diff mbox series

perf: arm_spe: Use Inner Shareable DSB when draining the buffer

Message ID 20201006150520.161985-1-alexandru.elisei@arm.com (mailing list archive)
State New, archived
Headers show
Series perf: arm_spe: Use Inner Shareable DSB when draining the buffer | expand

Commit Message

Alexandru Elisei Oct. 6, 2020, 3:05 p.m. UTC
From ARM DDI 0487F.b, page D9-2807:

"Although the Statistical Profiling Extension acts as another observer in
the system, for determining the Shareability domain of the DSB
instructions, the writes of sample records are treated as coming from the
PE that is being profiled."

Similarly, on page D9-2801:

"The memory type and attributes that are used for a write by the
Statistical Profiling Extension to the Profiling Buffer is taken from the
translation table entries for the virtual address being written to. That
is:
- The writes are treated as coming from an observer that is coherent with
  all observers in the Shareability domain that is defined by the
  translation tables."

All the PEs are in the Inner Shareable domain, use a DSB ISH to make sure
writes to the profiling buffer have completed.

Fixes: d5d9696b0380 ("drivers/perf: Add support for ARMv8.2 Statistical Profiling Extension")
Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
---
Found by code inspection.

All the places where the buffer was drained were found by using the command
"grep -r psb_csync".

 arch/arm64/kvm/hyp/nvhe/debug-sr.c | 2 +-
 drivers/perf/arm_spe_pmu.c         | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

Comments

Marc Zyngier Oct. 6, 2020, 3:32 p.m. UTC | #1
Hi Alex,

On Tue, 06 Oct 2020 16:05:20 +0100,
Alexandru Elisei <alexandru.elisei@arm.com> wrote:
> 
> From ARM DDI 0487F.b, page D9-2807:
> 
> "Although the Statistical Profiling Extension acts as another observer in
> the system, for determining the Shareability domain of the DSB
> instructions, the writes of sample records are treated as coming from the
> PE that is being profiled."
> 
> Similarly, on page D9-2801:
> 
> "The memory type and attributes that are used for a write by the
> Statistical Profiling Extension to the Profiling Buffer is taken from the
> translation table entries for the virtual address being written to. That
> is:
> - The writes are treated as coming from an observer that is coherent with
>   all observers in the Shareability domain that is defined by the
>   translation tables."
> 
> All the PEs are in the Inner Shareable domain, use a DSB ISH to make sure
> writes to the profiling buffer have completed.

I'm a bit sceptical of this change. The SPE writes are per-CPU, and
all we are trying to ensure is that the CPU we are running on has
drained its own queue of accesses.

The accesses being made within the IS domain doesn't invalidate the
fact that they are still per-CPU, because "the writes of sample
records are treated as coming from the PE that is being profiled.".

So why should we have an IS-wide synchronisation for accesses that are
purely local?

	M.
Alexandru Elisei Oct. 6, 2020, 4:13 p.m. UTC | #2
Hi Marc,

Thank you for having a look at the patch!

On 10/6/20 4:32 PM, Marc Zyngier wrote:
> Hi Alex,
>
> On Tue, 06 Oct 2020 16:05:20 +0100,
> Alexandru Elisei <alexandru.elisei@arm.com> wrote:
>> From ARM DDI 0487F.b, page D9-2807:
>>
>> "Although the Statistical Profiling Extension acts as another observer in
>> the system, for determining the Shareability domain of the DSB
>> instructions, the writes of sample records are treated as coming from the
>> PE that is being profiled."
>>
>> Similarly, on page D9-2801:
>>
>> "The memory type and attributes that are used for a write by the
>> Statistical Profiling Extension to the Profiling Buffer is taken from the
>> translation table entries for the virtual address being written to. That
>> is:
>> - The writes are treated as coming from an observer that is coherent with
>>   all observers in the Shareability domain that is defined by the
>>   translation tables."
>>
>> All the PEs are in the Inner Shareable domain, use a DSB ISH to make sure
>> writes to the profiling buffer have completed.
> I'm a bit sceptical of this change. The SPE writes are per-CPU, and
> all we are trying to ensure is that the CPU we are running on has
> drained its own queue of accesses.
>
> The accesses being made within the IS domain doesn't invalidate the
> fact that they are still per-CPU, because "the writes of sample
> records are treated as coming from the PE that is being profiled.".
>
> So why should we have an IS-wide synchronisation for accesses that are
> purely local?

