[Intel-wired-lan] [net-next PATCH v5] ice: support immediate firmware activation via devlink reload
Paul Menzel
pmenzel at molgen.mpg.de
Tue Oct 26 05:19:54 UTC 2021
Dear Jacob,
On 26.10.21 03:55, Jacob Keller wrote:
> The ice hardware contains an embedded chip with firmware which can be
> updated using devlink flash. The firmware which runs on this chip is
> referred to as the Embedded Management Processor firmware (EMP
> firmware).
>
> Activating the new firmware image currently requires that the system be
> rebooted. This is not ideal as rebooting the system can cause unwanted
> downtime.
>
> In practical terms, activating the firmware does not always require a
> full system reboot. In many cases it is possible to activate the EMP
> firmware immediately. There are a couple of different scenarios to
> cover.
>
> * The EMP firmware itself can be reloaded by issuing a special update
> to the device called an Embedded Management Processor reset (EMP
> reset). This reset causes the device to reset and reload the EMP
> firmware.
>
> * PCI configuration changes are only reloaded after a cold PCIe reset.
> Unfortunately there is no generic way to trigger this for a PCIe
> device without a system reboot.
>
> When performing a flash update, firmware is capable of responding with
> some information about the specific update requirements.
>
> The driver updates the flash by programming a secondary inactive bank
> with the contents of the new image, and then issuing a command to
> request to switch the active bank starting from the next load.
>
> The response to the final command for updating the inactive NVM flash
> bank includes an indication of the minimum reset required to fully
> update the device. This can be one of the following:
>
> * A full power on is required
> * A cold PCIe reset is required
> * An EMP reset is required
>
> The response to the command to switch flash banks includes an indication
> of whether or not the firmware will allow an EMP reset request.
>
> For most updates, an EMP reset is sufficient to load the new EMP
> firmware without issues. In some cases, this reset is not sufficient
> because the PCI configuration space has changed. When this could cause
> incompatibility with the new EMP image, the firmware is capable of
> rejecting the EMP reset request.
>
> Add logic to ice_fw_update.c to handle the response data flash update
> AdminQ commands.
>
> For the reset level, issue a devlink status notification informing the
> user of how to complete the update with a simple suggestion like
> "Activate new firmware by rebooting the system".
>
> Cache the status of whether or not firmware will restrict the EMP reset
> for use in implementing devlink reload.
>
> Implement support for devlink reload with the "fw_activate" flag. This
> allows user space to request the firmware be activated immediately.
>
> For the .reload_down handler, we will issue a request for the EMP reset
> using the appropriate firmware AdminQ command. If we know that the
> firmware will not allow an EMP reset, simply exit with a suitable
> netlink extended ACK message indicating that the EMP reset is not
> available.
>
> For the .reload_up handler, simply wait until the driver has finished
> resetting. Logic to handle processing of an EMP reset already exists in
> the driver as part of its reset and rebuild flows.
>
> Implement support for the devlink reload interface with the
> "fw_activate" action. This allows userspace to request activation of
> firmware without a reboot.
>
> Note that support for indicating the required reset and EMP reset
> restriction is not supported on old versions of firmware. The driver can
> determine if the two features are supported by checking the device
> capabilities report. I confirmed support has existed since at least
> version 5.5.2 as reported by the 'fw.mgmt' version. Support to issue the
> EMP reset request has existed in all version of the EMP firmware for the
> ice hardware.
>
> Check the device capabilities report to determine whether or not the
> indications are reported by the running firmware. If the reset
> requirement indication is not supported, always assume a full power on
> is necessary. If the reset restriction capability is not supported,
> always assume the EMP reset is available.
>
> Users can verify if the EMP reset has activated the firmware by using
> the devlink info report to check that the 'running' firmware version has
> updated. For example a user might do the following:
>
> # Check current version
> $ devlink dev info
>
> # Update the device
> $ devlink dev flash pci/0000:af:00.0 file firmware.bin
>
> # Confirm stored version updated
> $ devlink dev info
>
> # Reload to activate new firmware
> $ devlink dev reload pci/0000:af:00.0 action fw_activate
>
> # Confirm running version updated
> $ devlink dev info
>
> Finally, this change does *not* implement basic driver-only reload
> support. I did look into trying to do this. However, it requires
> significant refactor of how the ice driver probes and loads everything.
