[PATCH 08/18] arm64: cpufeature: Add a feature for FIQ support

Mon Feb 8 06:29:07 EST 2021

On Sun, 07 Feb 2021 08:28:35 +0000,
Hector Martin 'marcan' <marcan at marcan.st> wrote:
> 
> On 06/02/2021 22.58, Marc Zyngier wrote:
> > Hector Martin <marcan at marcan.st> wrote:
> >> +static void cpu_sync_irq_to_fiq(struct arm64_cpu_capabilities const *cap)
> >> +{
> >> +	u64 daif = read_sysreg(daif);
> >> +
> >> +	/*
> >> +	 * By this point in the boot process IRQs are likely masked and FIOs
> >> +	 * aren't, so we need to sync things to avoid spurious early FIQs.
> >> +	 */
> >> +
> >> +	if (daif & PSR_I_BIT)
> >> +		daif |= PSR_F_BIT;
> >> +	else
> >> +		daif &= ~PSR_F_BIT;
> >> +
> >> +	write_sysreg(daif, daif);
> > 
> > Could this happen too late? If, as explained above, we can get a FIQ
> > until we mask it here, what prevents something (a timer?) from kicking
> > and creating havoc just before the sync?
> 
> Nothing, other than timers not being enabled this early (hopefully the
> bootloader doesn't leave a rogue timer running for us...)

I'm not sure we want to trust the FW on that particular front (no
offence intended...;-).

> 
> > If the answer is "nothing", then it probably means that the default
> > behaviour should be to treat PSTATE.I and PSTATE.F as containing the
> > same value at all times, and not just as an afterthought when we
> > detect that we're on a CPU type or another.
> 
> I thought of this too. Originally I thought PSTATE.F was always set on
> other systems, and thus unmasking FIQs could cause problems if there
> is a pending rogue FIQ for some reason. However, while writing this
> patch I realized that as part of normal process state changes we
> already unmask FIQs anyway (see DAIF_PROCCTX).
> 
> Thus, in fact, this patch actually changes things (when the cpufeature
> is set) to mask FIQs in some cases where they currently aren't, and
> conversely to unmask them in some cases where they currently are. But
> the fact that FIQ masking is somewhat inconsistent to begin with
> suggests that we should be able to mess with it without causing
> breakage for other systems.
> 
> So I guess in this case it would be legitimate to just make I==F on
> every system, and if something breaks it should be fixed by making
> whatever is causing a rogue FIQ not do that, right?

That is my current take on this patch. Nothing in the arm64 kernel
expects a FIQ today, so *when* a FIQ fires is pretty much irrelevant,
as long as we handle it properly (panic). Keeping the two bits in sync
is trivial, and shouldn't carry material overhead.

> That would leave the vector switcheroo as the only thing the
> cpufeature does, which would certainly simplify a lot of the patch.
> 
> > This could expand into enabling Group-0 interrupts with GICv3 on
> > systems that have a single security state (such as virtual machines),
> > though I don't really see a good use case for it.
> 
> I could see having a separate vector path opening up the door for
> performance hacks for very specific use cases that want really low
> latency for *one* thing (e.g. the mess the Raspberry Pi folks do to
> work around that braindead USB controller's performance issues),
> though I imagine there would have to be very compelling reasons to
> develop a framework to do this sanely upstream.

In general, this only works for single security state systems (systems
without EL3 and VMs), as FIQs are usually routed to the secure side
otherwise. If tied to a GIC, Group-0 interrupts aren't configurable
from NS either.

> Incidentally, I have a personal interest in real-time performance
> (especially audio); once the dust settles and we have a workable
> kernel for normal use I do hope to spend some time taking a deep dive
> into latencies and finding RT-unfriendly code, but that's pretty far
> off right now. Maybe PREEMPT_RT will even be merged by then :-) (I
> hope that without SMM to screw things up on these machines they might
> make very nice RT-capable boxes...)

Aside from the lack of programmable priority, the lack of convenient
masking for per-CPU interrupts is a bit of an issue...

Thanks,

	M.

-- 
Without deviation from the norm, progress is not possible.