Re: [PATCH 03/14] cxl/mem: Find device capabilities

From: Ben Widawsky
Date: Mon Feb 01 2021 - 17:51:40 EST


On 21-02-01 14:45:00, David Rientjes wrote:
> On Mon, 1 Feb 2021, Ben Widawsky wrote:
>
> > > > > > > > > +static int cxl_mem_setup_mailbox(struct cxl_mem *cxlm)
> > > > > > > > > +{
> > > > > > > > > + const int cap = cxl_read_mbox_reg32(cxlm, CXLDEV_MB_CAPS_OFFSET);
> > > > > > > > > +
> > > > > > > > > + cxlm->mbox.payload_size =
> > > > > > > > > + 1 << CXL_GET_FIELD(cap, CXLDEV_MB_CAP_PAYLOAD_SIZE);
> > > > > > > > > +
> > > > > > > > > + /* 8.2.8.4.3 */
> > > > > > > > > + if (cxlm->mbox.payload_size < 256) {
> > > > > > > > > + dev_err(&cxlm->pdev->dev, "Mailbox is too small (%zub)",
> > > > > > > > > + cxlm->mbox.payload_size);
> > > > > > > > > + return -ENXIO;
> > > > > > > > > + }
> > > > > > > >
> > > > > > > > Any reason not to check cxlm->mbox.payload_size > (1 << 20) as well and
> > > > > > > > return ENXIO if true?
> > > > > > >
> > > > > > > If some crazy vendor wanted to ship a mailbox larger than 1M, why should the
> > > > > > > driver not allow it?
> > > > > > >
> > > > > >
> > > > > > Because the spec disallows it :)
> > > > >
> > > > > I don't see it being the driver's responsibility to enforce spec correctness
> > > > > though. In certain cases, I need to use the spec, like I have to pick /some/
> > > > > mailbox timeout. For other cases...
> > > > >
> > > > > I'm not too familiar with what other similar drivers may or may not do in
> > > > > situations like this. The current 256 limit is mostly a reflection of that being
> > > > > too small to even support advertised mandatory commands. So things can't work in
> > > > > that scenario, but things can work if they have a larger register size (so long
> > > > > as the BAR advertises enough space).
> > > > >
> > > >
> > > > I don't think things can work above 1MB, either, though. Section
> > > > 8.2.8.4.5 specifies 20 bits to define the payload length, if this is
> > > > larger than cxlm->mbox.payload_size it would venture into the reserved
> > > > bits of the command register.
> > > >
> > > > So is the idea to allow cxl_mem_setup_mailbox() to succeed with a payload
> > > > size > 1MB and then only check 20 bits for the command register?
> > >
> > > So it's probably a spec bug, but actually the payload size is 21 bits... I'll
> > > check if that was a mistake.
> >
> > Well I guess they wanted to be able to specify 1M exactly... Spec should
> > probably say you can't go over 1M
> >
>
> I think that's what 8.2.8.4.3 says, no? And then 8.2.8.4.5 says you
> can use up to Payload Size. That's why my recommendation was to enforce
> this in cxl_mem_setup_mailbox() up front.

Yeah. I asked our spec people to update 8.2.8.4.5 to make it clearer. I'd argue
the intent is how you describe it, but the implementation isn't.

My argument was silly anyway because if you specify greater than 1M as your
payload, you will get EINVAL at the ioctl.

The value of how it works today is the driver will at least bind and allow you
to interact with it.

How strongly do you feel about this?