Re: [PATCH] riscv: don't warn for sifive erratas in modules

From: Palmer Dabbelt
Date: Fri Jul 08 2022 - 02:20:40 EST

On Thu, 09 Jun 2022 18:12:27 PDT (-0700), guoren@xxxxxxxxxx wrote:
On Thu, Jun 9, 2022 at 5:58 PM Heiko Stübner <heiko@xxxxxxxxx> wrote:

Hi Guo,

Am Donnerstag, 9. Juni 2022, 03:39:24 CEST schrieb Guo Ren:
> On Wed, Jun 8, 2022 at 8:09 PM Heiko Stuebner <heiko@xxxxxxxxx> wrote:
> >
> > The SiFive errata code contains code checking applicable erratas
> > vs. actually applied erratas to suggest missing erratas to the
> > user when their Kconfig options are not enabled.
> >
> > In the main kernel image one can be quite sure that all available
> > erratas appear at least once, so that check will succeed.
> > On the other hand modules can very well not use any errata-relevant
> > code, so the newly added module-alternative support may also patch
> > the module code, but not touch SiFive-specific erratas at all.
> >
> > So to restore the original behaviour don't warn when patching
> > modules. This will keep the warning if necessary for the main kernel
> > image but prevent spurious warnings for modules.
> >
> > Of course having such a vendor-specific warning may not be needed at
> > all, as CONFIG_ERRATA_SIFIVE is selected by CONFIG_SOC_SIFIVE and the
> > individual erratas are default-y so disabling them requires
> > deliberate action anyway. But for now just restore the old behaviour.
> >
> > Fixes: a8e910168bba ("riscv: implement module alternatives")
> > Reported-by: Ron Economos <re@xxxxxxxx>
> > Signed-off-by: Heiko Stuebner <heiko@xxxxxxxxx>
> > ---
> > arch/riscv/errata/sifive/errata.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/riscv/errata/sifive/errata.c b/arch/riscv/errata/sifive/errata.c
> > index 672f02b21ce0..1031038423e7 100644
> > --- a/arch/riscv/errata/sifive/errata.c
> > +++ b/arch/riscv/errata/sifive/errata.c
> > @@ -111,6 +111,7 @@ void __init_or_module sifive_errata_patch_func(struct alt_entry *begin,
> > cpu_apply_errata |= tmp;
> > }
> > }
> > - if (cpu_apply_errata != cpu_req_errata)
> > + if (stage != RISCV_ALTERNATIVES_MODULE &&
> > + cpu_apply_errata != cpu_req_errata)
> if (cpu_apply_errata &= ~cpu_req_errata)

Hmm, I don't see what that changes?
+ if (stage != RISCV_ALTERNATIVES_MODULE &&
+ cpu_apply_errata != cpu_req_errata)
warn_miss_errata(cpu_req_errata - cpu_apply_errata);
+ else if (cpu_apply_errata &= ~cpu_req_errata)
warn_miss_errata(cpu_req_errata - cpu_apply_errata);

All module's errata should be a subset of the main kernel. Not just
skip the check of MODULE.



> Shall we still guarantee the module's must be a subset of the main kernel.'s?

The warning generated there is mainly to warn about some Kconfig options
not being enabled and in individual modules even no errata usage may be
required.

The problem here is really the mechanism by which that warning is generated: we assume that each alternative stage generates at least one instance of each errata, otherwise we provide the warning. That's OK for the kernel, as we only have the one errata stage for SiFive stuff,
but modules might not directly include any behavior that depends on errata so they'll miss the check.

Having a mismatch between the kernel and a module could also cause issues, but there's way bigger issues than errata. Unless I missed something there's no checks to make sure the kernel matches modules, but that's not really an arch/riscv thing.

The intent for the patch is to restore how things behaved before
module-alternatives were introduced, so I don't really want to
introduce functional changes ;-) .

IMO that's fine for a regression fix. Maybe there's better ways to do this, but this at least gets rid of the spurious warning.

But also in the future we could debate if that warning is helpful at all,
as the erratas are enabled automatically by CONFIG_SOC_SIFIVE and
thus disabling individual erratas requires someone to turn them off
manually in their .config .

I could see arguments either way here: there's a bunch of Kconfigs (drivers and such) where turning them off will result in kernels that don't work and we don't warn for those, but errata are also likely to result in kernels that are subtly broken so being extra careful about checking for them seems reasonable.

This is on fixes.

Thanks!