On Tue, Nov 26, 2019 at 1:13 AM John Garry <john.garry@xxxxxxxxxx> wrote:
On 21/11/2019 11:49, Will Deacon wrote:
Forcefully unbinding the Arm SMMU drivers is a pretty dangerous operation,
since it will likely lead to catastrophic failure for any DMA devices
mastering through the SMMU being unbound. When the driver then attempts
to "handle" the fatal faults, it's very easy to trip over dead data
structures, leading to use-after-free.
On John's machine, he reports that the machine was "unusable" due to
loss of the storage controller following a forced unbind of the SMMUv3
driver:
| # cd ./bus/platform/drivers/arm-smmu-v3
| # echo arm-smmu-v3.0.auto > unbind
| hisi_sas_v2_hw HISI0162:01: CQE_AXI_W_ERR (0x800) found!
| platform arm-smmu-v3.0.auto: CMD_SYNC timeout at 0x00000146
| [hwprod 0x00000146, hwcons 0x00000000]
Prevent this forced unbinding of the drivers by setting "suppress_bind_attrs"
to true.
This seems a reasonable approach for now.
BTW, I'll give this series a spin this week, which again looks to be
your iommu/module branch, excluding the new IORT patch.
Is this on a platform where of_devlink creates device links between
the iommu device and its suppliers?I'm guessing no? Because device
links should for unbinding of all the consumers before unbinding the
supplier.
Looks like it'll still allow the supplier to unbind if the consumers
don't allow unbinding. Is that the case here?