On Tue, Sep 17, 2019 at 06:59:50PM +0100, Will Deacon wrote: > On Mon, Sep 02, 2019 at 04:52:45PM +0200, Thierry Reding wrote: > > On Mon, Sep 02, 2019 at 03:22:35PM +0100, Robin Murphy wrote: > > > On 29/08/2019 12:14, Thierry Reding wrote: > > > > From: Thierry Reding <treding@xxxxxxxxxx> > > > > > > > > For device tree nodes, use the standard of_iommu_get_resv_regions() > > > > implementation to obtain the reserved memory regions associated with a > > > > device. > > > > > > This covers the window between iommu_probe_device() setting up a default > > > domain and the device's driver finally probing and taking control, but > > > iommu_probe_device() represents the point that the IOMMU driver first knows > > > about this device - there's still a window from whenever the IOMMU driver > > > itself probed up to here where the "unidentified" traffic may have already > > > been disrupted. Some IOMMU drivers have no option but to make the necessary > > > configuration during their own probe routine, at which point a struct device > > > for the display/etc. endpoint may not even exist yet. > > > > Yeah, I think I'm actually running into this issue with the ARM SMMU > > driver. The above works fine with the Tegra SMMU driver, though, because > > it doesn't touch the SMMU configuration until a device is attached to a > > domain. > > > > For anything earlier than iommu_probe_device(), I don't see a way of > > doing this generically. I've been working on a prototype to make these > > reserved memory regions early on for ARM SMMU but I've been failing so > > far. I think it would possibly work if we just switched the default for > > stream IDs to be "bypass" if they have any devices that have reserved > > memory regions, but again, this isn't quite working (yet). > > I think we should avoid the use of "bypass" outside of the IOMMU probe() > routine if at all possible, since it leaves the thing wide open if we don't > subsequently probe the master. > > Why can't we initialise a page-table early for StreamIDs with these > reserved regions, and then join that up later on if we see a device with > one of those StreamIDs attaching to a DMA domain? I suppose the nasty > case would be attaching to a domain that already has other masters > attached to it. Can we forbid that somehow for these devices? Otherwise, > I think we'd have to transiently switch to bypass whilst switching page > table. > > What problems did you run into trying to implement this? I picked this up again and was trying to make this work with your suggestion. Below is a rough draft and it seems to be working to some degree. Here's an extract of the log when I run this on Jetson TX2: [ 3.755328] arm-smmu 12000000.iommu: probing hardware configuration... [ 3.762187] arm-smmu 12000000.iommu: SMMUv2 with: [ 3.767137] arm-smmu 12000000.iommu: stage 1 translation [ 3.772806] arm-smmu 12000000.iommu: stage 2 translation [ 3.778471] arm-smmu 12000000.iommu: nested translation [ 3.784050] arm-smmu 12000000.iommu: stream matching with 128 register groups [ 3.791651] arm-smmu 12000000.iommu: 64 context banks (0 stage-2 only) [ 3.798603] arm-smmu 12000000.iommu: Supported page sizes: 0x61311000 [ 3.805460] arm-smmu 12000000.iommu: Stage-1: 48-bit VA -> 48-bit IPA [ 3.812310] arm-smmu 12000000.iommu: Stage-2: 48-bit IPA -> 48-bit PA [ 3.819159] arm-smmu 12000000.iommu: > arm_smmu_setup_identity(smmu=ffff0001eabcec80) [ 3.827373] arm-smmu 12000000.iommu: identity domain: ffff0001eaf8cae8 (ops: 0x0) [ 3.835614] arm-smmu 12000000.iommu: np: /ethernet@2490000 [ 3.841635] arm-smmu 12000000.iommu: np: /sdhci@3400000 [ 3.847315] arm-smmu 12000000.iommu: np: /sdhci@3420000 [ 3.852990] arm-smmu 12000000.iommu: np: /sdhci@3440000 [ 3.858683] arm-smmu 12000000.iommu: np: /sdhci@3460000 [ 3.864370] arm-smmu 12000000.iommu: np: /hda@3510000 [ 3.869897] arm-smmu 12000000.iommu: np: /usb@3530000 [ 3.875421] arm-smmu 12000000.iommu: np: /pcie@10003000 [ 3.881109] arm-smmu 12000000.iommu: np: /host1x@13e00000 [ 3.887012] arm-smmu 12000000.iommu: np: /host1x@13e00000/display-hub@15200000/display@15200000 [ 3.896344] arm-smmu 12000000.iommu: region: /reserved-memory/framebuffer@9607c000 [ 3.904707] arm-smmu 12000000.iommu: [mem 0x9607c000-0x9687bfff] [ 3.915719] arm-smmu 12000000.iommu: /iommu@12000000: 1 arguments [ 3.922487] arm-smmu 12000000.iommu: 0: 00000009 [ 3.927888] arm-smmu 12000000.iommu: SID: 0009 MASK: 7f80 [ 3.934132] arm-smmu 12000000.iommu: found index: 0 [ 3.939840] arm-smmu 12000000.iommu: np: /host1x@13e00000/display-hub@15200000/display@15210000 [ 3.949183] arm-smmu 12000000.iommu: np: /host1x@13e00000/display-hub@15200000/display@15220000 [ 3.958499] arm-smmu 12000000.iommu: np: /host1x@13e00000/vic@15340000 [ 3.965557] arm-smmu 12000000.iommu: np: /gpu@17000000 [ 3.971145] arm-smmu 12000000.iommu: np: /bpmp [ 3.976084] arm-smmu 12000000.iommu: < arm_smmu_setup_identity() [ 3.982613] arm-smmu 12000000.iommu: > arm_smmu_write_sme(smmu=ffff0001eabcec80, idx=0) [ 3.991072] arm-smmu 12000000.iommu: ARM_SMMU_GR0_S2CR(0) < 00020000 [ 3.997922] arm-smmu 12000000.iommu: ARM_SMMU_GR0_SMR(0) < ff800009 [ 4.004677] arm-smmu 12000000.iommu: < arm_smmu_write_sme() [ 4.010528] arm-smmu 12000000.iommu: > arm_smmu_write_sme(smmu=ffff0001eabcec80, idx=1) [ 4.018919] arm-smmu 12000000.iommu: ARM_SMMU_GR0_S2CR(1) < 00020000 [ 4.025773] arm-smmu 12000000.iommu: ARM_SMMU_GR0_SMR(1) < 00000000 [ 4.032543] arm-smmu 12000000.iommu: < arm_smmu_write_sme() ... There's a bunch of these, but idx=0 is the only one that's actually populated because it corresponds to the display controller. However, shortly after this I see a bunch of these: ... [ 7.588908] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x809; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications [ 7.589907] arm-smmu: > arm_smmu_of_xlate(dev=ffff0001eaecf010, args=ffff80001024bae8) [ 7.603599] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00000809, GFSYNR2 0x00000000 [ 7.604218] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x1409; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications [ 7.611956] arm-smmu: < arm_smmu_of_xlate() = 0 [ 7.622636] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00001409, GFSYNR2 0x00000000 [ 7.622658] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x1809; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications [ 7.622662] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00001809, GFSYNR2 0x00000000 [ 7.622676] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x409; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications [ 7.637739] arm-smmu 12000000.iommu: ARM_SMMU_GR0_S2CR(1) < 00000001 [ 7.642199] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00000409, GFSYNR2 0x00000000 [ 7.642216] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x9; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications [ 7.642221] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00000009, GFSYNR2 0x00000000 [ 7.642237] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x1c09; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications [ 7.652992] tegra-host1x 13e00000.host1x: Adding to iommu group 0 [ 7.667720] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00001c09, GFSYNR2 0x00000000 [ 7.667732] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x9; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications [ 7.667736] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00000009, GFSYNR2 0x00000000 [ 7.667748] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x1809; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications [ 7.667752] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00001809, GFSYNR2 0x00000000 [ 7.667765] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x9; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications [ 7.678511] arm-smmu 12000000.iommu: > arm_smmu_write_sme(smmu=ffff0001eabcec80, idx=1) [ 7.693158] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00000009, GFSYNR2 0x00000000 [ 7.693170] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x1009; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications [ 7.693174] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00001009, GFSYNR2 0x00000000 Note that stream ID 0x9 is TEGRA186_SID_NVDISPLAY, which is associated with the display controllers. One of these display controllers is live because it was turned on by the bootloader to show a splash screen. What I don't really understand is why it thinks that that stream ID is unknown. One possibility I see is that perhaps the S2CR(0) and/or SMR(0) registers might have gotten overwritten, but I don't see where that may happen. The errors stop eventually when the display controller is hooked up properly via the DMA API, but the whole purpose here is obviously to get to that point much earlier. Any ideas what I might be doing wrong? Any comments on the general approach? Thierry --- >8 --- diff --git a/drivers/iommu/arm-smmu.c b/drivers/iommu/arm-smmu.c index 9b2f920ff2f8..13c7282560e6 100644 --- a/drivers/iommu/arm-smmu.c +++ b/drivers/iommu/arm-smmu.c @@ -916,6 +916,7 @@ static void arm_smmu_write_smr(struct arm_smmu_device *smmu, int idx) if (!(smmu->features & ARM_SMMU_FEAT_EXIDS) && smr->valid) reg |= SMR_VALID; + dev_info(smmu->dev, " ARM_SMMU_GR0_SMR(%u) < %08x\n", idx, reg); arm_smmu_gr0_write(smmu, ARM_SMMU_GR0_SMR(idx), reg); } @@ -929,14 +930,17 @@ static void arm_smmu_write_s2cr(struct arm_smmu_device *smmu, int idx) if (smmu->features & ARM_SMMU_FEAT_EXIDS && smmu->smrs && smmu->smrs[idx].valid) reg |= S2CR_EXIDVALID; + dev_info(smmu->dev, " ARM_SMMU_GR0_S2CR(%u) < %08x\n", idx, reg); arm_smmu_gr0_write(smmu, ARM_SMMU_GR0_S2CR(idx), reg); } static void arm_smmu_write_sme(struct arm_smmu_device *smmu, int idx) { + dev_info(smmu->dev, "> %s(smmu=%px, idx=%d)\n", __func__, smmu, idx); arm_smmu_write_s2cr(smmu, idx); if (smmu->smrs) arm_smmu_write_smr(smmu, idx); + dev_info(smmu->dev, "< %s()\n", __func__); } /* @@ -1010,6 +1014,8 @@ static int arm_smmu_find_sme(struct arm_smmu_device *smmu, u16 id, u16 mask) static bool arm_smmu_free_sme(struct arm_smmu_device *smmu, int idx) { + pr_info("> %s(smmu=%px, idx=%d)\n", __func__, smmu, idx); + if (--smmu->s2crs[idx].count) return false; @@ -1017,6 +1023,7 @@ static bool arm_smmu_free_sme(struct arm_smmu_device *smmu, int idx) if (smmu->smrs) smmu->smrs[idx].valid = false; + pr_info("< %s()\n", __func__); return true; } @@ -1545,19 +1552,34 @@ static int arm_smmu_domain_set_attr(struct iommu_domain *domain, return ret; } -static int arm_smmu_of_xlate(struct device *dev, struct of_phandle_args *args) +static u32 arm_smmu_of_parse(struct device_node *np, const u32 *args, + unsigned int count) { - u32 mask, fwid = 0; + u32 fwid = 0, mask; - if (args->args_count > 0) - fwid |= FIELD_PREP(SMR_ID, args->args[0]); + if (count > 0) + fwid |= FIELD_PREP(SMR_ID, args[0]); - if (args->args_count > 1) - fwid |= FIELD_PREP(SMR_MASK, args->args[1]); - else if (!of_property_read_u32(args->np, "stream-match-mask", &mask)) + if (count > 1) + fwid |= FIELD_PREP(SMR_MASK, args[1]); + else if (!of_property_read_u32(np, "stream-match-mask", &mask)) fwid |= FIELD_PREP(SMR_MASK, mask); - return iommu_fwspec_add_ids(dev, &fwid, 1); + return fwid; +} + +static int arm_smmu_of_xlate(struct device *dev, struct of_phandle_args *args) +{ + u32 fwid; + int ret; + + pr_info("> %s(dev=%px, args=%px)\n", __func__, dev, args); + + fwid = arm_smmu_of_parse(args->np, args->args, args->args_count); + ret = iommu_fwspec_add_ids(dev, &fwid, 1); + + pr_info("< %s() = %d\n", __func__, ret); + return ret; } static void arm_smmu_get_resv_regions(struct device *dev, @@ -1877,6 +1899,138 @@ static int arm_smmu_device_cfg_probe(struct arm_smmu_device *smmu) return 0; } +static int arm_smmu_setup_identity(struct arm_smmu_device *smmu) +{ + struct arm_smmu_domain *identity; + struct device *dev = smmu->dev; + unsigned long page_size; + struct device_node *np; + int ret; + + dev_info(dev, "> %s(smmu=%px)\n", __func__, smmu); + + /* create early identity mapping */ + smmu->identity = arm_smmu_domain_alloc(IOMMU_DOMAIN_UNMANAGED); + if (!smmu->identity) { + dev_err(dev, "failed to create identity domain\n"); + return -ENOMEM; + } + + dev_info(dev, " identity