On Mon, Jan 02, 2023 at 12:24:54AM +0100, Marek Marczykowski-Górecki wrote: > On Thu, Dec 22, 2022 at 10:29:57AM +0200, Ville Syrjälä wrote: > > On Fri, Dec 16, 2022 at 03:30:13PM +0000, Andrew Cooper wrote: > > > On 08/12/2022 1:55 pm, Marek Marczykowski-Górecki wrote: > > > > Hi, > > > > > > > > There is an issue with i915 on Xen PV (dom0). The end result is a lot of > > > > glitches, like here: > > > > https://openqa.qubes-os.org/tests/54748#step/startup/8 > > > > (this one is on ADL, Linux 6.1-rc7 as a Xen PV dom0). It's using Xorg > > > > with "modesetting" driver. > > > > > > > > After some iterations of debugging, we narrowed it down to i915 handling > > > > caching. The main difference is that PAT is setup differently on Xen PV > > > > than on native Linux. Normally, Linux does have appropriate abstraction > > > > for that, but apparently something related to i915 doesn't play well > > > > with it. The specific difference is: > > > > native linux: > > > > x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT > > > > xen pv: > > > > x86/PAT: Configuration [0-7]: WB WT UC- UC WC WP UC UC > > > > ~~ ~~ ~~ ~~ > > > > > > > > The specific impact depends on kernel version and the hardware. The most > > > > severe issues I see on >=ADL, but some older hardware is affected too - > > > > sometimes only if composition is disabled in the window manager. > > > > Some more information is collected at > > > > https://github.com/QubesOS/qubes-issues/issues/4782 (and few linked > > > > duplicates...). > > > > > > > > Kind-of related commit is here: > > > > https://github.com/torvalds/linux/commit/bdd8b6c98239cad ("drm/i915: > > > > replace X86_FEATURE_PAT with pat_enabled()") - it is the place where > > > > i915 explicitly checks for PAT support, so I'm cc-ing people mentioned > > > > there too. > > > > > > > > Any ideas? > > > > > > > > The issue can be easily reproduced without Xen too, by adjusting PAT in > > > > Linux: > > > > -----8<----- > > > > diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c > > > > index 66a209f7eb86..319ab60c8d8c 100644 > > > > --- a/arch/x86/mm/pat/memtype.c > > > > +++ b/arch/x86/mm/pat/memtype.c > > > > @@ -400,8 +400,8 @@ void pat_init(void) > > > > * The reserved slots are unused, but mapped to their > > > > * corresponding types in the presence of PAT errata. > > > > */ > > > > - pat = PAT(0, WB) | PAT(1, WC) | PAT(2, UC_MINUS) | > > > > PAT(3, UC) | > > > > - PAT(4, WB) | PAT(5, WP) | PAT(6, UC_MINUS) | > > > > PAT(7, WT); > > > > + pat = PAT(0, WB) | PAT(1, WT) | PAT(2, UC_MINUS) | > > > > PAT(3, UC) | > > > > + PAT(4, WC) | PAT(5, WP) | PAT(6, UC) | > > > > PAT(7, UC); > > > > } > > > > > > > > if (!pat_bp_initialized) { > > > > -----8<----- > > > > > > > > > > Hello, can anyone help please? > > > > > > Intel's CI has taken this reproducer of the bug, and confirmed the > > > regression. > > > https://lore.kernel.org/intel-gfx/Y5Hst0bCxQDTN7lK@mail-itl/T/#m4480c15a0d117dce6210562eb542875e757647fb > > > > > > We're reasonably confident that it is an i915 bug (given the repro with > > > no Xen in the mix), but we're out of any further ideas. > > > > I don't think we have any code that assumes anything about the PAT, > > apart from WC being available (which seems like it should still be > > the case with your modified PAT). I suppose you'll just have to > > start digging from pgprot_writecombine()/noncached() and make sure > > everything ends up using the correct PAT entry. > > I tried several approach to this, without success. Here is an update on > debugging (reported also on #intel-gfx live): > > I did several tests with different PAT configuration (by modifying Xen > that sets the MSR). Full table is at > https://pad.itl.space/sheet/#/2/sheet/view/HD1qT2Zf44Ha36TJ3wj2YL+PchsTidyNTFepW5++ZKM/ > Some highlights: > - 1=WC, 4=WT - good > - 1=WT, 4=WC - bad > - 1=WT, 3=WC (4=WC too) - good > - 1=WT, 5=WC - good > > So, for me it seems WC at index 4 is problematic for some reason. > > Next, I tried to trap all the places in arch/x86/xen/mmu_pv.c that > write PTEs and verify requested cache attributes. There, it seems all > the requested WC are properly translated (using either index 1, 3, 4, or > 5 according to PAT settings). And then after reading PTE back, it indeed > seems to be correctly set. I didn't added reading back after > HYPERVISOR_update_va_mapping, but verified it isn't used for setting WC. > > Using the same method, I also checked that indexes that aren't supposed > to be used (for example index 4 when both 3 and 4 are WC) indeed are not > used. So, the hypothesis that specific indexes are hardcoded somewhere > is unlikely. > > This all looks very weird to me. Any ideas?
Old CPUs have had hardware errata that caused the top bit of the PAT entry to be ignored in certain cases. Could modern CPUs be ignoring this bit when accessing iGPU memory or registers? With WC at position 4, this would cause WC to be treated as WB, which is consistent with the observed behavior. WC at position 3 would not be impacted, and WC at position 5 would be treated as WT which I expect to be safe. One way to test this is to test 1=WB, 5=WC. If my hypothesis is correct, this should trigger the bug, even if entry 1 in the PAT is unused because entry 0 is also WB. -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab
signature.asc
Description: PGP signature