Re: [PATCH 2/2] iommu: dma: Use of_iommu_get_resv_regions()

From: Thierry Reding
Date: Wed Nov 27 2019 - 09:16:42 EST

On Wed, Nov 27, 2019 at 01:16:54PM +0100, Thierry Reding wrote:
> On Tue, Sep 17, 2019 at 06:59:50PM +0100, Will Deacon wrote:
> > On Mon, Sep 02, 2019 at 04:52:45PM +0200, Thierry Reding wrote:
> > > On Mon, Sep 02, 2019 at 03:22:35PM +0100, Robin Murphy wrote:
> > > > On 29/08/2019 12:14, Thierry Reding wrote:
> > > > > From: Thierry Reding <treding@xxxxxxxxxx>
> > > > >
> > > > > For device tree nodes, use the standard of_iommu_get_resv_regions()
> > > > > implementation to obtain the reserved memory regions associated with a
> > > > > device.
> > > >
> > > > This covers the window between iommu_probe_device() setting up a default
> > > > domain and the device's driver finally probing and taking control, but
> > > > iommu_probe_device() represents the point that the IOMMU driver first knows
> > > > about this device - there's still a window from whenever the IOMMU driver
> > > > itself probed up to here where the "unidentified" traffic may have already
> > > > been disrupted. Some IOMMU drivers have no option but to make the necessary
> > > > configuration during their own probe routine, at which point a struct device
> > > > for the display/etc. endpoint may not even exist yet.
> > >
> > > Yeah, I think I'm actually running into this issue with the ARM SMMU
> > > driver. The above works fine with the Tegra SMMU driver, though, because
> > > it doesn't touch the SMMU configuration until a device is attached to a
> > > domain.
> > >
> > > For anything earlier than iommu_probe_device(), I don't see a way of
> > > doing this generically. I've been working on a prototype to make these
> > > reserved memory regions early on for ARM SMMU but I've been failing so
> > > far. I think it would possibly work if we just switched the default for
> > > stream IDs to be "bypass" if they have any devices that have reserved
> > > memory regions, but again, this isn't quite working (yet).
> >
> > I think we should avoid the use of "bypass" outside of the IOMMU probe()
> > routine if at all possible, since it leaves the thing wide open if we don't
> > subsequently probe the master.
> >
> > Why can't we initialise a page-table early for StreamIDs with these
> > reserved regions, and then join that up later on if we see a device with
> > one of those StreamIDs attaching to a DMA domain? I suppose the nasty
> > case would be attaching to a domain that already has other masters
> > attached to it. Can we forbid that somehow for these devices? Otherwise,
> > I think we'd have to transiently switch to bypass whilst switching page
> > table.
> >
> > What problems did you run into trying to implement this?
>
> I picked this up again and was trying to make this work with your
> suggestion. Below is a rough draft and it seems to be working to some
> degree. Here's an extract of the log when I run this on Jetson TX2:
>
> [ 3.755328] arm-smmu 12000000.iommu: probing hardware configuration...
> [ 3.762187] arm-smmu 12000000.iommu: SMMUv2 with:
> [ 3.767137] arm-smmu 12000000.iommu: stage 1 translation
> [ 3.772806] arm-smmu 12000000.iommu: stage 2 translation
> [ 3.778471] arm-smmu 12000000.iommu: nested translation
> [ 3.784050] arm-smmu 12000000.iommu: stream matching with 128 register groups
> [ 3.791651] arm-smmu 12000000.iommu: 64 context banks (0 stage-2 only)
> [ 3.798603] arm-smmu 12000000.iommu: Supported page sizes: 0x61311000
> [ 3.805460] arm-smmu 12000000.iommu: Stage-1: 48-bit VA -> 48-bit IPA
> [ 3.812310] arm-smmu 12000000.iommu: Stage-2: 48-bit IPA -> 48-bit PA
> [ 3.819159] arm-smmu 12000000.iommu: > arm_smmu_setup_identity(smmu=ffff0001eabcec80)
> [ 3.827373] arm-smmu 12000000.iommu: identity domain: ffff0001eaf8cae8 (ops: 0x0)
> [ 3.835614] arm-smmu 12000000.iommu: np: /ethernet@2490000
> [ 3.841635] arm-smmu 12000000.iommu: np: /sdhci@3400000
> [ 3.847315] arm-smmu 12000000.iommu: np: /sdhci@3420000
> [ 3.852990] arm-smmu 12000000.iommu: np: /sdhci@3440000
> [ 3.858683] arm-smmu 12000000.iommu: np: /sdhci@3460000
> [ 3.864370] arm-smmu 12000000.iommu: np: /hda@3510000
> [ 3.869897] arm-smmu 12000000.iommu: np: /usb@3530000
> [ 3.875421] arm-smmu 12000000.iommu: np: /pcie@10003000
