Re: [PATCH V3 02/17] irqchip/gic: WARN if setting the interrupt type for a PPI fails

From: Jon Hunter
Date: Thu May 05 2016 - 10:41:28 EST

Next message: Christopher Covington: "Re: [PATCH v1] builddeb: fix missing headers in linux-headers package"
Previous message: Christoph Hellwig: "[PATCH] irq-alpine-msi: don't use <asm-generic/msi.h>"
In reply to: Marc Zyngier: "Re: [PATCH V3 02/17] irqchip/gic: WARN if setting the interrupt type for a PPI fails"
Next in thread: Jon Hunter: "[PATCH V3 03/17] irqchip: Mask the non-type/sense bits when translating an IRQ"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 05/05/16 14:40, Marc Zyngier wrote:
> On Thu, 5 May 2016 14:22:06 +0100
> Jon Hunter <jonathanh@xxxxxxxxxx> wrote:
>
>> Hi Marc,
>>
>> On 05/05/16 13:06, Marc Zyngier wrote:
>>> Hi Jon,
>>>
>>> On 04/05/16 17:25, Jon Hunter wrote:
>>>> Setting the interrupt type for private peripheral interrupts (PPIs) may
>>>> not be supported by a given GIC because it is IMPLEMENTATION DEFINED
>>>> whether this is allowed. There is no way to know if setting the type is
>>>> supported for a given GIC and so the value written is read back to
>>>> verify it matches the desired configuration. If it does not match then
>>>> an error is return.
>>>>
>>>> There are cases where the interrupt configuration read from firmware
>>>> (such as a device-tree blob), has been incorrect and hence
>>>> gic_configure_irq() has returned an error. This error has gone
>>>> undetected because the error code returned was ignored but the interrupt
>>>> still worked fine because the configuration for the interrupt could not
>>>> be overwritten.
>>>>
>>>> Given that this has done undetected and that failing to set the
>>>> configuration for a PPI may not be a catastrophic, don't return an error
>>>> but WARN if we fail to configure a PPI. This will allows us to fix up
>>>> any places in the kernel where we should be checking the return status
>>>> and maintain backward compatibility with firmware images that may have
>>>> incorrect PPI configurations.
>>>>
>>>> Signed-off-by: Jon Hunter <jonathanh@xxxxxxxxxx>
>>>> Acked-by: Marc Zyngier <marc.zyngier@xxxxxxx>
>>>> ---
>>>> drivers/irqchip/irq-gic-common.c | 11 +++++++----
>>>> 1 file changed, 7 insertions(+), 4 deletions(-)
>>>>
>>>> diff --git a/drivers/irqchip/irq-gic-common.c b/drivers/irqchip/irq-gic-common.c
>>>> index ffff5a45f1e3..9fa92a17225c 100644
>>>> --- a/drivers/irqchip/irq-gic-common.c
>>>> +++ b/drivers/irqchip/irq-gic-common.c
>>>> @@ -56,12 +56,15 @@ int gic_configure_irq(unsigned int irq, unsigned int type,
>>>>
>>>> /*
>>>> * Write back the new configuration, and possibly re-enable
>>>> - * the interrupt. If we fail to write a new configuration,
>>>> - * return an error.
>>>> + * the interrupt. WARN if we fail to write a new configuration
>>>> + * and return an error if we failed to write the configuration
>>>> + * for an SPI. If we fail to write the configuration for a PPI
>>>> + * this is most likely because the GIC does not allow us to set
>>>> + * the configuration and so it is not a catastrophic failure.
>>>> */
>>>> writel_relaxed(val, base + GIC_DIST_CONFIG + confoff);
>>>> - if (readl_relaxed(base + GIC_DIST_CONFIG + confoff) != val)
>>>> - ret = -EINVAL;
>>>> + if (WARN_ON(readl_relaxed(base + GIC_DIST_CONFIG + confoff) != val))
>>>> + ret = irq < 32 ? 0 : -EINVAL;
>>>>
>>>> if (sync_access)
>>>> sync_access();
>>>>
>>>
>>> I'm going to slightly backpedal on that one:
>>>
>>> When running in non-secure mode, you can reconfigure secure interrupts
>>
>> Do you mean 'cannot'?
>
> Yes, sorry.
>
>>> (for obvious reasons). But you don't know which mode you're running in
>>> either. A typical example is the arch timer, which requests both secure
>>> and non-secure interrupts, because we cannot know which side of the CPU
>>> we're running on. In the non-secure case, we end-up with a splat that
>>> is rather undeserved.
>>
>> Yes seems sensible.
>>
>>> So I'm tempted to tone down the splat in the PPI case like this:
>>>
>>> diff --git a/drivers/irqchip/irq-gic-common.c b/drivers/irqchip/irq-gic-common.c
>>> index 083c303..1605e42 100644
>>> --- a/drivers/irqchip/irq-gic-common.c
>>> +++ b/drivers/irqchip/irq-gic-common.c
>>> @@ -63,8 +63,17 @@ int gic_configure_irq(unsigned int irq, unsigned int type,
>>> * the configuration and so it is not a catastrophic failure.
>>> */
>>> writel_relaxed(val, base + GIC_DIST_CONFIG + confoff);
>>> - if (WARN_ON(readl_relaxed(base + GIC_DIST_CONFIG + confoff) != val))
>>> - ret = irq < 32 ? 0 : -EINVAL;
>>> + oldval = readl_relaxed(base + GIC_DIST_CONFIG + confoff);
>>> + if (oldval != val) {
>>> + if (irq < 32) {
>>> + pr_warn("GIC: PPI%d is either secure or misconfigured\n",
>>> + irq - 16);
>>> + ret = 0;
>>> + } else {
>>> + WARN_ON(1);
>>> + ret = -EINVAL;
>>> + }
>>> + }
>>>
>>> if (sync_access)
>>> sync_access();
>>>
>>> Thoughts?
>>
>> That is fine with me. Do you want me to re-spin or do you want to apply
>> your change on top? However, before I re-spin would like to get your
>> thoughts on patches 13-17.
>
> I can squash this into your own patch if you're OK with it. I'll reply
> to your other patches shortly, as I have a number of comments there.

Yes that is fine with me.

Cheers
Jon

Next message: Christopher Covington: "Re: [PATCH v1] builddeb: fix missing headers in linux-headers package"
Previous message: Christoph Hellwig: "[PATCH] irq-alpine-msi: don't use <asm-generic/msi.h>"
In reply to: Marc Zyngier: "Re: [PATCH V3 02/17] irqchip/gic: WARN if setting the interrupt type for a PPI fails"
Next in thread: Jon Hunter: "[PATCH V3 03/17] irqchip: Mask the non-type/sense bits when translating an IRQ"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]