| ================================ |
| Coherent Accelerator (CXL) Flash |
| ================================ |
| |
| Introduction |
| ============ |
| |
| The IBM Power architecture provides support for CAPI (Coherent |
| Accelerator Power Interface), which is available to certain PCIe slots |
| on Power 8 systems. CAPI can be thought of as a special tunneling |
| protocol through PCIe that allow PCIe adapters to look like special |
| purpose co-processors which can read or write an application's |
| memory and generate page faults. As a result, the host interface to |
| an adapter running in CAPI mode does not require the data buffers to |
| be mapped to the device's memory (IOMMU bypass) nor does it require |
| memory to be pinned. |
| |
| On Linux, Coherent Accelerator (CXL) kernel services present CAPI |
| devices as a PCI device by implementing a virtual PCI host bridge. |
| This abstraction simplifies the infrastructure and programming |
| model, allowing for drivers to look similar to other native PCI |
| device drivers. |
| |
| CXL provides a mechanism by which user space applications can |
| directly talk to a device (network or storage) bypassing the typical |
| kernel/device driver stack. The CXL Flash Adapter Driver enables a |
| user space application direct access to Flash storage. |
| |
| The CXL Flash Adapter Driver is a kernel module that sits in the |
| SCSI stack as a low level device driver (below the SCSI disk and |
| protocol drivers) for the IBM CXL Flash Adapter. This driver is |
| responsible for the initialization of the adapter, setting up the |
| special path for user space access, and performing error recovery. It |
| communicates directly the Flash Accelerator Functional Unit (AFU) |
| as described in Documentation/powerpc/cxl.rst. |
| |
| The cxlflash driver supports two, mutually exclusive, modes of |
| operation at the device (LUN) level: |
| |
| - Any flash device (LUN) can be configured to be accessed as a |
| regular disk device (i.e.: /dev/sdc). This is the default mode. |
| |
| - Any flash device (LUN) can be configured to be accessed from |
| user space with a special block library. This mode further |
| specifies the means of accessing the device and provides for |
| either raw access to the entire LUN (referred to as direct |
| or physical LUN access) or access to a kernel/AFU-mediated |
| partition of the LUN (referred to as virtual LUN access). The |
| segmentation of a disk device into virtual LUNs is assisted |
| by special translation services provided by the Flash AFU. |
| |
| Overview |
| ======== |
| |
| The Coherent Accelerator Interface Architecture (CAIA) introduces a |
| concept of a master context. A master typically has special privileges |
| granted to it by the kernel or hypervisor allowing it to perform AFU |
| wide management and control. The master may or may not be involved |
| directly in each user I/O, but at the minimum is involved in the |
| initial setup before the user application is allowed to send requests |
| directly to the AFU. |
| |
| The CXL Flash Adapter Driver establishes a master context with the |
| AFU. It uses memory mapped I/O (MMIO) for this control and setup. The |
| Adapter Problem Space Memory Map looks like this:: |
| |
| +-------------------------------+ |
| | 512 * 64 KB User MMIO | |
| | (per context) | |
| | User Accessible | |
| +-------------------------------+ |
| | 512 * 128 B per context | |
| | Provisioning and Control | |
| | Trusted Process accessible | |
| +-------------------------------+ |
| | 64 KB Global | |
| | Trusted Process accessible | |
| +-------------------------------+ |
| |
| This driver configures itself into the SCSI software stack as an |
| adapter driver. The driver is the only entity that is considered a |
| Trusted Process to program the Provisioning and Control and Global |
| areas in the MMIO Space shown above. The master context driver |
| discovers all LUNs attached to the CXL Flash adapter and instantiates |
| scsi block devices (/dev/sdb, /dev/sdc etc.) for each unique LUN |
| seen from each path. |
| |
| Once these scsi block devices are instantiated, an application |
| written to a specification provided by the block library may get |
| access to the Flash from user space (without requiring a system call). |
| |
| This master context driver also provides a series of ioctls for this |