> The ice driver probe and allocation flows were not designed with such
> a reload in mind. Refactoring the flow to support this is beyond the
> scope of this change.
>
> Signed-off-by: Jacob Keller <jacob.e.keller at intel.com>
> ---
> Changes since v4
> * completely re-write commit message for clarity
> * Update devlink ice.rst with documentation about reload
> * expand the terms "EMP" and "empr" for clarity
> * Rename the ice_devlink_reload_down to ice_devlink_reload_empr_start and
> rename ice_devlink_reload_up to ice_devlink_reload_empr_finish. This is
> done to clarify their functionality. It is also done because any future
> support for devlink reload with driver reinit will want to continue
> re-using these functions to support firmware activation.
> * Increase the maximum wait time for EMP reset to complete to 2 minutes.
> It turns out that in practice the reset might take a while (longer than
> the original 20 seconds I had in v4 and earlier).
Wow, two minutes for a device reset. Systems with coreboot as firmware
(depending on the amount of memory) boot in less than one second. ;-)
Kexec might also be faster, or would it also take the same amount of
time for Linux to bring the device up?
> * Move the clearing of fw_emp_reset_disabled into the ice_rebuild logic.
> This ensures the flag is properly cleared even when the EMP reset was
> caused by another physical function.
> * Add comments explaining the various reset levels that the firmware can
> report.
>
> Changes since v3
> * correctly read response of NVM write activate from synchronous reply value
> instead of from the ARQ event. This fixes a bug where we never reported
> that EMP reset is available.
>
> Changes since v2
> * ensure DEVLINK_F_RELOAD gets set
> * rebase to avoid conflicts
>
>
> Documentation/networking/devlink/ice.rst | 24 ++-
> drivers/net/ethernet/intel/ice/ice.h | 1 +
> .../net/ethernet/intel/ice/ice_adminq_cmd.h | 7 +
> drivers/net/ethernet/intel/ice/ice_common.c | 12 ++
> drivers/net/ethernet/intel/ice/ice_devlink.c | 102 ++++++++++
> .../net/ethernet/intel/ice/ice_fw_update.c | 181 +++++++++++++++---
> .../net/ethernet/intel/ice/ice_fw_update.h | 2 +
> drivers/net/ethernet/intel/ice/ice_main.c | 8 +
> drivers/net/ethernet/intel/ice/ice_nvm.c | 19 +-
> drivers/net/ethernet/intel/ice/ice_nvm.h | 2 +-
> drivers/net/ethernet/intel/ice/ice_type.h | 4 +
> 11 files changed, 333 insertions(+), 29 deletions(-)
>
[…]
> +/**
> + * ice_devlink_reload_empr_finish - Wait for EMP reset to finish
> + * @devlink: pointer to the devlink instance reloading
> + * @action: the action requested
> + * @limit: limits imposed by userspace, such as not resetting
> + * @actions_performed: on return, indicate what actions actually performed
> + * @extack: netlink extended ACK structure
> + *
> + * Wait for driver to finish rebuilding after EMP reset is completed. This
> + * includes time to wait for both the actual device reset as well as the time
> + * for the driver's rebuild to complete.
> + */
> +static int
> +ice_devlink_reload_empr_finish(struct devlink *devlink,
> + enum devlink_reload_action action,
> + enum devlink_reload_limit limit,
> + u32 *actions_performed,
> + struct netlink_ext_ack *extack)
> +{
> + struct ice_pf *pf = devlink_priv(devlink);
> + int err;
> +
> + *actions_performed = BIT(DEVLINK_RELOAD_ACTION_FW_ACTIVATE);
> +
> + /* It can take a while for the device and driver to complete the reset
> + * and rebuild process.
> + */
> + err = ice_wait_for_reset(pf, 120 * HZ);
> + if (err) {
> + NL_SET_ERR_MSG_MOD(extack, "Device still resetting");
Some information for the user what to do might be nice. (How does the
log message look like?) Maybe:
Device still resetting after 2 min. Please reboot the system.
[…]
Thank you again for improving the patch set, and taking so much time to
answer my questions.
Reviewed-by: Paul Menzel <pmenzel at molgen.mpg.de>
Kind regards,
Paul
More information about the Intel-wired-lan
mailing list