On 29/05/2019 15:05, Will Deacon wrote: > On Wed, May 29, 2019 at 01:55:48PM +0200, Marc Gonzalez wrote: > >> From: Robin Murphy <robin.murphy@xxxxxxx> >> >> Apparently, some Qualcomm arm64 platforms which appear to expose their >> SMMU global register space are still, in fact, using a hypervisor to >> mediate it by trapping and emulating register accesses. Sadly, some >> deployed versions of said trapping code have bugs wherein they go >> horribly wrong for stores using r31 (i.e. XZR/WZR) as the source >> register. > > ^^^ > This should be in the comment instead of "qcom bug". As you wish. I wasn't sure how much was too much. >> While this can be mitigated for GCC today by tweaking the constraints >> for the implementation of writel_relaxed(), to avoid any potential >> arms race with future compilers more aggressively optimising register >> allocation, the simple way is to just remove all the problematic >> constant zeros. For the write-only TLB operations, the actual value is >> irrelevant anyway and any old nearby variable will provide a suitable >> GPR to encode. The one point at which we really do need a zero to clear >> a context bank happens before any of the TLB maintenance where crashes >> have been reported, so is apparently not a problem... :/ > > Hmm. It would be nice to understand this a little better. In which cases > does XZR appear to work? There are 4 occurrences of writel_relaxed(0 in the driver. The following do not crash. Perhaps they run natively from NS EL1. [ SMMU + 008000] = 00000000 [ SMMU + 009000] = 00000000 [ SMMU + 00a000] = 00000000 [ SMMU + 00b000] = 00000000 [ SMMU + 00c000] = 00000000 [ SMMU + 00d000] = 00000000 The following do crash. They trap to some evil place. [ SMMU + 00006c] = 00000000 [ SMMU + 000068] = 00000000 [ SMMU + 000070] = 11190070 NB: with Robin's patch, we end up writing 0 anyway. It would be "fun" if the emulation puked at !0 Unlikely since it worked for +70 > Any reason not to make these obviously dummy values e.g.: > > /* > * Text from the commit message about broken hypervisor > */ > #define QCOM_DUMMY_VAL_NOT_XZR ~0U > > That makes the callsites much easier to understand and I doubt there's a > performance impact from allocating an extra register here. Robin, what sayeth thee? Should I spin a v3? Regards.
