linux/arch/powerpc/perf
Athira Rajeev 2c9ac51b85 powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC
Running perf fuzzer showed below in dmesg logs:
  "Can't find PMC that caused IRQ"

This means a PMU exception happened, but none of the PMC's (Performance
Monitor Counter) were found to be overflown. There are some corner cases
that clears the PMCs after PMI gets masked. In such cases, the perf
interrupt handler will not find the active PMC values that had caused
the overflow and thus leads to this message while replaying.

Case 1: PMU Interrupt happens during replay of other interrupts and
counter values gets cleared by PMU callbacks before replay:

During replay of interrupts like timer, __do_irq() and doorbell
exception, we conditionally enable interrupts via may_hard_irq_enable().
This could potentially create a window to generate a PMI. Since irq soft
mask is set to ALL_DISABLED, the PMI will get masked here. We could get
IPIs run before perf interrupt is replayed and the PMU events could
be deleted or stopped. This will change the PMU SPR values and resets
the counters. Snippet of ftrace log showing PMU callbacks invoked in
__do_irq():

  <idle>-0 [051] dns. 132025441306354: __do_irq <-call_do_irq
  <idle>-0 [051] dns. 132025441306430: irq_enter <-__do_irq
  <idle>-0 [051] dns. 132025441306503: irq_enter_rcu <-__do_irq
  <idle>-0 [051] dnH. 132025441306599: xive_get_irq <-__do_irq
  <<>>
  <idle>-0 [051] dnH. 132025441307770: generic_smp_call_function_single_interrupt <-smp_ipi_demux_relaxed
  <idle>-0 [051] dnH. 132025441307839: flush_smp_call_function_queue <-smp_ipi_demux_relaxed
  <idle>-0 [051] dnH. 132025441308057: _raw_spin_lock <-event_function
  <idle>-0 [051] dnH. 132025441308206: power_pmu_disable <-perf_pmu_disable
  <idle>-0 [051] dnH. 132025441308337: power_pmu_del <-event_sched_out
  <idle>-0 [051] dnH. 132025441308407: power_pmu_read <-power_pmu_del
  <idle>-0 [051] dnH. 132025441308477: read_pmc <-power_pmu_read
  <idle>-0 [051] dnH. 132025441308590: isa207_disable_pmc <-power_pmu_del
  <idle>-0 [051] dnH. 132025441308663: write_pmc <-power_pmu_del
  <idle>-0 [051] dnH. 132025441308787: power_pmu_event_idx <-perf_event_update_userpage
  <idle>-0 [051] dnH. 132025441308859: rcu_read_unlock_strict <-perf_event_update_userpage
  <idle>-0 [051] dnH. 132025441308975: power_pmu_enable <-perf_pmu_enable
  <<>>
  <idle>-0 [051] dnH. 132025441311108: irq_exit <-__do_irq
  <idle>-0 [051] dns. 132025441311319: performance_monitor_exception <-replay_soft_interrupts

Case 2: PMI's masked during local_* operations, example local_add(). If
the local_add() operation happens within a local_irq_save(), replay of
PMI will be during local_irq_restore(). Similar to case 1, this could
also create a window before replay where PMU events gets deleted or
stopped.

Fix it by updating the PMU callback function power_pmu_disable() to
check for pending perf interrupt. If there is an overflown PMC and
pending perf interrupt indicated in paca, clear the PMI bit in paca to
drop that sample. Clearing of PMI bit is done in power_pmu_disable()
since disable is invoked before any event gets deleted/stopped. With
this fix, if there are more than one event running in the PMU, there is
a chance that we clear the PMI bit for the event which is not getting
deleted/stopped. The other events may still remain active. Hence to make
sure we don't drop valid sample in such cases, another check is added in
power_pmu_enable. This checks if there is an overflown PMC found among
the active events and if so enable back the PMI bit. Two new helper
functions are introduced to clear/set the PMI, ie
clear_pmi_irq_pending() and set_pmi_irq_pending(). Helper function
pmi_irq_pending() is introduced to give a warning if there is pending
PMI bit in paca, but no PMC is overflown.

Also there are corner cases which result in performance monitor
interrupts being triggered during power_pmu_disable(). This happens
since PMXE bit is not cleared along with disabling of other MMCR0 bits
in the pmu_disable. Such PMI's could leave the PMU running and could
trigger PMI again which will set MMCR0 PMAO bit. This could lead to
spurious interrupts in some corner cases. Example, a timer after
power_pmu_del() which will re-enable interrupts and triggers a PMI again
since PMAO bit is still set. But fails to find valid overflow since PMC
was cleared in power_pmu_del(). Fix that by disabling PMXE along with
disabling of other MMCR0 bits in power_pmu_disable().

