v5.10-rc1
Pre-releaseskiboot-5.10-rc1
skiboot v5.10-rc1 was released on Tuesday February 6th 2018. It is the
first release candidate of skiboot 5.10, which will become the new
stable release of skiboot following the 5.9 release, first released
October 31st 2017.
skiboot v5.10-rc1 contains all bug fixes as of skiboot-5.9.8 and
skiboot-5.4.9 (the currently maintained stable releases). There may be
more 5.9.x stable releases, it will depend on demand.
For how the skiboot stable releases work, see stable-rules for details.
The current plan is to cut the final 5.10 in February, with skiboot 5.10
being for all POWER8 and POWER9 platforms in op-build v1.21. This
release will be targeted to early POWER9 systems.
Over skiboot-5.9, we have the following changes:
New Features
-
hdata: Parse IPL FW feature settings
Add parsing for the firmware feature flags in the HDAT. This
indicates the settings of various parameters which are set at IPL
time by firmware. -
opal/xstop: Use nvram option to enable/disable sw checkstop.
Add a mechanism to enable/disable sw checkstop by looking at nvram
option opal-sw-xstop=<enable/disable>.For now this patch disables the sw checkstop trigger unless
explicitly enabled through nvram option 'opal-sw-xstop=enable'i for
p9. This will allow an opportunity to get host kernel in panic path
or xmon for unrecoverable HMIs or MCE, to be able to debug the issue
effectively.To enable sw checkstop in opal issue following command: :
nvram -p ibm,skiboot --update-config opal-sw-xstop=enable
NOTE: This is a workaround patch to disable sw checkstop by
default to gain control in host kernel for better checkstop
debugging. Once we have most of the checkstop issues
stabilized/resolved, revisit this patch to enable sw checkstop by
default.For p8 platform it will remain enabled by default unless explicitly
disabled.To disable sw checkstop on p8 issue following command: :
nvram -p ibm,skiboot --update-config opal-sw-xstop=disable
-
hdata: Parse SPD data
Parse SPD data and populate device tree.
list of properties parsing from SPD: :
[root@ltc-wspoon dimm@d00f]# lsprop . memory-id 0000000c (12) # DIMM type product-version 00000032 (50) # Module Revision Code device_type "memory-dimm-ddr4" serial-number 15d9acb6 (366587062) status "okay" size 00004000 (16384) phandle 000000bd (189) ibm,loc-code "UOPWR.0000000-Node0-DIMM7" part-number "36ASF2G72PZ-2G6B2 " reg 0000d007 (53255) name "dimm" manufacturer-id 0000802c (32812) # Vendor ID, we can get vendor name from this ID
Also update documentation.
-
hdata: Add memory hierarchy under xscom node
We have memory to chip mapping but doesn't have complete memory
hierarchy. This patch adds memory hierarchy under xscom node. This
is specific to P9 system as these hierarchy may change between
processor generation.It uses memory controller ID details and populates nodes like:
: xscom@<addr>/mcbist@<mcbist_id>/mcs@<mcs_id>/mca@<mca_id>/dimm@<resource_id>
Also this patch adds few properties under dimm node. Finally make
sure xscom nodes created before calling memory_parse().
Fast Reboot and Quiesce
We have a preliminary fast reboot implementation for POWER9 systems,
which we look to enabling by default in the next release.
The OPAL Quiesce calls are designed to improve reliability and
debuggability around reboot and error conditions. See the full API
documentation for details: opal-quiesce.
-
fast-reboot: bare bones fast reboot implementation for POWER9
This is an initial fast reboot implementation for p9 which has only
been tested on the Witherspoon platform, and without the use of
NPUs, NX/VAS, etc.This has worked reasonably well so far, with no failures in about
100 reboots. It is hidden behind the traditional fast-reboot
experimental nvram option, until more platforms and configurations
are tested. -
fast-reboot: move boot CPU clean-up logically together with
secondariesMove the boot CPU clean-up and state transition to active, logically
together with secondaries. Don't release secondaries from fast
reboot hold until everyone has cleaned up and transitioned to
active.This is cosmetic, but it is helpful to run the fast reboot state
machine the same way on all CPUs. -
fast-reboot: improve failure error messages
Change existing failure error messages to PR_NOTICE so they get
printed to the console, and add some new ones. It's not a more
severe class because it falls back to IPL on failure. -
fast-reboot: quiesce opal before initiating a fast reboot
Switch fast reboot to use quiescing rather than "wait for a while".
If firmware can not be quiesced, then fast reboot is skipped. This
significantly improves the robustness of fast reboot in the face of
bugs or unexpected latencies.Complexity of synchronization in fast-reboot is reduced, because we
are guaranteed to be single-threaded when quiesce succeeds, so locks
can be removed.In the case that firmware can be quiesced, then it will generally
reduce fast reboot times by nearly 200ms, because quiescing usually
takes very little time. -
core: Add support for quiescing OPAL
Quiescing is ensuring all host controlled CPUs (except the current
one) are out of OPAL and prevented from entering. This can be use in
debug and shutdown paths, particularly with system reset sequences.This patch adds per-CPU entry and exit tracking for OPAL calls, and
adds logic to "hold" or "reject" at entry time, if OPAL is quiesced.An OPAL call is added, to expose the functionality to Linux, where
it can be used for shutdown, kexec, and before generating sreset
IPIs for debugging (so the debug code does not recurse into OPAL). -
dctl: p9 increase thread quiesce timeout
We require all instructions to be completed before a thread is
considered stopped, by the dctl interface. Long running instructions
like cache misses and CI loads may take a significant amount of time
to complete, and timeouts have been observed in stress testing.Increase the timeout significantly, to cover this. The workbook just
says to poll, but we like to have timeouts to avoid getting stuck in
firmware.
POWER9 power saving
There is much improved support for deeper sleep/idle (stop) states on
POWER9.
-
OCC: Increase max pstate check on P9 to 255
This has changed from P8, we can now have > 127 pstates.
This was observed on Boston during WoF bring up.
-
SLW: Add idle state stop5 for DD2.0 and above
Adding stop5 idle state with rough residency and latency numbers.
-
SLW: Add p9_stop_api calls for IMC
Add p9_stop_api for EVENT_MASK and PDBAR scoms. These scoms are
lost on wakeup from stop11. -
SCOM restore for DARN and XIVE
While waking up from stop11, we want NCU_DARN_BAR to have enable
bit set. Without this stop_api call, the value restored is without
enable bit set. We loose NCU_SPEC_BAR when the quad goes into
stop11, stop_api will restore while waking up from stop11. -
SLW: Call p9_stop_api only if deep_states are enabled
All init time p9_stop_api calls have been isolated to
slw_late_init. If p9_stop_api fails, then the deep states can be
excluded from device tree.For p9_stop_api called after device-tree for cpuidle is created ,
has_deep_states will be used to check if this call is even
required. -
Better handle errors in setting up sleep states (p9_stop_api)
We won't put affected stop states in the device tree if the wakeup
engine is not present or has failed. -
SCOM Restore: Increased the EQ SCOM restore limit.
Commit increases the SCOM restore limit from 16 to 31.
