentation. > > > > > > + ret = -ETIMEDOUT; > > > + goto unlock; > > > + } > > > + > > > + pci_read_config_dword(pdev, > > > + doe->cap_offset + PCI_DOE_STATUS, > > > + &val); > > > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > > > + pcie_doe_abort(doe); > > > + ret = -EIO; > > > + goto unlock; > > > + } > > > + } else { > > > + do { > > > + retry++; > > > + pci_read_config_dword(pdev, > > > + doe->cap_offset + PCI_DOE_STATUS, > > > + &val); > > > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > > > + pcie_doe_abort(doe); > > > + ret = -EIO; > > > + goto unlock; > > > + } > > > + > > > + if (FIELD_GET(PCI_DOE_STATUS_DATA_OBJECT_READY, val)) > > > + break; > > > + usleep_range(1000, 2000); > > > + } while (retry < 1000); > > > + if (!FIELD_GET(PCI_DOE_STATUS_DATA_OBJECT_READY, val)) { > > > + ret = -ETIMEDOUT; > > > + goto unlock; > > > > Rather than a lock and polling loop I'd organize this as a single > > threaded delayed_workqueue that periodically services requests or > > immediately runs the workqueue upon receipt of an interrupt. This > > provides a software queuing model that can optionally be treated as > > async / sync depending on the use case. > > Given it's single element in flight I don't think there is any benefit > to enabling async. The lock has to be held throughout anyway. > It is always possible a particular caller wants to overlap this > transaction with some other actions, but I'd rather put the burden > on that clever caller which can spin this out to a thread of one type > or another. > > We can revisit and split this in half if we have a user who benefits > from the complexity. I don't think it's complex. I think it's simpler to rationalize than this pattern of taking a lock and going to sleep with the lock held. You can eliminate the lock completely if the only access to a given DOE is a single dedicated kthread. There are other examples of this single-thread protocol handler pattern in the kernel, like libsas SMP protocol. > > > + } > > > + } > > > + > > > + /* Read the first two dwords to get the length */ > > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, > > > + &response[0]); > > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); > > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, > > > + &response[1]); > > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); > > > + length = FIELD_GET(PCI_DOE_DATA_OBJECT_HEADER_2_LENGTH, > > > + response[1]); > > > + if (length > SZ_1M) > > oops. That's exiting with mutex held. Fixed in v2. > > > > + return -EIO; > > > + > > > + for (i = 2; i < min(length, response_sz / 4); i++) { > > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, > > > + &response[i]); > > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); > > > + } > > > + /* flush excess length */ > > > + for (; i < length; i++) { > > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, > > > + &val); > > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); > > > + } > > > + /* Final error check to pick up on any since Data Object Ready */ > > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, &val); > > > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > > > + pcie_doe_abort(doe); > > > + ret = -EIO; > > > + } > > > +unlock: > > > + mutex_unlock(&doe->lock); > > > + > > > + return ret; > > > +} > > > + > > > + > > > +static int pcie_doe_discovery(struct pcie_doe *doe, u8 *index, u16 *vid, u8 *protocol) > > > +{ > > > + u32 request[3] = { > > > > Should this be a proper struct with named fields rather than an array? > > Well the field names are going to end up as dw0 dw1 etc as there isn't a lot more > meaningful to call them. We also want to keep them as u32 values throughout to > avoid fiddly packing manipulation on different endian machines. The DOE object format has dedicated space for type and length. If anything the endian issue is more reason to have a proper data structure. > > This becomes rather simpler when it's just the payload due to changes in the > interface in v2. > > > > > > + [0] = FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_1_VID, 0001) | > > > + FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_1_TYPE, 0), > > > + [1] = FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_2_LENGTH, 3), > > > + [2] = FIELD_PREP(PCI_DOE_DATA_OBJECT_DISC_REQ_3_INDEX, *index) > > > + }; > > > + u32 response[3]; > > > + int ret; > > > + > > > + ret = pcie_doe_exchange(doe, request, sizeof(request), response, sizeof(response)); > > > + if (ret) > > > + return ret; > > > + > > > + *vid = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_VID, response[2]); > > > + *protocol = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_PROTOCOL, response[2]); > > > + *index = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_NEXT_INDEX, response[2]); > > > + > > > + return 0; > > > +} > > > + > > > +/** > > > + * pcie_doe_protocol_check() - check if this DOE mailbox supports specific protocol > > > + * @doe: DOE state structure > > > + * @vid: Vendor ID > > > + * @protocol: Protocol number as defined by Vendor > > > + * Returns: 0 on success, <0 on error > > > + */ > > > +int pcie_doe_protocol_check(struct pcie_doe *doe, u16 vid, u8 protocol) > > > > Not clear to me that this is a comfortable API for a driver. I would > > expect that at registration time all the supported protocols would be > > retrieved and cached in the 'struct pcie_doe' context and then the > > host driver could query from there without going back to the device > > again. > > I'm not sure I follow. > > Any driver will fall into one of the following categories: > a) Already knows what protocols are available on a > given DOE instance perhaps because that's a characteristic of the hardware > supported, in which case it has no reason to check (unless driver writer > is paranoid) > b) It has no way to know (e.g. class driver), then it makes sense to query > the DOE instance to find out what protocols are available. I was more thinking that the public interface is a protocol rather than the raw DOE. So the library knows CDAT, SPDM, IDE... and drivers never need to query the interface. So this more of a question about where to draw the line of common code. For example in the nfit driver there is usage of: acpi_label_write() ...and: acpi_evaluate_dsm() ...where the former abstracts the protocol and the latter is the raw interface. Both can write to a label area, but only one is idiomatic.
Please address and clarify 2 queries below... > On Mar 16, 2021, at 2:14 PM, Dan Williams <dan.j.williams@intel.com> wrote: > > On Tue, Mar 16, 2021 at 9:31 AM Jonathan Cameron > <Jonathan.Cameron@huawei.com> wrote: >> >> On Mon, 15 Mar 2021 12:45:49 -0700 >> Dan Williams <dan.j.williams@intel.com> wrote: >> >>> Hey Jonathan, happy to see this, some comments below... >> >> Hi Dan, >> >> Thanks for taking a look! >> >>> >>> On Wed, Mar 10, 2021 at 10:08 AM Jonathan Cameron >>> <Jonathan.Cameron@huawei.com> wrote: >>>> >>>> Introduced in an ECN to the PCI 5.0, DOE provides a config space >>>> based mailbox with standard protocol discovery. Each mailbox >>>> is accessed through a DOE PCIE Extended Capability. >>>> >>>> A device may have 1 or more DOE mailboxes, each of which is allowed >>>> to support any number of protocols (some DOE protocols >>>> specifications apply additional restrictions). A given protocol >>>> may be supported on more than one DOE mailbox on a given function. >>> >>> Are all those protocol instances shared? >>> I'm trying to mental model >>> whether, for example, an auxiliary driver instance could be loaded per >>> DOE mailbox, or if there would need to be coordination of a given >>> protocol no matter how many DOE mailboxes on that device implemented >>> that protocol. >> >> Just to check I've understood corectly, you mean multiple instances of same >> protocol across different DOE mailboxes on a given device? >> > > Right. Could you confirm this case for clarity? A CXL device may have multiple VF/PF. For example, PF=0 could have one or more DOE instances for CDAT protocol. The driver will scan PF=0 for all DOE instances and finding one or more of CDAT protocol will combine/manage them. I had not considered multiple CDAT tables for single PF. For CXL devices with multiple PF’s the same process would be carried out on PF=1-N. > >> At DOE ECN level I don't think it is actually defined if they can >> interact or not. I've trawled though the released protocols that I know of >> to see if there is a consensus but not finding much information. >> >> I would argue however that there would be no reason to have the OS make >> use of more than one DOE mailbox for the same protocol. Bit fiddly to >> handle, but doesn't seem impossible to only register a protocol with first >> DOE that supports it. >> >> CMA does talk about use of multiple methods to communicate with the device >> and the need for results consistency. However that is referring to out of >> band vs DOE rather than multiple DOEs. Plus it isn't making statements >> about protocol coordination just responses to particular queries. >> >> Things might get crazy if you tried to do IDE setup from two different DOE >> mailboxes. The IDE ECN refers to "the specific instance of DOE used for..." >> implying I think that there might be multiple but software should only >> use one of them? >> >> My other gut feeling is that only some of the DOE mailboxes are ever going >> to be in the control of Linux. IDE calls out models where firmware or a TEE is >> responsible for it for example. I'm not sure how that is going to be communicated >> to the OS (can guess of course) >> >> Sub drivers are a plausible model that I'll think about some more - but >> for now it feels like too early to go that way.. > > Ok, fair enough. > >> >>> >>>> >>>> The current infrastructure is fairly simplistic and pushes the burden >>>> of handling this many-to-many relantionship to the drivers. In many >>> >>> s/relantionship/relationship/ >>> >>>> cases the arrangement will be static, making this straight forward. >>>> >>>> Open questions: >>>> * timeouts: The DOE specification allows for 1 second for some >>>> operations, but notes that specific protocols may