[Skiboot] skiboot v6.2-rc1 released

Stewart Smith stewart at linux.ibm.com
Mon Nov 19 17:28:36 AEDT 2018


skiboot-6.2-rc1
***************

skiboot v6.2-rc1 was released on Monday November 19th 2018. It is the
first release candidate of skiboot 6.2, which will become the new
stable release of skiboot following the 6.1 release, first released
July 11th 2018.

Skiboot 6.2 will mark the basis for op-build v2.2.

skiboot v6.2-rc1 contains all bug fixes as of skiboot-6.0.13, and
skiboot-5.4.10 (the currently maintained stable releases).

For how the skiboot stable releases work, see Skiboot stable tree
rules and releases for details.

This release has been a longer cycle than typical for a variety of
reasons. It also contains a lot of cleanup work and minor bug fixes
(much like skiboot 6.1 did).

Over skiboot 6.1, we have the following changes:


General
=======

* cpu: Quieten OS endian switch messages

  Users see these when loading an OS from Petitboot:

     [  119.486794100,5] OPAL: Switch to big-endian OS
     [  120.022302604,5] OPAL: Switch to little-endian OS

  Which is expected and doesn't provide any information the user can
  act on. Switch them to PR_INFO so they still appear in the log, but
  not on the serial console.

* Recognise signed VERSION partition

  A few things need to change to support a signed VERSION partition:

  * A signed VERSION partition will be 4K + SECURE_BOOT_HEADERS_SIZE
    (4K).

  * The VERSION partition needs to be loaded after secure/trusted
    boot is set up, and therefore after nvram_init().

  * Added to the trustedboot resources array.

  This also moves the ipmi_dt_add_bmc_info() call to after
  flash_dt_add_fw_version() since it adds info to ibm,firmware-
  versions.

* Run pollers in time_wait() when not booting

  This only bit us hard with hiomap in one scenario.

  Our OPAL API has been OPAL_POLL_EVENTS may be needed to make forward
  progress on ongoing operations, and the internal to skiboot API has
  been that time_wait() of a suitable time will run pollers (on at
  least one CPU) to help ensure forward progress can be made.

  In a perfect world, interrupts are used but they may: a) be
  disabled, or b) the thing we're doing can't use interrupts because
  computers are generally terrible.

  Back in 3db397ea5892a (circa 2015), we changed skiboot so that we'd
  run pollers only on the boot CPU, and not if we held any locks. This
  was to reduce the chance of programming code that could deadlock, as
  well as to ensure that we didn't just thrash all the cachelines for
  running pollers all over a large system during boot, or hard spin on
  the same locks on all secondary CPUs.

  The problem arises if the OS we're booting makes an OPAL call early
  on, with interrupts disabled, that requires a poller to run to make
  forward progress. An example of this would be OPAL_WRITE_NVRAM early
  in Linux boot (where Linux sets up the partitions it wants) -
  something that occurs iff we've had to reformat NVRAM this boot
  (i.e. first boot or corrupted NVRAM).

  The hiomap implementation should arguably *not* rely on synchronous
  IPMI messages, but this is a future improvement (as was for mbox
  before it). The mbox-flash code solved this problem by spinning on
  check_timers().

  More generically though, the approach of running the pollers when no
  longer booting means we behave more in line with what the API is
  meant to be, rather than have this odd case of "time_wait() for a
  condition that could also be tripped by an interrupt works fine
  unless the OS is up and running but hasn't set interrupts up yet".

* ipmi: Reduce ipmi_queue_msg_sync() polling loop time to 10ms

  On a plain boot, this reduces the time spent in OPAL by ~170ms on
  p9dsu. This is due to hiomap (currently) using synchronous IPMI
  messages.

  It will also *significantly* reduce latency on runtime flash
  operations for hiomap, as we'll spend typically 10-20ms in OPAL
  rather than 100-200ms. It's not an ideal solution to that, but it's
  a quick and obvious win for jitter.

* core/device: NULL pointer dereference fix

* core/flash: NULL pointer dereference fixes

* core/cpu: Call memset with proper cpu_thread offset

* libflash: Add ipmi-hiomap, and prefer it for PNOR access

  ipmi-hiomap implements the PNOR access control protocol formerly
  known as "the mbox protocol" but uses IPMI instead of the AST LPC
  mailbox as a transport. As there is no-longer any mailbox involved
  in this alternate implementation the old protocol name is quite
  misleading, and so it has been renamed to "the hiomap protoocol"
  (Host I/O Mapping protocol). The same commands and events are used
  though this client-side implementation assumes v2 of the protocol is
  supported by the BMC.

  The code is a heavily-reworked copy of the mbox-flash source and is
  introduced this way to allow for the mbox implementation's eventual
  removal.

  mbox-flash should in theory be renamed to mbox-hiomap for
  consistency, but as it is on life-support effective immediately we
  may as well just remove it entirely when the time is right.

* opal/hmi: Handle early HMIs on thread0 when secondaries are still
  in OPAL.