-
hw/dts: retry special wakeup operation if core still gated
It has been observed that in some cases the special wakeup operation
can "succeed" but the core is still in a gated/offline state.Check for this state after attempting to wakeup a core and retry the
wakeup if necessary. -
core/direct-controls: add function to read core gated state
-
core/direct-controls: wait for core special wkup bit cleared
When clearing special wakeup bit on a core, wait until the bit is
actually cleared by the hardware in the status register until
returning success.This may help avoid issues with back-to-back reads where the special
wakeup request is cleared but the firmware is still processing the
request and the next attempt to set the bit reads an immediate
success from the previous operation. -
p9_stop_api: PM: Added support for version control in SCOM restore
entries.-
adds version info in SCOM restore entry header
-
adds version specific details in SCOM restore entry header
-
retains old behaviour of SGPE Hcode's base version
-
-
p9_stop_api: EQ SCOM Restore: Introduced version control in SCOM
restore entry.- introduces version control in header of SCOM restore entry
- ensures backward compatibility
- introduces flexibility to handle any number of SCOM restore
entry.
Secure and Trusted Boot for POWER9
We introduce support for Secure and Trusted Boot for POWER9 systems,
with equal functionality that we have on POWER8 systems, that is, we
have the mechanisms in place to boot to petitboot (i.e. to BOOTKERNEL).
See the stb-overview for full documentation of OPAL secure and trusted
boot.
-
allow secure boot if not enforcing it
We check the secure boot containers no matter what, only enforcing
secure boot if we're booting in secure mode. This gives us an extra
layer of checking firmware is legit even when secure mode isn't
enabled, as well as being really useful for testing. -
libstb/(create|print)-container: Sync with sb-signing-utils
The sb-signing-utils project has improved upon the skeleton
create-container tool that existed in skiboot, including being able
to (quite easily) create signed images.This commit brings in that code (and makes it build in the skiboot
build environment) and updates our skiboot..stb generating code to
use the development keys. This means that by default, skiboot build
process will let you build firmware that can do a secure boot
withdevelopment* keys.See signing-firmware-code for details on firmware signing.
We also update print-container as well, syncing it with the upstream
project.Derived from github.com:open-power/sb-signing-utils.git at
v0.3-5-gcb111c03ad7f (Some discussion ongoing on the changes,
another sync will come shortly) -
doc: update libstb documentation with POWER9 changes. See:
stb-overview.POWER9 changes reflected in the libstb:
- bumped ibm,secureboot node to v2
- added ibm,cvc node
- hash-algo superseded by hw-key-hash-size
-
libstb/cvc: update memory-region to point to /reserved-memory
The linux documentation, reserved-memory.txt, says that
memory-region is a phandle that pairs to a children of
/reserved-memory.This updates /ibm,secureboot/ibm,cvc/memory-region to point to
: /reserved-memory/secure-crypt-algo-code instead of
/ibm,hostboot/reserved-memory/secure-crypt-algo-code. -
libstb: add support for ibm,secureboot-v2
ibm,secureboot-v2 changes:
- The Container Verification Code is represented by the ibm,cvc
node. - Each ibm,cvc child describes a CVC service.
- hash-algo is superseded by hw-key-hash-size.
- The Container Verification Code is represented by the ibm,cvc
-
hdata/tpmrel.c: add ibm, cvc device tree node
In P9, the Container Verification Code is stored in a hostboot
reserved memory and the list of provided CVC services is stored in
the TPMREL_IDATA_HASH_VERIF_OFFSETS idata array. Each CVC
service has an offset and version.This adds the ibm,cvc device tree node and its documentation.
-
hdata/tpmrel.c: add firmware event log info to the tpm node
This parses the firmware event log information from the
secureboot_tpm_info HDAT structure and add it to the tpm device
tree node.There can be multiple secureboot_tpm_info entries with each entry
corresponding to a master processor that has a tpm device, however,
multiple tpm is not supported. -
hdata/spira: add ibm,secureboot node in P9
In P9, skiboot builds the device tree from the HDAT. These are the
"ibm,secureboot" node changes compared to P8:- The Container-Verification-Code (CVC), a.k.a. ROM code, is no
longer stored in a secure ROM with static address. In P9, it
is stored in a hostboot reserved memory and each service
provided also has a version, not only an offset. - The hash-algo property is not provided via HDAT, instead it
provides the hw-key-hash-size, which is indeed the information
required by the CVC to verify containers.
This parses the iplparams_sysparams HDAT structure and creates the
"ibm,secureboot", which is bumped to "ibm,secureboot-v2".In "ibm,secureboot-v2":
- hash-algo property is superseded by hw-key-hash-size.
- container verification code is explicitly described by a child
node. Added in a subsequent patch.
See device-tree/ibm,secureboot for documentation.
- The Container-Verification-Code (CVC), a.k.a. ROM code, is no
-
libstb/tpm_chip.c: define pr_fmt and fix messages logged
This defines pr_fmt and also fix messages logged:
- EV_SEPARATOR instead of 0xFFFFFFFF
- when an event is measured it also prints the tpm id, event
type and event log length
Now we can filter the messages logged by libstb and its sub-modules
by running: :grep STB /sys/firmware/opal/msglog
-
libstb/tss: update the list of event types supported
Skiboot, precisely the tpmLogMgr, initializes the firmware event log
by calculating its length so that a new event can be recorded
without exceeding the log size. In order to calculate the size, it
walks through the log until it finds a specific event type. However,
if the log has an unknown event type, the tpmLogMgr will not be able
to reach the end of the log.This updates the list of event types with all of those supported by
hostboot. Thus, skiboot can properly calculate the event log length. -
tpm_i2c_nuvoton: add nuvoton, npct601 to the compatible property
The linux kernel doesn't have a driver compatible with
"nuvoton,npct650", but it does have for "nuvoton,npct601", which
should also be compatible with npct650.This adds "nuvoton,npct601" to the compatible devtree property.
-
libstb/trustedboot.c: import stb_final() from stb.c
The stb_final() primary goal is to measure the event EV_SEPARATOR
into PCR[0-7] when trusted boot is about to exit the boot
services.This imports the stb_final() from stb.c into trustedboot.c, but
making the following changes:- Rename it to trustedboot_exit_boot_services().
- As specified in the TCG PC Client specification, EV_SEPARATOR
events must be logged with the name 0xFFFFFF. - Remove the ROM driver clean-up call.
- Don't allow code to be measured in skiboot after
trustedboot_exit_boot_services() is called.
-
libstb/cvc.c: import softrom behaviour from drivers/sw_driver.c
Softrom is used only for testing with mambo. By setting
compatible="ibm,secureboot-v1-softrom" in the "ibm,secureboot" node,
firmware images can be properly measured even if the
Container-Verification-Code (CVC) is not available. In this case,
the mbedtls_sha512() function is used to calculate the sha512 hash
of the firmware images.This imports the softrom behaviour from libstb/drivers/sw_driver.c
code into cvc.c, but now softrom is implemented as a flag. When the
flag is set, the wrappers for the CVC services work the same way as
in sw_driver.c. -
libstb/trustedboot.c: import tb_measure() from stb.c
This imports tb_measure() from stb.c, but now it calls the CVC
sha512 wrapper to calculate the sha512 hash of the firmware image
provided.In trustedboot.c, the tb_measure() is renamed to
trustedboot_measure().The new function, trustedboot_measure(), no longer checks if the
container payload hash calculated at boot time matches with the hash
found in the container header. A few reasons:-
If the system admin wants the container header to be
checked/validated, the secure boot jumper must be set.