have different >>>> requirements. Should we introduce the flexiblity now, or leave >>> >>> s/flexiblity/flexibility/ >> >> Gah. One day I'll remember to spell check. Sorry about that. >> >>> >>>> that to be implemented when support for such a protocol is added? >>> >>> If the timeout is property of the protocol then perhaps it should wait >>> and not be modeled at the transport level, but that's just an initial >>> reaction. I have not spent quality time with the DOE spec. >> >> I'm not sure it's possible to do so without breaking the abstraction of >> DOE request / response into a bunch of messy sub steps. Perhaps there is >> a clean way of doing it but I can't immediately think of it. >> >> If a protocol comes along that varies the timeout we can just add >> a parameter to say what it is on a call by call basis. > > Now that I've had a chance to take a look the spec seems to > unequivocally mandate the timeouts in "6.xx.1 Operation", where was > the per-protocol timeout implied? > >>>> * DOE mailboxes may use MSI / MSIX to signal that the have prepared >>>> a response. These require normal conditions are setup by the driver. >>>> Should we move some of this into the DOE support (such as ensuring >>>> bus mastering is enabled)? >>> >>> DOE support seems suitable to just be a library and leave the >>> host-device management to the host driver. >> >> Agreed. Though might be worth some debug checks. >> >> Speaking from experience it's easy to spend half a day wondering why your >> interrupts aren't turning up (I was blaming QEMU) because bus mastering >> wasn't enabled. > > Sure, no concern about validating assumptions in the library, but > leave control to the host. > >>>> Testing conducted against QEMU using: >>>> >>>> https://lore.kernel.org/qemu-devel/1612900760-7361-1-git-send-email-cbrowy@avery-design.com/ >>>> + fix for interrupt flag mentioned in that thread. >>>> >>> >>> I came across this the other day and made me wonder about SPDM >>> emulation as another test case: >>> >>> https://cfp.osfc.io/media/osfc2020/submissions/ECQ88N/resources/An_open_source_SPDM_implementation_for_secure_devi_kmIgAQe.pdf >> >> Nice! Looking at CMA / IDE emulation was on my todo list and that looks like >> it might make that job a lot easier. Would it be useful to integrate the openspdm’s SpdmResponderEmu.c onto the QEMU’s CXL Type3 Device’s DOE backend for CMA/IDE testing? Doesn’t look hard to do. >> >>> >>> >>>> Additional testing to be done, particularly around error handling. >>>> >>>> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> >> >> Anything not commented on should be in v2. >> >>>> --- >>>> drivers/pci/pcie/Kconfig | 8 + >>>> drivers/pci/pcie/Makefile | 1 + >>>> drivers/pci/pcie/doe.c | 284 ++++++++++++++++++++++++++++++++++ >>>> include/linux/pcie-doe.h | 35 +++++ >>>> include/uapi/linux/pci_regs.h | 29 +++- >>>> 5 files changed, 356 insertions(+), 1 deletion(-) >>> >>>> diff --git a/drivers/pci/pcie/Makefile b/drivers/pci/pcie/Makefile >>>> index b2980db88cc0..801fdd5fbfc1 100644 >>>> --- a/drivers/pci/pcie/Makefile >>>> +++ b/drivers/pci/pcie/Makefile >>>> @@ -13,3 +13,4 @@ obj-$(CONFIG_PCIE_PME) += pme.o >>>> obj-$(CONFIG_PCIE_DPC) += dpc.o >>>> obj-$(CONFIG_PCIE_PTM) += ptm.o >>>> obj-$(CONFIG_PCIE_EDR) += edr.o >>>> +obj-$(CONFIG_PCIE_DOE) += doe.o >>>> diff --git a/drivers/pci/pcie/doe.c b/drivers/pci/pcie/doe.c >>>> new file mode 100644 >>>> index 000000000000..b091ef379362 >>>> --- /dev/null >>>> +++ b/drivers/pci/pcie/doe.c >>>> @@ -0,0 +1,284 @@ >>>> +// SPDX-License-Identifier: GPL-2.0 >>>> +/* >>>> + * Data Object Exchange was added to the PCI spec as an ECN to 5.0. >>> >>> Perhaps just put the ECN link here? >> >> It's by number so I've left the title here as well as a link. > > Ok. > >> >>> >>>> + * >>>> + * Copyright (C) 2021 Huawei >>>> + * Jonathan Cameron <Jonathan.Cameron@huawei.com> >>>> + */ >>>> + >>>> +#include <linux/bitfield.h> >>>> +#include <linux/delay.h> >>>> +#include <linux/jiffies.h> >>>> +#include <linux/mutex.h> >>>> +#include <linux/pci.h> >>>> +#include <linux/pcie-doe.h> >>>> + >>>> +static irqreturn_t doe_irq(int irq, void *data) >>>> +{ >>>> + struct pcie_doe *doe = data; >>>> + struct pci_dev *pdev = doe->pdev; >>>> + u32 val; >>>> + >>>> + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, &val); >>>> + if (FIELD_GET(PCI_DOE_STATUS_INT_STATUS, val)) { >>>> + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, >>>> + val); >>>> + complete(&doe->c); >>>> + return IRQ_HANDLED; >>>> + } >>>> + /* Leave the error case to be handled outside irq */ >>>> + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { >>>> + complete(&doe->c); >>>> + return IRQ_HANDLED; >>>> + } >>> >>> Only one DOE command can be outstanding at a time per PCI device? >> >> No, unless I'm missing something, that is one command per DOE mailbox at a time. >> The completion is part of the pcie_doe structure, not the pci_dev. >> That represents a single DOE mailbox. >> >> There can be multiple commands in flight to multiple DOE mailboxes. Not clear >> that there ever will be in real use cases however. >> >> This comes up later wrt to async operation. The mailbox only >> supports one request / response cycle at a time, they cannot be overlapped. > > "6.xx.1 Operation" says "If a single DOE instance supports multiple > data object protocols, system firmware/software is permitted to > interleave requests/responses with different data object protocols." > > ...although I must say I don't understand how system software tracks > which response belongs to which request if the transactions are > interleaved. > >>> This >>> seems insufficient in the multi-mailbox case / feels like there should >>> be a 'struct pcie_doe_request' object to track what it is to be >>> completed. >> >> No need for the complexity with one request / response in flight per >> mailbox at a time and each mailbox having separate state maintenance. > > I think the workqueue proposal removes the need for pcie_doe_request, > but still allows for the possibility of interleaving requests. > >> >>> >>>> + >>>> + return IRQ_NONE; >>>> +} >>>> + >>>> +static int pcie_doe_abort(struct pcie_doe *doe) >>>> +{ >>>> + struct pci_dev *pdev = doe->pdev; >>>> + int retry = 0; >>>> + u32 val; >>>> + >>>> + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_CTRL, >>>> + PCI_DOE_CTRL_ABORT); >>>> + /* Abort is allowed to take up to 1 second */ >>>> + do { >>>> + retry++; >>>> + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, >>>> + &val); >>>> + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val) && >>>> + !FIELD_GET(PCI_DOE_STATUS_BUSY, val)) >>>> + return 0; >>>> + usleep_range(1000, 2000); >>>> + } while (retry < 1000); >>>> + >>>> + return -EIO; >>> >>> What's the state of the mailbox after an abort failure? >> >> Good question. I think the answer to that is dead device, reboot the machine >> or at least the device if you can do a hard enough slot reset. > > ...and hopefully that device is not part of an active interleave > otherwise a reset can take down "System RAM". > >> >> The specification goes with... >> "It is strongly recommend that implementations ensure that the functionality >> of the DOE Abort bit is resilient, including that DOE Abort functionality is >> maintained even in cases where device firmware is malfunctioning" > > Ok. > >> >> So cross our fingers everyone obeys that strong recommendation or try to >> work out what to do? > > What's the worst that can happen? </famous last words> > >> >>> >>>> +} >>>> + >>>> +/** >>>> + * pcie_doe_init() - Initialise a Data Object Exchange mailbox >>>> + * @doe: state structure for the DOE mailbox >>>> + * @pdev: pci device which has this DOE mailbox >>>> + * @doe_offset: offset in configuration space of the DOE extended capability. >>>> + * @use_int: whether to use the optional interrupt >>>> + * Returns: 0 on success, <0 on error >>>> + * >>>> + * Caller responsible for calling pci_alloc_irq_vectors() including DOE >>>> + * interrupt. >>>> + */ >>>> +int pcie_doe_init(struct pcie_doe *doe, struct pci_dev *pdev, int doe_offset, >>>> + bool use_int) >>>> +{ >>>> + u32 val; >>>> + int rc; >>>> + >>>> + mutex_init(&doe->lock); >>>> + init_completion(&doe->c); >>>> + doe->cap_offset = doe_offset; >>>> + doe->pdev = pdev; >>>> + /* Reset the mailbox by issuing an abort */ >>>> + rc = pcie_doe_abort(doe); >>>> + if (rc) >>>> + return rc; >>>> + >>>> + pci_read_config_dword(pdev, doe_offset + PCI_DOE_CAP, &val); >>>> + >>>> + if (use_int && FIELD_GET(PCI_DOE_CAP_INT, val)) { >>>> + rc = devm_request_irq(&pdev->dev, >>> >>> Lets not hide devm semantics from the caller, so at a minimum this >>> function should be called pcim_pcie_doe_init() to indicate to the >>> caller that it has placed something into the devm stack. However, this >>> may not be convenient for the caller. I'd leave it to the user to call >>> a pcie_doe() unregister routine via devm_add_action_or_reset() if it >>> wants. >> >>> >>> Lastly, I don't expect _init() routines to fail so perhaps split this >>> into pure "init" and "register" functionality? >> >> I'm a bit doubtful on naming of register() but will go with that for v2. >> >> It's not registering with anything so that feels a bit wrong as a description >> for part 2 of setup. Can leave that bike shedding for now though. >> > > Ok, just searching for a name that implies symmetrical teardown > register/unregister, enable/disable, ... etc. init/deinit doesn't do > it for me. > >>> >>>> + pci_irq_vector(pdev, >>>> + FIELD_GET(PCI_DOE_CAP_IRQ, val)), >>>> + doe_irq, 0, "DOE", doe); >>>> + if (rc) >>>> + return rc; >>>> + >>>> + doe->use_int = use_int; >>>> + pci_write_config_dword(pdev, doe_offset + PCI_DOE_CTRL, >>>> + FIELD_PREP(PCI_DOE_CTRL_INT_EN, 1)); >>>> + } >>>> + >>>> + return 0; >>>> +} >>>> + >>>> + >>>> +/** >>>> + * pcie_doe_exchange() - Send a request and receive a response >>>> + * @doe: DOE mailbox state structure >>>> + * @request: request data to be sent >>>> + * @request_sz: size of request in bytes >>>> + * @response: buffer into which to place the response >>>> + * @response_sz: size of available response buffer in bytes >>>> + * >>>> + * Return: 0 on success, < 