I think I might have misunderstood how perf spe works. Below is my original train
of thought.

In the buffer management event interrupt we drain the buffer, and if the buffer is
full, we call arm_spe_perf_aux_output_end() -> perf_aux_output_end(). The comment
for perf_aux_output_end() says "Commit the data written by hardware into the ring
buffer by adjusting aux_head and posting a PERF_RECORD_AUX into the perf buffer.
It is the pmu driver's responsibility to observe ordering rules of the hardware,
so that all the data is externally visible before this is called." My conclusion
was that after we drain the buffer, the data must be visible to all CPUs.

From the definition of non-shareable memory (ARM DDI0487F.b, page B2-155):

"For Normal memory locations, the Non-shareable attribute identifies Normal memory
that is likely to be accessed only by a single PE. A location in Normal memory
with the Non-shareable attribute does not require the hardware to make data
accesses by different observers coherent, unless the memory is Non-cacheable."

Linux configures all memory to be Inner Shareable (SH[1:0] = 0b11), *not*
Non-shareable (SH[1:0] = 0b00). I think that the DSB NSH doesn't really do
anything, because the PE will not do any accesses to Non-shareable memory, and we
end up breaking the assumption of perf_aux_output_end().

Did I make a mistake in my reasoning?

Thanks,
Alex
Mark Rutland Oct. 19, 2020, 12:24 p.m. UTC | #3
On Tue, Oct 06, 2020 at 05:13:31PM +0100, Alexandru Elisei wrote:
> Hi Marc,
> 
> Thank you for having a look at the patch!
> 
> On 10/6/20 4:32 PM, Marc Zyngier wrote:
> > Hi Alex,
> >
> > On Tue, 06 Oct 2020 16:05:20 +0100,
> > Alexandru Elisei <alexandru.elisei@arm.com> wrote:
> >> From ARM DDI 0487F.b, page D9-2807:
> >>
> >> "Although the Statistical Profiling Extension acts as another observer in
> >> the system, for determining the Shareability domain of the DSB
> >> instructions, the writes of sample records are treated as coming from the
> >> PE that is being profiled."
> >>
> >> Similarly, on page D9-2801:
> >>
> >> "The memory type and attributes that are used for a write by the
> >> Statistical Profiling Extension to the Profiling Buffer is taken from the
> >> translation table entries for the virtual address being written to. That
> >> is:
> >> - The writes are treated as coming from an observer that is coherent with
> >>   all observers in the Shareability domain that is defined by the
> >>   translation tables."
> >>
> >> All the PEs are in the Inner Shareable domain, use a DSB ISH to make sure
> >> writes to the profiling buffer have completed.
> > I'm a bit sceptical of this change. The SPE writes are per-CPU, and
> > all we are trying to ensure is that the CPU we are running on has
> > drained its own queue of accesses.
> >
> > The accesses being made within the IS domain doesn't invalidate the
> > fact that they are still per-CPU, because "the writes of sample
> > records are treated as coming from the PE that is being profiled.".
> >
> > So why should we have an IS-wide synchronisation for accesses that are
> > purely local?
> 
> I think I might have misunderstood how perf spe works. Below is my original train
> of thought.
> 
> In the buffer management event interrupt we drain the buffer, and if the buffer is
> full, we call arm_spe_perf_aux_output_end() -> perf_aux_output_end(). The comment
> for perf_aux_output_end() says "Commit the data written by hardware into the ring
> buffer by adjusting aux_head and posting a PERF_RECORD_AUX into the perf buffer.
> It is the pmu driver's responsibility to observe ordering rules of the hardware,
> so that all the data is externally visible before this is called." My conclusion
> was that after we drain the buffer, the data must be visible to all CPUs.

FWIW, this reasoning sounds correct to me. The DSB NSH will be
sufficient to drain the buffer, but we need the DSB ISH to ensure that
it's visbile to other CPUs at the instant we call perf_aux_output_end().

Otherwise, if CPU x is reading the ring-buffer written by CPU y, it
might see the aux buffer pointers updated before the samples are
viisble, and hence read junk from the buffer.

We can add a comment to that effect (or rework perf_aux_output_end()
somehow to handle that ordering).