Otherwise, the container header information may not be reliable. -
The container layout is expected to change over time. Skiboot
would need to maintain a parser for each container layout
change. -
Skiboot could be checking the hash against a container version that
: is not supported by the Container-Verification-Code (CVC).
The tb\_measure() calls are updated to trustedboot\_measure() in a subsequent patch.
-
-
libstb/secureboot.c: import sb_verify() from stb.c
This imports the sb_verify() function from stb.c, but now it calls
the CVC verify wrapper in order to verify signed firmware images.
The hw-key-hash and hw-key-hash-size initialized in secureboot.c are
passed to the CVC verify function wrapper.In secureboot.c, the sb_verify() is renamed to
secureboot_verify(). The sb_verify() calls are updated in a
subsequent patch.
XIVE
-
xive: Don't bother cleaning up disabled EQs in reset
Additionally, warn if we find an enabled one that isn't one of the
firmware built-in queues. -
xive: Warn on valid VPs found in abnormal cases
If an allocated VP is left valid at xive_reset() or Linux tries to
free a valid (enabled) VP block, print errors. The former happens
occasionally if kdump'ing while KVM is running so keep it as a debug
message. The latter is a programming error in Linux so use a an
error log level. -
xive: Properly reserve built-in VPs in non-group mode
This is not normally used but if the #define is changed to disable
block group mode we would incorrectly clear the buddy completely
without marking the built-in VPs reserved. -
xive: Quieten debug messages in standard builds
This makes a bunch of messages, especially the per-CPU ones, only
enabled in debug builds. This avoids clogging up the OPAL logs with
XIVE related messages that have proven not being particularly useful
for field defects. -
xive: Implement "single escalation" feature
This adds a new VP flag to control the new DD2.0 "single escalation"
feature.This feature allows us to have a single escalation interrupt per VP
instead of one per queue.It works by hijacking queue 7 (which is this no longer usable when
that is enabled) and exploiting two new hardware bits that will:- Make the normal queues (0..6) escalate unconditionally thus
ignoring the ESe bits. - Route the above escalations to queue 7
- Have queue 7 silently escalate without notification
Thus the escalation of queue 7 becomes the one escalation interrupt
for all the other queues. - Make the normal queues (0..6) escalate unconditionally thus
-
xive: When disabling a VP, wipe all of its settings
-
xive: Improve cleaning up of EQs
Factors out the function that sets an EQ back to a clean state and
add a cleaning pass for queue left enabled when freeing a block of
VPs. -
xive: When disabling an EQ, wipe all of its settings
This avoids having configuration bits left over
-
xive: Define API for single-escalation VP mode
This mode allows all queues of a VP to use the same escalation
interrupt, at the cost of losing priority 7.This adds the definition and documentation of the API, the
implementation will come next. -
xive: Fix ability to clear some EQ flags
We could never clear "unconditional notify" and "escalate"
-
xive: Update inits for DD2.0
This updates some inits based on information from the HW designers.
This includes enabling some new DD2.0 features that we don't yet
exploit. -
xive: Ensure VC informational FIRs are masked
Some HostBoot versions leave those as checkstop, they are harmless
and can sometimes occur during normal operations. -
xive: Fix occasional VC checkstops in xive_reset
The current workaround for the scrub bug described in
__xive_cache_scrub() has an issue in that it can leave dirty
invalid entries in the cache.When cleaning up EQs or VPs during reset, if we then remove the
underlying indirect page for these entries, the XIVE will checkstop
when trying to flush them out of the cache.This replaces the existing workaround with a new pair of workarounds
for VPs and EQs:-
The VP one does the dummy watch on another entry than the one we
scrubbed (which does the job of pushing old stores out) using an
entry that is known to be backed by a permanent indirect page. -
The EQ one switches to a more efficient workaround
: which consists of doing a non-side-effect ESB load from the EQ's
ESe control bits. -
-
xive: Do not return a trigger page for an escalation interrupt
This is bogus, we don't support them. (Thankfully the callers didn't
actually try to use this on escalation interrupts). -
xive: Mark a freed IRQs IVE as valid and masked
Removing the valid bit means a FIR will trip if it's accessed
inadvertently. Under some circumstances, the XIVE will speculatively
access an IVE for a masked interrupt and trip it. So make sure that
freed entries are still marked valid (but masked).
PCI
-
pci: Shared slot state synchronisation for hot reset
When a device is shared between two PHBs, it doesn't get reset
properly unless both PHBs issue a hot reset at "the same time".
Practically this means a hot reset needs to be issued on both sides,
and neither should bring the link up until the reset on both has
completed. -
pci: Track peers of slots
Witherspoon introduced a new concept where one physical slot is
shared between two PHBs. Making a slot aware of its peer enables
syncing between them where necessary.
PHB4
-
phb4: Change PCI MMIO timers
Currently we have a mismatch between the NCU and PCI timers for MMIO
accesses. The PCI timers must be lower than the NCU timers otherwise
it may cause checkstops.This changes PCI timeouts controlled by skiboot to 33-50ms. It
should be forwards and backwards compatible with expected hostboot
changes to the NCU timer. -
phb4: Change default GEN3 lane equalisation setting to 0x54
Currently our GEN3 lane equalisation settings are set to 0x77.
Change this to 0x54. This change will allow us to train at GEN3 in a
shorter time and more consistently.This setting gives us a TX preset 0x4 and RX hint 0x5. This gives a
boost in gain for high frequency signalling. It allows the most
optimal continuous time linear equalizers (CTLE) for the remote
receiver port and de-emphasis and pre-shoot for the remote
transmitter port.Machine Readable Workbooks (MRW) are moving to this new value also.
-
phb4: Init changes
These init changes for phb4 from the HW team.
Link down are now endpoint recoverable (ERC) rather than PHB fatal
errors.BLIF Completion Timeout Error now generate an interrupt rather than
causing freeze events. -
phb4: Fix lane equalisation setting
Fix cut and paste from phb3. The sizes have changes now we have
GEN4, so the check here needs to change alsoWithout this we end up with the default settings (all '7') rather
than what's in HDAT. -
hdata: Fix copying GEN4 lane equalisation settings
These aren't copied currently but should be.
-
phb4: Fix PE mapping of M32 BAR
The M32 BAR is the PHB4 region used to map all the non-prefetchable
or 32-bit device BARs. It's supposed to have its segments remapped
via the MDT and Linux relies on that to assign them individual PE#.However, we weren't configuring that properly and instead used the
mode where PE# == segment#, thus causing EEH to freeze the wrong
device or PE#. -
phb4: Fix lost bit in PE number on config accesses
A PE number can be up to 9 bits, using a uint8_t won't fly..
That was causing error on config accesses to freeze the wrong PE.
-
phb4: Update inits
New init value from HW folks for the fence enable register.