  When primary thread receives a CORE level HMI for timer facility
  errors while secondaries are still in OPAL, thread 0 ends up in
  rendez-vous waiting for secondaries to get into hmi handling. This
  is because OPAL runs with MSR(EE=0) and hence HMIs are delayed on
  secondary threads until they are given to Linux OS. Fix this by
  adding a check for secondary state and force them in hmi handling by
  queuing job on secondary threads.

  I have tested this by injecting HDEC parity error very early during
  Linux kernel boot. Recovery works fine for non-TB errors. But if TB
  is bad at this very eary stage we already doomed.

  Without this patch we see:

     [  285.046347408,7] OPAL: Start CPU 0x0843 (PIR 0x0843) -> 0x000000000000a83c
     [  285.051160609,7] OPAL: Start CPU 0x0844 (PIR 0x0844) -> 0x000000000000a83c
     [  285.055359021,7] HMI: Received HMI interrupt: HMER = 0x0840000000000000
     [  285.055361439,7] HMI: [Loc: U78D3.ND1.WZS004A-P1-C48]: P:8 C:17 T:0: TFMR(2e12002870e14000) Timer Facility Error
     [  286.232183823,3] HMI: Rendez-vous stage 1 timeout, CPU 0x844 waiting for thread 1 (sptr=0000ccc1)
     [  287.409002056,3] HMI: Rendez-vous stage 1 timeout, CPU 0x844 waiting for thread 2 (sptr=0000ccc1)
     [  289.073820164,3] HMI: Rendez-vous stage 1 timeout, CPU 0x844 waiting for thread 3 (sptr=0000ccc1)
     [  290.250638683,3] HMI: Rendez-vous stage 1 timeout, CPU 0x844 waiting for thread 1 (sptr=0000ccc2)
     [  291.427456821,3] HMI: Rendez-vous stage 1 timeout, CPU 0x844 waiting for thread 2 (sptr=0000ccc2)
     [  293.092274807,3] HMI: Rendez-vous stage 1 timeout, CPU 0x844 waiting for thread 3 (sptr=0000ccc2)
     [  294.269092904,3] HMI: Rendez-vous stage 1 timeout, CPU 0x844 waiting for thread 1 (sptr=0000ccc3)
     [  295.445910944,3] HMI: Rendez-vous stage 1 timeout, CPU 0x844 waiting for thread 2 (sptr=0000ccc3)
     [  297.110728970,3] HMI: Rendez-vous stage 1 timeout, CPU 0x844 waiting for thread 3 (sptr=0000ccc3)

  After this patch:

     [  259.401719351,7] OPAL: Start CPU 0x0841 (PIR 0x0841) -> 0x000000000000a83c
     [  259.406259572,7] OPAL: Start CPU 0x0842 (PIR 0x0842) -> 0x000000000000a83c
     [  259.410615534,7] OPAL: Start CPU 0x0843 (PIR 0x0843) -> 0x000000000000a83c
     [  259.415444519,7] OPAL: Start CPU 0x0844 (PIR 0x0844) -> 0x000000000000a83c
     [  259.419641401,7] HMI: Received HMI interrupt: HMER = 0x0840000000000000
     [  259.419644124,7] HMI: [Loc: U78D3.ND1.WZS004A-P1-C48]: P:8 C:17 T:0: TFMR(2e12002870e04000) Timer Facility Error
     [  259.419650678,7] HMI: Sending hmi job to thread 1
     [  259.419652744,7] HMI: Sending hmi job to thread 2
     [  259.419653051,7] HMI: Received HMI interrupt: HMER = 0x0840000000000000
     [  259.419654725,7] HMI: Sending hmi job to thread 3
     [  259.419654916,7] HMI: Received HMI interrupt: HMER = 0x0840000000000000
     [  259.419658025,7] HMI: Received HMI interrupt: HMER = 0x0840000000000000
     [  259.419658406,7] HMI: [Loc: U78D3.ND1.WZS004A-P1-C48]: P:8 C:17 T:2: TFMR(2e12002870e04000) Timer Facility Error
     [  259.419663095,7] HMI: [Loc: U78D3.ND1.WZS004A-P1-C48]: P:8 C:17 T:3: TFMR(2e12002870e04000) Timer Facility Error
     [  259.419655234,7] HMI: [Loc: U78D3.ND1.WZS004A-P1-C48]: P:8 C:17 T:1: TFMR(2e12002870e04000) Timer Facility Error
     [  259.425109779,7] OPAL: Start CPU 0x0845 (PIR 0x0845) -> 0x000000000000a83c
     [  259.429870681,7] OPAL: Start CPU 0x0846 (PIR 0x0846) -> 0x000000000000a83c
     [  259.434549250,7] OPAL: Start CPU 0x0847 (PIR 0x0847) -> 0x000000000000a83c

* core/cpu: Fix memory allocation for job array

  fixes: 7a3f307e core/cpu: parallelise global CPU register setting
  jobs

  This bug would result in boot-hang on some configurations due to
  cpu_wait_job() endlessly waiting for the last bogus jobs[cpu->pir]
  pointer.

* i2c: Fix multiple-enqueue of the same request on NACK

  i2c_request_send() will retry the request if the error is a NAK,
  however it forgets to clear the "ud.done" flag. It will thus loop
  again and try to re-enqueue the same request causing internal
  request list corruption.