domain: %px (ops: %ps)\n", smmu->identity, smmu->identity->ops); + smmu->identity->type = IOMMU_DOMAIN_UNMANAGED; + smmu->identity->ops = &arm_smmu_ops; + + ret = arm_smmu_init_domain_context(smmu->identity, smmu); + if (ret < 0) { + dev_err(dev, "failed to initialize identity domain: %d\n", ret); + return ret; + } + + page_size = 1UL << __ffs(smmu->identity->pgsize_bitmap); + identity = to_smmu_domain(smmu->identity); + + for_each_node_with_property(np, "iommus") { + struct arm_smmu_smr *smrs = smmu->smrs; + struct of_phandle_iterator it; + struct of_phandle_args args; + unsigned int index = 0; + bool mapped = false; + + dev_info(dev, " np: %pOF\n", np); + + /* parse memory regions and add them to the identity mapping */ + of_for_each_phandle(&it, ret, np, "memory-region", NULL, 0) { + int prot = IOMMU_READ | IOMMU_WRITE; + dma_addr_t start, limit, iova; + struct resource res; + + dev_info(dev, " region: %pOF\n", it.node); + + ret = of_address_to_resource(it.node, 0, &res); + if (ret < 0) { + continue; + } + + /* XXX check that region is not empty? */ + dev_info(dev, " %pR\n", &res); + + start = ALIGN(res.start, page_size); + limit = ALIGN(res.start + resource_size(&res), page_size); + + for (iova = start; iova < limit; iova += page_size) { + phys_addr_t phys; + + phys = iommu_iova_to_phys(smmu->identity, iova); + if (phys) { + continue; + } + + ret = iommu_map(smmu->identity, iova, iova, + page_size, prot); + if (ret < 0) { + dev_err(dev, "failed to map %pad: %d\n", &iova, ret); + continue; + } + + mapped = true; + } + } + + if (!mapped) + continue; + + /* add stream IDs to the identity mapping */ + while (!of_parse_phandle_with_args(np, "iommus", "#iommu-cells", + index, &args)) { + unsigned int i, idx; + u16 sid, mask; + u32 fwid; + + dev_info(dev, " %pOF: %d arguments\n", args.np, args.args_count); + + for (i = 0; i < args.args_count; i++) + dev_info(dev, " %u: %08x\n", i, args.args[i]); + + /* XXX check that args.np is the SMMU */ + if (args.np != smmu->dev->of_node) { + dev_info(dev, " master %u is not one of ours: %pOF\n", index, args.np); + index++; + continue; + } + + fwid = arm_smmu_of_parse(args.np, args.args, args.args_count); + sid = FIELD_GET(SMR_ID, fwid); + mask = FIELD_GET(SMR_MASK, fwid); + + dev_info(dev, " SID: %04x MASK: %04x\n", sid, mask); + + ret = arm_smmu_find_sme(smmu, sid, mask); + if (ret < 0) { + dev_err(dev, "failed to find SME: %d\n", ret); + index++; + continue; + } + + idx = ret; + dev_info(dev, " found index: %u\n", idx); + + if (smrs && smmu->s2crs[idx].count == 0) { + smrs[idx].id = sid; + smrs[idx].mask = mask; + smrs[idx].valid = true; + } + + smmu->s2crs[idx].count++; + + //arm_smmu_write_sme(smmu, idx); + index++; + } + } + + dev_info(dev, "< %s()\n", __func__); + return 0; +} + struct arm_smmu_match_data { enum arm_smmu_arch_version version; enum arm_smmu_implementation model; @@ -1976,6 +2130,8 @@ static int arm_smmu_device_dt_probe(struct platform_device *pdev, struct device *dev = &pdev->dev; bool legacy_binding; + pr_info("> %s(pdev=%px, smmu=%px)\n", __func__, pdev, smmu); + if (of_property_read_u32(dev->of_node, "#global-interrupts", &smmu->num_global_irqs)) { dev_err(dev, "missing #global-interrupts property\n"); @@ -2001,6 +2157,7 @@ static int arm_smmu_device_dt_probe(struct platform_device *pdev, if (of_dma_is_coherent(dev->of_node)) smmu->features |= ARM_SMMU_FEAT_COHERENT_WALK; + pr_info("< %s()\n", __func__); return 0; } @@ -2118,6 +2275,10 @@ static int arm_smmu_device_probe(struct platform_device *pdev) if (err) return err; + err = arm_smmu_setup_identity(smmu); + if (err) + return err; + if (smmu->version == ARM_SMMU_V2) { if (smmu->num_context_banks > smmu->num_context_irqs) { dev_err(dev, diff --git a/drivers/iommu/arm-smmu.h b/drivers/iommu/arm-smmu.h index 6b6b877135de..001e60a3d18c 100644 --- a/drivers/iommu/arm-smmu.h +++ b/drivers/iommu/arm-smmu.h @@ -280,6 +280,8 @@ struct arm_smmu_device { /* IOMMU core code handle */ struct iommu_device iommu; + + struct iommu_domain *identity; }; enum arm_smmu_context_fmt {
Attachment:
signature.asc
Description: PGP signature