On 17/10/2019 11:55, Marek Vasut wrote:
On 10/17/19 9:06 AM, Geert Uytterhoeven wrote:
[...]
I suppose if your intent is to use inbound windows as a poor man's
IOMMU to prevent accesses to the holes, then yes you would list them
out. But I think that's wrong and difficult to maintain. You'd also
need to deal with reserved-memory regions too.
What's the problem with that? The bootloader has all that information
and can patch the DT correctly. In fact, in my specific case, I have
platform which can be populated with differently sized DRAM, so the
holes are also dynamically calculated ; there is no one DT then, the
bootloader is responsible to generate the dma-ranges accordingly.
The problems are it doesn't work:
Your dma-mask and offset are not going to be correct.
You are running out of inbound windows. Your patch does nothing to
solve that. The solution would be merging multiple dma-ranges entries
to a single inbound window. We'd have to do that both for dma-mask and
inbound windows. The former would also have to figure out which
entries apply to setting up dma-mask. I'm simply suggesting just do
that up front and avoid any pointless splits.
But then the PCI device can trigger a transaction to non-existent DRAM
and cause undefined behavior. Surely we do not want that ?
The PCI device will trigger transactions to memory only when instructed
to do so by Linux, right? Hence if Linux takes into account chosen/memory
and dma-ranges, there is no problem?
Unless of course the remote device initiates a transfer. And if the
controller is programmed such that accesses to the missing DRAM in the
holes are not filtered out by the controller, then the controller will
gladly let the transaction through. Do we really want to let this happen ?
If you've got devices making random unsolicited accesses then who's to
say they wouldn't also hit valid windows and corrupt memory? If it's
happening at all you've already lost. And realistically, if the address
isn't valid then it's not going to make much difference anyway - in
probably 99% of cases, either the transaction doesn't hit a window and
the host bridge returns a completer abort, or it does hit a window, the
AXI side returns DECERR or SLVERR, and the host bridge translates that
into a completer abort. Consider also that many PCI IPs don't have
discrete windows and just map the entirety of PCI mem space directly to
the system PA space.
I don't believe this is a valid argument for anything whichever way round.
Robin.