| block library to enable this user space access. The driver supports |
| two modes for accessing the block device. |
| |
| The first mode is called a virtual mode. In this mode a single scsi |
| block device (/dev/sdb) may be carved up into any number of distinct |
| virtual LUNs. The virtual LUNs may be resized as long as the sum of |
| the sizes of all the virtual LUNs, along with the meta-data associated |
| with it does not exceed the physical capacity. |
| |
| The second mode is called the physical mode. In this mode a single |
| block device (/dev/sdb) may be opened directly by the block library |
| and the entire space for the LUN is available to the application. |
| |
| Only the physical mode provides persistence of the data. i.e. The |
| data written to the block device will survive application exit and |
| restart and also reboot. The virtual LUNs do not persist (i.e. do |
| not survive after the application terminates or the system reboots). |
| |
| |
| Block library API |
| ================= |
| |
| Applications intending to get access to the CXL Flash from user |
| space should use the block library, as it abstracts the details of |
| interfacing directly with the cxlflash driver that are necessary for |
| performing administrative actions (i.e.: setup, tear down, resize). |
| The block library can be thought of as a 'user' of services, |
| implemented as IOCTLs, that are provided by the cxlflash driver |
| specifically for devices (LUNs) operating in user space access |
| mode. While it is not a requirement that applications understand |
| the interface between the block library and the cxlflash driver, |
| a high-level overview of each supported service (IOCTL) is provided |
| below. |
| |
| The block library can be found on GitHub: |
| http://github.com/open-power/capiflash |
| |
| |
| CXL Flash Driver LUN IOCTLs |
| =========================== |
| |
| Users, such as the block library, that wish to interface with a flash |
| device (LUN) via user space access need to use the services provided |
| by the cxlflash driver. As these services are implemented as ioctls, |
| a file descriptor handle must first be obtained in order to establish |
| the communication channel between a user and the kernel. This file |
| descriptor is obtained by opening the device special file associated |
| with the scsi disk device (/dev/sdb) that was created during LUN |
| discovery. As per the location of the cxlflash driver within the |
| SCSI protocol stack, this open is actually not seen by the cxlflash |
| driver. Upon successful open, the user receives a file descriptor |
| (herein referred to as fd1) that should be used for issuing the |
| subsequent ioctls listed below. |
| |
| The structure definitions for these IOCTLs are available in: |
| uapi/scsi/cxlflash_ioctl.h |
| |
| DK_CXLFLASH_ATTACH |
| ------------------ |
| |
| This ioctl obtains, initializes, and starts a context using the CXL |
| kernel services. These services specify a context id (u16) by which |
| to uniquely identify the context and its allocated resources. The |
| services additionally provide a second file descriptor (herein |
| referred to as fd2) that is used by the block library to initiate |
| memory mapped I/O (via mmap()) to the CXL flash device and poll for |
| completion events. This file descriptor is intentionally installed by |
| this driver and not the CXL kernel services to allow for intermediary |
| notification and access in the event of a non-user-initiated close(), |
| such as a killed process. This design point is described in further |
| detail in the description for the DK_CXLFLASH_DETACH ioctl. |
| |
| There are a few important aspects regarding the "tokens" (context id |
| and fd2) that are provided back to the user: |
| |
| - These tokens are only valid for the process under which they |
| were created. The child of a forked process cannot continue |
| to use the context id or file descriptor created by its parent |
| (see DK_CXLFLASH_VLUN_CLONE for further details). |
| |
| - These tokens are only valid for the lifetime of the context and |
| the process under which they were created. Once either is |
| destroyed, the tokens are to be considered stale and subsequent |
| usage will result in errors. |
| |
| - A valid adapter file descriptor (fd2 >= 0) is only returned on |
| the initial attach for a context. Subsequent attaches to an |
| existing context (DK_CXLFLASH_ATTACH_REUSE_CONTEXT flag present) |