* i2c: Ensure ordering between i2c_request_send() and completion

  i2c_request_send loops waiting for a flag "uc.done" set by the
  completion routine, and then look for a result code also set by that
  same completion.

  There is no synchronization, the completion can happen on another
  processor, so we need to order the stores to uc and the reads from
  uc so that uc.done is stored last and tested first using memory
  barriers.

* pci: Clarify power down logic

  Currently pci_scan_bus() unconditionally calls
  pci_slot_set_power_state() when it's finished scanning a bus. This
  is one of those things that makes you go "WHAT?" when you first see
  it and frankly the skiboot PCI code could do with less of that.


Fast Reboot
-----------

* fast-reboot: parallel memory clearing

  Arbitrarily pick 16GB as the unit of parallelism, and split up
  clearing memory into jobs and schedule them node-local to the memory
  (or on node 0 if we can't work that out because it's the memory up
  to SKIBOOT_BASE)

  This seems to cut at least ~40% time from memory zeroing on fast-
  reboot on a 256GB Boston system.

  For many systems, scanning PCI takes about as much time as zeroing
  all of RAM, so we may as well do them at the same time and cut a few
  seconds off the total fast reboot time.

* fast-reboot: verify firmware "romem" checksum

  This takes a checksum of skiboot memory after boot that should be
  unchanged during OS operation, and verifies it before allowing a
  fast reboot.

  This is not read-only memory from skiboot's point of view, beause it
  includes things like the opal branch table that gets populated
  during boot.

  This helps to improve the integrity of firmware against host and
  runtime firmware memory scribble bugs.

* core/fast-reboot: print the fast reboot disable reason

  Once things start to go wrong, disable_fast_reboot can be called a
  number of times, so make the first reason sticky, and also print it
  to the console at disable time. This helps with making sense of fast
  reboot disables.

* Add fast-reboot property to /ibm,opal DT node

  this means that if it's permanently disabled on boot, the test suite
  can pick that up and not try a fast reboot test.


Utilities
=========

* pflash: Add --skip option for reading

  Add a --skip=N option to pflash to skip N number of bytes when
  reading. This would allow users to print the VERSION partition
  without the STB header by specifying the --skip=4096 argument, and
  it's a more generic solution rather than making pflash depend on
  secure/trusted boot code.

* xscom-utils: Rework getsram

  Allow specifying a file on the command line to read OCC SRAM data
  into. If no file is specified then we print it to stdout as text.
  This is a bit inconsistent, but it retains compatibility with the
  existing tool.

* xscom-utils/getsram: Make it work on P9

  The XSCOM base address of the OCC control registers changed slightly
  between P8 and P9. Fix this up and add a bit of PVR checking so we
  look in the right place.

* opal-prd: Fix opal-prd crash

  Presently callback function from HBRT uses r11 to point to target
  function pointer. r12 is garbage. This works fine when we compile
  with "-no-pie" option (as we don't use r12 to calculate TOC).

  As per ABIv2 : "r12 : Function entry address at global entry point"

  With "-pie" compilation option, we have to set r12 to point to
  global function entry point. So that we can calculate TOC properly.

  Crash log without this patch:

     opal-prd[2864]: unhandled signal 11 at 0000000000029320 nip 00000 00102012830 lr 0000000102016890 code 1


Development and Debugging
=========================

* core/lock: Use try_lock_caller() in lock_caller() to capture owner

  Otherwise we can get reports of core/lock.c owning the lock, which
  is not helpful when tracking down ownership issues.

* core/flash: Emit a warning if Skiboot version doesn't match

  This means you'll get a warning that you've modified skiboot
  separately to the rest of the PNOR image, which can be useful in
  determining what firmware is actually running on a machine.

* gcov: link in ctors* as newer GCC doesn't group them all

  It seems that newer toolchains get us multiple ctors sections to
  link in rather than just one. If we discard them (as we were doing),
  then we don't have a working gcov build (and we get the "doesn't
  look sane" warning on boot).

* core/flash: Log return code when ffs_init() fails

  Knowing the return code is at least better than not knowing the
  return code.

* gcov: Fix building with GCC8

* travis/ci: rework Dockerfiles to produce build artifacts

  ubuntu-latest was also missing clang, as ubuntu-latest is closer to
  ubuntu 18.04 than 16.04

* cpu: add cpu_queue_job_on_node()

  Add a job scheduling API which will run the job on the requested
  chip_id (or return failure).

* opal-ci: Build old dtc version for fedora 28

  There are patches that will go into dtc to fix the issues we hit,
  but for the moment let's just build and use a slightly older
  version.

* mem_region: Merge similar allocations when dumping

  Currently we print one line for each allocation done at runtime when
  dumping the memory allocations. We do a few thousand allocations at
  boot so this can result in a huge amount of text being printed which
  is a) slow to print, and b) Can result in the log buffer overflowing
  which destroys otherwise useful information.

  This patch adds a de-duplication to this memory allocation dump by
  merging "similar" allocations (same location, same size) into one.