0 on error >>>> + * Excess data will be discarded. >>>> + */ >>>> +int pcie_doe_exchange(struct pcie_doe *doe, u32 *request, size_t request_sz, >>>> + u32 *response, size_t response_sz) >>> >>> Are requests made against a specific protocol? >> >> Yes, but the descriptive header is very brea. >> >>> >>> This interface feels under-decorated for a public API for host-drivers to use. >> >> I'll see what I can come up with for v2. >> Likely to look something like >> >> int pcie_doe_exchange(struct pci_doe *doe, u16 vid, u8 type, >> u32 *request_pl, size_t request_pl_sz, >> u32 *response_pl, size_t response_pl_sz) > > I was thinking something like 'struct pcie_doe_object' pointers rather > than u32 arrays. > >> >> and return received length or negative on error. >> >> The disadvantage is that at least some of the specs just have the >> header as their first few DW. So there isn't a clear distinction >> between header and payload. May lead to people getting offsets wrong >> in a way they wouldn't do if driver was responsible for building the >> whole message. > > Aren't they more likely to get offsets wrong with u32 arrays rather > than data structures? > >> >>> >>>> +{ >>>> + struct pci_dev *pdev = doe->pdev; >>>> + int ret = 0; >>>> + int i; >>>> + u32 val; >>>> + int retry = -1; >>>> + size_t length; >>>> + >>>> + /* DOE requests must be a whole number of DW */ >>>> + if (request_sz % sizeof(u32)) >>>> + return -EINVAL; >>>> + >>>> + /* Need at least 2 DW to get the length */ >>>> + if (response_sz < 2 * sizeof(u32)) >>>> + return -EINVAL; >>>> + >>>> + mutex_lock(&doe->lock); >>>> + /* >>>> + * Check the DOE busy bit is not set. >>>> + * If it is set, this could indicate someone other than Linux is >>>> + * using the mailbox. >>>> + */ >>> >>> Ugh, makes me think we need to extend the support for blocking pci >>> device MMIO while a driver is attached to config-space as well. How >>> can a communication protocol work if initiators can trample each >>> other's state? >> >> Agreed. It is crazy. At very least we need a means of saying >> keep your hands off this DOE to the OS. >> >> We can't do it on a per protocol basis, which was what I was previously >> thinking, because we can't call the discovery protocol to see what >> a given DOE is for. > > I'm specifically thinking of a mechanism that blocks pci-sysfs from > initiating config-cycles if a driver has claimed that range. > > However, these MCTP to DOE tunnels that the SPDM presentation alluded > to make me nervous as there is no protocol to prevent an OS driver > agent and an MCTP agent from clobbering each other. > >> >>> >>>> + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, &val); >>>> + if (FIELD_GET(PCI_DOE_STATUS_BUSY, val)) { >>>> + ret = -EBUSY; >>>> + goto unlock; >>>> + } >>>> + >>>> + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { >>>> + ret = pcie_doe_abort(doe); >>>> + if (ret) >>>> + goto unlock; >>>> + } >>>> + >>>> + for (i = 0; i < request_sz / 4; i++) >>>> + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_WRITE, >>>> + request[i]); >>>> + >>>> + reinit_completion(&doe->c); >>>> + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_CTRL, >>>> + PCI_DOE_CTRL_GO); >>>> + >>>> + if (doe->use_int) { >>>> + /* >>>> + * Timeout of 1 second from 6.xx.1 ECN - Data Object Exchange >>>> + * Note a protocol is allowed to specify a different timeout, so >>>> + * that may need supporting in future. >>>> + */ >>>> + if (!wait_for_completion_timeout(&doe->c, >>>> + msecs_to_jiffies(1000))) { >>> >>> s/msecs_to_jiffies(1000)/HZ/ >> >> huh. Missed that :) > > Yeah, the shorthand that X*HZ == "X seconds worth of jiffies" is just > something I picked up from other drivers not explicit documentation. > >> >>> >>>> + ret = -ETIMEDOUT; >>>> + goto unlock; >>>> + } >>>> + >>>> + pci_read_config_dword(pdev, >>>> + doe->cap_offset + PCI_DOE_STATUS, >>>> + &val); >>>> + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { >>>> + pcie_doe_abort(doe); >>>> + ret = -EIO; >>>> + goto unlock; >>>> + } >>>> + } else { >>>> + do { >>>> + retry++; >>>> + pci_read_config_dword(pdev, >>>> + doe->cap_offset + PCI_DOE_STATUS, >>>> + &val); >>>> + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { >>>> + pcie_doe_abort(doe); >>>> + ret = -EIO; >>>> + goto unlock; >>>> + } >>>> + >>>> + if (FIELD_GET(PCI_DOE_STATUS_DATA_OBJECT_READY, val)) >>>> + break; >>>> + usleep_range(1000, 2000); >>>> + } while (retry < 1000); >>>> + if (!FIELD_GET(PCI_DOE_STATUS_DATA_OBJECT_READY, val)) { >>>> + ret = -ETIMEDOUT; >>>> + goto unlock; >>> >>> Rather than a lock and polling loop I'd organize this as a single >>> threaded delayed_workqueue that periodically services requests or >>> immediately runs the workqueue upon receipt of an interrupt. This >>> provides a software queuing model that can optionally be treated as >>> async / sync depending on the use case. >> >> Given it's single element in flight I don't think there is any benefit >> to enabling async. The lock has to be held throughout anyway. >> It is always possible a particular caller wants to overlap this >> transaction with some other actions, but I'd rather put the burden >> on that clever caller which can spin this out to a thread of one type >> or another. >> >> We can revisit and split this in half if we have a user who benefits >> from the complexity. > > I don't think it's complex. I think it's simpler to rationalize than > this pattern of taking a lock and going to sleep with the lock held. > You can eliminate the lock completely if the only access to a given > DOE is a single dedicated kthread. There are other examples of this > single-thread protocol handler pattern in the kernel, like libsas SMP > protocol. > >>>> + } >>>> + } >>>> + >>>> + /* Read the first two dwords to get the length */ >>>> + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, >>>> + &response[0]); >>>> + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); >>>> + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, >>>> + &response[1]); >>>> + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); >>>> + length = FIELD_GET(PCI_DOE_DATA_OBJECT_HEADER_2_LENGTH, >>>> + response[1]); >>>> + if (length > SZ_1M) >> >> oops. That's exiting with mutex held. Fixed in v2. >> >>>> + return -EIO; >>>> + >>>> + for (i = 2; i < min(length, response_sz / 4); i++) { >>>> + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, >>>> + &response[i]); >>>> + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); >>>> + } >>>> + /* flush excess length */ >>>> + for (; i < length; i++) { >>>> + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, >>>> + &val); >>>> + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); >>>> + } >>>> + /* Final error check to pick up on any since Data Object Ready */ >>>> + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, &val); >>>> + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { >>>> + pcie_doe_abort(doe); >>>> + ret = -EIO; >>>> + } >>>> +unlock: >>>> + mutex_unlock(&doe->lock); >>>> + >>>> + return ret; >>>> +} >>>> + >>>> + >>>> +static int pcie_doe_discovery(struct pcie_doe *doe, u8 *index, u16 *vid, u8 *protocol) >>>> +{ >>>> + u32 request[3] = { >>> >>> Should this be a proper struct with named fields rather than an array? >> >> Well the field names are going to end up as dw0 dw1 etc as there isn't a lot more >> meaningful to call them. We also want to keep them as u32 values throughout to >> avoid fiddly packing manipulation on different endian machines. > > The DOE object format has dedicated space for type and length. > > If anything the endian issue is more reason to have a proper data structure. > >> >> This becomes rather simpler when it's just the payload due to changes in the >> interface in v2. >> >>> >>>> + [0] = FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_1_VID, 0001) | >>>> + FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_1_TYPE, 0), >>>> + [1] = FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_2_LENGTH, 3), >>>> + [2] = FIELD_PREP(PCI_DOE_DATA_OBJECT_DISC_REQ_3_INDEX, *index) >>>> + }; >>>> + u32 response[3]; >>>> + int ret; >>>> + >>>> + ret = pcie_doe_exchange(doe, request, sizeof(request), response, sizeof(response)); >>>> + if (ret) >>>> + return ret; >>>> + >>>> + *vid = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_VID, response[2]); >>>> + *protocol = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_PROTOCOL, response[2]); >>>> + *index = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_NEXT_INDEX, response[2]); >>>> + >>>> + return 0; >>>> +} >>>> + >>>> +/** >>>> + * pcie_doe_protocol_check() - check if this DOE mailbox supports specific protocol >>>> + * @doe: DOE state structure >>>> + * @vid: Vendor ID >>>> + * @protocol: Protocol number as defined by Vendor >>>> + * Returns: 0 on success, <0 on error >>>> + */ >>>> +int pcie_doe_protocol_check(struct pcie_doe *doe, u16 vid, u8 protocol) >>> >>> Not clear to me that this is a comfortable API for a driver. I would >>> expect that at registration time all the supported protocols would be >>> retrieved and cached in the 'struct pcie_doe' context and then the >>> host driver could query from there without going back to the device >>> again. >> >> I'm not sure I follow. >> >> Any driver will fall into one of the following categories: >> a) Already knows what protocols are available on a >> given DOE instance perhaps because that's a characteristic of the hardware >> supported, in which case it has no reason to check (unless driver writer >> is paranoid) >> b) It has no way to know (e.g. class driver), then it makes sense to query >> the DOE instance to find out what protocols are available. > > I was more thinking that the public interface is a protocol rather > than the raw DOE. So the library knows CDAT, SPDM, IDE... and drivers > never need to query the interface. > > So this more of a question about where to draw the line of common code. > > For example in the nfit driver there is usage of: > > acpi_label_write() > > ...and: > > acpi_evaluate_dsm() > > ...where the former abstracts the protocol and the latter is the raw > interface. Both can write to a label area, but only one is idiomatic.
