On Mon, 9 Dec 2019 14:07:02 +0000 Robin Murphy <robin.murphy@xxxxxxx> wrote: > On 09/12/2019 1:28 pm, Peter Geis wrote: > > I'm back with more pcie fun on the rk3399. > > I'm trying to get pcie passthrough working for a vm on the rk3399, > > and have encountered some roadblocks. > > That much I can help with somewhat: the major impediment is that > RK3399 doesn't have an IOMMU in front of PCIe. For the more limited case of defending against attacks from hostile/buggy firmware on PCIe devices: is it possible to use the RK3399 PCIe "inbound address translation" support instead of an IOMMU? The RK3399 TRM, v1.3 "Part 2", section 17.5.5.2.1 explains how to configure address translation (including a base/bounds check) for inbound-to-SoC memory writes, but details are quite sparse. Linux appears to not use this functionality; from drivers/pci/controller/pcie-rockchip-host.c we can see that it disables the base/bounds (sets them to the entire 32-bit space, which is all RAM on RK3399 since it supports only 4GB) and passes all 32 bits of incoming memory writes: static int rockchip_pcie_prog_ib_atu(struct rockchip_pcie *rockchip, int region_no, u8 num_pass_bits, u32 lower_addr, u32 upper_addr) ... static int rockchip_pcie_cfg_atu(struct rockchip_pcie *rockchip) { ... err = rockchip_pcie_prog_ib_atu(rockchip, 2, 32 - 1, 0x0, 0); Is this a dead end? If not I might pursue it, if I can get the necessary documentation. I couldn't find any mention of ATS in the RK3399 manual; if the PCIe RC allows that then all bets are off anyways. - a