Jon,
On 2021-12-08 13:26, Jon Nettleton wrote:
[...]
Even marking them as IOMMU_READ/WRITE is as much of an assumption as
using IOMMU_MMIO or IOMMU_CACHE. It just seems IOMMU_MMIO is the most
popular since all the examples use it for MSI doorbells in the
documentation.
We don't merge code based on assumptions that can easily break because
the specifications don't contemplate the details that are required.
I am interested why this concern is only being brought up at this point
on a patchset that has been on the mailing list for 8+ months?
See above. We don't merge code that we know can break and is based on
assumptions, we need to update the IORT specifications to make them
cover all the use cases - in a predictable way - and that's what we are
working on.
This is not really an answer to the question. The latest version of the
IORT RMR spec was published in Feb 2021. Why was this issue not
brought up with Rev 1 of this patchset? Instead you have wasted
10 months of developer and customer time. This could have easily been
turned into a code first spec change request, which is a valid option
for ACPI changes.
It was only on v5 of the patchset - *six months* after the original RFC
posting - that anyone even first started to question the initial
assumptions made about attributes[1], and even then somebody familiar
countered that it didn't appear to matter[2]. Sorry, but you don't get
to U-turn and throw unjust shade at Arm for not being prescient.
Yes, when those of us within Arm set out the initial RMR spec, an
assumption was made that it seemed reasonable for an OS to simply pick
some default strong memory type (Device or Normal-NC) and full
permissions if it did need to map RMRs at stage 1. That spec was
reviewed and published externally and no interested parties came forth
asking "hey, what about attributes?". Linux patches were written around
that assumption and proceeded through many rounds of review until we
eventually received sufficient feedback to demonstrate that the
assumption did not in fact hold well enough in general and there seemed
to be a genuine need for RMR attributes, and at that point we started
work on revising the spec.
In the meantime, these patches have sat at v7 for four months - the
*other* outstanding review comments have not been addressed; I still
don't recall seeing an answer about whether LX2160 or anything else
currently deployed actually *needs* cacheable mappings or whether it
could muddle through with the IOMMU_MMIO assumption until proper "RMR
v2" support arrived later; even if so, an interim workaround specific to
LX2160 could have been proposed but hasn't. It is hardly reasonable to
pretend that Arm or the upstream maintainers are responsible for a lack
of development activity on the part of the submitters, no matter how
much blatant misinformation is repeated on Twitter.
Regards,
Robin.
[1]
https://lore.kernel.org/linux-iommu/13c2499e-cc0c-d395-0d60-6c3437f206ac@xxxxxxx/
[2]
https://lore.kernel.org/linux-iommu/CABdtJHv2QBHNoWTyp51H-J_apc75imPj0FbrV70Tm8xuNjpiTA@xxxxxxxxxxxxxx/
This is based on a spec that has existed from Arm since 2020 with the
most recent revisions published in Feb 2021. The lack of RMR support
in the kernel is affecting real world products, and the ability for
SystemReady ES certified systems from just fully working with recent
distributions.
I answered above - if you have any questions please ask them, here,
as far as Linux code is concerned.
I understand this is taking a long time, it is also helping us
understand all the possible use cases and how to cover them in
a way that is maintainable in the long run.
Every month that this patchset has sat being unattended by the
maintainers is another kernel dev cycle missed, it is another
another distribution release where users need to add hackish
kernel command-line options to disable security features that
were forced on by default. Not to mention Linux is just one
platform. What if other platforms have already adopted the
existing spec? These are Arm specs and Arm maintainers and
yet nobody seems to agree on anything and absolutely nothing
has been achieved except wasting the time of Shameer, myself,
our companies, and our customers.
-Jon
Thanks,
Lorenzo
Even worse, is that without this patchset customers are forced to jump
through hoops to purposefully re-enable smmu bypass making their
systems less secure.
How is this a good experience for customers of SystemReady hardware
when for any mainline distribution to work the first thing they have
to do is make their system less secure?
-Jon
Thanks,
Robin.