Btw your mailer does something odd with the "In-Reply-To:" field, I need to fix it up manually to include your address. On Tue, Mar 16, 2021 at 4:28 PM Chris Browy <cbrowy@avery-design.com> wrote: > > Please address and clarify 2 queries below... > > > > On Mar 16, 2021, at 2:14 PM, Dan Williams <dan.j.williams@intel.com> wrote: > > > > On Tue, Mar 16, 2021 at 9:31 AM Jonathan Cameron > > <Jonathan.Cameron@huawei.com> wrote: > >> > >> On Mon, 15 Mar 2021 12:45:49 -0700 > >> Dan Williams <dan.j.williams@intel.com> wrote: > >> > >>> Hey Jonathan, happy to see this, some comments below... > >> > >> Hi Dan, > >> > >> Thanks for taking a look! > >> > >>> > >>> On Wed, Mar 10, 2021 at 10:08 AM Jonathan Cameron > >>> <Jonathan.Cameron@huawei.com> wrote: > >>>> > >>>> Introduced in an ECN to the PCI 5.0, DOE provides a config space > >>>> based mailbox with standard protocol discovery. Each mailbox > >>>> is accessed through a DOE PCIE Extended Capability. > >>>> > >>>> A device may have 1 or more DOE mailboxes, each of which is allowed > >>>> to support any number of protocols (some DOE protocols > >>>> specifications apply additional restrictions). A given protocol > >>>> may be supported on more than one DOE mailbox on a given function. > >>> > >>> Are all those protocol instances shared? > >>> I'm trying to mental model > >>> whether, for example, an auxiliary driver instance could be loaded per > >>> DOE mailbox, or if there would need to be coordination of a given > >>> protocol no matter how many DOE mailboxes on that device implemented > >>> that protocol. > >> > >> Just to check I've understood corectly, you mean multiple instances of same > >> protocol across different DOE mailboxes on a given device? > >> > > > > Right. > > Could you confirm this case for clarity? A CXL device may have multiple VF/PF. > For example, PF=0 could have one or more DOE instances for CDAT protocol. > The driver will scan PF=0 for all DOE instances and finding one or more of CDAT > protocol will combine/manage them. I had not considered multiple CDAT tables > for single PF. For CXL devices with multiple PF’s the same process would be > carried out on PF=1-N. This patch has nothing to do with CXL. This is a general discussion of how a PCIE device implements a DOE mailbox or set of mailboxes. The DOE definition is PF-only afaics from the DOE specification. The CXL specification only says that a device can implement a CDAT per DOE capability instance, so the CXL spec does not limit the number of DOE instances to 1, but I can't think of a practical reason to support more than one. [..] > >>> https://cfp.osfc.io/media/osfc2020/submissions/ECQ88N/resources/An_open_source_SPDM_implementation_for_secure_devi_kmIgAQe.pdf > >> > >> Nice! Looking at CMA / IDE emulation was on my todo list and that looks like > >> it might make that job a lot easier. > > Would it be useful to integrate the openspdm’s SpdmResponderEmu.c onto the QEMU’s CXL Type3 Device’s > DOE backend for CMA/IDE testing? Doesn’t look hard to do. Yes, I do think it would be useful.
On Wed, 17 Mar 2021 18:30:26 -0700 Dan Williams <dan.j.williams@intel.com> wrote: > Btw your mailer does something odd with the "In-Reply-To:" field, I > need to fix it up manually to include your address. > > On Tue, Mar 16, 2021 at 4:28 PM Chris Browy <cbrowy@avery-design.com> wrote: > > > > Please address and clarify 2 queries below... > > > > > > > On Mar 16, 2021, at 2:14 PM, Dan Williams <dan.j.williams@intel.com> wrote: > > > > > > On Tue, Mar 16, 2021 at 9:31 AM Jonathan Cameron > > > <Jonathan.Cameron@huawei.com> wrote: > > >> > > >> On Mon, 15 Mar 2021 12:45:49 -0700 > > >> Dan Williams <dan.j.williams@intel.com> wrote: > > >> > > >>> Hey Jonathan, happy to see this, some comments below... > > >> > > >> Hi Dan, > > >> > > >> Thanks for taking a look! > > >> > > >>> > > >>> On Wed, Mar 10, 2021 at 10:08 AM Jonathan Cameron > > >>> <Jonathan.Cameron@huawei.com> wrote: > > >>>> > > >>>> Introduced in an ECN to the PCI 5.0, DOE provides a config space > > >>>> based mailbox with standard protocol discovery. Each mailbox > > >>>> is accessed through a DOE PCIE Extended Capability. > > >>>> > > >>>> A device may have 1 or more DOE mailboxes, each of which is allowed > > >>>> to support any number of protocols (some DOE protocols > > >>>> specifications apply additional restrictions). A given protocol > > >>>> may be supported on more than one DOE mailbox on a given function. > > >>> > > >>> Are all those protocol instances shared? > > >>> I'm trying to mental model > > >>> whether, for example, an auxiliary driver instance could be loaded per > > >>> DOE mailbox, or if there would need to be coordination of a given > > >>> protocol no matter how many DOE mailboxes on that device implemented > > >>> that protocol. > > >> > > >> Just to check I've understood corectly, you mean multiple instances of same > > >> protocol across different DOE mailboxes on a given device? > > >> > > > > > > Right. > > > > Could you confirm this case for clarity? A CXL device may have multiple VF/PF. > > For example, PF=0 could have one or more DOE instances for CDAT protocol. > > The driver will scan PF=0 for all DOE instances and finding one or more of CDAT > > protocol will combine/manage them. I had not considered multiple CDAT tables > > for single PF. For CXL devices with multiple PF’s the same process would be > > carried out on PF=1-N. > > This patch has nothing to do with CXL. This is a general discussion of > how a PCIE device implements a DOE mailbox or set of mailboxes. The > DOE definition is PF-only afaics from the DOE specification. > > The CXL specification only says that a device can implement a CDAT per > DOE capability instance, so the CXL spec does not limit the number of > DOE instances to 1, but I can't think of a practical reason to support > more than one. > > [..] > > >>> https://cfp.osfc.io/media/osfc2020/submissions/ECQ88N/resources/An_open_source_SPDM_implementation_for_secure_devi_kmIgAQe.pdf > > >> > > >> Nice! Looking at CMA / IDE emulation was on my todo list and that looks like > > >> it might make that job a lot easier. > > > > Would it be useful to integrate the openspdm’s SpdmResponderEmu.c onto the QEMU’s CXL Type3 Device’s > > DOE backend for CMA/IDE testing? Doesn’t look hard to do. > > Yes, I do think it would be useful. Agreed. Very useful indeed. Jonathan
On Tue, 16 Mar 2021 11:14:05 -0700 Dan Williams <dan.j.williams@intel.com> wrote: ... > > > > > > > > > that to be implemented when support for such a protocol is added? > > > > > > If the timeout is property of the protocol then perhaps it should wait > > > and not be modeled at the transport level, but that's just an initial > > > reaction. I have not spent quality time with the DOE spec. > > > > I'm not sure it's possible to do so without breaking the abstraction of > > DOE request / response into a bunch of messy sub steps. Perhaps there is > > a clean way of doing it but I can't immediately think of it. > > > > If a protocol comes along that varies the timeout we can just add > > a parameter to say what it is on a call by call basis. > > Now that I've had a chance to take a look the spec seems to > unequivocally mandate the timeouts in "6.xx.1 Operation", where was > the per-protocol timeout implied? That paragraph starts with "For request/response protocols, unless there is a protocol-specific requirement, a DOE instance must complete processing a received data object and, if a data object is required in response, must generate the response and Set the Data Object Ready bit in the DOE Status register within 1 second after the DOE Go bit was Set in the DOE Control register...." I read that as allowing a wealth of flexibility in what a protocol can specify differently from the main DOE spec including the timeout. Let's ignore it until it matters. ... > > > > +obj-$(CONFIG_PCIE_DOE) += doe.o > > > > diff --git a/drivers/pci/pcie/doe.c b/drivers/pci/pcie/doe.c > > > > new file mode 100644 > > > > index 000000000000..b091ef379362 > > > > --- /dev/null > > > > +++ b/drivers/pci/pcie/doe.c > > > > @@ -0,0 +1,284 @@ > > > > > > > > > + * > > > > + * Copyright (C) 2021 Huawei > > > > + * Jonathan Cameron <Jonathan.Cameron@huawei.com> > > > > + */ > > > > + > > > > +#include <linux/bitfield.h> > > > > +#include <linux/delay.h> > > > > +#include <linux/jiffies.h> > > > > +#include <linux/mutex.h> > > > > +#include <linux/pci.h> > > > > +#include <linux/pcie-doe.h> > > > > + > > > > +static irqreturn_t doe_irq(int irq, void *data) > > > > +{ > > > > + struct pcie_doe *doe = data; > > > > + struct pci_dev *pdev = doe->pdev; > > > > + u32 val; > > > > + > > > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, &val); > > > > + if (FIELD_GET(PCI_DOE_STATUS_INT_STATUS, val)) { > > > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, > > > > + val); > > > > + complete(&doe->c); > > > > + return IRQ_HANDLED; > > > > + } > > > > + /* Leave the error case to be handled outside irq */ > > > > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > > > > + complete(&doe->c); > > > > + return IRQ_HANDLED; > > > > + } > > > > > > Only one DOE command can be outstanding at a time per PCI device? > > > > No, unless I'm missing something, that is one command per DOE mailbox at a time. > > The completion is part of the pcie_doe structure, not the pci_dev. > > That represents a single DOE mailbox. > > > > There can be multiple commands in flight to multiple DOE mailboxes. Not clear > > that there ever will be in real use cases however. > > > > This comes up later wrt to async operation. The mailbox only > > supports one request / response cycle at a time, they cannot be overlapped. > > "6.xx.1 Operation" says "If a single DOE instance supports multiple > data object protocols, system firmware/software is permitted to > interleave requests/responses with different data object protocols." > > ...although I must say I don't understand how system software tracks > which response belongs to which request if the transactions are > interleaved. Ouch, I read that as meaning you could use the mailbox for request protocol A / response protocol A ... request protocol B / response protocol B. You are correct it is more general. Still we don't have to use it and I strongly suggest we don't. It's a layer of complexity we probably will never really need and