| do not provide the adapter file descriptor as it was previously |
| made known to the application. |
| |
| - When a context is no longer needed, the user shall detach from |
| the context via the DK_CXLFLASH_DETACH ioctl. When this ioctl |
| returns with a valid adapter file descriptor and the return flag |
| DK_CXLFLASH_APP_CLOSE_ADAP_FD is present, the application _must_ |
| close the adapter file descriptor following a successful detach. |
| |
| - When this ioctl returns with a valid fd2 and the return flag |
| DK_CXLFLASH_APP_CLOSE_ADAP_FD is present, the application _must_ |
| close fd2 in the following circumstances: |
| |
| + Following a successful detach of the last user of the context |
| + Following a successful recovery on the context's original fd2 |
| + In the child process of a fork(), following a clone ioctl, |
| on the fd2 associated with the source context |
| |
| - At any time, a close on fd2 will invalidate the tokens. Applications |
| should exercise caution to only close fd2 when appropriate (outlined |
| in the previous bullet) to avoid premature loss of I/O. |
| |
| DK_CXLFLASH_USER_DIRECT |
| ----------------------- |
| This ioctl is responsible for transitioning the LUN to direct |
| (physical) mode access and configuring the AFU for direct access from |
| user space on a per-context basis. Additionally, the block size and |
| last logical block address (LBA) are returned to the user. |
| |
| As mentioned previously, when operating in user space access mode, |
| LUNs may be accessed in whole or in part. Only one mode is allowed |
| at a time and if one mode is active (outstanding references exist), |
| requests to use the LUN in a different mode are denied. |
| |
| The AFU is configured for direct access from user space by adding an |
| entry to the AFU's resource handle table. The index of the entry is |
| treated as a resource handle that is returned to the user. The user |
| is then able to use the handle to reference the LUN during I/O. |
| |
| DK_CXLFLASH_USER_VIRTUAL |
| ------------------------ |
| This ioctl is responsible for transitioning the LUN to virtual mode |
| of access and configuring the AFU for virtual access from user space |
| on a per-context basis. Additionally, the block size and last logical |
| block address (LBA) are returned to the user. |
| |
| As mentioned previously, when operating in user space access mode, |
| LUNs may be accessed in whole or in part. Only one mode is allowed |
| at a time and if one mode is active (outstanding references exist), |
| requests to use the LUN in a different mode are denied. |
| |
| The AFU is configured for virtual access from user space by adding |
| an entry to the AFU's resource handle table. The index of the entry |
| is treated as a resource handle that is returned to the user. The |
| user is then able to use the handle to reference the LUN during I/O. |
| |
| By default, the virtual LUN is created with a size of 0. The user |
| would need to use the DK_CXLFLASH_VLUN_RESIZE ioctl to adjust the grow |
| the virtual LUN to a desired size. To avoid having to perform this |
| resize for the initial creation of the virtual LUN, the user has the |
| option of specifying a size as part of the DK_CXLFLASH_USER_VIRTUAL |
| ioctl, such that when success is returned to the user, the |
| resource handle that is provided is already referencing provisioned |
| storage. This is reflected by the last LBA being a non-zero value. |
| |
| When a LUN is accessible from more than one port, this ioctl will |
| return with the DK_CXLFLASH_ALL_PORTS_ACTIVE return flag set. This |
| provides the user with a hint that I/O can be retried in the event |
| of an I/O error as the LUN can be reached over multiple paths. |
| |
| DK_CXLFLASH_VLUN_RESIZE |
| ----------------------- |
| This ioctl is responsible for resizing a previously created virtual |
| LUN and will fail if invoked upon a LUN that is not in virtual |
| mode. Upon success, an updated last LBA is returned to the user |
| indicating the new size of the virtual LUN associated with the |
| resource handle. |
| |
| The partitioning of virtual LUNs is jointly mediated by the cxlflash |
| driver and the AFU. An allocation table is kept for each LUN that is |
| operating in the virtual mode and used to program a LUN translation |
| table that the AFU references when provided with a resource handle. |
