On Mon, Sep 09, 2024 at 07:03:53PM +0200, Jan Kiszka wrote: > Changes in v6: > - make restricted DMA memory-region available to all pci-keystone > devices, moving property to unconditional section (patch 2) > > Changes in v5: > - resolve review comments on pci-host bindings > - reduce DMA memory regions to 1 - swiotlb does not support more > - move activation into overlay (controlled via firmware) > - use ks_init_vmap helper instead of loop in > rework ks_init_restricted_dma > - add more comments to pci-keystone > - use 2 chained TLBs of PVU to support maximum of swiotlb (320 MB) > > Changes in v4: > - reorder patch queue, moving all DTS changes to the back > - limit activation to IOT2050 Advanced variants > - move DMA pool to allow firmware-based expansion it up to 512M > > Changes in v3: > - fix ti,am654-pvu.yaml according to review comments > - address review comments on ti,am65-pci-host.yaml > - differentiate between different compatibles in ti,am65-pci-host.yaml > - move pvu nodes to k3-am65-main.dtsi > - reorder patch series, pulling bindings and generic DT bits to the front > > Changes in v2: > - fix dt_bindings_check issues (patch 1) > - address first review comments (patch 2) > - extend ti,am65-pci-host bindings for PVU (new patch 3) > > Only few of the K3 SoCs have an IOMMU and, thus, can isolate the system > against DMA-based attacks of external PCI devices. The AM65 is without > an IOMMU, but it comes with something close to it: the Peripheral > Virtualization Unit (PVU). > > The PVU was originally designed to establish static compartments via a > hypervisor, isolate those DMA-wise against each other and the host and > even allow remapping of guest-physical addresses. But it only provides > a static translation region, not page-granular mappings. Thus, it cannot > be handled transparently like an IOMMU. > > Now, to use the PVU for the purpose of isolated PCI devices from the > Linux host, this series takes a different approach. It defines a > restricted-dma-pool for the PCI host, using swiotlb to map all DMA > buffers from a static memory carve-out. And to enforce that the devices > actually follow this, a special PVU soc driver is introduced. The driver > permits access to the GIC ITS and otherwise waits for other drivers that > detect devices with constrained DMA to register pools with the PVU. > > For the AM65, the first (and possibly only) driver where this is > introduced is the pci-keystone host controller. Finally, this series > provides a DT overlay for the IOT2050 Advanced devices (all have > MiniPCIe or M.2 extension slots) to make use of this protection scheme. > Application of this overlay will be handled by firmware. > > Due to the cross-cutting nature of these changes, multiple subsystems > are affected. However, I wanted to present the whole thing in one series > to allow everyone to review with the complete picture in hands. If > preferred, I can also split the series up, of course. I'm not sure where this ended up. The pci-keystone.c patch looks OK to me, and I don't see any comments from the PCI folks who normally take care of host controller drivers. I guess it depends on the soc PVU driver, so I'll ack the keystone part and whoever takes the soc part can include it. > CC: Bjorn Helgaas <bhelgaas@xxxxxxxxxx> > CC: "Krzysztof Wilczyński" <kw@xxxxxxxxx> > CC: linux-pci@xxxxxxxxxxxxxxx > CC: Lorenzo Pieralisi <lpieralisi@xxxxxxxxxx> > > Jan Kiszka (7): > dt-bindings: soc: ti: Add AM65 peripheral virtualization unit > dt-bindings: PCI: ti,am65: Extend for use with PVU > soc: ti: Add IOMMU-like PVU driver > PCI: keystone: Add support for PVU-based DMA isolation on AM654 > arm64: dts: ti: k3-am65-main: Add PVU nodes > arm64: dts: ti: k3-am65-main: Add VMAP registers to PCI root complexes > arm64: dts: ti: iot2050: Add overlay for DMA isolation for devices > behind PCI RC > > .../bindings/pci/ti,am65-pci-host.yaml | 28 +- > .../bindings/soc/ti/ti,am654-pvu.yaml | 51 ++ > arch/arm64/boot/dts/ti/Makefile | 5 + > arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 38 +- > ...am6548-iot2050-advanced-dma-isolation.dtso | 33 ++ > drivers/pci/controller/dwc/pci-keystone.c | 108 ++++ > drivers/soc/ti/Kconfig | 4 + > drivers/soc/ti/Makefile | 1 + > drivers/soc/ti/ti-pvu.c | 500 ++++++++++++++++++ > include/linux/ti-pvu.h | 16 + > 10 files changed, 777 insertions(+), 7 deletions(-) > create mode 100644 Documentation/devicetree/bindings/soc/ti/ti,am654-pvu.yaml > create mode 100644 arch/arm64/boot/dts/ti/k3-am6548-iot2050-advanced-dma-isolation.dtso > create mode 100644 drivers/soc/ti/ti-pvu.c > create mode 100644 include/linux/ti-pvu.h > > -- > 2.43.0 >