it is fiddly to handle. For tracking: you could do it, as the response carries the protocol ID. That is enough to let you match against the protocol and each protocol can only issue one request before it has to wait for a response. One nasty element is that there is no interrupt to let you know BUSY bit has fallen and you can send a new requests (as long as different protocol), so this would need polling in all cases. I think it would be a valid implementation to hold BUSY high until the response to the previous response has been read out from the DOE. Such an implementation would be enforcing no interleaving of different protocols and we would have had to poll pointlessly whilst the previous message was being handled and response read. My current thought is to simply not support multi protocol interleaving. If it turns out to be necessary sometime in the future we can look at how to do it. I see DOE as simple and lower performance so want to keep software at a similar level. > > > > This > > > seems insufficient in the multi-mailbox case / feels like there should > > > be a 'struct pcie_doe_request' object to track what it is to be > > > completed. > > > > No need for the complexity with one request / response in flight per > > mailbox at a time and each mailbox having separate state maintenance. > > I think the workqueue proposal removes the need for pcie_doe_request, > but still allows for the possibility of interleaving requests. OK at some abstract level it allows for interleaving and we can try to figure out how to actually do it if a need ever comes along. > > > > > > > > > > + > > > > + return IRQ_NONE; > > > > +} > > > > + > > > > +static int pcie_doe_abort(struct pcie_doe *doe) > > > > +{ > > > > + struct pci_dev *pdev = doe->pdev; > > > > + int retry = 0; > > > > + u32 val; > > > > + > > > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_CTRL, > > > > + PCI_DOE_CTRL_ABORT); > > > > + /* Abort is allowed to take up to 1 second */ > > > > + do { > > > > + retry++; > > > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, > > > > + &val); > > > > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val) && > > > > + !FIELD_GET(PCI_DOE_STATUS_BUSY, val)) > > > > + return 0; > > > > + usleep_range(1000, 2000); > > > > + } while (retry < 1000); > > > > + > > > > + return -EIO; > > > > > > What's the state of the mailbox after an abort failure? > > > > Good question. I think the answer to that is dead device, reboot the machine > > or at least the device if you can do a hard enough slot reset. > > ...and hopefully that device is not part of an active interleave > otherwise a reset can take down "System RAM". Well - I suspect in most cases DOE death either breaks IDE in which case likely *boom* anyway or it's informational stuff life CDAT in which case print lots of warnings to suggest a smooth shutdown is a really good idea. > > > > > The specification goes with... > > "It is strongly recommend that implementations ensure that the functionality > > of the DOE Abort bit is resilient, including that DOE Abort functionality is > > maintained even in cases where device firmware is malfunctioning" > > Ok. > > > > > So cross our fingers everyone obeys that strong recommendation or try to > > work out what to do? > > What's the worst that can happen? </famous last words> :) > > > > > > > + pci_irq_vector(pdev, > > > > + FIELD_GET(PCI_DOE_CAP_IRQ, val)), > > > > + doe_irq, 0, "DOE", doe); > > > > + if (rc) > > > > + return rc; > > > > + > > > > + doe->use_int = use_int; > > > > + pci_write_config_dword(pdev, doe_offset + PCI_DOE_CTRL, > > > > + FIELD_PREP(PCI_DOE_CTRL_INT_EN, 1)); > > > > + } > > > > + > > > > + return 0; > > > > +} > > > > + > > > > + > > > > +/** > > > > + * pcie_doe_exchange() - Send a request and receive a response > > > > + * @doe: DOE mailbox state structure > > > > + * @request: request data to be sent > > > > + * @request_sz: size of request in bytes > > > > + * @response: buffer into which to place the response > > > > + * @response_sz: size of available response buffer in bytes > > > > + * > > > > + * Return: 0 on success, < 0 on error > > > > + * Excess data will be discarded. > > > > + */ > > > > +int pcie_doe_exchange(struct pcie_doe *doe, u32 *request, size_t request_sz, > > > > + u32 *response, size_t response_sz) > > > > > > Are requests made against a specific protocol? > > > > Yes, but the descriptive header is very brea. > > > > > > > > This interface feels under-decorated for a public API for host-drivers to use. > > > > I'll see what I can come up with for v2. > > Likely to look something like > > > > int pcie_doe_exchange(struct pci_doe *doe, u16 vid, u8 type, > > u32 *request_pl, size_t request_pl_sz, > > u32 *response_pl, size_t response_pl_sz) > > I was thinking something like 'struct pcie_doe_object' pointers rather > than u32 arrays. Possibly... I'm not convinced that it doesn't end up being struct pcie_doe_object doe_obj; DOE_OBJ_INIT(&doe_obj, vid, type, request_pl, request_pl_sz, response_pl, response_pl_sz) ret = pcie_doe_exchange(doe, &doe_obj); If that's the pattern we see, why split it? We might well have a struct pcie_doe_object internally but it doesn't seem like a sensible external interface to me simply because we'd just be filling it in and immediately passing it to a 'send' function. > > > > > and return received length or negative on error. > > > > The disadvantage is that at least some of the specs just have the > > header as their first few DW. So there isn't a clear distinction > > between header and payload. May lead to people getting offsets wrong > > in a way they wouldn't do if driver was responsible for building the > > whole message. > > Aren't they more likely to get offsets wrong with u32 arrays rather > than data structures? I'm not sure what level you mean this at. The CDAT patch review you followed this with suggested just breaking out vid and type which is fine because those are always packed the same and we can do appropriate special handling. If you meant the whole object as packed structure, then it is a whole different matter. Easy one to point is that u64 values are going to end up with their top and bottom halves swapped. Things get even messier if we break up below the u32 level. We can do this at a higher level by having wrappers that deal with each protocol and do a serialize / deserialize for the protocol. I'm not sure if that will make sense or not yet though. > > > > > > > > > > +{ > > > > + struct pci_dev *pdev = doe->pdev; > > > > + int ret = 0; > > > > + int i; > > > > + u32 val; > > > > + int retry = -1; > > > > + size_t length; > > > > + > > > > + /* DOE requests must be a whole number of DW */ > > > > + if (request_sz % sizeof(u32)) > > > > + return -EINVAL; > > > > + > > > > + /* Need at least 2 DW to get the length */ > > > > + if (response_sz < 2 * sizeof(u32)) > > > > + return -EINVAL; > > > > + > > > > + mutex_lock(&doe->lock); > > > > + /* > > > > + * Check the DOE busy bit is not set. > > > > + * If it is set, this could indicate someone other than Linux is > > > > + * using the mailbox. > > > > + */ > > > > > > Ugh, makes me think we need to extend the support for blocking pci > > > device MMIO while a driver is attached to config-space as well. How > > > can a communication protocol work if initiators can trample each > > > other's state? > > > > Agreed. It is crazy. At very least we need a means of saying > > keep your hands off this DOE to the OS. > > > > We can't do it on a per protocol basis, which was what I was previously > > thinking, because we can't call the discovery protocol to see what > > a given DOE is for. > > I'm specifically thinking of a mechanism that blocks pci-sysfs from > initiating config-cycles if a driver has claimed that range. > > However, these MCTP to DOE tunnels that the SPDM presentation alluded > to make me nervous as there is no protocol to prevent an OS driver > agent and an MCTP agent from clobbering each other. Agreed. > > > > > > > > > + ret = -ETIMEDOUT; > > > > + goto unlock; > > > > + } > > > > + > > > > + pci_read_config_dword(pdev, > > > > + doe->cap_offset + PCI_DOE_STATUS, > > > > + &val); > > > > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > > > > + pcie_doe_abort(doe); > > > > + ret = -EIO; > > > > + goto unlock; > > > > + } > > > > + } else { > > > > + do { > > > > + retry++; > > > > + pci_read_config_dword(pdev, > > > > + doe->cap_offset + PCI_DOE_STATUS, > > > > + &val); > > > > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > > > > + pcie_doe_abort(doe); > > > > + ret = -EIO; > > > > + goto unlock; > > > > + } > > > > + > > > > + if (FIELD_GET(PCI_DOE_STATUS_DATA_OBJECT_READY, val)) > > > > + break; > > > > + usleep_range(1000, 2000); > > > > + } while (retry < 1000); > > > > + if (!FIELD_GET(PCI_DOE_STATUS_DATA_OBJECT_READY, val)) { > > > > + ret = -ETIMEDOUT; > > > > + goto unlock; > > > > > > Rather than a lock and polling loop I'd organize this as a single > > > threaded delayed_workqueue that periodically services requests or > > > immediately runs the workqueue upon receipt of an interrupt. This > > > provides a software queuing model that can optionally be treated as > > > async / sync depending on the use case. > > > > Given it's single element in flight I don't think there is any benefit > > to enabling async. The lock has to be held throughout anyway. > > It is always possible a particular caller wants to overlap this > > transaction with some other actions, but I'd rather put the burden > > on that clever caller which can spin this out to a thread of one type > > or another. > > > > We can revisit and split this in half if we have a user who benefits > > from the complexity. > > I don't think it's complex. I think it's simpler to rationalize than > this pattern of taking a lock and going to sleep with the lock held. > You can eliminate the lock completely if the only access to a given > DOE is a single dedicated kthread. There are other examples of this > single-thread protocol handler pattern in the kernel, like libsas SMP > protocol. So for this, I've implemented a simple single threaded workqueue. As I'm not supporting interleaving for now, it ends up being very similar to the body of pcie_doe_exchange(). The lock is gone. Async is trivial to implement (I haven't done so yet as don't have a user) but there is a requirement for the