| |
| This ioctl can return -EAGAIN if an AFU sync operation takes too long. |
| In addition to returning a failure to user, cxlflash will also schedule |
| an asynchronous AFU reset. Should the user choose to retry the operation, |
| it is expected to succeed. If this ioctl fails with -EAGAIN, the user |
| can either retry the operation or treat it as a failure. |
| |
| DK_CXLFLASH_RELEASE |
| ------------------- |
| This ioctl is responsible for releasing a previously obtained |
| reference to either a physical or virtual LUN. This can be |
| thought of as the inverse of the DK_CXLFLASH_USER_DIRECT or |
| DK_CXLFLASH_USER_VIRTUAL ioctls. Upon success, the resource handle |
| is no longer valid and the entry in the resource handle table is |
| made available to be used again. |
| |
| As part of the release process for virtual LUNs, the virtual LUN |
| is first resized to 0 to clear out and free the translation tables |
| associated with the virtual LUN reference. |
| |
| DK_CXLFLASH_DETACH |
| ------------------ |
| This ioctl is responsible for unregistering a context with the |
| cxlflash driver and release outstanding resources that were |
| not explicitly released via the DK_CXLFLASH_RELEASE ioctl. Upon |
| success, all "tokens" which had been provided to the user from the |
| DK_CXLFLASH_ATTACH onward are no longer valid. |
| |
| When the DK_CXLFLASH_APP_CLOSE_ADAP_FD flag was returned on a successful |
| attach, the application _must_ close the fd2 associated with the context |
| following the detach of the final user of the context. |
| |
| DK_CXLFLASH_VLUN_CLONE |
| ---------------------- |
| This ioctl is responsible for cloning a previously created |
| context to a more recently created context. It exists solely to |
| support maintaining user space access to storage after a process |
| forks. Upon success, the child process (which invoked the ioctl) |
| will have access to the same LUNs via the same resource handle(s) |
| as the parent, but under a different context. |
| |
| Context sharing across processes is not supported with CXL and |
| therefore each fork must be met with establishing a new context |
| for the child process. This ioctl simplifies the state management |
| and playback required by a user in such a scenario. When a process |
| forks, child process can clone the parents context by first creating |
| a context (via DK_CXLFLASH_ATTACH) and then using this ioctl to |
| perform the clone from the parent to the child. |
| |
| The clone itself is fairly simple. The resource handle and lun |
| translation tables are copied from the parent context to the child's |
| and then synced with the AFU. |
| |
| When the DK_CXLFLASH_APP_CLOSE_ADAP_FD flag was returned on a successful |
| attach, the application _must_ close the fd2 associated with the source |
| context (still resident/accessible in the parent process) following the |
| clone. This is to avoid a stale entry in the file descriptor table of the |
| child process. |
| |
| This ioctl can return -EAGAIN if an AFU sync operation takes too long. |
| In addition to returning a failure to user, cxlflash will also schedule |
| an asynchronous AFU reset. Should the user choose to retry the operation, |
| it is expected to succeed. If this ioctl fails with -EAGAIN, the user |
| can either retry the operation or treat it as a failure. |
| |
| DK_CXLFLASH_VERIFY |
| ------------------ |
| This ioctl is used to detect various changes such as the capacity of |
| the disk changing, the number of LUNs visible changing, etc. In cases |
| where the changes affect the application (such as a LUN resize), the |
| cxlflash driver will report the changed state to the application. |
| |
| The user calls in when they want to validate that a LUN hasn't been |
| changed in response to a check condition. As the user is operating out |
| of band from the kernel, they will see these types of events without |
| the kernel's knowledge. When encountered, the user's architected |
| behavior is to call in to this ioctl, indicating what they want to |
| verify and passing along any appropriate information. For now, only |
| verifying a LUN change (ie: size different) with sense data is |
| supported. |
| |
| DK_CXLFLASH_RECOVER_AFU |
| ----------------------- |
| This ioctl is used to drive recovery (if such an action is warranted) |
| of a specified user context. Any state associated with the user context |