We can't just replay PMI any time. Hence this approach is preferred
rather than replaying PMI before resetting overflown PMC. Patch also
documents core-book3s on a race condition which can trigger these PMC
messages during idle path in PowerNV.

Fixes: f442d00480 ("powerpc/64s: Add support to mask perf interrupts and replay them")
Reported-by: Nageswara R Sastry <nasastry@in.ibm.com>
Suggested-by: Nicholas Piggin <npiggin@gmail.com>
Suggested-by: Madhavan Srinivasan <maddy@linux.ibm.com>
Signed-off-by: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
[mpe: Make pmi_irq_pending() return bool, reflow/reword some comments]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1626846509-1350-2-git-send-email-atrajeev@linux.vnet.ibm.com
2021-11-30 17:15:49 +11:00
..
req-gen powerpc: clean the inclusion of stringify.h 2018-07-30 22:48:17 +10:00
8xx-pmu.c powerpc/ppc-opcode: Add PPC_RAW_MFSPR() 2020-12-09 23:48:13 +11:00
bhrb.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
callchain_32.c powerpc/vdso: Retrieve sigtramp offsets at buildtime 2020-12-04 01:01:17 +11:00
callchain_64.c powerpc/vdso: Retrieve sigtramp offsets at buildtime 2020-12-04 01:01:17 +11:00
callchain.c powerpc: make stack walking KASAN-safe 2021-06-17 00:09:11 +10:00
callchain.h powerpc/64s/perf: perf interrupt does not have to get_user_pages to access user memory 2020-11-19 16:56:52 +11:00
core-book3s.c powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC 2021-11-30 17:15:49 +11:00
core-fsl-emb.c powerpc/perf: move perf irq/nmi handling details into traps.c 2021-02-09 00:02:10 +11:00
e500-pmu.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
e6500-pmu.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
generic-compat-pmu.c powerpc/pmu: Make the generic compat PMU use the architected events 2021-06-25 14:47:20 +10:00
hv-24x7-catalog.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hv-24x7-domains.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hv-24x7.c powerpc/perf/hv-24x7: Make some symbols static 2021-04-14 23:04:17 +10:00
hv-24x7.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hv-common.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hv-common.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hv-gpci-requests.h powerpc/perf/hv-gpci: Fix starting index value 2020-10-07 22:34:48 +11:00
hv-gpci.c powerpc/perf/hv-gpci: Fix counter value parsing 2021-08-20 17:00:54 +10:00
hv-gpci.h powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h 2020-09-02 11:00:20 +10:00
imc-pmu.c powerpc: fix -Wimplicit-fallthrough 2020-11-18 14:18:09 -06:00
internal.h powerpc/perf: power10 Performance Monitoring support 2020-07-22 21:56:41 +10:00
isa207-common.c powerpc/perf: Fix data source encodings for L2.1 and L3.1 accesses 2021-10-19 17:27:01 +02:00
isa207-common.h powerpc/perf: Fix data source encodings for L2.1 and L3.1 accesses 2021-10-19 17:27:01 +02:00
Makefile powerpc/perf: Simplify Makefile 2021-06-15 17:12:27 +10:00
mpc7450-pmu.c powerpc/perf: Adds support for programming of Thresholding in P10 2021-02-11 23:35:36 +11:00
perf_regs.c powerpc/perf: Expose instruction and data address registers as part of extended regs 2021-10-12 18:39:02 +11:00
power5-pmu.c powerpc/perf: Adds support for programming of Thresholding in P10 2021-02-11 23:35:36 +11:00
power5+-pmu.c powerpc/perf: Adds support for programming of Thresholding in P10 2021-02-11 23:35:36 +11:00
power6-pmu.c powerpc/perf: Adds support for programming of Thresholding in P10 2021-02-11 23:35:36 +11:00
power7-events-list.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
power7-pmu.c powerpc/perf: Adds support for programming of Thresholding in P10 2021-02-11 23:35:36 +11:00
power8-events-list.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
power8-pmu.c powerpc/perf: Update Power PMU cache_events to u64 type 2020-07-22 21:56:40 +10:00
power9-events-list.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
power9-pmu.c powerpc/perf: Add platform specific check_attr_config 2021-04-19 12:22:09 +10:00
power10-events-list.h powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL in power10 2021-10-14 21:46:45 +11:00
power10-pmu.c powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL in power10 2021-10-14 21:46:45 +11:00
ppc970-pmu.c powerpc/perf: Adds support for programming of Thresholding in P10 2021-02-11 23:35:36 +11:00