caller to ensure lifetimes of the buffers because we probably don't want to take copies when not necessary. That shouldn't be to onerous for the drivers. One thing I don't understand is why you proposed a delayed work queue above? I'm not seeing that model in the libsas SMP for example. As far as I can tell that just processes work items asap. Can you point to a more specific example if you thinks that we should use one? > > > > > + } > > > > + } > > > > + > > > > + /* Read the first two dwords to get the length */ > > > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, > > > > + &response[0]); > > > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); > > > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, > > > > + &response[1]); > > > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); > > > > + length = FIELD_GET(PCI_DOE_DATA_OBJECT_HEADER_2_LENGTH, > > > > + response[1]); > > > > + if (length > SZ_1M) > > > > oops. That's exiting with mutex held. Fixed in v2. > > > > > > + return -EIO; > > > > + > > > > + for (i = 2; i < min(length, response_sz / 4); i++) { > > > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, > > > > + &response[i]); > > > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); > > > > + } > > > > + /* flush excess length */ > > > > + for (; i < length; i++) { > > > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, > > > > + &val); > > > > + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); > > > > + } > > > > + /* Final error check to pick up on any since Data Object Ready */ > > > > + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, &val); > > > > + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { > > > > + pcie_doe_abort(doe); > > > > + ret = -EIO; > > > > + } > > > > +unlock: > > > > + mutex_unlock(&doe->lock); > > > > + > > > > + return ret; > > > > +} > > > > + > > > > + > > > > +static int pcie_doe_discovery(struct pcie_doe *doe, u8 *index, u16 *vid, u8 *protocol) > > > > +{ > > > > + u32 request[3] = { > > > > > > Should this be a proper struct with named fields rather than an array? > > > > Well the field names are going to end up as dw0 dw1 etc as there isn't a lot more > > meaningful to call them. We also want to keep them as u32 values throughout to > > avoid fiddly packing manipulation on different endian machines. > > The DOE object format has dedicated space for type and length. > > If anything the endian issue is more reason to have a proper data structure. I'm fine with doing that for the first 2 DW but after that it's a lot messier as mentioned above. It is protocol specific. Of course we can always wrap the individual protocols up with serializer / deserializer code to actually pack the dwords. > > > > > This becomes rather simpler when it's just the payload due to changes in the > > interface in v2. > > > > > > > > > + [0] = FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_1_VID, 0001) | > > > > + FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_1_TYPE, 0), > > > > + [1] = FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_2_LENGTH, 3), > > > > + [2] = FIELD_PREP(PCI_DOE_DATA_OBJECT_DISC_REQ_3_INDEX, *index) > > > > + }; > > > > + u32 response[3]; > > > > + int ret; > > > > + > > > > + ret = pcie_doe_exchange(doe, request, sizeof(request), response, sizeof(response)); > > > > + if (ret) > > > > + return ret; > > > > + > > > > + *vid = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_VID, response[2]); > > > > + *protocol = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_PROTOCOL, response[2]); > > > > + *index = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_NEXT_INDEX, response[2]); > > > > + > > > > + return 0; > > > > +} > > > > + > > > > +/** > > > > + * pcie_doe_protocol_check() - check if this DOE mailbox supports specific protocol > > > > + * @doe: DOE state structure > > > > + * @vid: Vendor ID > > > > + * @protocol: Protocol number as defined by Vendor > > > > + * Returns: 0 on success, <0 on error > > > > + */ > > > > +int pcie_doe_protocol_check(struct pcie_doe *doe, u16 vid, u8 protocol) > > > > > > Not clear to me that this is a comfortable API for a driver. I would > > > expect that at registration time all the supported protocols would be > > > retrieved and cached in the 'struct pcie_doe' context and then the > > > host driver could query from there without going back to the device > > > again. > > > > I'm not sure I follow. > > > > Any driver will fall into one of the following categories: > > a) Already knows what protocols are available on a > > given DOE instance perhaps because that's a characteristic of the hardware > > supported, in which case it has no reason to check (unless driver writer > > is paranoid) > > b) It has no way to know (e.g. class driver), then it makes sense to query > > the DOE instance to find out what protocols are available. > > I was more thinking that the public interface is a protocol rather > than the raw DOE. So the library knows CDAT, SPDM, IDE... and drivers > never need to query the interface. > > So this more of a question about where to draw the line of common code. > > For example in the nfit driver there is usage of: > > acpi_label_write() > > ...and: > > acpi_evaluate_dsm() > > ...where the former abstracts the protocol and the latter is the raw > interface. Both can write to a label area, but only one is idiomatic. Ah. Got it. Makes sense to have another layer for at least commonly reused protocols. Exactly what that looks like is going to be protocol specific. I've reworked the internal handling to do DOE mailboxes a bit like pci_alloc_irq_vectors(). Basically if a driver uses a DOE at all it issues one call to get them all and one call to free them all. That call goes and gets the protocols supported and caches their [vid type]. That lets a driver not care which protocols share a DOE and simply use: struct pcie_doe *cdat_doe = pci_doe_find(pci_dev, vid, prot); etc. struct pcie_doe *cma_doe = ... struct pcie_doe *ide_doe; struct pcie_doe *vendors_own_magic_doe; Some of which happen to point to the same DOEs. It's simpler than reference counting, which we shouldn't need as lifetimes of these should all be the same. Jonathan
On Tue, Mar 23, 2021 at 11:25 AM Jonathan Cameron <Jonathan.Cameron@huawei.com> wrote: [..] > > I was thinking something like 'struct pcie_doe_object' pointers rather > > than u32 arrays. > > Possibly... I'm not convinced that it doesn't end up being > struct pcie_doe_object doe_obj; > DOE_OBJ_INIT(&doe_obj, vid, type, request_pl, request_pl_sz, > response_pl, response_pl_sz) > > ret = pcie_doe_exchange(doe, &doe_obj); > > If that's the pattern we see, why split it? > We might well have a struct pcie_doe_object internally but it doesn't > seem like a sensible external interface to me simply because we'd > just be filling it in and immediately passing it to a 'send' function. I don't think there are going to be so many DOE users that would justify DOE_OBJ_INIT(). I am thinking of a model where the payload construction is open coded and typesafe similar to how intel_bus_fwa_activate() [1] builds its mailbox payload. [1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/acpi/nfit/intel.c#n546 > > > The disadvantage is that at least some of the specs just have the > > > header as their first few DW. So there isn't a clear distinction > > > between header and payload. May lead to people getting offsets wrong > > > in a way they wouldn't do if driver was responsible for building the > > > whole message. > > > > Aren't they more likely to get offsets wrong with u32 arrays rather > > than data structures? > > I'm not sure what level you mean this at. The CDAT patch review you > followed this with suggested just breaking out vid and type which is > fine because those are always packed the same and we can do appropriate > special handling. > > If you meant the whole object as packed structure, then it is a whole > different matter. > > Easy one to point is that u64 values are going to end up with their > top and bottom halves swapped. Things get even messier if we break > up below the u32 level. > > We can do this at a higher level by having wrappers that deal with > each protocol and do a serialize / deserialize for the protocol. > I'm not sure if that will make sense or not yet though. Again, I think the protocols to support are limited (CDAT and IDE/SPDM are the only ones on the horizon), so not much value to having a rich set of wrappers and macros to obfuscate payload generation. > > One thing I don't understand is why you proposed a delayed work queue > above? I'm not seeing that model in the libsas SMP for example. As far > as I can tell that just processes work items asap. > > Can you point to a more specific example if you thinks that we should > use one? For polling on a timeout a delayed workqueue can poll at an interval without need for any explicit sleep calls. There are several examples of queue_delayed_work() in drivers/ being used to advance a state machine after a protocol relative timeout.