  Unfortunately, the algorithm used to do the de-duplication is
  quadratic, but considering we only dump the allocations in the event
  of a fatal error I think this is acceptable. I also did some
  benchmarking and found that on a ZZ it takes ~3ms to do a dump with
  12k allocations. On a Zaius it's slightly longer at about ~10ms for
  10k allocs. However, the difference there was due to the output
  being written to the UART.

  This patch also bumps the log level to PR_NOTICE. PR_INFO messages
  are suppressed at the default log level, which probably isn't
  something you want considering we only dump the allocations when we
  run out of skiboot heap space.

* core/lock: fix timeout warning causing a deadlock false positive

  If a lock waiter exceeds the warning timeout, it prints a message
  while still registered as requesting the lock. Printing the message
  can take locks, so if one is held when the owner of the original
  lock tries to print a message, it will get a false positive deadlock
  detection, which brings down the system.

  This can easily be hit when there is a lot of HMI activity from a
  KVM guest, where the timebase was not returned to host timebase
  before calling the HMI handler.

* hw/p8-i2c: Print the set error bits

  This is purely to save me from having to look it up every time
  someone gets an I2C error.

* init: Fix starting stripped kernel

  Currently if we try to run a raw/stripped binary kernel (ie. without
  the elf header) we crash with:

     [    0.008757768,5] INIT: Waiting for kernel...
     [    0.008762937,5] INIT: platform wait for kernel load failed
     [    0.008768171,5] INIT: Assuming kernel at 0x20000000
     [    0.008779241,3] INIT: ELF header not found. Assuming raw binary.
     [    0.017047348,5] INIT: Starting kernel at 0x0, fdt at 0x3044b230 14339 bytes
     [    0.017054251,0] FATAL: Kernel is zeros, can't execute!
     [    0.017059054,0] Assert fail: core/init.c:590:0
     [    0.017065371,0] Aborting!

  This is because we haven't set kernel_entry correctly in this path.
  This fixes it.

* cpu: Better output when waiting for a very long job

  Instead of printing at the end if the job took more than 1s, print
  in the loop every 30s along with a backtrace. This will give us some
  output if the job is deadlocked.

* lock: Fix interactions between lock dependency checker and stack
  checker

  The lock dependency checker does a few nasty things that can cause
  re-entrancy deadlocks in conjunction with the stack checker or in
  fact other debug tests.

  A lot of it revolves around taking a new lock (dl_lock) as part of
  the locking process.

  This tries to fix it by making sure we do not hit the stack checker
  while holding dl_lock.

  We achieve that in part by directly using the low-level __try_lock
  and manually unlocking on the dl_lock, and making some functions
  "nomcount".

  In addition, we mark the dl_lock as being in the console path to
  avoid deadlocks with the UART driver.

  We move the enabling of the deadlock checker to a separate config
  option from DEBUG_LOCKS as well, in case we chose to disable it by
  default later on.

* xscom-utils/adu_scoms.py: run 2to3 over it

* clang: -Wno-error=ignored-attributes


Mambo Platform
--------------

* mambo: Merge PMEM_DISK and PMEM_VOLATILE code

  PMEM_VOLATILE and PMEM_DISK can't be used together and are basically
  copies of the same code.

  This merges the two and allows them used together.  Same API is
  kept.

* hw/chiptod: test QUIRK_NO_CHIPTOD in opal_resync_timebase

  This allows some test coverage of deep stop states in Linux with
  Mambo.

* core/mem_region: mambo reserve kernel payload areas

  Mambo image payloads get overwritten by the OS and by fast reboot
  memory clearing because they have no region defined. Add them, which
  allows fast reboot to work.


Qemu platform
-------------

* nx: Don't abort on missing NX when using a QEMU machine

  These don't have an NX node (and probably never will) as they don't
  provide any coprocessor. However, the DARN instruction works so this
  abort is unnecessary.


POWER8 Platforms
================

* SBE-p8: Do all sbe timer update with xscom lock held

  Without this, on some P8 platforms, we could (falsely) think the SBE
  timer had stalled getting the dreaded "timer stuck" message.

  The code was doing the mftb() to set the start of the timeout period
  while *not* holding the lock, so the 1ms timeout started sometime
  when somebody else had the xscom lock.

  The simple solution is to just do the whole routine holding the
  xscom lock, so do it that way.


Vesnin Platform
---------------

* platforms/astbmc/vesnin: Send list of PCI devices to BMC through
  IPMI

  Implements sending a list of installed PCI devices through IPMI
  protocol. Each PCI device description is sent as a standalone IPMI
  message. A list of devices can be gathered from separate messages
  using the session identifier. The session Id is an incremental
  counter that is updated at the start of synchronization session.


POWER9 Platforms
================

* STOP API: API conditionally supports 255 SCOM restore entries for
  each quad.

* hdata/i2c: Skip unknown device type

  Do not add unknown I2C devices to device tree.

* hdata/i2c: Add whitelisting for Host I2C devices

  Many of the devices that we get information about through HDAT are
  for use by firmware rather than the host operating system. This
  patch adds a boolean flag to hdat_i2c_info structure that indicates
  whether devices with a given purpose should be reserved for use
  inside of OPAL (or some other firmware component, such as the OCC).