This clears bit 17 (CFG Write Error CA or UR response) and bit 22
(MMIO Write DAT_ERR Indication) and sets bit 21 (MMIO CFG Pending
Error)
CAPI
-
capi: Disable CAPP virtual machines
When exercising more than one CAPI accelerators simultaneously in
cache coherency mode, the verification team is seeing a deadlock. To
fix this a workaround of disabling CAPP virtual machines is
suggested. These 'virtual machines' let PSL queue multiple CAPP
commands for servicing by CAPP there by increasing throughput. Below
is the error scenario described by the h/w team:" With virtual machines enabled we had a deadlock scenario where
with 2 or more CAPI's in a system you could get in a deadlock
scenario due to cast-outs that are required break the deadlock
(evict lines that another CAPI is requesting) get stuck in the
virtual machine queue by a command ahead of it that is being retried
by the same scenario in the other CAPI. " -
capi: Perform capp recovery sequence only when PBCQ is idle
Presently during a CRESET the CAPP recovery sequence can be executed
multiple times in case PBCQ on the PEC is still busy processing
in/out bound in-flight transactions. -
xive: Mask MMIO load/store to bad location FIR
For opencapi, the trigger page of an interrupt is mapped to user
space. The intent is to write the page to raise an interrupt but
there's nothing to prevent a user process from reading it, which has
the unfortunate consequence of checkstopping the system.Mask the FIR bit raised when an MMIO operation targets an invalid
location. It's the recommendation from recent documentation and
hostboot is expected to mask it at some point. In the meantime,
let's play it safe. -
phb4: Dump CAPP error registers when it asserts link down
This patch introduces a new function phb4_dump_app_err_regs()
that dumps CAPP error registers in case the PEC nestfir register
indicates that the fence was due to a CAPP error (BIT-24).Contents of these registers are helpful in diagnosing CAPP issues.
Registers that are dumped in phb4_dump_app_err_regs() are:- CAPP FIR Register
- CAPP APC Master Error Report Register
- CAPP Snoop Error Report Register
- CAPP Transport Error Report Register
- CAPP TLBI Error Report Register
- CAPP Error Status and Control Register
-
capi: move the acknowledge of the HMI interrupt
We need to acknowledge an eventual HMI initiated by the previous
forced fence on the PHB to work around a non-existent PE in the
phb4_creset() function. For this reason do_capp_recovery_scoms()
is called now at the beginning of the step:
PHB4_SLOT_CRESET_WAIT_CQ -
capi: update ci store buffers and dma engines
The number of read (APC type traffic) and mmio store (MSG type
traffic) resources assigned to the CAPP is controlled by the CAPP
control register.According to the type of CAPI cards present on the server, we have
to configure differently the CAPP messages and the DMA read engines
given to the CAPP for use.
HMI
-
core/hmi: Display chip location code while displaying core FIR.
-
core/hmi: Do not display FIR details if none of the bits are set.
So that we don't flood OPAL console logs with information that is
not useful. -
opal/hmi: HMI logging with location code info.
Add few HMI debug prints with location code info few additional
info.No functionality change.
With this patch the log messages will look like: :
[210612.175196744,7] HMI: Received HMI interrupt: HMER = 0x0840000000000000 [210612.175200449,7] HMI: [Loc: UOPWR.1302LFA-Node0-Proc1]: P:8 C:16 T:1: TFMR(2d12000870e04020) Timer Facility Error [210660.259689526,7] HMI: Received HMI interrupt: HMER = 0x2040000000000000 [210660.259695649,7] HMI: [Loc: UOPWR.1302LFA-Node0-Proc0]: P:0 C:16 T:1: Processor recovery Done.
-
core/hmi: Use pr_fmt macro for tagging log messages
No functionality changes.
-
opal: Get chip location code
and store it under proc_chip for quick reference during HMI
handling code.
Sensors
-
occ-sensors: Fix up quad/gpu location mix-up
The GPU and QUAD sensor location types are swapped compared to what
exists in the OCC code base which is authoritative. Fix them up. -
sensors: occ: Skip counter type of sensors
Don't add counter type of sensors to device-tree as they don't fit
into hwmon sensor interface. -
sensors: dts: Assert special wakeup on idle cores while reading
temperatureIn P9, when a core enters a stop state, its clocks will be stopped
to save power and hence we will not be able to perform a SCOM
operation to read the DTS temperature sensor. Hence, assert a
special wakeup on cores that have entered a stop state in order to
successfully complete the SCOM operation. -
sensors: occ: Skip power sensors with zero sample value
APSS is not available on platforms like Zaius, Romulus where OCC can
only measure Vdd (core) and Vdn (nest) power from the AVSbus
reading. So all the sensors for APSS channels will be populated
with 0. Different component power sensors like system, memory which
point to the APSS channels will also be 0.As per OCC team (Martha Broyles) zeroed power sensor means that the
system doesn't have it. So this patch filters out these sensors. -
sensors: occ: Skip GPU sensors for non-gpu systems
-
sensors: Fix dtc warning for new occ in-band sensors.
dtc complains about missing reg property when a DT node is having a
unit name or address but no reg property. :/ibm,opal/sensors/vrm-in@c00004 has a unit name, but no reg property /ibm,opal/sensors/gpu-in@c0001f has a unit name, but no reg property /ibm,opal/sensor-groups/occ-js@1c00040 has a unit name, but no reg property
This patch fixes these warnings for new occ in-band sensors and also
for sensor-groups by adding necessary properties. -
sensors: Fix dtc warning for dts sensors.
dtc complains about missing reg property when a DT node is having a
unit name or address but no reg property.Example warning for core dts sensor: :
/ibm,opal/sensors/core-temp@5c has a unit name, but no reg property /ibm,opal/sensors/core-temp@804 has a unit name, but no reg property
This patch fixes this by adding necessary properties.
-
hw/occ: Fix psr cpu-to-gpu sensors node dtc warning.
dtc complains about missing reg property when a DT node is having a
unit name or address but no reg property. :/ibm,opal/power-mgt/psr/cpu-to-gpu@0 has a unit name, but no reg property /ibm,opal/power-mgt/psr/cpu-to-gpu@100 has a unit name, but no reg property
This patch fixes this by adding necessary properties.
General fixes
-
lpc: Clear pending IRQs at boot
When we come in from hostboot the LPC master has the bus reset
indicator set. This error isn't handled until the host kernel
unmasks interrupts, at which point we get the following spurious
error: :[ 20.053560375,3] LPC: Got LPC reset on chip 0x0 ! [ 20.053564560,3] LPC[000]: Unknown LPC error Error address reg: 0x00000000
Fix this by clearing the various error bits in the LPC status
register before we initialise the skiboot LPC bus driver. -
hw/imc: Check ucode state before exposing units to Linux
disable_unavailable_units() checks whether the ucode is in the
running state before enabling the nest units in the device tree.