On Thu, 18 Mar 2021 14:25:29 +0000 Jonathan Cameron <Jonathan.Cameron@Huawei.com> wrote: > On Wed, 17 Mar 2021 18:30:26 -0700 > Dan Williams <dan.j.williams@intel.com> wrote: > > > Btw your mailer does something odd with the "In-Reply-To:" field, I > > need to fix it up manually to include your address. > > > > On Tue, Mar 16, 2021 at 4:28 PM Chris Browy <cbrowy@avery-design.com> wrote: > > > > > > Please address and clarify 2 queries below... > > > > > > > > > > On Mar 16, 2021, at 2:14 PM, Dan Williams <dan.j.williams@intel.com> wrote: > > > > > > > > On Tue, Mar 16, 2021 at 9:31 AM Jonathan Cameron > > > > <Jonathan.Cameron@huawei.com> wrote: > > > >> > > > >> On Mon, 15 Mar 2021 12:45:49 -0700 > > > >> Dan Williams <dan.j.williams@intel.com> wrote: > > > >> > > > >>> Hey Jonathan, happy to see this, some comments below... > > > >> > > > >> Hi Dan, > > > >> > > > >> Thanks for taking a look! > > > >> > > > >>> > > > >>> On Wed, Mar 10, 2021 at 10:08 AM Jonathan Cameron > > > >>> <Jonathan.Cameron@huawei.com> wrote: > > > >>>> > > > >>>> Introduced in an ECN to the PCI 5.0, DOE provides a config space > > > >>>> based mailbox with standard protocol discovery. Each mailbox > > > >>>> is accessed through a DOE PCIE Extended Capability. > > > >>>> > > > >>>> A device may have 1 or more DOE mailboxes, each of which is allowed > > > >>>> to support any number of protocols (some DOE protocols > > > >>>> specifications apply additional restrictions). A given protocol > > > >>>> may be supported on more than one DOE mailbox on a given function. > > > >>> > > > >>> Are all those protocol instances shared? > > > >>> I'm trying to mental model > > > >>> whether, for example, an auxiliary driver instance could be loaded per > > > >>> DOE mailbox, or if there would need to be coordination of a given > > > >>> protocol no matter how many DOE mailboxes on that device implemented > > > >>> that protocol. > > > >> > > > >> Just to check I've understood corectly, you mean multiple instances of same > > > >> protocol across different DOE mailboxes on a given device? > > > >> > > > > > > > > Right. > > > > > > Could you confirm this case for clarity? A CXL device may have multiple VF/PF. > > > For example, PF=0 could have one or more DOE instances for CDAT protocol. > > > The driver will scan PF=0 for all DOE instances and finding one or more of CDAT > > > protocol will combine/manage them. I had not considered multiple CDAT tables > > > for single PF. For CXL devices with multiple PF’s the same process would be > > > carried out on PF=1-N. > > > > This patch has nothing to do with CXL. This is a general discussion of > > how a PCIE device implements a DOE mailbox or set of mailboxes. The > > DOE definition is PF-only afaics from the DOE specification. > > > > The CXL specification only says that a device can implement a CDAT per > > DOE capability instance, so the CXL spec does not limit the number of > > DOE instances to 1, but I can't think of a practical reason to support > > more than one. > > > > [..] > > > >>> https://cfp.osfc.io/media/osfc2020/submissions/ECQ88N/resources/An_open_source_SPDM_implementation_for_secure_devi_kmIgAQe.pdf > > > >> > > > >> Nice! Looking at CMA / IDE emulation was on my todo list and that looks like > > > >> it might make that job a lot easier. > > > > > > Would it be useful to integrate the openspdm’s SpdmResponderEmu.c onto the QEMU’s CXL Type3 Device’s > > > DOE backend for CMA/IDE testing? Doesn’t look hard to do. > > > > Yes, I do think it would be useful. > > Agreed. Very useful indeed. > > Jonathan > Hi Chris, Just wondering if this qemu/openspdm integration was something your team have had time to look at? I'd like to ideally get a second DOE usecase implemented on the Linux side to prove out the implementation. If it's fallen off your near term todo list I might see if I can hack something together in the meantime. Thanks, Jonathan
> On Jun 17, 2021, at 1:12 PM, Jonathan Cameron <jonathan.cameron@huawei.com> wrote: > > On Thu, 18 Mar 2021 14:25:29 +0000 > Jonathan Cameron <Jonathan.Cameron@Huawei.com> wrote: > >> On Wed, 17 Mar 2021 18:30:26 -0700 >> Dan Williams <dan.j.williams@intel.com> wrote: >> >>> Btw your mailer does something odd with the "In-Reply-To:" field, I >>> need to fix it up manually to include your address. >>> >>> On Tue, Mar 16, 2021 at 4:28 PM Chris Browy <cbrowy@avery-design.com> wrote: >>>> >>>> Please address and clarify 2 queries below... >>>> >>>> >>>>> On Mar 16, 2021, at 2:14 PM, Dan Williams <dan.j.williams@intel.com> wrote: >>>>> >>>>> On Tue, Mar 16, 2021 at 9:31 AM Jonathan Cameron >>>>> <Jonathan.Cameron@huawei.com> wrote: >>>>>> >>>>>> On Mon, 15 Mar 2021 12:45:49 -0700 >>>>>> Dan Williams <dan.j.williams@intel.com> wrote: >>>>>> >>>>>>> Hey Jonathan, happy to see this, some comments below... >>>>>> >>>>>> Hi Dan, >>>>>> >>>>>> Thanks for taking a look! >>>>>> >>>>>>> >>>>>>> On Wed, Mar 10, 2021 at 10:08 AM Jonathan Cameron >>>>>>> <Jonathan.Cameron@huawei.com> wrote: >>>>>>>> >>>>>>>> Introduced in an ECN to the PCI 5.0, DOE provides a config space >>>>>>>> based mailbox with standard protocol discovery. Each mailbox >>>>>>>> is accessed through a DOE PCIE Extended Capability. >>>>>>>> >>>>>>>> A device may have 1 or more DOE mailboxes, each of which is allowed >>>>>>>> to support any number of protocols (some DOE protocols >>>>>>>> specifications apply additional restrictions). A given protocol >>>>>>>> may be supported on more than one DOE mailbox on a given function. >>>>>>> >>>>>>> Are all those protocol instances shared? >>>>>>> I'm trying to mental model >>>>>>> whether, for example, an auxiliary driver instance could be loaded per >>>>>>> DOE mailbox, or if there would need to be coordination of a given >>>>>>> protocol no matter how many DOE mailboxes on that device implemented >>>>>>> that protocol. >>>>>> >>>>>> Just to check I've understood corectly, you mean multiple instances of same >>>>>> protocol across different DOE mailboxes on a given device? >>>>>> >>>>> >>>>> Right. >>>> >>>> Could you confirm this case for clarity? A CXL device may have multiple VF/PF. >>>> For example, PF=0 could have one or more DOE instances for CDAT protocol. >>>> The driver will scan PF=0 for all DOE instances and finding one or more of CDAT >>>> protocol will combine/manage them. I had not considered multiple CDAT tables >>>> for single PF. For CXL devices with multiple PF’s the same process would be >>>> carried out on PF=1-N. >>> >>> This patch has nothing to do with CXL. This is a general discussion of >>> how a PCIE device implements a DOE mailbox or set of mailboxes. The >>> DOE definition is PF-only afaics from the DOE specification. >>> >>> The CXL specification only says that a device can implement a CDAT per >>> DOE capability instance, so the CXL spec does not limit the number of >>> DOE instances to 1, but I can't think of a practical reason to support >>> more than one. >>> >>> [..] >>>>>>> https://cfp.osfc.io/media/osfc2020/submissions/ECQ88N/resources/An_open_source_SPDM_implementation_for_secure_devi_kmIgAQe.pdf >>>>>> >>>>>> Nice! Looking at CMA / IDE emulation was on my todo list and that looks like >>>>>> it might make that job a lot easier. >>>> >>>> Would it be useful to integrate the openspdm’s SpdmResponderEmu.c onto the QEMU’s CXL Type3 Device’s >>>> DOE backend for CMA/IDE testing? Doesn’t look hard to do. >>> >>> Yes, I do think it would be useful. >> >> Agreed. Very useful indeed. >> >> Jonathan >> > > Hi Chris, > > Just wondering if this qemu/openspdm integration was something your team have > had time to look at? I'd like to ideally get a second DOE usecase > implemented on the Linux side to prove out the implementation. > > If it's fallen off your near term todo list I might see if I can hack > something together in the meantime. We have been working on this. The plan was 1) implement modified version of openspdm requester running as QEMU app to pass DOE via CXL driver IOCTL’s to do DOE (DONE) 2) enhance cxl_type3.c to call openspdm responder to implement device side SPDM (NOT DONE) 3) enhance the Avery CXL Type 3 device SystemVerilog model to call opensldm responder to implement device side SPDM (DONE) Currently we run 1) and 3) using our QEMU co-sim environment. Huai-Cheng can probably finish 2) next week so we can run entirely in QEMU stand-alone environment. > > Thanks, > > Jonathan
diff --git a/drivers/pci/pcie/Kconfig b/drivers/pci/pcie/Kconfig index 45a2ef702b45..f1cada7790fd 100644 --- a/drivers/pci/pcie/Kconfig +++ b/drivers/pci/pcie/Kconfig @@ -142,3 +142,11 @@ config PCIE_EDR the PCI Firmware Specification r3.2. Enable this if you want to support hybrid DPC model which uses both firmware and OS to implement DPC. + +config PCIE_DOE + bool "PCI Express Data Object Exchange support" + help + This enables library support PCI Data Object Exchange capability. + DOE provides a simple mailbox in PCI express config space that is + used by a number of different protocols. + It is defined in he Data Object Exchnage ECN to PCI 5.0. diff --git a/drivers/pci/pcie/Makefile b/drivers/pci/pcie/Makefile index b2980db88cc0..801fdd5fbfc1 100644 --- a/drivers/pci/pcie/Makefile +++ b/drivers/pci/pcie/Makefile @@ -13,3 +13,4 @@ obj-$(CONFIG_PCIE_PME) += pme.o obj-$(CONFIG_PCIE_DPC) += dpc.o obj-$(CONFIG_PCIE_PTM) += ptm.o obj-$(CONFIG_PCIE_EDR) += edr.o +obj-$(CONFIG_PCIE_DOE) += doe.o diff --git a/drivers/pci/pcie/doe.c b/drivers/pci/pcie/doe.c new file mode 100644 index 000000000000..b091ef379362 --- /dev/null +++ b/drivers/pci/pcie/doe.c @@ -0,0 +1,284 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Data Object Exchange was added to the PCI spec as an ECN to 5.0. + * + * Copyright (C) 2021 Huawei + * Jonathan Cameron <Jonathan.Cameron@huawei.com> + */ + +#include <linux/bitfield.h> +#include <linux/delay.h> +#include <linux/jiffies.h> +#include <linux/mutex.h> +#include <linux/pci.h> +#include <linux/pcie-doe.h> + +static irqreturn_t doe_irq(int irq, void *data) +{ + struct pcie_doe *doe = data; + struct pci_dev *pdev = doe->pdev; + u32 val; + + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, &val); + if (FIELD_GET(PCI_DOE_STATUS_INT_STATUS, val)) { + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, + val); + complete(&doe->c); + return IRQ_HANDLED; + } + /* Leave the error case to be handled outside irq */ + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { + complete(&doe->c); + return IRQ_HANDLED; + } + + return IRQ_NONE; +} + +static int pcie_doe_abort(struct pcie_doe *doe) +{ + struct pci_dev *pdev = doe->pdev; + int retry = 0; + u32 val; + + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_CTRL, + PCI_DOE_CTRL_ABORT); + /* Abort is allowed to take up to 1 second */ + do { + retry++; + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, + &val); + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val) && + !FIELD_GET(PCI_DOE_STATUS_BUSY, val)) + return 0; + usleep_range(1000, 2000); + } while (retry < 1000); + + return -EIO; +} + +/** + * pcie_doe_init() - Initialise a Data Object Exchange mailbox + * @doe: state structure for the DOE mailbox + * @pdev: pci device which has this DOE mailbox + * @doe_offset: offset in configuration space of the DOE extended capability. + * @use_int: whether to use the optional interrupt + * Returns: 0 on success, <0 on error + * + * Caller responsible for calling pci_alloc_irq_vectors() including DOE + * interrupt. + */ +int pcie_doe_init(struct pcie_doe *doe, struct pci_dev *pdev, int doe_offset, + bool use_int) +{ + u32 val; + int rc; + + mutex_init(&doe->lock); + init_completion(&doe->c); + doe->cap_offset = doe_offset; + doe->pdev = pdev; + /* Reset the mailbox by issuing an abort */ + rc = pcie_doe_abort(doe); + if (rc) + return rc; + + pci_read_config_dword(pdev, doe_offset + PCI_DOE_CAP, &val); + + if (use_int && FIELD_GET(PCI_DOE_CAP_INT, val)) { + rc = devm_request_irq(&pdev->dev, + pci_irq_vector(pdev, + FIELD_GET(PCI_DOE_CAP_IRQ, val)), + doe_irq, 0, "DOE", doe); + if (rc) + return rc; + + doe->use_int = use_int; + pci_write_config_dword(pdev, doe_offset + PCI_DOE_CTRL, + FIELD_PREP(PCI_DOE_CTRL_INT_EN, 1)); + } + + return 0; +} + + +/** + * pcie_doe_exchange() - Send a request and receive a response + * @doe: DOE mailbox state structure + * @request: request data to be sent + * @request_sz: size of request in bytes + * @response: buffer into which to place the response + * @response_sz: size of available response buffer in bytes + * + * Return: 0 on success, < 0 on error + * Excess data will be discarded. + */ +int pcie_doe_exchange(struct pcie_doe *doe, u32 *request, size_t request_sz, + u32 *response, size_t response_sz) +{ + struct pci_dev *pdev = doe->pdev; + int ret = 0; + int i; + u32 val; + int retry = -1; + size_t length; + + /* DOE requests must be a whole number of DW */ + if (request_sz % sizeof(u32)) + return -EINVAL; + + /* Need at least 2 DW to get the length */ + if (response_sz < 2 * sizeof(u32)) + return -EINVAL; + + mutex_lock(&doe->lock); + /* + * Check the DOE busy bit is not set. + * If it is set, this could indicate someone other than Linux is + * using the mailbox. + */ + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, &val); + if (FIELD_GET(PCI_DOE_STATUS_BUSY, val)) { + ret = -EBUSY; + goto unlock; + } + + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { + ret = pcie_doe_abort(doe); + if (ret) + goto unlock; + } + + for (i = 0; i < request_sz / 4; i++) + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_WRITE, + request[i]); + + reinit_completion(&doe->c); + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_CTRL, + PCI_DOE_CTRL_GO); + + if (doe->use_int) { + /* + * Timeout of 1 second from 6.xx.1 ECN - Data Object Exchange + * Note a protocol is allowed to specify a different timeout, so + * that may need supporting in future. + */ + if (!wait_for_completion_timeout(&doe->c, + msecs_to_jiffies(1000))) { + ret = -ETIMEDOUT; + goto unlock; + } + + pci_read_config_dword(pdev, + doe->cap_offset + PCI_DOE_STATUS, + &val); + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { + pcie_doe_abort(doe); + ret = -EIO; + goto unlock; + } + } else { + do { + retry++; + pci_read_config_dword(pdev, + doe->cap_offset + PCI_DOE_STATUS, + &val); + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { + pcie_doe_abort(doe); + ret = -EIO; + goto unlock; + } + + if (FIELD_GET(PCI_DOE_STATUS_DATA_OBJECT_READY, val)) + break; + usleep_range(1000, 2000); + } while (retry < 1000); + if (!FIELD_GET(PCI_DOE_STATUS_DATA_OBJECT_READY, val)) { + ret = -ETIMEDOUT; + goto unlock; + } + } + + /* Read the first two dwords to get the length */ + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, + &response[0]); + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, + &response[1]); + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); + length = FIELD_GET(PCI_DOE_DATA_OBJECT_HEADER_2_LENGTH, + response[1]); + if (length > SZ_1M) + return -EIO; + + for (i = 2; i < min(length, response_sz / 4); i++) { + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, + &response[i]); + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); + } + /* flush excess length */ + for (; i < length; i++) { + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, + &val); + pci_write_config_dword(pdev, doe->cap_offset + PCI_DOE_READ, 0); + } + /* Final error check to pick up on any since Data Object Ready */ + pci_read_config_dword(pdev, doe->cap_offset + PCI_DOE_STATUS, &val); + if (FIELD_GET(PCI_DOE_STATUS_ERROR, val)) { + pcie_doe_abort(doe); + ret = -EIO; + } +unlock: + mutex_unlock(&doe->lock); + + return ret; +} + + +static int pcie_doe_discovery(struct pcie_doe *doe, u8 *index, u16 *vid, u8 *protocol) +{ + u32 request[3] = { + [0] = FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_1_VID, 0001) | + FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_1_TYPE, 0), + [1] = FIELD_PREP(PCI_DOE_DATA_OBJECT_HEADER_2_LENGTH, 3), + [2] = FIELD_PREP(PCI_DOE_DATA_OBJECT_DISC_REQ_3_INDEX, *index) + }; + u32 response[3]; + int ret; + + ret = pcie_doe_exchange(doe, request, sizeof(request), response, sizeof(response)); + if (ret) + return ret; + + *vid = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_VID, response[2]); + *protocol = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_PROTOCOL, response[2]); + *index = FIELD_GET(PCI_DOE_DATA_OBJECT_DISC_RSP_3_NEXT_INDEX, response[2]); + + return 0; +} + +/** + * pcie_doe_protocol_check() - check if this DOE mailbox supports specific protocol + * @doe: DOE state structure + * @vid: Vendor ID + * @protocol: Protocol number as defined by Vendor + * Returns: 0 on success, <0 on error + */ +int pcie_doe_protocol_check(struct pcie_doe *doe, u16 vid, u8 protocol) +{ + u8 index = 0; + + do { + u8 this_protocol; + u16 this_vid; + int ret; + + ret = pcie_doe_discovery(doe, &index, &this_vid, &this_protocol); + if (ret) + return ret; + if (this_vid == vid && this_protocol == protocol) + return 0; + } while (index); + + return -ENODEV; +} diff --git a/include/linux/pcie-doe.h b/include/linux/pcie-doe.h new file mode 100644 index 000000000000..36eaa8532254 --- /dev/null +++ b/include/linux/pcie-doe.h @@ -0,0 +1,35 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Data Object Exchange was added to the PCI spec as an ECN to 5.0. + * + * Copyright (C) 2021 Huawei + * Jonathan Cameron <Jonathan.Cameron@huawei.com> + */ + +#include <linux/completion.h> +#include <linux/mutex.h> + +#ifndef LINUX_PCIE_DOE_H +#define LINUX_PCIE_DOE_H +/** + * struct pcie_doe - State to support use of DOE mailbox + * @lock: Ensure users of the mailbox are serialized + * @cap_offset: Config space offset to base of DOE capability. + * @pdev: PCI device that hosts this DOE. + * @c: Completion used for interrupt handling. + * @use_int: Flage to indicate if interrupts rather than polling used. + */ +struct pcie_doe { + struct mutex lock; + int cap_offset; + struct pci_dev *pdev; + struct completion c; + bool use_int; +}; + +int pcie_doe_init(struct pcie_doe *doe, struct pci_dev *dev, int doe_offset, + bool use_int); +int pcie_doe_exchange(struct pcie_doe *doe, u32 *request, size_t request_sz, + u32 *response, size_t response_sz); +int pcie_doe_protocol_check(struct pcie_doe *doe, u16 vid, u8 protocol); +#endif diff --git a/include/uapi/linux/pci_regs.h b/include/uapi/linux/pci_regs.h index e709ae8235e7..4d8a5fee2cdf 100644 --- a/include/uapi/linux/pci_regs.h +++ b/include/uapi/linux/pci_regs.h @@ -730,7 +730,8 @@ #define PCI_EXT_CAP_ID_DVSEC 0x23 /* Designated Vendor-Specific */ #define PCI_EXT_CAP_ID_DLF 0x25 /* Data Link Feature */ #define PCI_EXT_CAP_ID_PL_16GT 0x26 /* Physical Layer 16.0 GT/s */ -#define PCI_EXT_CAP_ID_MAX PCI_EXT_CAP_ID_PL_16GT +#define PCI_EXT_CAP_ID_DOE 0x2E /* Data Object Exchange */ +#define PCI_EXT_CAP_ID_MAX PCI_EXT_CAP_ID_DOE #define PCI_EXT_CAP_DSN_SIZEOF 12 #define PCI_EXT_CAP_MCAST_ENDPOINT_SIZEOF 40 @@ -1092,4 +1093,30 @@ #define PCI_PL_16GT_LE_CTRL_USP_TX_PRESET_MASK 0x000000F0 #define PCI_PL_16GT_LE_CTRL_USP_TX_PRESET_SHIFT 4 +/* Data Object Exchange */ +#define PCI_DOE_CAP 0x04 /* DOE Capabilities Register */ +#define PCI_DOE_CAP_INT 0x00000001 /* Interrupt Support */ +#define PCI_DOE_CAP_IRQ 0x00000ffe /* Interrupt Message Number */ +#define PCI_DOE_CTRL 0x08 /* DOE Control Register */ +#define PCI_DOE_CTRL_ABORT 0x00000001 /* DOE Abort */ +#define PCI_DOE_CTRL_INT_EN 0x00000002 /* DOE Interrupt Enable */ +#define PCI_DOE_CTRL_GO 0x80000000 /* DOE Go */ +#define PCI_DOE_STATUS 0x0C /* DOE Status Register */ +#define PCI_DOE_STATUS_BUSY 0x00000001 /* DOE Busy */ +#define PCI_DOE_STATUS_INT_STATUS 0x00000002 /* DOE Interrupt Status */ +#define PCI_DOE_STATUS_ERROR 0x00000004 /* DOE Error */ +#define PCI_DOE_STATUS_DATA_OBJECT_READY 0x80000000 /* Data Object Ready */ +#define PCI_DOE_WRITE 0x10 /* DOE Write Data Mailbox Register */ +#define PCI_DOE_READ 0x14 /* DOE Read Data Mailbox Register */ + +/* DOE Data Object - note not actually registers */ +#define PCI_DOE_DATA_OBJECT_HEADER_1_VID 0x0000FFFF +#define PCI_DOE_DATA_OBJECT_HEADER_1_TYPE 0x00FF0000 +#define PCI_DOE_DATA_OBJECT_HEADER_2_LENGTH 0x0003FFFF + +#define PCI_DOE_DATA_OBJECT_DISC_REQ_3_INDEX 0x000000FF +#define PCI_DOE_DATA_OBJECT_DISC_RSP_3_VID 0x0000FFFF +#define PCI_DOE_DATA_OBJECT_DISC_RSP_3_PROTOCOL 0x00FF0000 +#define PCI_DOE_DATA_OBJECT_DISC_RSP_3_NEXT_INDEX 0xFF000000 + #endif /* LINUX_PCI_REGS_H */
Introduced in an ECN to the PCI 5.0, DOE provides a config space based mailbox with standard protocol discovery. Each mailbox is accessed through a DOE PCIE Extended Capability. A device may have 1 or more DOE mailboxes, each of which is allowed to support any number of protocols (some DOE protocols specifications apply additional restrictions). A given protocol may be supported on more than one DOE mailbox on a given function. The current infrastructure is fairly simplistic and pushes the burden of handling this many-to-many relantionship to the drivers. In many cases the arrangement will be static, making this straight forward. Open questions: * timeouts: The DOE specification allows for 1 second for some operations, but notes that specific protocols may have different requirements. Should we introduce the flexiblity now, or leave that to be implemented when support for such a protocol is added? * DOE mailboxes may use MSI / MSIX to signal that the have prepared a response. These require normal conditions are setup by the driver. Should we move some of this into the DOE support (such as ensuring bus mastering is enabled)? Testing conducted against QEMU using: https://lore.kernel.org/qemu-devel/1612900760-7361-1-git-send-email-cbrowy@avery-design.com/ + fix for interrupt flag mentioned in that thread. Additional testing to be done, particularly around error handling. Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> --- drivers/pci/pcie/Kconfig | 8 + drivers/pci/pcie/Makefile | 1 + drivers/pci/pcie/doe.c | 284 ++++++++++++++++++++++++++++++++++ include/linux/pcie-doe.h | 35 +++++ include/uapi/linux/pci_regs.h | 29 +++- 5 files changed, 356 insertions(+), 1 deletion(-)