Set up a File-Lifecycle-Bound (FLB) handler for the PCI core to enable it to participate in the preservation of PCI devices across Live Update. Essentially, this commit enables the PCI core to allocate a struct (struct pci_ser) and preserve it across a Live Update whenever at least one device is preserved. Preserving PCI devices across Live Update is built on top of the Live Update Orchestrator's (LUO) support for file preservation. Drivers are expected to expose a file to userspace to represent a single PCI device and support preservation of that file. This is intended primarily to support preservation of PCI devices bound to VFIO drivers. This commit enables drivers to register their liveupdate_file_handler with the PCI core so that the PCI core can do its own tracking and enforcement of which devices are preserved. pci_liveupdate_register_flb(driver_file_handler); pci_liveupdate_unregister_flb(driver_file_handler); When the first file (with a handler registered with the PCI core) is preserved, the PCI core will be notified to allocate its tracking struct (pci_ser). When the last file is unpreserved (i.e. preservation cancelled) the PCI core will be notified to free struct pci_ser. This struct is preserved across a Live Update using KHO and can be fetched by the PCI core during early boot (e.g. during device enumeration) so that it knows which devices were preserved. Note: This commit only allocates struct pci_ser and preserves it across Live Update. A subsequent commit will add an API for drivers to tell the PCI core exactly which devices are being preserved. Note: There is no reason to check for kho_is_enabled() since it can be assumed to return true. If KHO was not enabled then Live Update would not be enabled and these routines would never run. Signed-off-by: David Matlack --- MAINTAINERS | 10 +++ drivers/pci/Kconfig | 14 +++ drivers/pci/Makefile | 1 + drivers/pci/liveupdate.c | 153 +++++++++++++++++++++++++++++++++ include/linux/kho/abi/pci.h | 61 +++++++++++++ include/linux/pci.h | 1 + include/linux/pci_liveupdate.h | 30 +++++++ 7 files changed, 270 insertions(+) create mode 100644 drivers/pci/liveupdate.c create mode 100644 include/linux/kho/abi/pci.h create mode 100644 include/linux/pci_liveupdate.h diff --git a/MAINTAINERS b/MAINTAINERS index 2fb1c75afd16..6c618830cf61 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -20530,6 +20530,16 @@ L: linux-pci@vger.kernel.org S: Supported F: Documentation/PCI/pci-error-recovery.rst +PCI LIVE UPDATE +M: David Matlack +L: kexec@lists.infradead.org +L: linux-pci@vger.kernel.org +S: Maintained +T: git git://git.kernel.org/pub/scm/linux/kernel/git/liveupdate/linux.git +F: drivers/pci/liveupdate.c +F: include/linux/kho/abi/pci.h +F: include/linux/pci_liveupdate.h + PCI MSI DRIVER FOR ALTERA MSI IP L: linux-pci@vger.kernel.org S: Orphan diff --git a/drivers/pci/Kconfig b/drivers/pci/Kconfig index 33c88432b728..08398cbe970c 100644 --- a/drivers/pci/Kconfig +++ b/drivers/pci/Kconfig @@ -328,6 +328,20 @@ config VGA_ARB_MAX_GPUS Reserves space in the kernel to maintain resource locking for multiple GPUS. The overhead for each GPU is very small. +config PCI_LIVEUPDATE + bool "PCI Live Update Support (EXPERIMENTAL)" + depends on PCI && LIVEUPDATE + help + Enable PCI core support for preserving PCI devices across Live + Update. This, in combination with support in a device's driver, + enables PCI devices to run and perform memory transactions + uninterrupted during a kexec for Live Update. + + This option should only be enabled by developers working on + implementing this support. + + If unsure, say N. + source "drivers/pci/hotplug/Kconfig" source "drivers/pci/controller/Kconfig" source "drivers/pci/endpoint/Kconfig" diff --git a/drivers/pci/Makefile b/drivers/pci/Makefile index 41ebc3b9a518..e8d003cb6757 100644 --- a/drivers/pci/Makefile +++ b/drivers/pci/Makefile @@ -16,6 +16,7 @@ obj-$(CONFIG_PROC_FS) += proc.o obj-$(CONFIG_SYSFS) += pci-sysfs.o slot.o obj-$(CONFIG_ACPI) += pci-acpi.o obj-$(CONFIG_GENERIC_PCI_IOMAP) += iomap.o +obj-$(CONFIG_PCI_LIVEUPDATE) += liveupdate.o endif obj-$(CONFIG_OF) += of.o diff --git a/drivers/pci/liveupdate.c b/drivers/pci/liveupdate.c new file mode 100644 index 000000000000..dd2449e12b6d --- /dev/null +++ b/drivers/pci/liveupdate.c @@ -0,0 +1,153 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * Copyright (c) 2026, Google LLC. + * David Matlack + */ + +/** + * DOC: PCI Live Update + * + * The PCI subsystem participates in the Live Update process to enable drivers + * to preserve their PCI devices across kexec. + * + * .. note:: + * The support for preserving PCI devices across Live Update is currently + * *partial* and should be considered *experimental*. It should only be + * used by developers working on the implementation for the time being. + * + * To enable the support, enable ``CONFIG_PCI_LIVEUPDATE``. + * + * File-Lifecycle-Bound (FLB) Data + * =============================== + * + * PCI device preservation across Live Update is built on top of the Live Update + * Orchestrator's (LUO) support for file preservation across kexec. Drivers + * are expected to expose a file to represent a single PCI device and support + * preservation of that file with ``ioctl(LIVEUPDATE_SESSION_PRESERVE_FD)``. + * This allows userspace to control the preservation of devices and ensure + * proper lifecycle management while a device is preserved. The first intended + * use-case is preserving vfio-pci device files. + * + * The PCI core maintains its own state about what devices are being preserved + * across Live Update using a feature called File-Lifecycle-Bound (FLB) data in + * LUO. Essentially, this allows the PCI core to allocate struct pci_ser when + * the first device (file) is preserved and free it when the last device (file) + * is unpreserved. After kexec, the PCI core can fetch the struct pci_ser (which + * was constructed by the previous kernel) from LUO at any time (e.g. during + * enumeration) so that it knows which devices were preserved. + * + * To enable the PCI core to be notified whenever a file representing a device + * is preserved, drivers must register their struct liveupdate_file_handler with + * the PCI core by using the following APIs: + * + * * ``pci_liveupdate_register_flb(driver_file_handler)`` + * * ``pci_liveupdate_unregister_flb(driver_file_handler)`` + */ + +#define pr_fmt(fmt) "PCI: liveupdate: " fmt + +#include +#include +#include +#include +#include +#include +#include + +static int pci_flb_preserve(struct liveupdate_flb_op_args *args) +{ + struct pci_dev *dev = NULL; + u32 max_nr_devices = 0; + struct pci_ser *ser; + unsigned long size; + + /* + * Allocate enough space to preserve all of the devices that are + * currently present on the system. Extra padding can be added to this + * in the future to increase the chances that there is enough room to + * preserve devices that are not yet present on the system (e.g. VFs, + * hot-plugged devices). + */ + for_each_pci_dev(dev) + max_nr_devices++; + + size = struct_size_t(struct pci_ser, devices, max_nr_devices); + + ser = kho_alloc_preserve(size); + if (IS_ERR(ser)) + return PTR_ERR(ser); + + pr_debug("Preserved struct pci_ser with room for %u devices\n", + max_nr_devices); + + ser->max_nr_devices = max_nr_devices; + ser->nr_devices = 0; + + args->obj = ser; + args->data = virt_to_phys(ser); + return 0; +} + +static void pci_flb_unpreserve(struct liveupdate_flb_op_args *args) +{ + struct pci_ser *ser = args->obj; + + WARN_ON_ONCE(ser->nr_devices); + kho_unpreserve_free(ser); + + pr_debug("Unpreserved struct pci_ser\n"); +} + +static int pci_flb_retrieve(struct liveupdate_flb_op_args *args) +{ + args->obj = phys_to_virt(args->data); + return 0; +} + +static void pci_flb_finish(struct liveupdate_flb_op_args *args) +{ + kho_restore_free(args->obj); +} + +static struct liveupdate_flb_ops pci_liveupdate_flb_ops = { + .preserve = pci_flb_preserve, + .unpreserve = pci_flb_unpreserve, + .retrieve = pci_flb_retrieve, + .finish = pci_flb_finish, + .owner = THIS_MODULE, +}; + +static struct liveupdate_flb pci_liveupdate_flb = { + .ops = &pci_liveupdate_flb_ops, + .compatible = PCI_LUO_FLB_COMPATIBLE, +}; + +/** + * pci_liveupdate_register_flb() - Register a file handler with the PCI core + * @fh: The file handler to register. + * + * Drivers should call pci_liveupdate_register_flb() to register their + * struct liveupdate_file_handler with the PCI core. This enables the PCI core + * to allocate its outgoing struct pci_ser whenever the first device is + * preserved, and free it when the last device is unpreserved. + * + * Return: 0 on success, <0 on failure. + */ +int pci_liveupdate_register_flb(struct liveupdate_file_handler *fh) +{ + pr_debug("Registering file handler \"%s\"\n", fh->compatible); + return liveupdate_register_flb(fh, &pci_liveupdate_flb); +} +EXPORT_SYMBOL_GPL(pci_liveupdate_register_flb); + +/** + * pci_liveupdate_unregister_flb() - Unregister a file handler with the PCI core + * @fh: The file handler to unregister. + */ +void pci_liveupdate_unregister_flb(struct liveupdate_file_handler *fh) +{ + pr_debug("Unregistering file handler \"%s\"\n", fh->compatible); + liveupdate_unregister_flb(fh, &pci_liveupdate_flb); +} +EXPORT_SYMBOL_GPL(pci_liveupdate_unregister_flb); diff --git a/include/linux/kho/abi/pci.h b/include/linux/kho/abi/pci.h new file mode 100644 index 000000000000..6ebcf817fff4 --- /dev/null +++ b/include/linux/kho/abi/pci.h @@ -0,0 +1,61 