* hdata/iohub: Fix Cumulus Hub ID number

* opal/hmi: Wakeup the cpu before reading core_fir

  When stop state 5 is enabled, reading the core_fir during an HMI can
  result in a xscom read error with xscom_read() returning an
  OPAL_XSCOM_PARTIAL_GOOD error code and core_fir value of all FFs. At
  present this return error code is not handled in decode_core_fir()
  hence the invalid core_fir value is sent to the kernel where it
  interprets it as a FATAL hmi causing a system check-stop.

  This can be prevented by forcing the core to wake-up using before
  reading the core_fir. Hence this patch wraps the call to
  read_core_fir() within calls to dctl_set_special_wakeup() and
  dctl_clear_special_wakeup().

* xive: Disable block tracker

  Due to some HW errata, the block tracking facility (performance
  optimisation for large systems) should be disabled on Nimbus chips.
  Disable it unconditionally for now.

* opal/hmi: Ignore debug trigger inject core FIR.

  Core FIR[60] is a side effect of the work around for the CI Vector
  Load issue in DD2.1. Usually this gets delivered as HMI with
  HMER[17] where Linux already ignores it. But it looks like in some
  cases we may happen to see CORE_FIR[60] while we are already in
  Malfunction Alert HMI (HMER[0]) due to other reasons e.g. CAPI
  recovery or NPU xstop. If that happens then just ignore it instead
  of crashing kernel as not recoverable.

* hdata: Make sure reserved node name starts with "ibm, "

  HDAT does not provide consistent label format for reserved memory
  label. Few starts with "ibm," while few other starts with component
  name.

* hdata: Fix dtc warnings

  Fix dtc warnings related to mcbist node.

     Warning (reg_format): "reg" property in /xscom at 623fc00000000/mcbist at 1 has invalid length (4 bytes) (#address-cells == 1, #size-cells == 1)
     Warning (reg_format): "reg" property in /xscom at 623fc00000000/mcbist at 2 has invalid length (4 bytes) (#address-cells == 1, #size-cells == 1)
     Warning (reg_format): "reg" property in /xscom at 603fc00000000/mcbist at 1 has invalid length (4 bytes) (#address-cells == 1, #size-cells == 1)
     Warning (reg_format): "reg" property in /xscom at 603fc00000000/mcbist at 2 has invalid length (4 bytes) (#address-cells == 1, #size-cells == 1)

  Ideally we should add proper xscom range here... but we are not
  getting that information in HDAT today. Lets fix warning until we
  get proper data in HDAT.


PHB4
----

* phb4: Generate checkstop on AIB ECC corr/uncorr for DD2.0 parts

  On DD2.0 parts, PCIe ECC protection is not warranted in the response
  data path. Thus, for these parts, we need to flag any ECC errors
  detected from the adjacent AIB RX Data path so the part can be
  replaced.

  This patch configures the FIRs so that we escalate these AIB ECC
  errors to a checkstop so the parts can be replaced.

* phb4: Reset pfir and nfir if new errors reported during ETU reset

  During fast-reboot new PEC errors can be latched even after ETU-
  Reset is asserted. This will result in values of variables
  nfir_cache and pfir_cache to be out of sync.

  During step-2 of CRESET nfir_cache and pfir_cache values are used to
  bring the PHB out of reset state. However if these variables are out
  as noted above of date the nfir/pfir registers are never reset
  completely and ETU still remains frozen.

  Hence this patch updates step-2 of phb4_creset to re-read the values
  of nfir/pfir registers to check if any new errors were reported
  after ETU-reset was asserted, report these new errors and reset the
  nfir/pfir registers. This should bring the ETU out of reset
  successfully.

* phb4: Disable nodal scoped DMA accesses when PB pump mode is
  enabled

  By default when a PCIe device issues a read request via the PHB it
  is first issued with nodal scope. When accessing GPU memory the NPU
  does not know at the time of response if the requested memory page
  is off node or not. Therefore every read of GPU memory by a PHB is
  retried with larger scope which introduces bandwidth and latency
  issues.

  On smaller boxes which have pump mode enabled nodal and group scoped
  reads are treated the same and both types of request are broadcast
  to one chip. Therefore we can avoid the retry by disabling nodal
  scope on the PHB for these boxes. On larger boxes nodal (single
  chip) and group (multiple chip) scoped reads are treated
  differently. Therefore we avoid disabling nodal scope on large boxes
  which have pump mode disabled to avoid all PHB requests being
  broadcast to multiple chips.

* phb4/capp: Only reset FIR bits that cause capp machine check

  During CAPP recovery do_capp_recovery_scoms() will reset the CAPP
  Fir register just after CAPP recovery is completed. This has an
  unintentional side effect of preventing PRD from analyzing and
  reporting this error. If PRD tries to read the CAPP FIR after opal
  has already reset it, then it logs a critical error complaining "No
  active error bits found".

  To prevent this from happening we update do_capp_recovery_scoms() to
  only reset fir bits that cause CAPP machine check (local xstop).
  This is done by reading the CAPP Fir Action0/1 & Mask registers and
  generating a mask which is then written on CAPP_FIR_CLEAR register.

