From patchwork Fri Sep 27 15:54:42 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lorenzo Pieralisi X-Patchwork-Id: 2955681 Return-Path: X-Original-To: patchwork-linux-arm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 3BA9C9F288 for ; Fri, 27 Sep 2013 15:55:58 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 01715202B4 for ; Fri, 27 Sep 2013 15:55:57 +0000 (UTC) Received: from casper.infradead.org (casper.infradead.org [85.118.1.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9471A20295 for ; Fri, 27 Sep 2013 15:55:55 +0000 (UTC) Received: from merlin.infradead.org ([2001:4978:20e::2]) by casper.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1VPaOD-0004jj-6R; Fri, 27 Sep 2013 15:55:33 +0000 Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1VPaO3-00010T-Sz; Fri, 27 Sep 2013 15:55:24 +0000 Received: from service87.mimecast.com ([91.220.42.44]) by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1VPaNz-0000yw-IA for linux-arm-kernel@lists.infradead.org; Fri, 27 Sep 2013 15:55:21 +0000 Received: from cam-owa2.Emea.Arm.com (fw-tnat.cambridge.arm.com [217.140.96.21]) by service87.mimecast.com; Fri, 27 Sep 2013 16:54:53 +0100 Received: from e102568-lin.cambridge.arm.com ([10.1.255.212]) by cam-owa2.Emea.Arm.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 27 Sep 2013 16:54:50 +0100 From: Lorenzo Pieralisi To: linux-arm-kernel@lists.infradead.org, linux-pm@vger.kernel.org Subject: [PATCH v2] arm: vexpress: tc2: fix hotplug/idle/kexec race on cluster power down Date: Fri, 27 Sep 2013 16:54:42 +0100 Message-Id: <1380297282-13021-1-git-send-email-lorenzo.pieralisi@arm.com> X-Mailer: git-send-email 1.8.2.2 X-OriginalArrivalTime: 27 Sep 2013 15:54:50.0509 (UTC) FILETIME=[E618ABD0:01CEBB99] X-MC-Unique: 113092716545300201 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20130927_115520_298860_596DBD39 X-CRM114-Status: GOOD ( 16.10 ) X-Spam-Score: -2.6 (--) Cc: Nicolas Pitre , Lorenzo Pieralisi , Sudeep KarkadaNagesha , Kevin Hilman , Olof Johansson , Dave Martin X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Spam-Status: No, score=-6.6 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On the TC2 testchip, when all CPUs in a cluster enter standbywfi and commit a power down request, the power controller will wait for standbywfil2 coming from L2 cache controller to shut the cluster down. By the time all CPUs in a cluster commit a power down request and enter wfi, the power controller cannot backtrack, or put it another way, a CPU must not be allowed to complete execution independently of the power controller, the only way for it to resume properly must be upon wake-up IRQ pending and subsequent reset triggered from the power controller. Current MCPM back-end for TC2 disables the GIC CPU IF only when power down is committed through the tc2_pm_suspend() method, that makes sense since a suspended CPU is still online and can receive interrupts whereas a hotplugged CPU, since it is offline, migrated all IRQs and shutdown the per-CPU peripherals, hence their PPIs. The flaw with this reasoning is the following. If all CPUs in a clusters are entering a power down state either through CPU idle or CPU hotplug, when the last man successfully completes the MCPM power down sequence (and executes wfi), power controller waits for L2 wfi signal to quiesce the cluster and shut it down. If, when all CPUs are sitting in wfi, an online CPU hotplugs back in one of the CPUs in the cluster being shutdown, that CPU receives an IPI that causes wfi to complete (since tc2_pm_down() method does not disable the GIC CPU IF in that case - CPU being hotplugged out, not idle) and the power controller will never see the stanbywfil2 signal coming from L2 that is required for shutdown to happen and the system deadlocks. Further to this issue, kexec hotplugs secondary CPUs out during kernel reload/restart. Because kexec may (deliberately) trash the old kernel text, it is not OK for CPUs to follow the MCPM soft reboot path, since instructions after the WFI may have been replaced by kexec. If tc2_pm_down() does not disable the GIC cpu interface, there is a race between CPU powerdown in the old kernel and the IPI from the new kernel that triggers secondary boot, particularly if the powerdown is slow (due to L2 cache cleaning for example). If the new kernel wins the race, the affected CPU(s) will not really be reset and may execute garbage after the WFI. The only solution to this problem consists in disabling the GIC CPU IF on a CPU committed to power down regardless of the power down entry method (CPU hotplug or CPU idle). This way, CPU wake-up is under power controller control, which prevents unexpected wfi exit caused by a pending IRQ. This patch moves the GIC CPU IF disable call in the TC2 MCPM implementation from the tc2_pm_suspend() method to the tc2_pm_down() method to fix the mentioned race condition(s). Reviewed-by: Dave Martin Tested-by: Dave Martin (for kexec) Signed-off-by: Lorenzo Pieralisi Signed-off-by: Sudeep KarkadaNagesha Acked-by: Nicolas Pitre --- arch/arm/mach-vexpress/tc2_pm.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/arch/arm/mach-vexpress/tc2_pm.c b/arch/arm/mach-vexpress/tc2_pm.c index 7aeb5d6..e6eb481 100644 --- a/arch/arm/mach-vexpress/tc2_pm.c +++ b/arch/arm/mach-vexpress/tc2_pm.c @@ -131,6 +131,16 @@ static void tc2_pm_down(u64 residency) } else BUG(); + /* + * If the CPU is committed to power down, make sure + * the power controller will be in charge of waking it + * up upon IRQ, ie IRQ lines are cut from GIC CPU IF + * to the CPU by disabling the GIC CPU IF to prevent wfi + * from completing execution behind power controller back + */ + if (!skip_wfi) + gic_cpu_if_down(); + if (last_man && __mcpm_outbound_enter_critical(cpu, cluster)) { arch_spin_unlock(&tc2_pm_lock); @@ -231,7 +241,6 @@ static void tc2_pm_suspend(u64 residency) cpu = MPIDR_AFFINITY_LEVEL(mpidr, 0); cluster = MPIDR_AFFINITY_LEVEL(mpidr, 1); ve_spc_set_resume_addr(cluster, cpu, virt_to_phys(mcpm_entry_point)); - gic_cpu_if_down(); tc2_pm_down(residency); }