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* + * Copyright (c) 2026, Google LLC. + * David Matlack + */ + +#ifndef _LINUX_KHO_ABI_PCI_H +#define _LINUX_KHO_ABI_PCI_H + +#include +#include +#include + +/** + * DOC: PCI File-Lifecycle Bound (FLB) Live Update ABI + * + * This header defines the ABI for preserving core PCI state across kexec using + * Live Update File-Lifecycle Bound (FLB) data. + * + * This interface is a contract. Any modification to any of the serialization + * structs defined here constitutes a breaking change. Such changes require + * incrementing the version number in the PCI_LUO_FLB_COMPATIBLE string. + */ + +#define PCI_LUO_FLB_COMPATIBLE "pci-v1" + +/** + * struct pci_dev_ser - Serialized state about a single PCI device. + * + * @domain: The device's PCI domain number (segment). + * @bdf: The device's PCI bus, device, and function number. + * @padding: Padding to naturally align struct pci_dev_ser. + */ +struct pci_dev_ser { + u32 domain; + u16 bdf; + u16 padding; +} __packed; + +/** + * struct pci_ser - PCI Subsystem Live Update State + * + * This struct tracks state about all devices that are being preserved across + * a Live Update for the next kernel. + * + * @max_nr_devices: The length of the devices[] flexible array. + * @nr_devices: The number of devices that were preserved. + * @devices: Flexible array of pci_dev_ser structs for each device. + */ +struct pci_ser { + u32 max_nr_devices; + u32 nr_devices; + struct pci_dev_ser devices[]; +} __packed; + +/* Ensure all elements of devices[] are naturally aligned. */ +static_assert(offsetof(struct pci_ser, devices) % sizeof(unsigned long) == 0); +static_assert(sizeof(struct pci_dev_ser) % sizeof(unsigned long) == 0); + +#endif /* _LINUX_KHO_ABI_PCI_H */ diff --git a/include/linux/pci.h b/include/linux/pci.h index 2c4454583c11..8cadeeab86fd 100644 --- a/include/linux/pci.h +++ b/include/linux/pci.h @@ -42,6 +42,7 @@ #include #include +#include #define PCI_STATUS_ERROR_BITS (PCI_STATUS_DETECTED_PARITY | \ PCI_STATUS_SIG_SYSTEM_ERROR | \ diff --git a/include/linux/pci_liveupdate.h b/include/linux/pci_liveupdate.h new file mode 100644 index 000000000000..8ec98beefcb4 --- /dev/null +++ b/include/linux/pci_liveupdate.h @@ -0,0 +1,30 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * PCI Live Update support (Public/Driver API) + * + * Copyright (c) 2026, Google LLC. + * David Matlack + */ +#ifndef LINUX_PCI_LIVEUPDATE_H +#define LINUX_PCI_LIVEUPDATE_H + +#include +#include + +struct pci_dev; + +#ifdef CONFIG_PCI_LIVEUPDATE +int pci_liveupdate_register_flb(struct liveupdate_file_handler *fh); +void pci_liveupdate_unregister_flb(struct liveupdate_file_handler *fh); +#else +static inline int pci_liveupdate_register_flb(struct liveupdate_file_handler *fh) +{ + return -EOPNOTSUPP; +} + +static inline void pci_liveupdate_unregister_flb(struct liveupdate_file_handler *fh) +{ +} +#endif + +#endif /* LINUX_PCI_LIVEUPDATE_H */ -- 2.54.0.563.g4f69b47b94-goog Add APIs to allow drivers to notify the PCI core of which devices are being preserved across a Live Update for the next kernel, i.e. "outgoing" devices. Drivers must notify the PCI core when devices are preserved so that the PCI core can update its FLB data (struct pci_ser) and track the list of outgoing devices. pci_liveupdate_preserve() notifies the PCI core that a device must be preserved across Live Update. pci_liveupdate_unpreserve() reverses this (cancels the preservation of the device). This tracking ensures the PCI core is fully aware of which devices may need special handling during shutdown and kexec, and so that it can be handed off to the next kernel. Signed-off-by: David Matlack --- drivers/pci/liveupdate.c | 167 ++++++++++++++++++++++++++++++--- drivers/pci/probe.c | 3 + include/linux/kho/abi/pci.h | 9 +- include/linux/pci.h | 3 + include/linux/pci_liveupdate.h | 23 +++++ 5 files changed, 191 insertions(+), 14 deletions(-) diff --git a/drivers/pci/liveupdate.c b/drivers/pci/liveupdate.c index dd2449e12b6d..9c4582ecd55c 100644 --- a/drivers/pci/liveupdate.c +++ b/drivers/pci/liveupdate.c @@ -43,6 +43,26 @@ * * * ``pci_liveupdate_register_flb(driver_file_handler)`` * * ``pci_liveupdate_unregister_flb(driver_file_handler)`` + * + * Device Tracking + * =============== + * + * Drivers must notify the PCI core when specific devices are preserved or + * unpreserved with the following APIs: + * + * * ``pci_liveupdate_preserve(pci_dev)`` + * * ``pci_liveupdate_unpreserve(pci_dev)`` + * + * This allows the PCI core to keep its FLB data (struct pci_ser) up to date + * with the list of **outgoing** preserved devices for the next kernel. + * + * Restrictions + * ============ + * + * The PCI core enforces the following restrictions on which devices can be + * preserved. These may be relaxed in the future: + * + * * The device cannot be a Virtual Function (VF). */ #define pr_fmt(fmt) "PCI: liveupdate: " fmt @@ -55,13 +75,29 @@ #include #include +/** + * struct pci_flb_outgoing - Outgoing PCI FLB object + * @ser: The outgoing struct pci_ser for the next kernel. + * @lock: Lock used to protect against changes to @ser. + */ +struct pci_flb_outgoing { + struct pci_ser *ser; + struct mutex lock; +}; + static int pci_flb_preserve(struct liveupdate_flb_op_args *args) { + struct pci_flb_outgoing *outgoing; struct pci_dev *dev = NULL; u32 max_nr_devices = 0; - struct pci_ser *ser; unsigned long size; + outgoing = kmalloc_obj(*outgoing); + if (!outgoing) + return -ENOMEM; + + mutex_init(&outgoing->lock); + /* * Allocate enough space to preserve all of the devices that are * currently present on the system. Extra padding can be added to this @@ -74,27 +110,30 @@ static int pci_flb_preserve(struct liveupdate_flb_op_args *args) size = struct_size_t(struct pci_ser, devices, max_nr_devices); - ser = kho_alloc_preserve(size); - if (IS_ERR(ser)) - return PTR_ERR(ser); + outgoing->ser = kho_alloc_preserve(size); + if (IS_ERR(outgoing->ser)) { + kfree(outgoing); + return PTR_ERR(outgoing->ser); + } pr_debug("Preserved struct pci_ser with room for %u devices\n", max_nr_devices); - ser->max_nr_devices = max_nr_devices; - ser->nr_devices = 0; + outgoing->ser->max_nr_devices = max_nr_devices; + outgoing->ser->nr_devices = 0; - args->obj = ser; - args->data = virt_to_phys(ser); + args->obj = outgoing; + args->data = virt_to_phys(outgoing->ser); return 0; } static void pci_flb_unpreserve(struct liveupdate_flb_op_args *args) { - struct pci_ser *ser = args->obj; + struct pci_flb_outgoing *outgoing = args->obj; - WARN_ON_ONCE(ser->nr_devices); - kho_unpreserve_free(ser); + WARN_ON_ONCE(outgoing->ser->nr_devices); + kho_unpreserve_free(outgoing->ser); + kfree(outgoing); pr_debug("Unpreserved struct pci_ser\n"); } @@ -123,6 +162,112 @@ static struct liveupdate_flb pci_liveupdate_flb = { .compatible = PCI_LUO_FLB_COMPATIBLE, }; +/** + * pci_liveupdate_preserve() - Preserve a PCI device across Live Update + * @dev: The PCI device to preserve. + * + * pci_liveupdate_preserve() notifies the PCI core that a PCI device should be + * preserved across the next Live Update. Drivers must call + * pci_liveupdate_preserve() from their struct liveupdate_file_handler + * preserve() callback to ensure the outgoing struct pci_ser is allocated. + * + * Returns: 0 on success, <0 on failure. + */ +int pci_liveupdate_preserve(struct pci_dev *dev) +{ + struct pci_flb_outgoing *outgoing = NULL; + struct pci_ser *ser; + int i, ret; + + if (dev->is_virtfn) + return -EINVAL; + + ret = liveupdate_flb_get_outgoing(&pci_liveupdate_flb, (void **)&outgoing); + if (ret) + return ret; + + if (!outgoing) + return -ENOENT; + + guard(mutex)(&outgoing->lock); + ser = outgoing->ser; + + guard(write_lock)(&dev->liveupdate.lock); + + if (dev->liveupdate.outgoing) + return -EBUSY; + + if (ser->nr_devices == ser->max_nr_devices) + return -ENOSPC; + + for (i = 0; i < ser->max_nr_devices; i++) { + /* + * Start searching at index ser->nr_devices. This should result + * in a constant time search under expected conditions (devices + * are not getting unpreserved). + */ + int index = (ser->nr_devices + i) % ser->max_nr_devices; + struct pci_dev_ser *dev_ser = &ser->devices[index]; + + if (dev_ser->refcount) + continue; + + pci_info(dev, "Device will be preserved across next Live Update\n"); + ser->nr_devices++; + + dev_ser->domain = pci_domain_nr(dev->bus); + dev_ser->bdf = pci_dev_id(dev); + dev_ser->refcount = 1; + + dev->liveupdate.outgoing = dev_ser; + return 0; + } + + return -ENOSPC; +} +EXPORT_SYMBOL_GPL(pci_liveupdate_preserve); + +/** + * pci_liveupdate_unpreserve() - Cancel preservation of a PCI device + * @dev: The PCI device to preserve. + * + * pci_liveupdate_unpreserve() notifies the PCI core that a PCI device should no + * longer be preserved across the next Live Update. Drivers must call + * pci_liveupdate_unpreserve() from their struct liveupdate_file_handler + * unpreserve() callback to ensure the outgoing struct pci_ser is allocated. + */ +void pci_liveupdate_unpreserve(struct pci_dev *dev) +{ + struct pci_flb_outgoing *outgoing = NULL; + struct pci_dev_ser *dev_ser; + struct pci_ser *ser; + int ret; + + ret = liveupdate_flb_get_outgoing(&pci_liveupdate_flb, (void **)&outgoing); + + if (ret || !outgoing) { + pci_warn(dev, "Cannot unpreserve device without outgoing Live Update state\n"); + return; + } + + guard(mutex)(&outgoing->lock); + ser = outgoing->ser; + + guard(write_lock)(&dev->liveupdate.lock); + + dev_ser = dev->liveupdate.outgoing; + if (!dev_ser) { + pci_warn(dev, "Cannot unpreserve device that is not preserved\n"); + return; + } + + pci_info(dev, "Device will no longer be preserved across next Live Update\n"); + ser->nr_devices--; + memset(dev_ser, 0, sizeof(*dev_ser)); + dev->liveupdate.outgoing = NULL; +} +EXPORT_SYMBOL_GPL(pci_liveupdate_unpreserve); + /** * pci_liveupdate_register_flb() - Register a file handler with the PCI core * @fh: The file handler to register. diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c index b63cd0c310bc..54ae32cb0000 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -2522,6 +2522,9 @@ struct pci_dev *pci_alloc_dev(struct pci_bus *bus) spin_lock_init(&dev->pcie_cap_lock); #ifdef CONFIG_PCI_MSI raw_spin_lock_init(&dev->msi_lock); +#endif +#ifdef CONFIG_PCI_LIVEUPDATE + rwlock_init(&dev->liveupdate.lock); #endif return dev; } diff --git a/include/linux/kho/abi/pci.h b/include/linux/kho/abi/pci.h index 6ebcf817fff4..807fe0e6538f 100644 --- a/include/linux/kho/abi/pci.h +++ b/include/linux/kho/abi/pci.h @@ -23,19 +23,22 @@ * incrementing the version number in the PCI_LUO_FLB_COMPATIBLE string. */ -#define PCI_LUO_FLB_COMPATIBLE "pci-v1" +#define PCI_LUO_FLB_COMPATIBLE "pci-v2" /** * struct pci_dev_ser - Serialized state about a single PCI device. * * @domain: The device's PCI domain number (segment). * @bdf: The device's PCI bus, device, and function number. - * @padding: Padding to naturally align struct pci_dev_ser. + * @refcount: Reference count used by the PCI core to keep track of whether it + * is done using a device's struct pci_dev_ser. The value of the + * refcount is equal to the number of devices preserved at or below + * this device in the PCI hierarchy. */ struct pci_dev_ser { u32 domain; u16 bdf; - u16 padding; + u16 refcount; } __packed; /** diff --git a/include/linux/pci.h b/include/linux/pci.h index 8cadeeab86fd..a7c3722b1e77 100644 --- a/include/linux/pci.h +++ b/include/linux/pci.h @@ -594,6 +594,9 @@ struct pci_dev { u8 tph_mode; /* TPH mode */ u8 tph_req_type; /* TPH requester type */ #endif +#ifdef CONFIG_PCI_LIVEUPDATE + struct pci_liveupdate liveupdate; +#endif }; static inline struct pci_dev *pci_physfn(struct pci_dev *dev) diff --git a/include/linux/pci_liveupdate.h b/include/linux/pci_liveupdate.h index 8ec98beefcb4..0803d44becd5 100644 --- a/include/linux/pci_liveupdate.h +++ b/include/linux/pci_liveupdate.h @@ -8,14 +8,28 @@ #ifndef LINUX_PCI_LIVEUPDATE_H #define LINUX_PCI_LIVEUPDATE_H +#include #include #include +#include + +/** + * struct pci_liveupdate - PCI Live Update state for a struct pci_dev + * @lock: Lock used to protect members of struct pci_liveupdate. + * @outgoing: State preserved for the next kernel. + */ +struct pci_liveupdate { + rwlock_t lock; + struct pci_dev_ser *outgoing; +}; struct pci_dev; #ifdef CONFIG_PCI_LIVEUPDATE int pci_liveupdate_register_flb(struct liveupdate_file_handler *fh); void pci_liveupdate_unregister_flb(struct liveupdate_file_handler *fh); +int pci_liveupdate_preserve(struct pci_dev *dev); +void pci_liveupdate_unpreserve(struct pci_dev *dev); #else static inline int pci_liveupdate_register_flb(struct liveupdate_file_handler *fh) { @@ -25,6 +39,15 @@ static inline int pci_liveupdate_register_flb(struct liveupdate_file_handler *fh static inline void pci_liveupdate_unregister_flb(struct liveupdate_file_handler *fh) { } + +static inline int pci_liveupdate_preserve(struct pci_dev *dev) +{ + return -EOPNOTSUPP; +} + +static inline void pci_liveupdate_unpreserve(struct pci_dev *dev) +{ +} #endif #endif /* LINUX_PCI_LIVEUPDATE_H */ -- 2.54.0.563.g4f69b47b94-goog During PCI enumeration, the previous kernel might have passed state about devices that were preserved across kexec. The PCI core needs to fetch this state to identify which devices are "incoming" and require special handling. Add pci_liveupdate_setup_device() which is called during device setup to fetch the serialized state (struct pci_ser) from the Live Update Orchestrator. The first time this happens, pci_flb_retrieve() will run and convert the array of pci_dev_ser structs into an xarray so that it can be looked up efficiently. If a device is found in the xarray, the PCI core stores a pointer to its state in dev->liveupdate_incoming and holds a reference to the incoming FLB until pci_liveupdate_finish() is called by the driver. This ensures proper lifecycle management for incoming preserved devices and allows the PCI core and drivers to apply specific Live Update logic to them in subsequent commits. Drivers can check if a device is an incoming preserved device (e.g. during probe) by calling pci_liveupdate_is_incoming(). CONFIG_64BIT is now required to enable CONFIG_PCI_LIVEUPDATE so that the domain and bdf can be guaranteed to fit in an unsigned long and be used as the xarray key. Signed-off-by: David Matlack --- MAINTAINERS | 1 + drivers/pci/Kconfig | 2 +- drivers/pci/liveupdate.c | 223 ++++++++++++++++++++++++++++++++- drivers/pci/liveupdate.h | 26 ++++ drivers/pci/probe.c | 5 + include/linux/pci_liveupdate.h | 13 ++ 6 files changed, 267 insertions(+), 3 deletions(-) create mode 100644 drivers/pci/liveupdate.h diff --git a/MAINTAINERS b/MAINTAINERS index 6c618830cf61..0e262c0ceb43 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -20537,6 +20537,7 @@ L: linux-pci@vger.kernel.org S: Maintained T: git git://git.kernel.org/pub/scm/linux/kernel/git/liveupdate/linux.git F: drivers/pci/liveupdate.c +F: drivers/pci/liveupdate.h F: include/linux/kho/abi/pci.h F: include/linux/pci_liveupdate.h diff --git a/drivers/pci/Kconfig b/drivers/pci/Kconfig index 08398cbe970c..eea0a6cd388a 100644 --- a/drivers/pci/Kconfig +++ b/drivers/pci/Kconfig @@ -330,7 +330,7 @@ config VGA_ARB_MAX_GPUS config PCI_LIVEUPDATE bool "PCI Live Update Support (EXPERIMENTAL)" - depends on PCI && LIVEUPDATE + depends on PCI && LIVEUPDATE && 64BIT help Enable PCI core support for preserving PCI devices across Live Update. This, in combination with support in a device's driver, diff --git a/drivers/pci/liveupdate.c b/drivers/pci/liveupdate.c index 9c4582ecd55c..f14396dd1477 100644 --- a/drivers/pci/liveupdate.c +++ b/drivers/pci/liveupdate.c @@ -56,6 +56,20 @@ * This allows the PCI core to keep its FLB data (struct pci_ser) up to date * with the list of **outgoing** preserved devices for the next kernel. * + * After kexec, whenever a device is enumerated, the PCI core will check if it + * is an **incoming** preserved device (i.e. preserved by the previous kernel) + * by checking the incoming FLB data (struct pci_ser). + * + * Drivers must notify the PCI core when an **incoming** device is done + * participating in the incoming Live Update with the following API: + * + * * ``pci_liveupdate_finish(pci_dev)`` + * + * The PCI core does not enforce any ordering of ``pci_liveupdate_finish()`` and + * ``pci_liveupdate_preserve()``. i.e. A PCI device can be **outgoing** + * (preserved for next kernel) and **incoming** (preserved by previous kernel) + * at the same time. + * * Restrictions * ============ * @@ -75,6 +89,8 @@ #include #include +#include "liveupdate.h" + /** * struct pci_flb_outgoing - Outgoing PCI FLB object * @ser: The outgoing struct pci_ser for the next kernel. @@ -85,6 +101,21 @@ struct pci_flb_outgoing { struct mutex lock; }; +/** + * struct pci_flb_incoming - Incoming PCI FLB object + * @ser: The incoming struct pci_ser from the previous kernel. + * @xa: Xarray used to quickly lookup devices in @ser. + */ +struct pci_flb_incoming { + struct pci_ser *ser; + struct xarray xa; +}; + +static unsigned long pci_ser_xa_key(u32 domain, u16 bdf) +{ + return domain << 16 | bdf; +} + static int pci_flb_preserve(struct liveupdate_flb_op_args *args) { struct pci_flb_outgoing *outgoing; @@ -140,13 +171,44 @@ static void pci_flb_unpreserve(struct liveupdate_flb_op_args *args) static int pci_flb_retrieve(struct liveupdate_flb_op_args *args) { - args->obj = phys_to_virt(args->data); + struct pci_flb_incoming *incoming; + int i, ret; + + incoming = kmalloc_obj(*incoming); + if (!incoming) + return -ENOMEM; + + incoming->ser = phys_to_virt(args->data); + + xa_init(&incoming->xa); + + for (i = 0; i < incoming->ser->max_nr_devices; i++) { + struct pci_dev_ser *dev_ser = &incoming->ser->devices[i]; + unsigned long key; + + if (!dev_ser->refcount) + continue; + + key = pci_ser_xa_key(dev_ser->domain, dev_ser->bdf); + ret = xa_err(xa_store(&incoming->xa, key, dev_ser, GFP_KERNEL)); + if (ret) { + xa_destroy(&incoming->xa); + kfree(incoming); + return ret; + } + } + + args->obj = incoming; return 0; } static void pci_flb_finish(struct liveupdate_flb_op_args *args) { - kho_restore_free(args->obj); + struct pci_flb_incoming *incoming = args->obj; + + xa_destroy(&incoming->xa); + kho_restore_free(incoming->ser); + kfree(incoming); } static struct liveupdate_flb_ops pci_liveupdate_flb_ops = { @@ -268,6 +330,163 @@ void pci_liveupdate_unpreserve(struct pci_dev *dev) } EXPORT_SYMBOL_GPL(pci_liveupdate_unpreserve); +static struct pci_flb_incoming *pci_liveupdate_flb_get_incoming(void) +{ + struct pci_flb_incoming *incoming = NULL; + int ret; + + ret = liveupdate_flb_get_incoming(&pci_liveupdate_flb, (void **)&incoming); + + /* Live Update is not enabled. */ + if (ret == -EOPNOTSUPP) + return NULL; + + /* Live Update is enabled, but there is no incoming FLB data. */ + if (ret == -ENODATA) + return NULL; + + /* + * Live Update is enabled and there is incoming FLB data, but none of it + * matches pci_liveupdate_flb.compatible. + * + * This