* phb4: Check for RX errors after link training

  Some PHB4 PHYs can get stuck in a bad state where they are
  constantly retraining the link. This happens transparently to
  skiboot and Linux but will causes PCIe to be slow. Resetting the
  PHB4 clears the problem.

  We can detect this case by looking at the RX errors count where we
  check for link stability. This patch does this by modifying the link
  optimal code to check for RX errors. If errors are occurring we
  retrain the link irrespective of the chip rev or card.

  Normally when this problem occurs, the RX error count is maxed out
  at 255. When there is no problem, the count is 0. We chose 8 as the
  max rx errors value to give us some margin for a few errors. There
  is also a knob that can be used to set the error threshold for when
  we should retrain the link. ie

     nvram -p ibm,skiboot --update-config phb-rx-err-max=8

* hw/phb4: Add a helper to dump the PELT-V

  The "Partitionable Endpoint Lookup Table (Vector)" is used by the
  PHB when processing EEH events. The PELT-V defines which PEs should
  be additionally frozen in the event of an error being flagged on a
  given PE. Knowing the state of the PELT-V is sometimes useful for
  debugging PHB issues so this patch adds a helper to dump it.

* hw/phb4: Print the PEs in the EEH dump in hex

  Linux always displays the PE number in hexidecimal while skiboot
  displays the PEST index (PE number) in decimal. This makes
  correlating errors between Skiboot and Linux more annoying than it
  should be so this patch makes Skiboot print the PEST number in hex.

* phb4: Reallocate PEC2 DMA-Read engines to improve GPU-Direct
  bandwidth

  We reallocate additional 16/8 DMA-Read engines allocated to stack0/1
  on PEC2 respectively. This is needed to improve bandwidth available
  to the Mellanox CX5 adapter when trying to read GPU memory (GPU-
  Direct).

  If kernel cxl driver indicates a request to allocate maximum
  possible DMA read engines when calling enable_capi_mode() and card
  is attached to PEC2/stack0 slot then we assume its a Mellanox CX5
  adapter. We then allocate additional 16/8 extra DMA read engines to
  stack0 and stack1 respectively on PEC2. This is done by populating
  the XPEC_PCI_PRDSTKOVR and XPEC_NEST_READ_STACK_OVERRIDE as
  suggested by the h/w team.

* phb4: Enable PHB MMIO-0/1 Bars only when mmio window exists

  Presently phb4_probe_stack() will always enable PHB MMIO0/1 windows
  even if they doesn't exist in phy_map. Hence we do some minor
  shuffling in the phb4_probe_stack() so that MMIO-0/1 Bars are only
  enabled if there corresponding MMIO window exists in the phy_map. In
  case phy_map for an mmio window is '0' we set the corresponding BAR
  register to '0'.

* hw/phb4: Use local_alloc for phb4 structures

  Struct phb4 is fairly heavyweight at 283664 bytes. On systems with
  6x PHBs per socket this results in using 3.2MB of heap space the PHB
  structures alone. This is a fairly large chunk of our 12MB heap and
  on systems with particularly large PCIe topologies, or additional
  PHBs we can fail to boot because we cannot allocate space for the
  FDT blob.

  This patch switches to using local_alloc() for the PHB structures so
  they don't consume too large a portion of our 12MB heap space.

* phb4: Fix typo in disable lane eq code

  In this commit

     commit 737c0ba3d72b8aab05a765a9fc111a48faac0f75
     Author: Michael Neuling <mikey at neuling.org>
     Date:   Thu Feb 22 10:52:18 2018 +1100
     phb4: Disable lane eq when retrying some nvidia GEN3 devices

  We made a typo and set PH2 twice. This fixes it.

  It worked previously as if only phase 2 (PH2) is set it, skips phase
  2 and phase 3 (PH3).

* phb4: Don't probe a PHB if its garded

  Presently phb4_probe_stack() causes an exception while trying to
  probe a PHB if its garded. This causes skiboot to go into a reboot
  loop with following exception log:

      ***********************************************
      Fatal MCE at 000000003006ecd4   .probe_phb4+0x570
      CFAR : 00000000300b98a0
      <snip>
      Aborting!
     CPU 0018 Backtrace:
      S: 0000000031cc37e0 R: 000000003001a51c   ._abort+0x4c
      S: 0000000031cc3860 R: 0000000030028170   .exception_entry+0x180
      S: 0000000031cc3a40 R: 0000000000001f10 *
      S: 0000000031cc3c20 R: 000000003006ecb0   .probe_phb4+0x54c
      S: 0000000031cc3e30 R: 0000000030014ca4   .main_cpu_entry+0x5b0
      S: 0000000031cc3f00 R: 0000000030002700   boot_entry+0x1b8

  This is caused as phb4_probe_stack() will ignore all xscom
  read/write errors to enable PHB Bars and then tries to perform an
  mmio to read PHB Version registers that cause the fatal MCE.

  We fix this by ignoring the PHB probe if the first xscom_write() to
  populate the PHB Bar register fails, which indicates that there is
  something wrong with the PHB.