| is re-established upon successful recovery. |
| |
| User contexts are put into an error condition when the device needs to |
| be reset or is terminating. Users are notified of this error condition |
| by seeing all 0xF's on an MMIO read. Upon encountering this, the |
| architected behavior for a user is to call into this ioctl to recover |
| their context. A user may also call into this ioctl at any time to |
| check if the device is operating normally. If a failure is returned |
| from this ioctl, the user is expected to gracefully clean up their |
| context via release/detach ioctls. Until they do, the context they |
| hold is not relinquished. The user may also optionally exit the process |
| at which time the context/resources they held will be freed as part of |
| the release fop. |
| |
| When the DK_CXLFLASH_APP_CLOSE_ADAP_FD flag was returned on a successful |
| attach, the application _must_ unmap and close the fd2 associated with the |
| original context following this ioctl returning success and indicating that |
| the context was recovered (DK_CXLFLASH_RECOVER_AFU_CONTEXT_RESET). |
| |
| DK_CXLFLASH_MANAGE_LUN |
| ---------------------- |
| This ioctl is used to switch a LUN from a mode where it is available |
| for file-system access (legacy), to a mode where it is set aside for |
| exclusive user space access (superpipe). In case a LUN is visible |
| across multiple ports and adapters, this ioctl is used to uniquely |
| identify each LUN by its World Wide Node Name (WWNN). |
| |
| |
| CXL Flash Driver Host IOCTLs |
| ============================ |
| |
| Each host adapter instance that is supported by the cxlflash driver |
| has a special character device associated with it to enable a set of |
| host management function. These character devices are hosted in a |
| class dedicated for cxlflash and can be accessed via `/dev/cxlflash/*`. |
| |
| Applications can be written to perform various functions using the |
| host ioctl APIs below. |
| |
| The structure definitions for these IOCTLs are available in: |
| uapi/scsi/cxlflash_ioctl.h |
| |
| HT_CXLFLASH_LUN_PROVISION |
| ------------------------- |
| This ioctl is used to create and delete persistent LUNs on cxlflash |
| devices that lack an external LUN management interface. It is only |
| valid when used with AFUs that support the LUN provision capability. |
| |
| When sufficient space is available, LUNs can be created by specifying |
| the target port to host the LUN and a desired size in 4K blocks. Upon |
| success, the LUN ID and WWID of the created LUN will be returned and |
| the SCSI bus can be scanned to detect the change in LUN topology. Note |
| that partial allocations are not supported. Should a creation fail due |
| to a space issue, the target port can be queried for its current LUN |
| geometry. |
| |
| To remove a LUN, the device must first be disassociated from the Linux |
| SCSI subsystem. The LUN deletion can then be initiated by specifying a |
| target port and LUN ID. Upon success, the LUN geometry associated with |
| the port will be updated to reflect new number of provisioned LUNs and |
| available capacity. |
| |
| To query the LUN geometry of a port, the target port is specified and |
| upon success, the following information is presented: |
| |
| - Maximum number of provisioned LUNs allowed for the port |
| - Current number of provisioned LUNs for the port |
| - Maximum total capacity of provisioned LUNs for the port (4K blocks) |
| - Current total capacity of provisioned LUNs for the port (4K blocks) |
| |
| With this information, the number of available LUNs and capacity can be |
| can be calculated. |
| |
| HT_CXLFLASH_AFU_DEBUG |
| --------------------- |
| This ioctl is used to debug AFUs by supporting a command pass-through |
| interface. It is only valid when used with AFUs that support the AFU |
| debug capability. |
| |
| With exception of buffer management, AFU debug commands are opaque to |
| cxlflash and treated as pass-through. For debug commands that do require |
| data transfer, the user supplies an adequately sized data buffer and must |
| specify the data transfer direction with respect to the host. There is a |
| maximum transfer size of 256K imposed. Note that partial read completions |
| are not supported - when errors are experienced with a host read data |
| transfer, the data buffer is not copied back to the user. |