Thanks,
Mark.
Marc Zyngier Oct. 19, 2020, 12:55 p.m. UTC | #4
On 2020-10-19 13:24, Mark Rutland wrote:
> On Tue, Oct 06, 2020 at 05:13:31PM +0100, Alexandru Elisei wrote:
>> Hi Marc,
>> 
>> Thank you for having a look at the patch!
>> 
>> On 10/6/20 4:32 PM, Marc Zyngier wrote:
>> > Hi Alex,
>> >
>> > On Tue, 06 Oct 2020 16:05:20 +0100,
>> > Alexandru Elisei <alexandru.elisei@arm.com> wrote:
>> >> From ARM DDI 0487F.b, page D9-2807:
>> >>
>> >> "Although the Statistical Profiling Extension acts as another observer in
>> >> the system, for determining the Shareability domain of the DSB
>> >> instructions, the writes of sample records are treated as coming from the
>> >> PE that is being profiled."
>> >>
>> >> Similarly, on page D9-2801:
>> >>
>> >> "The memory type and attributes that are used for a write by the
>> >> Statistical Profiling Extension to the Profiling Buffer is taken from the
>> >> translation table entries for the virtual address being written to. That
>> >> is:
>> >> - The writes are treated as coming from an observer that is coherent with
>> >>   all observers in the Shareability domain that is defined by the
>> >>   translation tables."
>> >>
>> >> All the PEs are in the Inner Shareable domain, use a DSB ISH to make sure
>> >> writes to the profiling buffer have completed.
>> > I'm a bit sceptical of this change. The SPE writes are per-CPU, and
>> > all we are trying to ensure is that the CPU we are running on has
>> > drained its own queue of accesses.
>> >
>> > The accesses being made within the IS domain doesn't invalidate the
>> > fact that they are still per-CPU, because "the writes of sample
>> > records are treated as coming from the PE that is being profiled.".
>> >
>> > So why should we have an IS-wide synchronisation for accesses that are
>> > purely local?
>> 
>> I think I might have misunderstood how perf spe works. Below is my 
>> original train
>> of thought.
>> 
>> In the buffer management event interrupt we drain the buffer, and if 
>> the buffer is
>> full, we call arm_spe_perf_aux_output_end() -> perf_aux_output_end(). 
>> The comment
>> for perf_aux_output_end() says "Commit the data written by hardware 
>> into the ring
>> buffer by adjusting aux_head and posting a PERF_RECORD_AUX into the 
>> perf buffer.
>> It is the pmu driver's responsibility to observe ordering rules of the 
>> hardware,
>> so that all the data is externally visible before this is called." My 
>> conclusion
>> was that after we drain the buffer, the data must be visible to all 
>> CPUs.
> 
> FWIW, this reasoning sounds correct to me. The DSB NSH will be
> sufficient to drain the buffer, but we need the DSB ISH to ensure that
> it's visbile to other CPUs at the instant we call 
> perf_aux_output_end().

Right. I think I missed that last bit (and Alex's email at the same 
time).

> Otherwise, if CPU x is reading the ring-buffer written by CPU y, it
> might see the aux buffer pointers updated before the samples are
> viisble, and hence read junk from the buffer.
> 
> We can add a comment to that effect (or rework perf_aux_output_end()
> somehow to handle that ordering).

I'd rather this is done in perf_aux_output_end(), as a full blown DSB 
ISH
on guest entry is pretty harsh... It would also nicely split the 
responsibilities:

- KVM stops SPE and make sure the output is drained
- Perf makes the data visible to all CPUs

Thoughts?