* phb4: Workaround PHB errata with CFG write UR/CA errors

  If the PHB encounters a UR or CA status on a CFG write, it will
  incorrectly freeze the wrong PE. Instead of using the PE# specified
  in the CONFIG_ADDRESS register, it will use the PE# of whatever MMIO
  occurred last.

  Work around this disabling freeze on such errors

* phb4: Handle allocation errors in phb4_eeh_dump_regs()

  If the zalloc fails (and it can be a rather large allocation), we
  will overwite memory at 0 instead of failing.

* phb4: Don't try to access non-existent PEST entries

  In a POWER9 chip, some PHB4s have 256 PEs, some have 512.

  Currently, the diagnostics code retrieves 512 unconditionally, which
  is wrong and causes us to incorrectly report bogus values for the
  "high" PEs on the small PHBs.

  Use the actual number of implemented PEs instead


CAPI2
-----

* phb4/capp: Use link width to allocate STQ engines to CAPP

  Update phb4_init_capp_regs() to allocates STQ Engines to CAPP/PEC2
  based on link width instead of always assuming it to x8.

  Also re-factor the function slightly to evaluate the link-width only
  once and cache it so that it can also be used to allocate DMA read
  engines.

* phb4/capp: Update DMA read engines set in APC_FSM_READ_MASK based
  on link-width

  Commit 47c09cdfe7a3("phb4/capp: Calculate STQ/DMA read engines based
  on link-width for PEC") update the CAPP init sequence by calculating
  the needed STQ/DMA-read engines based on link width and populating
  it in XPEC_NEST_CAPP_CNTL register. This however needs to be
  synchronized with the value set in CAPP APC FSM Read Machine Mask
  Register.

  Hence this patch update phb4_init_capp_regs() to calculate the link
  width of the stack on PEC2 and populate the same values as
  previously populated in PEC CAPP_CNTL register.

* capp: Fix the capp recovery timeout comparison

  The current capp recovery timeout control loop in
  do_capp_recovery_scoms() uses a wrong comparison for return value of
  tb_compare(). This may cause do_capp_recovery_scoms() to report an
  timeout earlier than the 168ms stipulated time.

  The patch fixes this by updating the loop timeout control branch in
  do_capp_recovery_scoms() to use the correct enum tb_cmpval.

* phb4: Disable 32-bit MSI in capi mode

  If a capi device does a DMA write targeting an address lower than
  4GB, it does so through a 32-bit operation, per the PCI spec. In
  capi mode, the first TVE entry is configured in bypass mode, so the
  address is valid. But with any (bad) luck, the address could be
  0xFFFFxxxx, thus looking like a 32-bit MSI.

  We currently enable both 32-bit and 64-bit MSIs, so the PHB will
  interpret the DMA write as a MSI, which very likely results in an
  EEH (MSI with a bad payload size).

  We can fix it by disabling 32-bit MSI when switching the PHB to capi
  mode. Capi devices are 64-bit.


NVLINK2
-------

* npu2: Add support for relaxed-ordering mode

  Some device drivers support out of order access to GPU memory. This
  does not affect the CPU view of memory but it does affect the GPU
  view of memory. It should only be enabled if the GPU driver has
  requested it.

  Add OPAL APIs allowing the driver to query relaxed ordering state or
  request it to be set for a device. Current hardware only allows
  relaxed ordering to be enabled per PCIe root port. So the code here
  doesn't enable relaxed ordering until it has been explicitly
  requested for every device on the port.

* Add the other 7 ATSD registers to the device tree.

* npu2/hw-procedures: Don't open code
  NPU2_NTL_MISC_CFG2_BRICK_ENABLE

  Name this bit properly. There's a lot more cleanup like this to be
  done, but I'm catching this one now as part of some related changes.

* npu2/hw-procedures: Enable parity and credit overflow checks

  Enable these error checking features by setting the appropriate bits
  in our one-off initialization of each "NTL Misc Config 2" register.

  The exception is NDL RX parity checking, which should be disabled
  during the link training procedures.

* npu2: Use correct kill type for TCE invalidation

  kill_type is enum of OPAL_PCI_TCE_KILL_PAGES, OPAL_PCI_TCE_KILL_PE,
  OPAL_PCI_TCE_KILL_ALL and phb4_tce_kill() gets it right but
  npu2_tce_kill() uses OPAL_PCI_TCE_KILL which is an OPAL API token.

  This fixes an obvious mistype.


OpenCAPI
--------

* Support OpenCAPI on Witherspoon platform

* npu2-opencapi: Enable presence detection on ZZ

  Presence detection for opencapi adapters was broken for ZZ planars
  v3 and below. All ZZ systems currently used in the lab have had
  their planar upgraded, so we can now remove the override we had to
  force presence and activate presence detection. Which should improve
  boot time.

  Considering the state of opal support on ZZ, this is really only for
  lab usage on BML. The opencapi enablement team has okay'd the
  change. In the unlikely case somebody tries opencapi on an old ZZ,
  the presence detection through i2c will show that no adapter is
  present and skiboot won't try to access or train the link.