From a recent debug, it is found that on some system boot, ucode is
not loaded and running in all the chips in the system. And this
caused a fail in OPAL_IMC_COUNTERS_STOP call where we check for
ucode state on each chip. Bug here is that
disable_unavailable_units() checks the state of the ucode only in
boot cpu chip. Patch adds a condition in
disable_unavailable_units() to check for the ucode state in all
the chip before enabling the nest units in the device tree node. -
hdata/vpd: Add vendor property
ibm,vpd blob contains VN field. Use that to populate vendor property
for various FRU's. -
hdata/vpd: Fix DTC warnings
All the nodes under the vpd hierarchy have a unit address (their
SLCA index) but no reg properties. Add them and their size/address
cells to squash the warnings. -
HDAT/i2c: Fix SPD EEPROM compatible string
Hostboot doesn't give us accurate information about the DIMM SPD
devices. Hack around by assuming any EEPROM we find on the SPD I2C
master is an SPD EEPROM. -
hdata/i2c: Fix 512Kb EEPROM size
There's no such thing as a 412Kb EEPROM.
-
libflash/mbox-flash: fall back to requesting lower MBOX versions
from BMCSome BMC mbox implementations seem to sometimes mysteriously fail
when trying to negotiate v3 when they only support v2. To work
around this, we can fall back to requesting lower mbox protocol
versions until we find one that works.In theory, this should already "just work", but we have a counter
example, which this patch fixes. -
IPMI: Fix platform.cec_reboot() null ptr checks
Kudos to Hugo Landau who reported this in:
#142 -
hdata: Add location code property to xscom node
This patch adds chip location code property to xscom node.
-
p8-i2c: Limit number of retry attempts
Current we will attempt to start an I2C transaction until it
succeeds. In the event that the OCC does not release the lock on an
I2C bus this results in an async token being held forever and the
kernel thread that started the transaction will block forever while
waiting for an async completion message. Fix this by limiting the
number of attempts to start the transaction. -
p8-i2c: Don't write the watermark register at init
On P9 the I2C master is shared with the OCC. Currently the watermark
values are set once at init time which is bad for two reasons:a) We don't take the OCC master lock before setting it. Which may
cause issues if the OCC is currently using the master.
b) The OCC might change the watermark levels and we need to reset
them.Change this so that we set the watermark value when a new
transaction is started rather than at init time. -
hdata: Rename 'fsp-ipl-side' as 'sp-ipl-side'
as OPAL is building device tree for both FSP and BMC system. Also I
don't see anyone using this property today. Hence renaming should be
fine. -
hdata/vpd: add support for parsing CPU VRML records
Allows skiboot to parse out the processor part/serial numbers on
OpenPOWER P9 machines. -
core/lock: Introduce atomic cmpxchg and implement try_lock with it
cmpxchg will be used in a subsequent change, and this reduces the
amount of asm code. -
direct-controls: add xscom error handling for p8
Add xscom checks which will print something useful and return error
back to callers (which already have error handling plumbed in). -
direct-controls: p8 implementation of generic direct controls
This reworks the sreset functionality that was brought over from
fast-reboot, and fits it under the generic direct controls APIs.The fast reboot APIs are implemented using generic direct controls,
which also makes them available on p9. -
fast-reboot: allow mambo fast reboot independent of CPU type
Don't tie mambo fast reboot to POWER8 CPU type.
-
fast-reboot: remove delay after sreset
There is a 100ms delay when targets reach sreset which does not
appear to have a good purpose. Remove it and therefore reduce the
sreset timeout by the same amount. -
fast-reboot: add more barriers around cpu state changes
This is a bit of paranoia, but when a CPU changes state to signal it
has reached a particular point, all previous stores should be
visible. -
fast-reboot: add sreset timeout detection and handling
Have the initiator wait for all its sreset targets to call in, and
time out after 200ms if they did not. Fail and revert to IPL reboot.Testing indicates that after successful sreset_all_others(), it
takes less than 102ms (in hundreds of fast reboots) for secondaries
to call in. 100 of that is due to an initial delay, but core
un-splitting was not measured. -
fast-reboot: make spin loops consistent and SMT friendly
-
fast-reboot: add sreset_all_others error handling
Pass back failures from sreset_all_others, also change return
codes to OPAL form in sreset_all_prepare to match.Errors will revert to the IPL path, so it's not critical to
completely clean up everything if that would complicate things.
Detecting the error and failing is the important thing. -
fast-reboot: restore SMT priority on spin loop exit
-
Add documentation for ibm, firmware-versions device tree node
-
NX: Print read xscom config failures.
Currently in NX, only write xscom config failures are tracing. Add
trace statements for read xscom config failures too. No functional
changes. -
hw/nx: Fix NX BAR assignments
The NX rng BAR is used by each core to source random numbers for the
DARN instruction. Currently we configure each core to use the NX rng
of the chip that it exists on. Unfortunately, the NX can be
de-configured by hostboot and in this case we need to use the NX of
a different chip.This patch moves the BAR assignments for the NX into the normal
nx-rng init path. This lets us check if the normal (chip local) NX
is active when configuring which NX a core should use so that we can
fall back gracefully. -
FSP-elog: Reduce verbosity of elog messages
These messages just fill up the opal console log with useless
messages resulting in us losing useful information.They have been like this since the first commit in skiboot. Make
them trace. -
core/bitmap: fix bitmap iteration limit corruption
The bitmap iterators did not reduce the number of bits to scan when
searching for the next bit, which would result in them overrunning
their bitmap.These are only used in one place, in xive reset, and the effect is
that the xive reset code will keep zeroing memory until it reaches a
block of memory of MAX_EQ_COUNT >> 3 bits in length, all
zeroes. -
hw/imc: always enable "imc_nest_chip" exports property
imc_dt_update_nest_node() adds a "imc_nest_chip" property to
the "exports" node (under opal_node) to view nest counter region.
This comes handy when debugging ucode runtime errors (like counter
data update or control block update so on...). And current code
enables the property only if the microcode is in running state at
system boot. To aid the debug of ucode not running/starting issues
at boot, enable the addition of "imc_nest_chip" property always.
NVLINK2
-
npu2-hw-procedures.c: Correct phy lane mapping
Each NVLINK2 device is associated with a particular group of OBUS
lanes via a lane mask which is read from HDAT via the device-tree.
However Skiboot's interpretation of lane mask was different to what
is exported from the HDAT.Specifically the lane mask bits in the HDAT are encoded in IBM bit
ordering for a 24-bit wide value. So for example in normal bit
ordering lane-0 is represented by having lane-mask bit 23 set and
lane-23 is represented by lane-mask bit 0. This patch alters the
Skiboot interpretation to match what is passed from HDAT. -
npu2-hw-procedures.c: Power up lanes during ntl reset
Newer versions of Hostboot will not power up the NVLINK2 PHY lanes
by default. The phy_reset procedure already powers up the lanes but
they also need to be powered up in order to access the DL.The reset_ntl procedure is called by the device driver to bring the
DL out of reset and get it into a working state. Therefore we also
need to add lane and clock power up to the reset_ntl procedure. -
npu2.c: Add PE error detection
Invalid accesses from the GPU can cause a specific PE to be frozen
by the NPU. Add an interrupt handler which reports the frozen PE to
the operating system via as an EEH event. -
npu2.c: Fix XIVE IRQ alignment
-
npu2: hw-procedures: Refactor reset_ntl procedure
Change the implementation of reset_ntl to match the latest
programming guide documentation. -
npu2: hw-procedures: Add phy_rx_clock_sel()
Change the RX clk mux control to be done by software instead of HW.
This avoids glitches caused by changing the mux setting. -
npu2: hw-procedures: Change phy_rx_clock_sel values
The clock selection bits we set here are inputs to a state machine.