         M.
Will Deacon Oct. 19, 2020, 1:01 p.m. UTC | #5
On Mon, Oct 19, 2020 at 01:24:55PM +0100, Mark Rutland wrote:
> On Tue, Oct 06, 2020 at 05:13:31PM +0100, Alexandru Elisei wrote:
> > On 10/6/20 4:32 PM, Marc Zyngier wrote:
> > > On Tue, 06 Oct 2020 16:05:20 +0100,
> > > Alexandru Elisei <alexandru.elisei@arm.com> wrote:
> > >> From ARM DDI 0487F.b, page D9-2807:
> > >>
> > >> "Although the Statistical Profiling Extension acts as another observer in
> > >> the system, for determining the Shareability domain of the DSB
> > >> instructions, the writes of sample records are treated as coming from the
> > >> PE that is being profiled."
> > >>
> > >> Similarly, on page D9-2801:
> > >>
> > >> "The memory type and attributes that are used for a write by the
> > >> Statistical Profiling Extension to the Profiling Buffer is taken from the
> > >> translation table entries for the virtual address being written to. That
> > >> is:
> > >> - The writes are treated as coming from an observer that is coherent with
> > >>   all observers in the Shareability domain that is defined by the
> > >>   translation tables."
> > >>
> > >> All the PEs are in the Inner Shareable domain, use a DSB ISH to make sure
> > >> writes to the profiling buffer have completed.
> > > I'm a bit sceptical of this change. The SPE writes are per-CPU, and
> > > all we are trying to ensure is that the CPU we are running on has
> > > drained its own queue of accesses.
> > >
> > > The accesses being made within the IS domain doesn't invalidate the
> > > fact that they are still per-CPU, because "the writes of sample
> > > records are treated as coming from the PE that is being profiled.".
> > >
> > > So why should we have an IS-wide synchronisation for accesses that are
> > > purely local?
> > 
> > I think I might have misunderstood how perf spe works. Below is my original train
> > of thought.
> > 
> > In the buffer management event interrupt we drain the buffer, and if the buffer is
> > full, we call arm_spe_perf_aux_output_end() -> perf_aux_output_end(). The comment
> > for perf_aux_output_end() says "Commit the data written by hardware into the ring
> > buffer by adjusting aux_head and posting a PERF_RECORD_AUX into the perf buffer.
> > It is the pmu driver's responsibility to observe ordering rules of the hardware,
> > so that all the data is externally visible before this is called." My conclusion
> > was that after we drain the buffer, the data must be visible to all CPUs.
> 
> FWIW, this reasoning sounds correct to me. The DSB NSH will be
> sufficient to drain the buffer, but we need the DSB ISH to ensure that
> it's visbile to other CPUs at the instant we call perf_aux_output_end().
> 
> Otherwise, if CPU x is reading the ring-buffer written by CPU y, it
> might see the aux buffer pointers updated before the samples are
> viisble, and hence read junk from the buffer.
> 
> We can add a comment to that effect (or rework perf_aux_output_end()
> somehow to handle that ordering).

Given that DSB is about completion rather than ordering, completion only
matters for endpoints and the endpoint in this scenarion is part of the
same observer, DSB NSH should be sufficient. Ordering of accesses as
observed by other CPUs should be handled with DMB or acquire/release.

So if the aux buffer code is missing barriers, we should add them there,
like you proposed before:

https://lore.kernel.org/lkml/20180510130632.34497-1-mark.rutland@arm.com/

What happened to that?

Will
diff mbox series

Patch

diff --git a/arch/arm64/kvm/hyp/nvhe/debug-sr.c b/arch/arm64/kvm/hyp/nvhe/debug-sr.c
index 91a711aa8382..e05a08c5ad1f 100644
--- a/arch/arm64/kvm/hyp/nvhe/debug-sr.c
+++ b/arch/arm64/kvm/hyp/nvhe/debug-sr.c
@@ -43,7 +43,7 @@  static void __debug_save_spe(u64 *pmscr_el1)
 
 	/* Now drain all buffered data to memory */
 	psb_csync();
-	dsb(nsh);
+	dsb(ish);
 }
 
 static void __debug_restore_spe(u64 pmscr_el1)
diff --git a/drivers/perf/arm_spe_pmu.c b/drivers/perf/arm_spe_pmu.c
index cc00915ad6d1..402892caef34 100644
--- a/drivers/perf/arm_spe_pmu.c
+++ b/drivers/perf/arm_spe_pmu.c
@@ -525,7 +525,7 @@  static void arm_spe_pmu_disable_and_drain_local(void)
 
 	/* Drain any buffered data */
 	psb_csync();
-	dsb(nsh);
+	dsb(ish);
 
 	/* Disable the profiling buffer */
 	write_sysreg_s(0, SYS_PMBLIMITR_EL1);
@@ -545,7 +545,7 @@  arm_spe_pmu_buf_get_fault_act(struct perf_output_handle *handle)
 	 * aborts have been resolved.
 	 */
 	psb_csync();
-	dsb(nsh);
+	dsb(ish);
 
 	/* Ensure hardware updates to PMBPTR_EL1 are visible */
 	isb();