* npu2-opencapi: Don't send commands to NPU when link is down

  Even if an opencapi link is down, we currently always try to issue a
  config read operation when probing for PCI devices, because of the
  default scan map used for an opencapi PHB. The config operation
  fails, as expected, but it can also raise a FIR bit and trigger an
  HMI.

  For opencapi, there's no root device like for a "normal" PCI PHB, so
  there's no reason to do the config operation. To fix it, we keep the
  scan map blank by default, and only add a device once the link is
  trained.

* opal/hmi: Catch NPU2 HMIs for opencapi

  HMIs for NPU2 are filtered with the 'compatible' string of the PHB,
  so add opencapi to the mix.

* occ: Wait if OCC GPU presence status not immediately available

  It takes a few seconds for the OCC to set everything up in order to
  read GPU presence. At present, we try to kick off OCC initialisation
  as early as possible to maximise the time it has to read GPU
  presence.

  Unfortunately sometimes that's not enough, so add a loop in
  occ_get_gpu_presence() so that on the first time we try to get GPU
  presence we keep trying for up to 2 seconds. Experimentally this
  seems to be adequate.

* hw/npu2-hw-procedures: Enable RX auto recal on OpenCAPI links

  The RX_RC_ENABLE_AUTO_RECAL flag is required on OpenCAPI but not
  NVLink.

  Traditionally, Hostboot sets this value according to the machine
  type. However, now that Witherspoon supports both NVLink and
  OpenCAPI, it can't tell whether or not a link is OpenCAPI.

  So instead, set it in skiboot, where it will only be triggered after
  we've done device detection and found an OpenCAPI device.

* hw/npu2-opencapi: Fix setting of supported OpenCAPI templates

  In opal_npu_tl_set(), we made a typo that means the OPAL_NPU_TL_SET
  call may not clear the enable bits for templates that were
  previously enabled but are now disabled.

  Fix the typo so we clear NPU2_OTL_CONFIG1_TX_TEMP2_EN as well as
  TEMP{1,3}_EN.


Barreleye G2 and Zaius platforms
--------------------------------

* zaius: Add a slot table

* zaius: Add slots for the Barreleye G2 HDD rack

  The Barreleye G2 is distinct from the Zaius in that it features a 24
  Bay NVMe/SATA HDD rack. To provide meaningful slot names for each
  NVMe device we need to define a slot table for the NVMe capable HDD
  bays.

  Unfortunately this isn't straightforward because the PCIe path to
  the NVMe devices isn't fixed. The PCIe topology is something like:
  P9 -> HBA card -> 9797 switch -> 20x NVMe HDD slots

  The 9797 switch is partitioned into two (or four) virtual switches
  which allow multiple HBA cards to be used (e.g. one per socket). As
  a result the exact BDFN of the ports will vary depending on how the
  system is configured.

  That said, the virtual switch configuration of the 9797 does not
  change the device and function numbers of the switch downports. This
  means that we can define a single slot table that maps switch ports
  to the NVMe bay names.

  Unfortunately we still need to guess which bus to use this table on,
  so we assume that any switch downport we find with the PEX9797 VDID
  is part of the 9797 that supports the HDD rack.


FSP based platforms (firenze and ZZ)
------------------------------------

* phb4/capp: Update the expected Eye-catcher for CAPP ucode lid

  Currently on a FSP based P9 system load_capp_code() expects CAPP
  ucode lid header to have eye-catcher magic of 'CAPPPSLL'. However
  skiboot currently supports CAPP ucode only lids that have a eye-
  catcher magic of 'CAPPLIDH'. This prevents skiboot from loading the
  ucode with this error message:

     CAPP: ucode header invalid

  We fix this issue by updating load_capp_ucode() to use the eye-
  catcher value of 'CAPPLIDH' instead of 'CAPPPSLL'.

* FSP: Improve Reset/Reload log message

  Below message is confusing. Lets make it clear.

  FSP sends "R/R complete notification" whenever there is a dump. We
  use *flag* to identify whether its its R/R completion -OR- just new
  dump notification.

     [  483.406351956,6] FSP: SP says Reset/Reload complete
     [  483.406354278,5] DUMP: FipS dump available. ID = 0x1a00001f [size: 6367640 bytes]
     [  483.406355968,7]   A Reset/Reload was NOT done


Witherspoon platform
--------------------

* platforms/astbmc/witherspoon: Implement OpenCAPI support

  OpenCAPI on Witherspoon is slightly more involved than on Zaius and
  ZZ, due to the OpenCAPI links using the SXM2 connectors that are
  used for NVLink GPUs.

  This patch adds the regular OpenCAPI platform information, and also
  a Witherspoon-specific presence detection callback that uses the
  previously added OCC GPU presence detection to figure out the device
  types plugged into each SXM2 socket.

  The SXM2 connectors are capable of carrying 2 OpenCAPI links, and
  future OpenCAPI devices are expected to make use of this. However,
  we don't yet support ganged links and the various implications that
  has for handling things like device reset, so for now, we only
  enable 1 brick per device.

-- 
Stewart Smith
OPAL Architect, IBM.



More information about the Skiboot mailing list