could mean that no PCI FLB data was passed by the previous + * kernel, but it could also mean the previous kernel used a different + * compatibility string (i.e. a different ABI). + */ + if (ret == -ENOENT) { + pr_info_once("No incoming FLB matched %s\n", pci_liveupdate_flb.compatible); + return NULL; + } + + /* + * There is incoming FLB data that matches pci_liveupdate_flb.compatible + * but it cannot be retrieved. + */ + if (ret) { + WARN_ONCE(ret, "Failed to retrieve incoming FLB data\n"); + return NULL; + } + + return incoming; +} + +static void pci_liveupdate_flb_put_incoming(void) +{ + liveupdate_flb_put_incoming(&pci_liveupdate_flb); +} + +void pci_liveupdate_setup_device(struct pci_dev *dev) +{ + struct pci_flb_incoming *incoming; + struct pci_dev_ser *dev_ser; + unsigned long key; + + incoming = pci_liveupdate_flb_get_incoming(); + if (!incoming) + return; + + key = pci_ser_xa_key(pci_domain_nr(dev->bus), pci_dev_id(dev)); + dev_ser = xa_load(&incoming->xa, key); + + /* This device was not preserved across Live Update */ + if (!dev_ser) { + pci_liveupdate_flb_put_incoming(); + return; + } + + /* + * This device was preserved, but has already been probed and gone + * through pci_liveupdate_finish(). This can happen if PCI core probes + * the same device multiple times, e.g. due to hotplug. + */ + if (!dev_ser->refcount) { + pci_liveupdate_flb_put_incoming(); + return; + } + + pci_info(dev, "Device was preserved by previous kernel across Live Update\n"); + guard(write_lock)(&dev->liveupdate.lock); + dev->liveupdate.incoming = dev_ser; + + /* + * Hold the ref on the incoming FLB until pci_liveupdate_finish() so + * that dev->liveupdate.incoming does not get freed while it is in use. + */ +} + +void pci_liveupdate_cleanup_device(struct pci_dev *dev) +{ + bool incoming; + + scoped_guard(write_lock, &dev->liveupdate.lock) + incoming = !!xchg(&dev->liveupdate.incoming, NULL); + + /* + * Drop the FLB reference acquired in pci_liveupdate_setup_device() if + * the device is being cleaned up before pci_liveupdate_finish(), e.g. + * due to allocation failure during setup. + * + * Do not drop dev->liveupdate.incoming->refcount since this device has + * not gone through pci_liveupdate_finish() and thus is still an + * incoming preserved device. + */ + if (incoming) + pci_liveupdate_flb_put_incoming(); +} + +/** + * pci_liveupdate_finish() - Finish the preservation of a PCI device across Live Update + * @dev: The PCI device + * + * pci_liveupdate_finish() notifies the PCI core that a PCI device that was + * preserved across the previous Live Update has finished participating in Live + * Update. Drivers must call pci_liveupdate_finish() from their struct + * liveupdate_file_handler finish() callback to ensure the incoming struct + * pci_ser is allocated. + */ +void pci_liveupdate_finish(struct pci_dev *dev) +{ + guard(write_lock)(&dev->liveupdate.lock); + + if (!dev->liveupdate.incoming) { + pci_warn(dev, "Cannot finish preserving an unpreserved device\n"); + return; + } + + pci_info(dev, "Device is finished participating in Live Update\n"); + + /* + * Drop the refcount so this device does not get treated as an incoming + * device again, e.g. in case pci_liveupdate_setup_device() gets called + * again because the device is hot-plugged. + */ + dev->liveupdate.incoming->refcount = 0; + dev->liveupdate.incoming = NULL; + + /* Drop this device's reference on the incoming FLB. */ + pci_liveupdate_flb_put_incoming(); +} +EXPORT_SYMBOL_GPL(pci_liveupdate_finish); + +/** + * pci_liveupdate_is_incoming() - Check if a device is incoming preserved + * @dev: The PCI device to check + * + * Check if a device was preserved across Live Update by the previous kernel, + * i.e. the device is incoming preserved. Note that a device is only considered + * incoming preserved prior to pci_liveupdate_finish(). It is up to drivers to + * synchronize usage of pci_liveupdate_is_incoming() with their own call to + * pci_liveupdate_finish() to avoid acting on stale data. + * + * Returns: True if the device is incoming preserved, false otherwise. + */ +bool pci_liveupdate_is_incoming(struct pci_dev *dev) +{ + guard(read_lock)(&dev->liveupdate.lock); + return dev->liveupdate.incoming; +} +EXPORT_SYMBOL_GPL(pci_liveupdate_is_incoming); + /** * pci_liveupdate_register_flb() - Register a file handler with the PCI core * @fh: The file handler to register. diff --git a/drivers/pci/liveupdate.h b/drivers/pci/liveupdate.h new file mode 100644 index 000000000000..eaaa3559fd77 --- /dev/null +++ b/drivers/pci/liveupdate.h @@ -0,0 +1,26 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * PCI Live Update support (core API) + * + * Copyright (c) 2026, Google LLC. + * David Matlack + */ +#ifndef DRIVERS_PCI_LIVEUPDATE_H +#define DRIVERS_PCI_LIVEUPDATE_H + +#include + +#ifdef CONFIG_PCI_LIVEUPDATE +void pci_liveupdate_setup_device(struct pci_dev *dev); +void pci_liveupdate_cleanup_device(struct pci_dev *dev); +#else +static inline void pci_liveupdate_setup_device(struct pci_dev *dev) +{ +} + +static inline void pci_liveupdate_cleanup_device(struct pci_dev *dev) +{ +} +#endif + +#endif /* DRIVERS_PCI_LIVEUPDATE_H */ diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c index 54ae32cb0000..b5fdc5017f92 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -24,6 +24,7 @@ #include #include #include +#include "liveupdate.h" #include "pci.h" static struct resource busn_resource = { @@ -2069,6 +2070,8 @@ int pci_setup_device(struct pci_dev *dev) if (pci_early_dump) early_dump_pci_device(dev); + pci_liveupdate_setup_device(dev); + /* Need to have dev->class ready */ dev->cfg_size = pci_cfg_space_size(dev); @@ -2192,6 +2195,7 @@ int pci_setup_device(struct pci_dev *dev) default: /* unknown header */ pci_err(dev, "unknown header type %02x, ignoring device\n", dev->hdr_type); + pci_liveupdate_cleanup_device(dev); pci_release_of_node(dev); return -EIO; @@ -2490,6 +2494,7 @@ static void pci_release_dev(struct device *dev) pci_dev = to_pci_dev(dev); pci_release_capabilities(pci_dev); + pci_liveupdate_cleanup_device(pci_dev); pci_release_of_node(pci_dev); pcibios_release_device(pci_dev); pci_bus_put(pci_dev->bus); diff --git a/include/linux/pci_liveupdate.h b/include/linux/pci_liveupdate.h index 0803d44becd5..1c2ee32ad058 100644 --- a/include/linux/pci_liveupdate.h +++ b/include/linux/pci_liveupdate.h @@ -17,10 +17,12 @@ * struct pci_liveupdate - PCI Live Update state for a struct pci_dev * @lock: Lock used to protect members of struct pci_liveupdate. * @outgoing: State preserved for the next kernel. + * @incoming: State preserved by the previous kernel. */ struct pci_liveupdate { rwlock_t lock; struct pci_dev_ser *outgoing; + struct pci_dev_ser *incoming; }; struct pci_dev; @@ -30,6 +32,8 @@ int pci_liveupdate_register_flb(struct liveupdate_file_handler *fh); void pci_liveupdate_unregister_flb(struct liveupdate_file_handler *fh); int pci_liveupdate_preserve(struct pci_dev *dev); void pci_liveupdate_unpreserve(struct pci_dev *dev); +void pci_liveupdate_finish(struct pci_dev *dev); +bool pci_liveupdate_is_incoming(struct pci_dev *dev); #else static inline int pci_liveupdate_register_flb(struct liveupdate_file_handler *fh) { @@ -48,6 +52,15 @@ static inline int pci_liveupdate_preserve(struct pci_dev *dev) static inline void pci_liveupdate_unpreserve(struct pci_dev *dev) { } + +static inline void pci_liveupdate_finish(struct pci_dev *dev) +{ +} + +static inline bool pci_liveupdate_is_incoming(struct pci_dev *dev) +{ + return false; +} #endif #endif /* LINUX_PCI_LIVEUPDATE_H */ -- 2.54.0.563.g4f69b47b94-goog Document how driver binding works during a Live Update and what the PCI core expects of drivers and users. Note that this is only a description of the current division of responsibilities. These can change in the future if we decide. Signed-off-by: David Matlack --- drivers/pci/liveupdate.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/pci/liveupdate.c b/drivers/pci/liveupdate.c index f14396dd1477..d77e64906a25 100644 --- a/drivers/pci/liveupdate.c +++ b/drivers/pci/liveupdate.c @@ -77,6 +77,22 @@ * preserved. These may be relaxed in the future: * * * The device cannot be a Virtual Function (VF). + * + * Driver Binding + * ============== + * + * In the outgoing kernel, it is the driver's responsibility to ensure that it + * does not release a device between pci_liveupdate_preserve() and + * pci_liveupdate_unpreserve(). + * + * In the incoming kernel, it is the driver's responsibility to ensure that it + * does not release a preserved device between probe() and + * pci_liveupdate_finish(). + * + * It is the user's responsibility to ensure that incoming preserved devices are + * bound to the correct driver. i.e. The PCI core does not protect against a + * device getting preserved by driver A in the outgoing kernel and then getting + * bound to driver B in the incoming kernel. */ #define pr_fmt(fmt) "PCI: liveupdate: " fmt -- 2.54.0.563.g4f69b47b94-goog During a Live Update, preserved devices must be allowed to continue performing memory transactions so the kernel cannot change the fabric topology, including bus numbers, since that would require disabling and flushing any memory transactions first. To keep bus numbers constant, always inherit the secondary and subordinate bus numbers assigned to bridges during scanning, instead of assigning new ones, if any PCI devices are being preserved. Note that the kernel inherits bus numbers even on bridges without any