On Mon, 15 Aug 2022 15:18:09 +0100 Jonathan Cameron via <qemu-devel@nongnu.org> wrote:
> On Fri, 12 Aug 2022 17:15:09 +0100 > Jonathan Cameron <jonathan.came...@huawei.com> wrote: > > > On Fri, 12 Aug 2022 09:03:02 -0700 > > Dan Williams <dan.j.willi...@intel.com> wrote: > > > > > Jonathan Cameron wrote: > > > > On Thu, 11 Aug 2022 18:08:57 +0100 > > > > Jonathan Cameron via <qemu-devel@nongnu.org> wrote: > > > > > > > > > On Tue, 9 Aug 2022 17:08:25 +0100 > > > > > Jonathan Cameron <jonathan.came...@huawei.com> wrote: > > > > > > > > > > > On Tue, 9 Aug 2022 21:07:06 +0800 > > > > > > Bobo WL <lmw.b...@gmail.com> wrote: > > > > > > > > > > > > > Hi Jonathan > > > > > > > > > > > > > > Thanks for your reply! > > > > > > > > > > > > > > On Mon, Aug 8, 2022 at 8:37 PM Jonathan Cameron > > > > > > > <jonathan.came...@huawei.com> wrote: > > > > > > > > > > > > > > > > Probably not related to your problem, but there is a disconnect > > > > > > > > in QEMU / > > > > > > > > kernel assumptionsaround the presence of an HDM decoder when a > > > > > > > > HB only > > > > > > > > has a single root port. Spec allows it to be provided or not as > > > > > > > > an implementation choice. > > > > > > > > Kernel assumes it isn't provide. Qemu assumes it is. > > > > > > > > > > > > > > > > The temporary solution is to throw in a second root port on the > > > > > > > > HB and not > > > > > > > > connect anything to it. Longer term I may special case this so > > > > > > > > that the particular > > > > > > > > decoder defaults to pass through settings in QEMU if there is > > > > > > > > only one root port. > > > > > > > > > > > > > > > > > > > > > > You are right! After adding an extra HB in qemu, I can create a x1 > > > > > > > region successfully. > > > > > > > But have some errors in Nvdimm: > > > > > > > > > > > > > > [ 74.925838] Unknown online node for memory at 0x10000000000, > > > > > > > assuming node 0 > > > > > > > [ 74.925846] Unknown target node for memory at 0x10000000000, > > > > > > > assuming node 0 > > > > > > > [ 74.927470] nd_region region0: nmem0: is disabled, failing > > > > > > > probe > > > > > > > > > > > > Ah. I've seen this one, but not chased it down yet. Was on my todo > > > > > > list to chase > > > > > > down. Once I reach this state I can verify the HDM Decode is > > > > > > correct which is what > > > > > > I've been using to test (Which wasn't true until earlier this > > > > > > week). > > > > > > I'm currently testing via devmem, more for historical reasons than > > > > > > because it makes > > > > > > that much sense anymore. > > > > > > > > > > *embarassed cough*. We haven't fully hooked the LSA up in qemu yet. > > > > > I'd forgotten that was still on the todo list. I don't think it will > > > > > be particularly hard to do and will take a look in next few days. > > > > > > > > > > Very very indirectly this error is causing a driver probe fail that > > > > > means that > > > > > we hit a code path that has a rather odd looking check on > > > > > NDD_LABELING. > > > > > Should not have gotten near that path though - hence the problem is > > > > > actually > > > > > when we call cxl_pmem_get_config_data() and it returns an error > > > > > because > > > > > we haven't fully connected up the command in QEMU. > > > > > > > > So a least one bug in QEMU. We were not supporting variable length > > > > payloads on mailbox > > > > inputs (but were on outputs). That hasn't mattered until we get to LSA > > > > writes. > > > > We just need to relax condition on the supplied length. > > > > > > > > diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c > > > > index c352a935c4..fdda9529fe 100644 > > > > --- a/hw/cxl/cxl-mailbox-utils.c > > > > +++ b/hw/cxl/cxl-mailbox-utils.c > > > > @@ -510,7 +510,7 @@ void cxl_process_mailbox(CXLDeviceState *cxl_dstate) > > > > cxl_cmd = &cxl_cmd_set[set][cmd]; > > > > h = cxl_cmd->handler; > > > > if (h) { > > > > - if (len == cxl_cmd->in) { > > > > + if (len == cxl_cmd->in || !cxl_cmd->in) { > > > > cxl_cmd->payload = cxl_dstate->mbox_reg_state + > > > > A_CXL_DEV_CMD_PAYLOAD; > > > > ret = (*h)(cxl_cmd, cxl_dstate, &len); > > > > > > > > > > > > This lets the nvdimm/region probe fine, but I'm getting some issues with > > > > namespace capacity so I'll look at what is causing that next. > > > > Unfortunately I'm not that familiar with the driver/nvdimm side of > > > > things > > > > so it's take a while to figure out what kicks off what! > > > > > > The whirlwind tour is that 'struct nd_region' instances that represent a > > > persitent memory address range are composed of one more mappings of > > > 'struct nvdimm' objects. The nvdimm object is driven by the dimm driver > > > in drivers/nvdimm/dimm.c. That driver is mainly charged with unlocking > > > the dimm (if locked) and interrogating the label area to look for > > > namespace labels. > > > > > > The label command calls are routed to the '->ndctl()' callback that was > > > registered when the CXL nvdimm_bus_descriptor was created. That callback > > > handles both 'bus' scope calls, currently none for CXL, and per nvdimm > > > calls. cxl_pmem_nvdimm_ctl() translates those generic LIBNVDIMM commands > > > to CXL commands. > > > > > > The 'struct nvdimm' objects that the CXL side registers have the > > > NDD_LABELING flag set which means that namespaces need to be explicitly > > > created / provisioned from region capacity. Otherwise, if > > > drivers/nvdimm/dimm.c does not find a namespace-label-index block then > > > the region reverts to label-less mode and a default namespace equal to > > > the size of the region is instantiated. > > > > > > If you are seeing small mismatches in namespace capacity then it may > > > just be the fact that by default 'ndctl create-namespace' results in an > > > 'fsdax' mode namespace which just means that it is a block device where > > > 1.5% of the capacity is reserved for 'struct page' metadata. You should > > > be able to see namespace capacity == region capacity by doing "ndctl > > > create-namespace -m raw", and disable DAX operation. > > > > Currently ndctl create-namespace crashes qemu ;) > > Which isn't ideal! > > > > Found a cause for this one. Mailbox payload may be as small as 256 bytes. > We have code in kernel sanity checking that output payload fits in the > mailbox, but nothing on the input payload. Symptom is that we write just > off the end whatever size the payload is. Note doing this shouldn't crash > qemu - so I need to fix a range check somewhere. > > I think this is because cxl_pmem_get_config_size() returns the mailbox > payload size as being the available LSA size, forgetting to remove the > size of the headers on the set_lsa side of things. > https://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl.git/tree/drivers/cxl/pmem.c?h=next#n110 > > I've hacked the max_payload to be -8 > > Now we still don't succeed in creating the namespace, but bonus is it doesn't > crash any more. In the interests of defensive / correct handling from QEMU I took a look into why it was crashing. Turns out that providing a NULL write callback for the memory device region (that the above overlarge write was spilling into) isn't a safe thing to do. Needs a stub. Oops. On plus side we might never have noticed this was going wrong without the crash *silver lining in every cloud* Fix to follow... Jonathan > > > Jonathan > > > > > > > > > Hope that helps. > > Got me looking at the right code. Thanks! > > > > Jonathan > > > > > >