[PATCH] powerpc/pseries/iommu: Wait until all TCEs are unmapped before deleting DDW

Mon Oct 14 21:10:46 AEDT 2024

Hi Gaurav,

Gaurav Batra <gbatra at linux.ibm.com> writes:
> Some of the network drivers, like Mellanox, use core linux page_pool APIs
> to manage DMA buffers. These page_pool APIs cache DMA buffers with
> infrequent map/unmap calls for DMA mappings, thus increasing performance.

Can you please resend this and Cc the netdev list, lkml, maybe the IOMMU
list (iommu at lists.linux.dev) and the page_pool maintainers:

PAGE POOL
M:	Jesper Dangaard Brouer <hawk at kernel.org>
M:	Ilias Apalodimas <ilias.apalodimas at linaro.org>

Perhaps they'll have some ideas on how to solve the issue. And at least
we don't want to add a workaround for their APIs without informing the
maintainers that we're doing so.

> When a device is initialized, the drivers makes a call to the page_pool API
> to create a DMA buffer pool. Hence forth DMA buffers are allocated and
> freed from this pool by the driver. The DMA map/unmap is done by the core
> page_pool infrastructure.
>
> These DMA buffers could be allocated for RX/TX buffer rings for the device
> or could be in-process by the network stack.
>
> When a network device is closed, driver will release all DMA mapped
> buffers. All the DMA buffers allocated to the RX/TX rings are released back
> to the page_pool by the driver. Some of the DMA mapped buffers could still
> be allocated and in-process by the network stack.
>
> DMA buffers that are relased by the Network driver are synchronously
> unmapped by the page_pool APIs. But, DMA buffers that are passed to the
> network stack and still in-process are unmapped later asynchronously by the
> page_pool infrastructure.
>
> This asynchronous unmapping of the DMA buffers, by the page_pool, can lead
> to issues when a network device is dynamically removed in PowerPC
> architecture.  When a network device is DLPAR removed, the driver releases
> all the mapped DMA buffers and stops using the device. Driver returns
> successfully. But, at this stage there still could be mapped DMA buffers
> which are in-process by the network stack.
>
> DLPAR code proceeds to remove the device from the device tree, deletes
> Dynamic DMA Window (DDW) and associated IOMMU tables. DLPAR of the device
> succeeds.

Are we missing a call to synchronize_net() somewhere in the DLPAR code?

Though I would have thought the network core would do that somewhere.

The ideal solution would be that we don't have to do any wait loop, and
instead explicitly wait for the network stack to finish any outstanding
packets.

> Later, when network stack release some of the DMA buffers, page_pool
> proceeds to unmap them. The page_pool relase path calls into PowerPC TCE
> management to release the TCE. This is where the LPAR OOPses since the DDW
> and associated resources for the device are already free'ed.

Can you post the oops for reference please.

> This issue was exposed during LPM from a Power9 to Power10 machine with HNV

Please expand what LPM means for non-IBM folks - Live Partition Migration.

> configuration. The bonding device is Virtual Ethernet with SR-IOV. During
> LPM, I/O is switched from SR-IOV to passive Virtual Ethernet and DLPAR
> remove of SR-IOV is initiated. This lead to the above mentioned scenario.
>
> It is possible to hit this issue by just Dynamically removing SR-IOV device
> which is under heavy I/O load, a scenario where some of the mapped DMA
> buffers are in-process somewhere in the network stack and not mapped to the
> RX/TX ring of the device.
>
> The issue is only encountered when TCEs are dynamically managed. In this
> scenario map/unmap of TCEs goes into the PowerPC TCE management path as and
> when DMA bufffers are mapped/unmaped and accesses DDW resources. When RAM
> is directly mapped during device initialization, this dynamic TCE
> management is by-passed and LPAR doesn't OOPses.
>
> Solution:
>
> During DLPAR remove of the device, before deleting the DDW and associated
> resources, check to see if there are any outstanding TCEs. If there are
> outstanding TCEs, sleep for 50ms and check again, until all the TCEs are
> unmapped.
>
> Once all the TCEs are unmapped, DDW is removed and DLPAR succeeds. This
> ensures there will be no reference to the DDW after it is deleted.

That description doesn't quite match the code, which has a 120 second
timeout after which it just continues along in hope :)

It's good that the code doesn't block forever, but it's bad that it
leaves open the possibility that it will still oops.

Is it possible to detect the double-free and prevent the oops there?

cheers