downstream endpoints that were preserved. This avoids accidentally assigning a bridge a new window that overlaps with a preserved device that is downstream of a different bridge. If a bridge is scanned with a broken topology or has no bus numbers set during a Live Update, refuse to assign it new bus numbers and refuse to enumerate devices below it. This is a safety measure to prevent topology conflicts. Require that CONFIG_CARDBUS is not enabled to enable CONFIG_PCI_LIVEUPDATE since inheriting bus numbers on PCI-to-CardBus bridges requires additional work but is not a priority at the moment. Signed-off-by: David Matlack --- .../admin-guide/kernel-parameters.txt | 6 +- drivers/pci/Kconfig | 2 +- drivers/pci/liveupdate.c | 60 +++++++++++++++++++ drivers/pci/liveupdate.h | 6 ++ drivers/pci/probe.c | 21 +++++-- 5 files changed, 89 insertions(+), 6 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 4d0f545fb3ec..a64af71c2705 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -5138,7 +5138,11 @@ Kernel parameters explicitly which ones they are. assign-busses [X86] Always assign all PCI bus numbers ourselves, overriding - whatever the firmware may have done. + whatever the firmware may have done. Ignored + during a Live Update, where the kernel must + inherit the PCI topology (including bus numbers) + to avoid interrupting ongoing memory + transactions of preserved devices. usepirqmask [X86] Honor the possible IRQ mask stored in the BIOS $PIR table. This is needed on some systems with broken BIOSes, notably diff --git a/drivers/pci/Kconfig b/drivers/pci/Kconfig index eea0a6cd388a..aa665231921c 100644 --- a/drivers/pci/Kconfig +++ b/drivers/pci/Kconfig @@ -330,7 +330,7 @@ config VGA_ARB_MAX_GPUS config PCI_LIVEUPDATE bool "PCI Live Update Support (EXPERIMENTAL)" - depends on PCI && LIVEUPDATE && 64BIT + depends on PCI && LIVEUPDATE && 64BIT && !CARDBUS help Enable PCI core support for preserving PCI devices across Live Update. This, in combination with support in a device's driver, diff --git a/drivers/pci/liveupdate.c b/drivers/pci/liveupdate.c index d77e64906a25..558fbaec8ddd 100644 --- a/drivers/pci/liveupdate.c +++ b/drivers/pci/liveupdate.c @@ -93,6 +93,21 @@ * bound to the correct driver. i.e. The PCI core does not protect against a * device getting preserved by driver A in the outgoing kernel and then getting * bound to driver B in the incoming kernel. + * + * BDF Stability + * ============= + * + * The PCI core guarantees that preserved devices can be identified by the same + * bus, device, and function numbers for as long as they are preserved + * (including across kexec). To accomplish this, the PCI core always inherits + * the secondary and subordinate bus numbers assigned to bridges during scanning + * if any device is preserved. This is true even on architectures that always + * assign new bus numbers during scanning. The kernel assumes the previous + * kernel established a sane bus topology across kexec. + * + * If a misconfigured or unconfigured bridge is encountered during enumeration + * while there are preserved devices, itss secondary and subordinate bus numbers + * will be cleared and devices below it will not be enumerated. */ #define pr_fmt(fmt) "PCI: liveupdate: " fmt @@ -107,6 +122,20 @@ #include "liveupdate.h" +/* + * During a Live Update, preserved devices are allowed to continue performing + * memory transactions. The kernel must not change the fabric topology, + * including bus numbers, since that would require disabling and flushing any + * memory transactions first. + * + * To keep things simple, inherit the secondary and subordinate bus numbers on + * _all_ bridges if _any_ PCI devices are preserved (i.e. even bridges without + * any downstream endpoints that were preserved). This avoids accidentally + * assigning a bridge a new window that overlaps with a preserved device that is + * downstream of a different bridge. + */ +static atomic_t inherit_buses; + /** * struct pci_flb_outgoing - Outgoing PCI FLB object * @ser: The outgoing struct pci_ser for the next kernel. @@ -132,6 +161,29 @@ static unsigned long pci_ser_xa_key(u32 domain, u16 bdf) return domain << 16 | bdf; } +bool pci_liveupdate_inherit_buses(void) +{ + return atomic_read(&inherit_buses); +} + +static void pci_set_liveupdate_inherit_buses(bool enable) +{ + /* Ensure updates to inherit_buses do not race with rescans */ + pci_lock_rescan_remove(); + + /* + * Increment/decrement instead of setting directly to true/false so that + * pci_liveupdate_inherit_buses() returns true if any device is outgoing + * preserved or incoming preserved. + */ + if (enable) + atomic_inc(&inherit_buses); + else + atomic_dec(&inherit_buses); + + pci_unlock_rescan_remove(); +} + static int pci_flb_preserve(struct liveupdate_flb_op_args *args) { struct pci_flb_outgoing *outgoing; @@ -171,6 +223,8 @@ static int pci_flb_preserve(struct liveupdate_flb_op_args *args) args->obj = outgoing; args->data = virt_to_phys(outgoing->ser); + + pci_set_liveupdate_inherit_buses(true); return 0; } @@ -178,6 +232,8 @@ static void pci_flb_unpreserve(struct liveupdate_flb_op_args *args) { struct pci_flb_outgoing *outgoing = args->obj; + pci_set_liveupdate_inherit_buses(false); + WARN_ON_ONCE(outgoing->ser->nr_devices); kho_unpreserve_free(outgoing->ser); kfree(outgoing); @@ -215,6 +271,8 @@ static int pci_flb_retrieve(struct liveupdate_flb_op_args *args) } args->obj = incoming; + + pci_set_liveupdate_inherit_buses(true); return 0; } @@ -222,6 +280,8 @@ static void pci_flb_finish(struct liveupdate_flb_op_args *args) { struct pci_flb_incoming *incoming = args->obj; + pci_set_liveupdate_inherit_buses(false); + xa_destroy(&incoming->xa); kho_restore_free(incoming->ser); kfree(incoming); diff --git a/drivers/pci/liveupdate.h b/drivers/pci/liveupdate.h index eaaa3559fd77..0bd3e961d5c5 100644 --- a/drivers/pci/liveupdate.h +++ b/drivers/pci/liveupdate.h @@ -13,6 +13,7 @@ #ifdef CONFIG_PCI_LIVEUPDATE void pci_liveupdate_setup_device(struct pci_dev *dev); void pci_liveupdate_cleanup_device(struct pci_dev *dev); +bool pci_liveupdate_inherit_buses(void); #else static inline void pci_liveupdate_setup_device(struct pci_dev *dev) { @@ -21,6 +22,11 @@ static inline void pci_liveupdate_setup_device(struct pci_dev *dev) static inline void pci_liveupdate_cleanup_device(struct pci_dev *dev) { } + +static inline bool pci_liveupdate_inherit_buses(void) +{ + return false; +} #endif #endif /* DRIVERS_PCI_LIVEUPDATE_H */ diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c index b5fdc5017f92..08ea9324647b 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -1375,6 +1375,14 @@ bool pci_ea_fixed_busnrs(struct pci_dev *dev, u8 *sec, u8 *sub) return true; } +static bool pci_should_assign_new_buses(void) +{ + if (pci_liveupdate_inherit_buses()) + return false; + + return pcibios_assign_all_busses(); +} + /* * pci_scan_bridge_extend() - Scan buses behind a bridge * @bus: Parent bus the bridge is on @@ -1402,6 +1410,7 @@ static int pci_scan_bridge_extend(struct pci_bus *bus, struct pci_dev *dev, int max, unsigned int available_buses, int pass) { + const bool assign_new_buses = pci_should_assign_new_buses(); struct pci_bus *child; u32 buses; u16 bctl; @@ -1454,8 +1463,7 @@ static int pci_scan_bridge_extend(struct pci_bus *bus, struct pci_dev *dev, goto out; } - if ((secondary || subordinate) && - !pcibios_assign_all_busses() && !broken) { + if ((secondary || subordinate) && !assign_new_buses && !broken) { unsigned int cmax, buses; /* @@ -1497,8 +1505,7 @@ static int pci_scan_bridge_extend(struct pci_bus *bus, struct pci_dev *dev, * do in the second pass. */ if (!pass) { - if (pcibios_assign_all_busses() || broken) - + if (assign_new_buses || broken) /* * Temporarily disable forwarding of the * configuration cycles on all bridges in @@ -1512,6 +1519,12 @@ static int pci_scan_bridge_extend(struct pci_bus *bus, struct pci_dev *dev, goto out; } + if (pci_liveupdate_inherit_buses()) { + pci_err(dev, "Cannot reconfigure bridge during Live Update!\n"); + pci_err(dev, "Downstream devices will not be enumerated!