DL clock select (bits 30-31)
0b00
: lane 0 clock
0b01
: lane 7 clock
0b10
: grid clock
0b11
: invalid/no-op
To recover from a potential glitch, we need to ensure that the value
we set forces a state change. Our current sequence is to set 0x3
followed by 0x1. With the above now known, that is actually a no-op
followed by selection of lane 7. Depending on lane reversal, that
selection is not a state change for some bricks.The way to force a state change in all cases is to switch to the
grid clock, and then back to a lane. -
npu2: hw-procedures: Manipulate IOVALID during training
Ensure that the IOVALID bit for this brick is raised at the start of
link training, in the reset_ntl procedure.Then, to protect us from a glitch when the PHY clock turns off or
gets chopped, lower IOVALID for the duration of the phy_reset and
phy_rx_dccal procedures. -
npu2: hw-procedures: Add check_credits procedure
As an immediate mitigation for a current hardware glitch, add a
procedure that can be used to validate NTL credit values. This will
be called as a safeguard to check that link training succeeded.Assert that things are exactly as we expect, because if they aren't,
the system will experience a catastrophic failure shortly after the
start of link traffic. -
npu2: Print bdfn in NPU2DEV* logging macros
Revise the NPU2DEV{DBG,INF,ERR} logging macros to include the
device's bdfn. It's useful to know exactly which link we're
referring to.For instance, instead of :
[ 234.044921238,6] NPU6: Starting procedure reset_ntl [ 234.048578101,6] NPU6: Starting procedure reset_ntl [ 234.051049676,6] NPU6: Starting procedure reset_ntl [ 234.053503542,6] NPU6: Starting procedure reset_ntl [ 234.057182864,6] NPU6: Starting procedure reset_ntl [ 234.059666137,6] NPU6: Starting procedure reset_ntl
we'll get :
[ 234.044921238,6] NPU6:0:0.0 Starting procedure reset_ntl [ 234.048578101,6] NPU6:0:0.1 Starting procedure reset_ntl [ 234.051049676,6] NPU6:0:0.2 Starting procedure reset_ntl [ 234.053503542,6] NPU6:0:1.0 Starting procedure reset_ntl [ 234.057182864,6] NPU6:0:1.1 Starting procedure reset_ntl [ 234.059666137,6] NPU6:0:1.2 Starting procedure reset_ntl
-
npu2: Move to new GPU memory map
There are three different ways we configure the MCD and memory map.
Old way (current way) : Skiboot configures the MCD and puts GPUs at 4TB and below
New way with MCD : Hostboot configures the MCD and skiboot puts GPU at 4TB and above
New way without MCD : No one configures the MCD and skiboot puts GPU at 4TB and below
The patch keeps option 1 and adds options 2 and 3.
The different configurations are detected using certain scoms (see
patch).Option 1 will go away eventually as it's a configuration that can
cause xstops or data integrity problems. We are keeping it around to
support existing hostboot.Option 2 supports only 4 GPUs and 512GB of memory per socket.
Option 3 supports 6 GPUs and 4TB of memory but may have some
performance impact. -
phys-map: Rename GPU_MEM to GPU_MEM_4T_DOWN
This map is soon to be replaced, but we are going to keep it around
for a little while so that we support older hostboot firmware.
Platform Specific Fixes
Witherspoon
-
Witherspoon: Remove old Witherspoon platform definition
An old Witherspoon platform definition was added to aid the
transition from versions of Hostboot which didn't have the correct
NVLINK2 HDAT information available and/or planar VPD. These system
should now be updated so remove the possibly incorrect default
assumption.This may disable NVLINK2 on old out-dated systems but it can easily
be restored with the appropriate FW and/or VPD updates. In any case
there is a a 50% chance the existing default behaviour was incorrect
as it only supports 6 GPU systems. Using an incorrect platform
definition leads to undefined behaviour which is more difficult to
detect/debug than not creating the NVLINK2 devices so remove the
possibly incorrect default behaviour. -
Witherspoon: Fix VPD EEPROM type
There are user-space tools that update the planar VPD via the sysfs
interface. Currently we do not get correct information from hostboot
about the exact type of the EEPROM so we need to manually fix it up
here. This needs to be done as a platform specific fix since there
is not standardised VPD EEPROM type.
IBM FSP Systems
-
nvram: Fix 'missing' nvram on FSP systems.
commit ba4d46f ("console: Set log level from nvram") wants to
read from NVRAM rather early. This works fine on BMC based systems
as nvram_init() is actually synchronous. This is not true for FSP
systems and it turns out that the query for the console log level
simply queries blank nvram.The simple fix is to wait for the NVRAM read to complete before
performing any query. Unfortunately it turns out that the fsp-nvram
code does not inform the generic NVRAM layer when the read is
complete, rather, it must be prompted to do so.This patch addresses both these problems. This patch adds a check
before the first read of the NVRAM (for the console log level) that
the read has completed. The fsp-nvram code has been updated to
inform the generic layer as soon as the read completes.The old prompt to the fsp-nvram code has been removed but a check to
ensure that the NVRAM has been loaded remains. It is conservative
but if the NVRAM is not done loading before the host is booted it
will not have an nvram device-tree node which means it won't be able
to access the NVRAM at all, ever, even after the NVRAM has loaded.
Utilities
-
Fix xscom-utils distclean target
In Debian/Ubuntu, the packaging system likes to have a full clean-up
that restores the tree back to original one, so add some files to
the distclean target. -
Add man pages for xscom-utils and pflash
For the need of Debian/Ubuntu packaging, I inferred some initial man
pages from their help output.
gard
-
gard: Add tests
I hear Stewart likes these for some reason. Dunno why.
-
gard: Add OpenBMC vPNOR support
A big-ol-hack to add some checking for OpenBMC's vPNOR GUARD files
under /media/pnor-prsv. This isn't ideal since it doesn't handle the
create case well, but it's better than nothing. -
gard: Always use MTD to access flash
Direct mode is generally either unsafe or unsupported. We should
always access the PNOR via an MTD device so make that the default.
If someone really needs direct mode, then they can use pflash. -
gard: Fix up do_create return values
The return value of a subcommand is interpreted as a libflash error
code when it's positive or some subcommand specific error when
negative. Currently the create subcommand always returns zero when
exiting (even for errors) so fix that. -
gard: Add usage message for -p
The -p argument only really makes sense when -f is specified. Print
an actual error message rather than just the usage blob. -
gard: Fix max instance count
There's an entire byte for the instance count rather than a nibble.
