On Thu, Oct 17, 2019 at 9:00 AM Marek Vasut <marek.vasut@xxxxxxxxx> wrote: > > On 10/17/19 3:06 PM, Robin Murphy wrote: > > On 17/10/2019 11:55, Marek Vasut wrote: > >> On 10/17/19 9:06 AM, Geert Uytterhoeven wrote: > >> > >> [...] > >> > >>>>>>> I suppose if your intent is to use inbound windows as a poor man's > >>>>>>> IOMMU to prevent accesses to the holes, then yes you would list them > >>>>>>> out. But I think that's wrong and difficult to maintain. You'd also > >>>>>>> need to deal with reserved-memory regions too. > >>>>>> > >>>>>> What's the problem with that? The bootloader has all that information > >>>>>> and can patch the DT correctly. In fact, in my specific case, I have > >>>>>> platform which can be populated with differently sized DRAM, so the > >>>>>> holes are also dynamically calculated ; there is no one DT then, the > >>>>>> bootloader is responsible to generate the dma-ranges accordingly. > >>>>> > >>>>> The problems are it doesn't work: > >>>>> > >>>>> Your dma-mask and offset are not going to be correct. > >>>>> > >>>>> You are running out of inbound windows. Your patch does nothing to > >>>>> solve that. The solution would be merging multiple dma-ranges entries > >>>>> to a single inbound window. We'd have to do that both for dma-mask and > >>>>> inbound windows. The former would also have to figure out which > >>>>> entries apply to setting up dma-mask. I'm simply suggesting just do > >>>>> that up front and avoid any pointless splits. > >>>> > >>>> But then the PCI device can trigger a transaction to non-existent DRAM > >>>> and cause undefined behavior. Surely we do not want that ? > >>> > >>> The PCI device will trigger transactions to memory only when instructed > >>> to do so by Linux, right? Hence if Linux takes into account > >>> chosen/memory > >>> and dma-ranges, there is no problem? > >> > >> Unless of course the remote device initiates a transfer. And if the > >> controller is programmed such that accesses to the missing DRAM in the > >> holes are not filtered out by the controller, then the controller will > >> gladly let the transaction through. Do we really want to let this > >> happen ? > > > > If you've got devices making random unsolicited accesses then who's to > > say they wouldn't also hit valid windows and corrupt memory? If it's > > happening at all you've already lost. > > Not necessarily. If your controller is programmed correctly with just > the ranges that are valid, then it will filter out at least the accesses > outside of valid memory. If it is programmed incorrectly, as you > suggest, then the accesses will go through, causing undefined behavior. > > And note that there is such weird buggy PCI hardware. A slightly > unrelated example are some of the ath9k, which are generating spurious > MSIs even if they are in legacy PCI IRQ mode. If the controller is > configured correctly, even those buggy cards work, because it can filter > the spurious MSIs out. If not, they do not. How do those devices work on h/w without inbound window configuration or they don't? How do the spurious MSIs only go to invalid addresses and not valid addresses? > That's why I would prefer to configure the controller correctly, not > just hope that nothing bad will come out of misconfiguring it slightly. Again, just handling the first N dma-ranges entries and ignoring the rest is not 'configure the controller correctly'. > > And realistically, if the address > > isn't valid then it's not going to make much difference anyway - in > > probably 99% of cases, either the transaction doesn't hit a window and > > the host bridge returns a completer abort, or it does hit a window, the > > AXI side returns DECERR or SLVERR, and the host bridge translates that > > into a completer abort. Consider also that many PCI IPs don't have > > discrete windows and just map the entirety of PCI mem space directly to > > the system PA space. > > And in that 1% of cases, we are OK with failure which could have been > easily prevented if the controller was programmed correctly ? That does > not look like a good thing. You don't need dma-ranges if you want to handle holes in DRAM. Use memblock to get this information. Then it will work if you boot using UEFI too. dma-ranges at the PCI bridge should be restrictions in the PCI bridge, not ones somewhere else in the system. Rob