\n"); + goto out; + } + /* Clear errors */ pci_write_config_word(dev, PCI_STATUS, 0xffff); -- 2.54.0.563.g4f69b47b94-goog When a PCI device is preserved across a Live Update, all of its upstream bridges up to the root port must also be preserved. This enables the PCI core and any drivers bound to the bridges to manage bridges correctly across a Live Update. Notably, this will be used in subsequent commits to ensure that preserved devices can continue performing memory transactions without a disruption or change in routing. To preserve bridges, the PCI core tracks the number of downstream devices preserved under each bridge using a reference count in struct pci_dev_ser. This allows a bridge to remain preserved until all its downstream preserved devices are unpreserved or finish their participation in the Live Update. Signed-off-by: David Matlack --- drivers/pci/liveupdate.c | 241 ++++++++++++++++++++++++++++++--------- 1 file changed, 184 insertions(+), 57 deletions(-) diff --git a/drivers/pci/liveupdate.c b/drivers/pci/liveupdate.c index 558fbaec8ddd..d8e06afde2c7 100644 --- a/drivers/pci/liveupdate.c +++ b/drivers/pci/liveupdate.c @@ -108,6 +108,18 @@ * If a misconfigured or unconfigured bridge is encountered during enumeration * while there are preserved devices, itss secondary and subordinate bus numbers * will be cleared and devices below it will not be enumerated. + * + * PCI-to-PCI Bridges + * ================== + * + * Any PCI-to-PCI bridges upstream of a preserved device are automatically + * preserved when the device is preserved. The PCI core keeps track of the + * number of downstream devices that are preserved under a bridge so that the + * bridge is only unpreserved once all downstream devices are unpreserved. + * + * This enables the PCI core and any drivers bound to the bridge to participate + * in the Live Update so that preserved endpoints can continue issuing memory + * transactions during the Live Update. */ #define pr_fmt(fmt) "PCI: liveupdate: " fmt @@ -300,41 +312,55 @@ static struct liveupdate_flb pci_liveupdate_flb = { .compatible = PCI_LUO_FLB_COMPATIBLE, }; -/** - * pci_liveupdate_preserve() - Preserve a PCI device across Live Update - * @dev: The PCI device to preserve. - * - * pci_liveupdate_preserve() notifies the PCI core that a PCI device should be - * preserved across the next Live Update. Drivers must call - * pci_liveupdate_preserve() from their struct liveupdate_file_handler - * preserve() callback to ensure the outgoing struct pci_ser is allocated. - * - * Returns: 0 on success, <0 on failure. - */ -int pci_liveupdate_preserve(struct pci_dev *dev) +static int pci_liveupdate_unpreserve_device(struct pci_ser *ser, struct pci_dev *dev) { - struct pci_flb_outgoing *outgoing = NULL; - struct pci_ser *ser; - int i, ret; + struct pci_dev_ser *dev_ser; - if (dev->is_virtfn) + guard(write_lock)(&dev->liveupdate.lock); + + dev_ser = dev->liveupdate.outgoing; + if (!dev_ser) { + pci_warn(dev, "Cannot unpreserve device that is not preserved\n"); return -EINVAL; + } - ret = liveupdate_flb_get_outgoing(&pci_liveupdate_flb, (void **)&outgoing); - if (ret) - return ret; + if (!dev_ser->refcount) { + pci_WARN(dev, 1, "Preserved device has a 0 refcount!\n"); + return -EINVAL; + } - if (!outgoing) - return -ENOENT; + if (--dev_ser->refcount) + return 0; - guard(mutex)(&outgoing->lock); - ser = outgoing->ser; + pci_info(dev, "Device will no longer be preserved across next Live Update\n"); + ser->nr_devices--; + memset(dev_ser, 0, sizeof(*dev_ser)); + dev->liveupdate.outgoing = NULL; + return 0; +} - guard(write_lock)(&dev->liveupdate.lock); +static int pci_liveupdate_preserve_device_existing(struct pci_dev *dev) +{ + if (!dev->liveupdate.outgoing->refcount) { + pci_WARN(dev, 1, "Preserved device with 0 refcount!\n"); + return -EINVAL; + } - if (dev->liveupdate.outgoing) + /* + * Endpoint devices should not be preserved more than once. Bridges are + * preserved once for every downstream device that is preserved. + */ + if (!dev->subordinate) return -EBUSY; + dev->liveupdate.outgoing->refcount++; + return 0; +} + +static int pci_liveupdate_preserve_device_new(struct pci_ser *ser, struct pci_dev *dev) +{ + int i; + if (ser->nr_devices == ser->max_nr_devices) return -ENOSPC; @@ -363,8 +389,82 @@ int pci_liveupdate_preserve(struct pci_dev *dev) return -ENOSPC; } + +static int pci_liveupdate_preserve_device(struct pci_ser *ser, struct pci_dev *dev) +{ + guard(write_lock)(&dev->liveupdate.lock); + + if (dev->liveupdate.outgoing) + return pci_liveupdate_preserve_device_existing(dev); + else + return pci_liveupdate_preserve_device_new(ser, dev); +} + +static int pci_liveupdate_preserve_path(struct pci_ser *ser, struct pci_dev *dev) +{ + int ret; + + if (!dev) + return 0; + + ret = pci_liveupdate_preserve_device(ser, dev); + if (ret) + return ret; + + ret = pci_liveupdate_preserve_path(ser, dev->bus->self); + if (ret) { + pci_liveupdate_unpreserve_device(ser, dev); + return ret; + } + + return 0; +} + +/** + * pci_liveupdate_preserve() - Preserve a PCI device across Live Update + * @dev: The PCI device to preserve. + * + * pci_liveupdate_preserve() notifies the PCI core that a PCI device should be + * preserved across the next Live Update. Drivers must call + * pci_liveupdate_preserve() from their struct liveupdate_file_handler + * preserve() callback to ensure the outgoing struct pci_ser is allocated. + * + * pci_liveupdate_preserve() automatically preserves all bridges upstream of + * @dev. + * + * Returns: 0 on success, <0 on failure. + */ +int pci_liveupdate_preserve(struct pci_dev *dev) +{ + struct pci_flb_outgoing *outgoing = NULL; + int ret; + + if (dev->is_virtfn) + return -EINVAL; + + ret = liveupdate_flb_get_outgoing(&pci_liveupdate_flb, (void **)&outgoing); + if (ret) + return ret; + + if (!outgoing) + return -ENOENT; + + guard(mutex)(&outgoing->lock); + return pci_liveupdate_preserve_path(outgoing->ser, dev); +} EXPORT_SYMBOL_GPL(pci_liveupdate_preserve); +static void pci_liveupdate_unpreserve_path(struct pci_ser *ser, struct pci_dev *dev) +{ + if (!dev) + return; + + if (pci_liveupdate_unpreserve_device(ser, dev)) + return; + + pci_liveupdate_unpreserve_path(ser, dev->bus->self); +} + /** * pci_liveupdate_unpreserve() - Cancel preservation of a PCI device * @dev: The PCI device to preserve. @@ -373,12 +473,13 @@ EXPORT_SYMBOL_GPL(pci_liveupdate_preserve); * longer be preserved across the next Live Update. Drivers must call * pci_liveupdate_unpreserve() from their struct liveupdate_file_handler * unpreserve() callback to ensure the outgoing struct pci_ser is allocated. + * + * pci_liveupdate_unpreserve() automatically unpreserves all bridges upstream of + * @dev. */ void pci_liveupdate_unpreserve(struct pci_dev *dev) { struct pci_flb_outgoing *outgoing = NULL; - struct pci_dev_ser *dev_ser; - struct pci_ser *ser; int ret; ret = liveupdate_flb_get_outgoing(&pci_liveupdate_flb, (void **)&outgoing); @@ -389,20 +490,7 @@ void pci_liveupdate_unpreserve(struct pci_dev *dev) } guard(mutex)(&outgoing->lock); - ser = outgoing->ser; - - guard(write_lock)(&dev->liveupdate.lock); - - dev_ser = dev->liveupdate.outgoing; - if (!dev_ser) { - pci_warn(dev, "Cannot unpreserve device that is not preserved\n"); - return; - } - - pci_info(dev, "Device will no longer be preserved across next Live Update\n"); - ser->nr_devices--; - memset(dev_ser, 0, sizeof(*dev_ser)); - dev->liveupdate.outgoing = NULL; + pci_liveupdate_unpreserve_path(outgoing->ser, dev); } EXPORT_SYMBOL_GPL(pci_liveupdate_unpreserve); @@ -510,6 +598,55 @@ void pci_liveupdate_cleanup_device(struct pci_dev *dev) pci_liveupdate_flb_put_incoming(); } +static int __pci_liveupdate_finish_device(struct pci_dev *dev) +{ + guard(write_lock)(&dev->liveupdate.lock); + + if (!dev->liveupdate.incoming) { + pci_warn(dev, "Cannot finish preserving an unpreserved device\n"); + return -EINVAL; + } + + if (!dev->liveupdate.incoming->refcount) { + pci_WARN(dev, 1, "Preserved device has a 0 refcount!\n"); + return -EINVAL; + } + + /* + * Decrement the refcount so this device does not get treated as an + * incoming device again, e.g. in case pci_liveupdate_setup_device() + * gets called again because the device is hot-plugged. + */ + if (--dev->liveupdate.incoming->refcount) + return -EBUSY; + + pci_info(dev, "Device is finished participating in Live Update\n"); + dev->liveupdate.incoming = NULL; + return 0; +} + +static int pci_liveupdate_finish_device(struct pci_dev *dev) +{ + int ret; + + /* + * If ret == -EBUSY the device is still preserved due to remaining + * references. Return 0 up to the caller to indicate it should proceed + * to finish preserving upstream devices but do not drop the device's + * reference on the incoming FLB below. + */ + ret = __pci_liveupdate_finish_device(dev); + if (ret) + return ret == -EBUSY ? 0 : ret; + + /* + * Once the device's refcount reaches zero drop the device's reference + * on the incoming FLB so it can be freed. + */ + pci_liveupdate_flb_put_incoming(); + return 0; +} + /** * pci_liveupdate_finish() - Finish the preservation of a PCI device across Live Update * @dev: The PCI device @@ -519,28 +656,18 @@ void pci_liveupdate_cleanup_device(struct pci_dev *dev) * Update. Drivers must call pci_liveupdate_finish() from their struct * liveupdate_file_handler finish() callback to ensure the incoming struct * pci_ser is allocated. + * + * pci_liveupdate_finish() automatically finishes all bridges upstream of @dev. */ void pci_liveupdate_finish(struct pci_dev *dev) { - guard(write_lock)(&dev->liveupdate.lock); - - if (!dev->liveupdate.incoming) { - pci_warn(dev, "Cannot finish preserving an unpreserved device\n"); + if (!dev) return; - } - - pci_info(dev, "Device is finished participating in Live Update\n"); - /* - * Drop the refcount so this device does not get treated as an incoming - * device again, e.g. in case pci_liveupdate_setup_device() gets called - * again because the device is hot-plugged. - */ - dev->liveupdate.incoming->refcount = 0; - dev->liveupdate.incoming = NULL; + if (pci_liveupdate_finish_device(dev)) + return; - /* Drop this device's reference on the incoming FLB. */ - pci_liveupdate_flb_put_incoming(); + pci_liveupdate_finish(dev->bus->self); } EXPORT_SYMBOL_GPL(pci_liveupdate_finish); -- 2.54.0.563.g4f69b47b94-goog Inherit Access Control Services (ACS) flags on all incoming preserved devices (endpoints and upstream bridges) during a Live Update. Inheriting ACS flags avoids changing routing rules while memory transactions are in flight from preserved devices. This is also strictly necessary to ensure that IOMMU group assignments do not change across a Live Update for preserved devices, as changing ACS configurations can split or merge IOMMU groups. Cache the inherited ACS controls established by the previous kernel in struct pci_dev so that ACS controls do not change after a reset (pci_restore_state() calls