Only barf if the instance number is beyond 255 rather than 16. -
gard: Fix up path parsing
Currently we assume that the Unit ID can be used as an array index
into the chip_units[] structure. There are holes in the ID space
though, so this doesn't actually work. Fix it up by walking the
array looking for the ID. -
gard: Set chip generation based on PVR
Currently we assume that this tool is being used on a P8 system by
default and allow the user to override this behaviour using the -8
and -9 command line arguments. When running on the host we can use
the PVR to guess what chip generation so do that.This also changes the default behaviour to assume that the host is a
P9 when running on an ARM system. This tool didn't even work when
compiled for ARM until recently and the OpenBMC vPNOR hack that we
have currently is broken for P9 systems that don't use vPNOR (Zaius
and Romulus). -
gard: Allow records with an ID of 0xffffffff
We currently assume that a record with an ID of 0xffffffff is
invalid. Apparently this is incorrect and we should display these
records, so expand the check to compare the entire record with 0xff
rather than just the ID. -
gard: create: Allow creating arbitrary GARD records
Add a new sub-command that allows us to create GARD records for
arbitrary chip units. There isn't a whole lot of constraints on this
and that limits how useful it can be, but it does allow a user to
GARD out individual DIMMs, chips or cores from the BMC (or host) if
needed.There are a few caveats though:
-
Not everything can, or should, have a GARD record applied it to.
-
There is no validation that the unit actually exists. Doing that
sort of validation requires something that understands the FAPI
targeting information (I think) and adding support for it here
would require some knowledge from the system XML file. -
There's no way to get a list of paths in the system.
-
Although we can create a GARD record at runtime it won't be applied
: until the next IPL.
-
-
gard: Add path parsing support
In order to support manual GARD records we need to be able to parse
the hardware unit path strings. This patch implements that. -
gard: list: Improve output
Display the full path to the GARDed hardware unit in each record
rather than relying on the output of gard show and convert
do_list() to use the iterator while we're here. -
gard: {list, show}: Fix the Type field in the output
The output of gard list has a field named "Type", however this
doesn't actually indicate the type of the record. Rather, it shows
the type of the path used to identify the hardware being GARDed.
This is of pretty dubious value considering the Physical path seems
to always be used when referring to GARDed hardware. -
gard: Add P9 support
-
gard: Update chip unit data
Source the list of units from the hostboot source rather than the
previous hard coded list. The list of path element types changes
between generations so we need to add a level of indirection to
accommodate P9. This also changes the names used to match those
printed by Hostboot at IPL time and paves the way to adding support
for manual GARD record creation. -
gard: show: Remove "Res Recovery" field
This field has never been populated by hostboot on OpenPower systems
so there's no real point in reporting it's contents.
libflash / pflash
Anybody shipping libflash or pflash to interact with POWER9 systems must
upgrade to this version.
-
pflash: Support for volatile flag
The volatile flag was added to the PNOR image to indicate partitions
that are cleared during a host power off. Display this flag from the
pflash command. -
pflash: Support for clean_on_ecc_error flag
Add the misc flag clear_on_ecc_error to libflash/pflash. This was
the only missing flag. The generator of the virtual PNOR image
relies on libflash/pflash to provide the partition information, so
all flags are needed to build an accurate virtual PNOR partition
table. -
pflash: Respect write(2) return values
The write(2) system call returns the number of bytes written, this
is important since it is entitled to write less than what we
requested. Currently we ignore the return value and assume it wrote
everything we requested. While in practice this is likely to always
be the case, it isn't actually correct. -
external/pflash: Fix erasing within a single erase block
It is possible to erase within a single erase block. Currently the
pflash code assumes that if the erase starts part way into an erase
block it is because it needs to be aligned up to the boundary with
the next erase block.Doing an erase smaller than a single erase block will cause
underflows and looping forever on erase. -
external/pflash: Fix non-zero return code for successful read when
size%256 != 0When performing a read the return value from pflash is non-zero,
even for a successful read, when the size being read is not a
multiple of 256. This is because do_read_file returns the value
from the write system call which is then returned by pflash. When
the size is a multiple of 256 we get lucky in that this wraps around
back to zero. However for any other value the return code is size
% 256. This means even when the operation is successful the return
code will seem to reflect an error.Fix this by returning zero if the entire size was read correctly,
otherwise return the corresponding error code. -
libflash: Fix parity calculation on ARM
To calculate the ECC syndrome we need to calculate the parity of a
64bit number. On non-powerpc platforms we use the GCC builtin
function __builtin_parityl() to do this calculation. This is
broken on 32bit ARM where sizeof(unsigned long) is four bytes. Using
__builtin_parityll() instead cures this. -
libflash/mbox-flash: Add the ability to lock flash
-
libflash/mbox-flash: Understand v3
-
libflash/mbox-flash: Use BMC suggested timeout value
-
libflash/mbox-flash: Simplify message sending
hw/lpc-mbox no longer requires that the memory associated with
messages exist for the lifetime of the message. Once it has been
sent to the BMC, that is bmc_mbox_enqueue() returns, lpc-mbox does
not need the message to continue to exist. On the receiving side,
lpc-mbox will ensure that a message exists for the receiving
callback function.Remove all code to deal with allocating messages.
-
hw/lpc-mbox: Simplify message bookkeeping and timeouts
Currently the hw/lpc-mbox layer keeps a pointer for the currently
in-flight message for the duration of the mbox call. This creates
problems when messages timeout, is that pointer still valid, what
can we do with it. The memory is owned by the caller but if the
caller has declared a timeout, it may have freed that memory.Another problem is locking. This patch also locks around sending and
receiving to avoid races with timeouts and possible resends. There
was some locking previously which was likely insufficient -
definitely too hard to be sure is correctAll this is made much easier with the previous rework which moves
sequence number allocation and verification into lpc-mbox rather
than the caller. -
libflash/mbox-flash: Allow mbox-flash to tell the driver msg
timeoutsCurrently when mbox-flash decides that a message times out the
driver has no way of knowing to drop the message and will continue
waiting for a response indefinitely preventing more messages from
ever being sent.This is a problem if the BMC crashes or has some other issue where
it won't ever respond to our outstanding message.This patch provides a method for mbox-flash to tell the driver how
long it should wait before it no longer needs to care about the
response. -
libflash/mbox-flash: Move sequence handling to driver level
-
libflash/mbox-flash: Always close windows before opening a new
windowThe MBOX protocol states that if an open window command fails then
all open windows are closed. Currently, if an open window command
fails mbox-flash will erroneously assume that the previously open
window is still open.The solution to this is to mark all windows as closed before issuing
an open window command and then on success we'll mark the new window
as open. -
libflash/mbox-flash: Add v2 error codes
opal-prd
Anybody shipping opal-prd for POWER9 systems must upgrade opal-prd to
this new version.
-
prd: Log unsupported message type
Useful for debugging.
Sample output: :
[29155.157050283,7] PRD: Unsupported prd message type : 0xc
-
opal-prd: occ: Add support for runtime OCC load/start in ZZ
This patch adds support to handle OCC load/start event from FSP/PRD.
During IPL we send a success directly to FSP without invoking any
HBRT load routines on receiving OCC load mbox message from FSP. At
runtime we forward this event to host opal-prd.This patch provides support for invoking OCC load/start HBRT
routines like load_pm_complex() and start_pm_complex() from
opal-prd. -
opal-prd: Add support for runtime OCC reset in ZZ
This patch handles OCC_RESET runtime events in host opal-prd and
also provides support for calling 'hostinterface->wakeup()' which
is required for doing the reset operation. -
prd: Enable error logging via firmware_request interface
In P9 HBRT sends error logs to FSP via firmware_request interface.
This patch adds support to parse error log and send it to FSP. -
prd: Add generic response structure inside prd_fw_msg
This patch adds generic response structure. Also sync prd_fw_msg
type macros with hostboot. -
opal-prd: flush after logging to stdio in debug mode
When in debug mode, flush after each log output. This makes it more
likely that we'll catch failure reasons on severe errors.
