Re: [PATCH v2] PCI: qcom: Add support for modular builds

From: Johan Hovold
Date: Tue Sep 20 2022 - 10:06:34 EST


On Tue, Sep 20, 2022 at 08:37:54AM -0500, Bjorn Helgaas wrote:
> On Tue, Sep 20, 2022 at 10:47:56AM +0200, Johan Hovold wrote:
> > Hi Lorenzo,
> >
> > On Thu, Jul 21, 2022 at 08:47:20AM +0200, Johan Hovold wrote:
> > > Allow the Qualcomm PCIe controller driver to be built as a module, which
> > > is useful for multi-platform kernels as well as during development.
> > >
> > > Reviewed-by: Rob Herring <robh@xxxxxxxxxx>
> > > Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@xxxxxxxxxx>
> > > Signed-off-by: Johan Hovold <johan+linaro@xxxxxxxxxx>
> > > ---
> > >
> > > Changes in v2
> > > - rebase on next-20220720 (adjust context)
> > > - add Rob and Mani's reviewed-by tags
> >
> > Have you had a change to look at this one since you got back from
> > vacation?
> >
> > I believe this should be uncontroversial as we already have other
> > modular dwc drivers and there's no mapping of legacy INTx interrupts
> > involved.
>
> I'm not Lorenzo, but was there a conclusive outcome to the thread at
> [1]? The last thing I remember was that a buggy endpoint driver that
> failed to unmap all its interrupts could cause crashes if the PCIe
> controller driver was removed.

That's not so much an argument against allowing the PCIe controller
driver to be unbound as it is an argument for preventing endpoint
drivers from being unbound.

And they generally need to be able to unbind due to hotplugging, right?

> Making the driver modular is essential so distros can build all the
> drivers and users can load the one needed by their platform.
>
> Making the driver removable is useful for developers but not for
> users, so I don't see it as essential. Developers are in the business
> of developing and can easily carry a trivial out-of-tree patch to add
> removability if needed.

Having modular drivers that can be unloaded is a debugging feature. I
believe I already posted this quote from Linus:

The proper thing to do (and what we _have_ done) is to say
"unloading of modules is not supported". It's a debugging
feature, and you literally shouldn't do it unless you are
actively developing that module.

https://lore.kernel.org/all/Pine.LNX.4.58.0401251054340.18932@xxxxxxxxxxxxx/

And no, keeping such patches out-of-tree is not an option as it prevents
sharing them with others and they will quickly bit rot.

> If removability is actually safe even if endpoint drivers aren't
> perfect, then I don't object to it. But if it's not always safe, I
> don't think the argument that "other drivers do it" is strong. I'd
> rather make all the drivers safe even if that means making them
> non-removable.

If we have buggy endpoint drivers we need fix them regardless. Allowing
this fundamental debugging feature will even allow developers to catch
those bugs sooner.

And this is really no different from any other type of bug in endpoint
drivers; a failure to deregister a class device on unbind would lead to
crashes due to use-after-free, etc.

> [1] https://lore.kernel.org/r/20220721195433.GA1747571@bhelgaas

Johan