pci_enable_acs()). Signed-off-by: David Matlack --- drivers/pci/liveupdate.c | 49 ++++++++++++++++++++++++++++++++++ drivers/pci/liveupdate.h | 11 ++++++++ drivers/pci/pci.c | 5 ++++ include/linux/pci_liveupdate.h | 6 +++++ 4 files changed, 71 insertions(+) diff --git a/drivers/pci/liveupdate.c b/drivers/pci/liveupdate.c index d8e06afde2c7..e3cd6d76636c 100644 --- a/drivers/pci/liveupdate.c +++ b/drivers/pci/liveupdate.c @@ -120,6 +120,18 @@ * This enables the PCI core and any drivers bound to the bridge to participate * in the Live Update so that preserved endpoints can continue issuing memory * transactions during the Live Update. + * + * Handling Preserved Devices + * ========================== + * + * The PCI core treats preserved devices differently than non-preserved devices. + * This section enumerates those differences. + * + * * The PCI core inherits all ACS flags enabled on incoming preserved devices + * rather than assigning new ones. This ensures that TLPs are routed the same + * way after Live Update and ensures that IOMMU groups do not change. Note + * that a device will use its inherited ACS flags for the lifetime of its + * struct pci_dev (i.e. even after pci_liveupdate_finish()). */ #define pr_fmt(fmt) "PCI: liveupdate: " fmt @@ -361,6 +373,16 @@ static int pci_liveupdate_preserve_device_new(struct pci_ser *ser, struct pci_de { int i; + /* + * Do not preserve a devices that rely on device-specific ACS + * equivalents (for now) since that would complicate keeping ACS + * flags constant across Live Update. + */ + if (dev->dev_flags & PCI_DEV_FLAGS_ACS_ENABLED_QUIRK) { + pci_warn(dev, "Refusing to preserve device that relies on ACS quirks\n"); + return -EINVAL; + } + if (ser->nr_devices == ser->max_nr_devices) return -ENOSPC; @@ -571,6 +593,7 @@ void pci_liveupdate_setup_device(struct pci_dev *dev) pci_info(dev, "Device was preserved by previous kernel across Live Update\n"); guard(write_lock)(&dev->liveupdate.lock); dev->liveupdate.incoming = dev_ser; + dev->liveupdate.was_preserved = true; /* * Hold the ref on the incoming FLB until pci_liveupdate_finish() so @@ -671,6 +694,32 @@ void pci_liveupdate_finish(struct pci_dev *dev) } EXPORT_SYMBOL_GPL(pci_liveupdate_finish); +void pci_liveupdate_init_acs(struct pci_dev *dev) +{ + guard(read_lock)(&dev->liveupdate.lock); + + if (!dev->acs_cap || !dev->liveupdate.incoming) + return; + + pci_read_config_word(dev, dev->acs_cap + PCI_ACS_CTRL, &dev->liveupdate.acs_ctrl); +} + +bool pci_liveupdate_inherit_acs(struct pci_dev *dev) +{ + guard(read_lock)(&dev->liveupdate.lock); + + /* + * Use liveupdate.was_preserved instead of liveupdate.incoming since the + * device's ACS controls should not change even after the device is + * finished participating in the Live Update. + */ + if (!dev->acs_cap || !dev->liveupdate.was_preserved) + return false; + + pci_write_config_word(dev, dev->acs_cap + PCI_ACS_CTRL, dev->liveupdate.acs_ctrl); + return true; +} + /** * pci_liveupdate_is_incoming() - Check if a device is incoming preserved * @dev: The PCI device to check diff --git a/drivers/pci/liveupdate.h b/drivers/pci/liveupdate.h index 0bd3e961d5c5..c0826ca717e3 100644 --- a/drivers/pci/liveupdate.h +++ b/drivers/pci/liveupdate.h @@ -14,6 +14,8 @@ void pci_liveupdate_setup_device(struct pci_dev *dev); void pci_liveupdate_cleanup_device(struct pci_dev *dev); bool pci_liveupdate_inherit_buses(void); +void pci_liveupdate_init_acs(struct pci_dev *dev); +bool pci_liveupdate_inherit_acs(struct pci_dev *dev); #else static inline void pci_liveupdate_setup_device(struct pci_dev *dev) { @@ -27,6 +29,15 @@ static inline bool pci_liveupdate_inherit_buses(void) { return false; } + +static inline void pci_liveupdate_init_acs(struct pci_dev *dev) +{ +} + +static inline bool pci_liveupdate_inherit_acs(struct pci_dev *dev) +{ + return false; +} #endif #endif /* DRIVERS_PCI_LIVEUPDATE_H */ diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index 8f7cfcc00090..cd2c1f2ada92 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -33,6 +33,7 @@ #include #include #include +#include "liveupdate.h" #include "pci.h" DEFINE_MUTEX(pci_slot_mutex); @@ -1017,6 +1018,9 @@ void pci_enable_acs(struct pci_dev *dev) bool enable_acs = false; int pos; + if (pci_liveupdate_inherit_acs(dev)) + return; + /* If an iommu is present we start with kernel default caps */ if (pci_acs_enable) { if (pci_dev_specific_enable_acs(dev)) @@ -3657,6 +3661,7 @@ void pci_acs_init(struct pci_dev *dev) pci_read_config_word(dev, pos + PCI_ACS_CAP, &dev->acs_capabilities); pci_disable_broken_acs_cap(dev); + pci_liveupdate_init_acs(dev); } /** diff --git a/include/linux/pci_liveupdate.h b/include/linux/pci_liveupdate.h index 1c2ee32ad058..34f9900c7d29 100644 --- a/include/linux/pci_liveupdate.h +++ b/include/linux/pci_liveupdate.h @@ -18,11 +18,17 @@ * @lock: Lock used to protect members of struct pci_liveupdate. * @outgoing: State preserved for the next kernel. * @incoming: State preserved by the previous kernel. + * @acs_ctrl: ACS features established by the previous kernel. + * @was_preserved: True if this struct pci_dev was preserved by the previous + * kernel. Unlike @incoming, this field is not cleared after + * the device is finished participating in Live Update. */ struct pci_liveupdate { rwlock_t lock; struct pci_dev_ser *outgoing; struct pci_dev_ser *incoming; + u16 acs_ctrl; + unsigned int was_preserved:1; }; struct pci_dev; -- 2.54.0.563.g4f69b47b94-goog Inherit the ARI Forwarding Enable on preserved bridges and update pci_dev->ari_enabled accordingly during a Live Update. This ensures that the preserved devices on the bridge's secondary bus can be identified with the same expanded 8-bit function number after a Live Update. Signed-off-by: David Matlack --- drivers/pci/liveupdate.c | 18 ++++++++++++++++++ drivers/pci/liveupdate.h | 6 ++++++ drivers/pci/pci.c | 8 +++++++- 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/drivers/pci/liveupdate.c b/drivers/pci/liveupdate.c index e3cd6d76636c..6ab03bd548b3 100644 --- a/drivers/pci/liveupdate.c +++ b/drivers/pci/liveupdate.c @@ -132,6 +132,10 @@ * way after Live Update and ensures that IOMMU groups do not change. Note * that a device will use its inherited ACS flags for the lifetime of its * struct pci_dev (i.e. even after pci_liveupdate_finish()). + * + * * The PCI core inherits ARI Forwarding Enable on all bridges with downstream + * preserved devices to ensure that all preserved devices on the bridge's + * secondary bus are addressable after the Live Update. */ #define pr_fmt(fmt) "PCI: liveupdate: " fmt @@ -720,6 +724,20 @@ bool pci_liveupdate_inherit_acs(struct pci_dev *dev) return true; } +bool pci_liveupdate_inherit_ari(struct pci_dev *dev) +{ + u16 val; + + guard(read_lock)(&dev->liveupdate.lock); + + if (!dev->liveupdate.incoming) + return false; + + pcie_capability_read_word(dev, PCI_EXP_DEVCTL2, &val); + dev->ari_enabled = !!(val & PCI_EXP_DEVCTL2_ARI); + return true; +} + /** * pci_liveupdate_is_incoming() - Check if a device is incoming preserved * @dev: The PCI device to check diff --git a/drivers/pci/liveupdate.h b/drivers/pci/liveupdate.h index c0826ca717e3..fd7693c7ddd2 100644 --- a/drivers/pci/liveupdate.h +++ b/drivers/pci/liveupdate.h @@ -16,6 +16,7 @@ void pci_liveupdate_cleanup_device(struct pci_dev *dev); bool pci_liveupdate_inherit_buses(void); void pci_liveupdate_init_acs(struct pci_dev *dev); bool pci_liveupdate_inherit_acs(struct pci_dev *dev); +bool pci_liveupdate_inherit_ari(struct pci_dev *dev); #else static inline void pci_liveupdate_setup_device(struct pci_dev *dev) { @@ -38,6 +39,11 @@ static inline bool pci_liveupdate_inherit_acs(struct pci_dev *dev) { return false; } + +static inline bool pci_liveupdate_inherit_ari(struct pci_dev *dev) +{ + return false; +} #endif #endif /* DRIVERS_PCI_LIVEUPDATE_H */ diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index cd2c1f2ada92..7e9768dfe092 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -3495,7 +3495,7 @@ void pci_configure_ari(struct pci_dev *dev) u32 cap; struct pci_dev *bridge; - if (pcie_ari_disabled || !pci_is_pcie(dev) || dev->devfn) + if (!pci_is_pcie(dev) || dev->devfn) return; bridge = dev->bus->self; @@ -3506,6 +3506,12 @@ void pci_configure_ari(struct pci_dev *dev) if (!(cap & PCI_EXP_DEVCAP2_ARI)) return; + if (pci_liveupdate_inherit_ari(bridge)) + return; + + if (pcie_ari_disabled) + return; + if (pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ARI)) { pcie_capability_set_word(bridge, PCI_EXP_DEVCTL2, PCI_EXP_DEVCTL2_ARI); -- 2.54.0.563.g4f69b47b94-goog Freeze a device's outgoing preservation status (preserved or not preserved) during shutdown. This enables the PCI core and drivers to safely make decisions based on the device's preservation status during shutdown. Note that pci_liveupdate_freeze() is triggered by the PCI core rather than from drivers participating in Live Update so that all devices can have their status frozen (i.e. prevent non-preserved devices from getting preserved late). Signed-off-by: David Matlack --- drivers/pci/liveupdate.c | 16 ++++++++++++++++ drivers/pci/liveupdate.h | 5 +++++ drivers/pci/pci-driver.c | 2 ++ include/linux/pci_liveupdate.h | 3 +++ 4 files changed, 26 insertions(+) diff --git a/drivers/pci/liveupdate.c b/drivers/pci/liveupdate.c index 6ab03bd548b3..825166a57913 100644 --- a/drivers/pci/liveupdate.c +++ b/drivers/pci/liveupdate.c @@ -334,6 +334,11 @@ static int pci_liveupdate_unpreserve_device(struct pci_ser *ser, struct pci_dev guard(write_lock)(&dev->liveupdate.lock); + if (dev->liveupdate.frozen) { + pci_WARN(dev, 1, "Cannot unpreserve device after it is frozen!