Debugging and reliability improvements
-
lock: Add additional lock auditing code
Keep track of lock owner name and replace lock_depth counter with a
per-cpu list of locks held by the cpu.This allows us to print the actual locks held in case we hit the
(in)famous message about opal_pollers being run with a lock held.It also allows us to warn (and drop them) if locks are still held
when returning to the OS or completing a scheduled job. -
Add support for new GCC 7 parametrized stack protector
This gives us per-cpu guard values as well. For now I just XOR a
magic constant with the CPU PIR value. -
Mambo: run hello_world and sreset_world tests with Secure and
Trusted BootWe disable the secure boot part, but we keep the verified boot
part as we don't currently have container verification code for
Mambo.We can run a small part of the code currently though.
-
core/flash.c: extern function to get the name of a PNOR partition
This adds the flash_map_resource_name() to allow skiboot
subsystems to lookup the name of a PNOR partition. Thus, we don't
need to duplicate the same information in other places (e.g.
libstb). -
libflash/mbox-flash: only wait for MBOX_DEFAULT_POLL_MS if busy
This makes the mbox unit test run 300x quicker and seems to shave
about 6 seconds from boot time on Witherspoon. -
make check: Make valgrind optional
To (slightly) lower the barrier for contributions, we can make
valgrind optional with just a small amount of plumbing.This allows make check to run successfully without valgrind.
-
libflash/test: Add tests for mbox-flash
A first basic set of tests for mbox-flash. These tests do their
testing by stubbing out or otherwise replacing functions not in
libflash/mbox-flash.c. The stubbed out version of the function can
then be used to emulate a BMC mbox daemon talking to back to the
code in mbox-flash and it can ensure that there is some adherence to
the protocol and that from a block-level api point of view the world
appears sane.This makes these tests simple to run and they have been integrated
into make check. The down side is that these tests rely on
duplicated feature incomplete BMC daemon behaviour. Therefore these
tests are a strong indicator of broken behaviour but a very
unreliable indicator of correctness.Full integration tests with a 'real' BMC daemon are probably beyond
the scope of this repository. -
external/test/test.sh: fix VERSION substitution when no tags
i.e. we get a hash rather than a version number
This seems to be occurring in Travis if it doesn't pull a tag.
-
external/test: make stripping out version number more robust
For some bizarre reason, Travis started failing on this substitution
when there'd been zero code changes in this area... This at least
papers over whatever the problem is for the time being. -
io: Add load_wait() helper
This uses the standard form twi/isync pair to ensure a load is
consumed by the core before continuing. This can be necessary under
some circumstances for example when having the following sequence:- Store reg A
- Load reg A (ensure above store pushed out)
- delay loop
- Store reg A
I.E., a mandatory delay between 2 stores. In theory the first store
is only guaranteed to reach the device after the load from the same
location has completed. However the processor will start executing
the delay loop without waiting for the return value from the load.This construct enforces that the delay loop isn't executed until the
load value has been returned.I.E., a mandatory delay between 2 stores. In theory the first store
is only guaranteed to reach the device after the load from the same
location has completed. However the processor will start executing
the delay loop without waiting for the return value from the load.This construct enforces that the delay loop isn't executed until the
load value has been returned. -
chiptod: Keep boot timestamps contiguous
Currently we reset the timebase value to (almost) zero when
synchronising the timebase of each chip to the Chip TOD network
which results in this: :[ 42.374813167,5] CPU: All 80 processors called in... [ 2.222791151,5] FLASH: Found system flash: Macronix MXxxL51235F id:0 [ 2.222977933,5] BT: Interface initialized, IO 0x00e4
This patch modifies the chiptod_init() process to use the current
timebase value rather than resetting it to zero. This results in the
timestamps remaining contiguous from the start of hostboot until the
petikernel starts. e.g. :[ 70.188811484,5] CPU: All 144 processors called in... [ 72.458004252,5] FLASH: Found system flash: id:0 [ 72.458147358,5] BT: Interface initialized, IO 0x00e4
-
hdata/spira: Add missing newline to prlog() call
We're missing a n here.
-
opal/xscom: Add recovery for lost core wakeup SCOM failures.
Due to a hardware issue where core responding to SCOM was delayed
due to thread reconfiguration, leaves the SCOM logic in a state
where the subsequent SCOM to that core can get errors. This is
affected for Core PC SCOM registers in the range of
20010A80-20010ABFThe solution is if a xscom timeout occurs to one of Core PC SCOM
registers in the range of 20010A80-20010ABF, a clearing SCOM write
is done to 0x20010800 with data of '0x00000000' which will also get
a timeout but clears the SCOM logic errors. After the clearing write
is done the original SCOM operation can be retried.The SCOM timeout is reported as status 0x4 (Invalid address) in
HMER[21-23]. -
opal/xscom: Move the delay inside xscom_reset() function.
So caller of xscom_reset() does not have to bother about adding a
delay separately. Instead caller can control whether to add a delay
or not using second argument to xscom_reset(). -
timer: Stop calling list_top() racily
This will trip the debug checks in debug builds under some
circumstances and is actually a rather bad idea as we might look at
a timer that is concurrently being removed and modified, and thus
incorrectly assume there is no work to do. -
fsp: Bail out of HIR if FSP is resetting voluntarily
a. Surveillance response times out and OPAL triggers a HIR
b. Before the HIR process kicks in, OPAL gets a PSI interrupt
indicating link down
c. HIR process continues and OPAL tries to write to DRCR; PSI link
inactive => xstopOPAL should confirm that the FSP is not already in reset in the HIR
path. -
sreset_kernel: only run SMT tests due to not supporting re-entry
-
Use systemsim-p9 v1.1
-
direct-controls: enable fast reboot direct controls for mambo
Add mambo direct controls to stop threads, which is required for
reliable fast-reboot. Enable direct controls by default on mambo. -
core/opal: always verify cpu->pir on entry
-
asm/head: add entry/exit calls
Add entry and exit C functions that can do some more complex checks
before the opal proper call. This requires saving off volatile
registers that have arguments in them. -
core/lock: improve bust_locks
Prevent try_lock from modifying the lock state when bust_locks is
set. unlock will not unlock it in that case, so locks will get taken
and never released while bust_locks is set. -
hw/occ: Log proper SCOM register names
This patch fixes the logging of incorrect SCOM register names.
-
mambo: Add support for NUMA
Currently the mambo scripts can do multiple chips, but only the
first ever has memory.This patch adds support for having memory on each chip, with each
appearing as a separate NUMA node. Each node gets MEM_SIZE worth of
memory.It's opt-in, via
export MAMBO_NUMA=1
. -
external/mambo: Switch qtrace command to use plug-ins
The plug-in seems to be the preferred way to do this now, it works
better, and the qtracer emitter seems to generate invalid traces in
new mambo versions. -
asm/head: Loop after attn
We use the attn instruction to raise an error in early boot if OPAL
don't recognise the PVR. It's possible for hostboot to disable the
attn instruction before entering OPAL so add an extra busy loop
after the attn to prevent attempting to boot on an unknown
processor.