\n"); + return -EINVAL; + } + dev_ser = dev->liveupdate.outgoing; if (!dev_ser) { pci_warn(dev, "Cannot unpreserve device that is not preserved\n"); @@ -420,6 +425,11 @@ static int pci_liveupdate_preserve_device(struct pci_ser *ser, struct pci_dev *d { guard(write_lock)(&dev->liveupdate.lock); + if (dev->liveupdate.frozen) { + pci_WARN(dev, 1, "Cannot preserve device after it is frozen!\n"); + return -EINVAL; + } + if (dev->liveupdate.outgoing) return pci_liveupdate_preserve_device_existing(dev); else @@ -625,6 +635,12 @@ void pci_liveupdate_cleanup_device(struct pci_dev *dev) pci_liveupdate_flb_put_incoming(); } +void pci_liveupdate_freeze(struct pci_dev *dev) +{ + guard(write_lock)(&dev->liveupdate.lock); + dev->liveupdate.frozen = 1; +} + static int __pci_liveupdate_finish_device(struct pci_dev *dev) { guard(write_lock)(&dev->liveupdate.lock); diff --git a/drivers/pci/liveupdate.h b/drivers/pci/liveupdate.h index fd7693c7ddd2..30deaa673efe 100644 --- a/drivers/pci/liveupdate.h +++ b/drivers/pci/liveupdate.h @@ -13,6 +13,7 @@ #ifdef CONFIG_PCI_LIVEUPDATE void pci_liveupdate_setup_device(struct pci_dev *dev); void pci_liveupdate_cleanup_device(struct pci_dev *dev); +void pci_liveupdate_freeze(struct pci_dev *dev); bool pci_liveupdate_inherit_buses(void); void pci_liveupdate_init_acs(struct pci_dev *dev); bool pci_liveupdate_inherit_acs(struct pci_dev *dev); @@ -26,6 +27,10 @@ static inline void pci_liveupdate_cleanup_device(struct pci_dev *dev) { } +static inline void pci_liveupdate_freeze(struct pci_dev *dev); +{ +} + static inline bool pci_liveupdate_inherit_buses(void) { return false; diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index d10ece0889f0..f7a5e65a7c75 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -21,6 +21,7 @@ #include #include #include +#include "liveupdate.h" #include "pci.h" #include "pcie/portdrv.h" @@ -536,6 +537,7 @@ static void pci_device_shutdown(struct device *dev) struct pci_dev *pci_dev = to_pci_dev(dev); struct pci_driver *drv = pci_dev->driver; + pci_liveupdate_freeze(pci_dev); pm_runtime_resume(dev); if (drv && drv->shutdown) diff --git a/include/linux/pci_liveupdate.h b/include/linux/pci_liveupdate.h index 34f9900c7d29..7e4ac7a0f4fc 100644 --- a/include/linux/pci_liveupdate.h +++ b/include/linux/pci_liveupdate.h @@ -22,6 +22,8 @@ * @was_preserved: True if this struct pci_dev was preserved by the previous * kernel. Unlike @incoming, this field is not cleared after * the device is finished participating in Live Update. + * @frozen: True if the outgoing preservation status of this device is frozen + * and thus cannot be changed. */ struct pci_liveupdate { rwlock_t lock; @@ -29,6 +31,7 @@ struct pci_liveupdate { struct pci_dev_ser *incoming; u16 acs_ctrl; unsigned int was_preserved:1; + unsigned int frozen:1; }; struct pci_dev; -- 2.54.0.563.g4f69b47b94-goog Do not disable bus mastering on outgoing preserved devices during pci_device_shutdown() for kexec. Preserved devices must be allowed to perform memory transactions during a Live Update to minimize downtime and ensure continuous operation. Clearing the bus mastering bit would prevent these devices from issuing any memory requests while the new kernel boots. Because bridges upstream of preserved endpoint devices are also automatically preserved, this change also avoids clearing bus mastering on them. This is critical because clearing bus mastering on an upstream bridge prevents the bridge from forwarding memory requests upstream (i.e. it would prevent the endpoint device from accessing system RAM and doing peer-to-peer transactions with devices not downstream of the bridge). Signed-off-by: David Matlack --- drivers/pci/liveupdate.c | 4 ++++ drivers/pci/liveupdate.h | 12 ++++++++++++ drivers/pci/pci-driver.c | 31 ++++++++++++++++++++++--------- 3 files changed, 38 insertions(+), 9 deletions(-) diff --git a/drivers/pci/liveupdate.c b/drivers/pci/liveupdate.c index 825166a57913..6c4b57d8f780 100644 --- a/drivers/pci/liveupdate.c +++ b/drivers/pci/liveupdate.c @@ -136,6 +136,10 @@ * * The PCI core inherits ARI Forwarding Enable on all bridges with downstream * preserved devices to ensure that all preserved devices on the bridge's * secondary bus are addressable after the Live Update. + * + * * The PCI core does not disable bus mastering on outgoing preserved devices + * during kexec. This allows preserved devices to issue memory transactions + * throughout the Live Update. */ #define pr_fmt(fmt) "PCI: liveupdate: " fmt diff --git a/drivers/pci/liveupdate.h b/drivers/pci/liveupdate.h index 30deaa673efe..8ad404307a70 100644 --- a/drivers/pci/liveupdate.h +++ b/drivers/pci/liveupdate.h @@ -18,6 +18,13 @@ bool pci_liveupdate_inherit_buses(void); void pci_liveupdate_init_acs(struct pci_dev *dev); bool pci_liveupdate_inherit_acs(struct pci_dev *dev); bool pci_liveupdate_inherit_ari(struct pci_dev *dev); + +static inline bool pci_liveupdate_is_outgoing(struct pci_dev *dev) +{ + guard(read_lock)(&dev->liveupdate.lock); + pci_WARN_ONCE(dev, !dev->liveupdate.frozen, "Preservation status is unstable!\n"); + return dev->liveupdate.outgoing; +} #else static inline void pci_liveupdate_setup_device(struct pci_dev *dev) { @@ -49,6 +56,11 @@ static inline bool pci_liveupdate_inherit_ari(struct pci_dev *dev) { return false; } + +static inline bool pci_liveupdate_is_outgoing(struct pci_dev *dev) +{ + return false; +} #endif #endif /* DRIVERS_PCI_LIVEUPDATE_H */ diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index f7a5e65a7c75..b6c931ebd3be 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -532,6 +532,27 @@ static void pci_device_remove(struct device *dev) pci_dev_put(pci_dev); } +/* + * Disable bus mastering on the device so that it does not perform memory + * transactions during kexec. + * + * Don't touch devices that are being preserved across kexec for Live + * Update or that are in D3cold or unknown states. + */ +static void pci_clear_master_for_shutdown(struct pci_dev *pci_dev) +{ + if (!kexec_in_progress) + return; + + if (pci_liveupdate_is_outgoing(pci_dev)) + return; + + if (pci_dev->current_state > PCI_D3hot) + return; + + pci_clear_master(pci_dev); +} + static void pci_device_shutdown(struct device *dev) { struct pci_dev *pci_dev = to_pci_dev(dev); @@ -543,15 +564,7 @@ static void pci_device_shutdown(struct device *dev) if (drv && drv->shutdown) drv->shutdown(pci_dev); - /* - * If this is a kexec reboot, turn off Bus Master bit on the - * device to tell it to not continue to do DMA. Don't touch - * devices in D3cold or unknown states. - * If it is not a kexec reboot, firmware will hit the PCI - * devices with big hammer and stop their DMA any way. - */ - if (kexec_in_progress && (pci_dev->current_state <= PCI_D3hot)) - pci_clear_master(pci_dev); + pci_clear_master_for_shutdown(pci_dev); } #ifdef CONFIG_PM_SLEEP -- 2.54.0.563.g4f69b47b94-goog Add documentation files for the PCI subsystem's participation in Live Update. These documentation files are generated from the kernel-doc comments in the PCI Live Update source code. They describe the File-Lifecycle Bound (FLB) API, the device tracking API, and the specific policies applied to preserved devices (such as bus number inheritance and bus mastering preservation). Signed-off-by: David Matlack --- Documentation/PCI/index.rst | 1 + Documentation/PCI/liveupdate.rst | 29 +++++++++++++++++++++++++++ Documentation/core-api/liveupdate.rst | 1 + MAINTAINERS | 1 + 4 files changed, 32 insertions(+) create mode 100644 Documentation/PCI/liveupdate.rst diff --git a/Documentation/PCI/index.rst b/Documentation/PCI/index.rst index 5d720d2a415e..23fb737ac969 100644 --- a/Documentation/PCI/index.rst +++ b/Documentation/PCI/index.rst @@ -20,3 +20,4 @@ PCI Bus Subsystem controller/index boot-interrupts tph + liveupdate diff --git a/Documentation/PCI/liveupdate.rst b/Documentation/PCI/liveupdate.rst new file mode 100644 index 000000000000..eba55f8a92ae --- /dev/null +++ b/Documentation/PCI/liveupdate.rst @@ -0,0 +1,29 @@ +.. SPDX-License-Identifier: GPL-2.0-or-later + +=========================== +PCI Support for Live Update +=========================== + +.. kernel-doc:: drivers/pci/liveupdate.c + :doc: PCI Live Update + +Driver API +========== + +.. kernel-doc:: drivers/pci/liveupdate.c + :export: + +Live Update ABI +=============== + +.. kernel-doc:: include/linux/kho/abi/pci.h + :doc: PCI File-Lifecycle Bound (FLB) Live Update ABI + +.. kernel-doc:: include/linux/kho/abi/pci.h + :internal: + +See Also +======== + + * :doc:`/core-api/liveupdate` + * :doc:`/core-api/kho/index` diff --git a/Documentation/core-api/liveupdate.rst b/Documentation/core-api/liveupdate.rst index 5a292d0f3706..d56a7760978a 100644 --- a/Documentation/core-api/liveupdate.rst +++ b/Documentation/core-api/liveupdate.rst @@ -70,3 +70,4 @@ See Also - :doc:`Live Update uAPI ` - :doc:`/core-api/kho/index` +- :doc:`PCI ` diff --git a/MAINTAINERS b/MAINTAINERS index 0e262c0ceb43..6f0b0ebf67cd 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -20536,6 +20536,7 @@ L: kexec@lists.infradead.org L: linux-pci@vger.kernel.org S: Maintained T: git git://git.kernel.org/pub/scm/linux/kernel/git/liveupdate/linux.git +F: Documentation/PCI/liveupdate.rst F: drivers/pci/liveupdate.c F: drivers/pci/liveupdate.h F: include/linux/kho/abi/pci.h -- 2.54.0.563.g4f69b47b94-goog