> [ 3.881109] arm-smmu 12000000.iommu: np: /host1x@13e00000
> [ 3.887012] arm-smmu 12000000.iommu: np: /host1x@13e00000/display-hub@15200000/display@15200000
> [ 3.896344] arm-smmu 12000000.iommu: region: /reserved-memory/framebuffer@9607c000
> [ 3.904707] arm-smmu 12000000.iommu: [mem 0x9607c000-0x9687bfff]
> [ 3.915719] arm-smmu 12000000.iommu: /iommu@12000000: 1 arguments
> [ 3.922487] arm-smmu 12000000.iommu: 0: 00000009
> [ 3.927888] arm-smmu 12000000.iommu: SID: 0009 MASK: 7f80
> [ 3.934132] arm-smmu 12000000.iommu: found index: 0
> [ 3.939840] arm-smmu 12000000.iommu: np: /host1x@13e00000/display-hub@15200000/display@15210000
> [ 3.949183] arm-smmu 12000000.iommu: np: /host1x@13e00000/display-hub@15200000/display@15220000
> [ 3.958499] arm-smmu 12000000.iommu: np: /host1x@13e00000/vic@15340000
> [ 3.965557] arm-smmu 12000000.iommu: np: /gpu@17000000
> [ 3.971145] arm-smmu 12000000.iommu: np: /bpmp
> [ 3.976084] arm-smmu 12000000.iommu: < arm_smmu_setup_identity()
> [ 3.982613] arm-smmu 12000000.iommu: > arm_smmu_write_sme(smmu=ffff0001eabcec80, idx=0)
> [ 3.991072] arm-smmu 12000000.iommu: ARM_SMMU_GR0_S2CR(0) < 00020000
> [ 3.997922] arm-smmu 12000000.iommu: ARM_SMMU_GR0_SMR(0) < ff800009
> [ 4.004677] arm-smmu 12000000.iommu: < arm_smmu_write_sme()
> [ 4.010528] arm-smmu 12000000.iommu: > arm_smmu_write_sme(smmu=ffff0001eabcec80, idx=1)
> [ 4.018919] arm-smmu 12000000.iommu: ARM_SMMU_GR0_S2CR(1) < 00020000
> [ 4.025773] arm-smmu 12000000.iommu: ARM_SMMU_GR0_SMR(1) < 00000000
> [ 4.032543] arm-smmu 12000000.iommu: < arm_smmu_write_sme()
> ...
>
> There's a bunch of these, but idx=0 is the only one that's actually
> populated because it corresponds to the display controller. However,
> shortly after this I see a bunch of these:
>
> ...
> [ 7.588908] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x809; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications
> [ 7.589907] arm-smmu: > arm_smmu_of_xlate(dev=ffff0001eaecf010, args=ffff80001024bae8)
> [ 7.603599] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00000809, GFSYNR2 0x00000000
> [ 7.604218] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x1409; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications
> [ 7.611956] arm-smmu: < arm_smmu_of_xlate() = 0
> [ 7.622636] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00001409, GFSYNR2 0x00000000
> [ 7.622658] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x1809; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications
> [ 7.622662] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00001809, GFSYNR2 0x00000000
> [ 7.622676] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x409; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications
> [ 7.637739] arm-smmu 12000000.iommu: ARM_SMMU_GR0_S2CR(1) < 00000001
> [ 7.642199] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00000409, GFSYNR2 0x00000000
> [ 7.642216] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x9; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications
> [ 7.642221] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00000009, GFSYNR2 0x00000000
> [ 7.642237] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x1c09; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications
> [ 7.652992] tegra-host1x 13e00000.host1x: Adding to iommu group 0
> [ 7.667720] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00001c09, GFSYNR2 0x00000000
> [ 7.667732] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x9; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications
> [ 7.667736] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00000009, GFSYNR2 0x00000000
> [ 7.667748] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x1809; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications
> [ 7.667752] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00001809, GFSYNR2 0x00000000
> [ 7.667765] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x9; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications
> [ 7.678511] arm-smmu 12000000.iommu: > arm_smmu_write_sme(smmu=ffff0001eabcec80, idx=1)
> [ 7.693158] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00000009, GFSYNR2 0x00000000
> [ 7.693170] arm-smmu 12000000.iommu: Blocked unknown Stream ID 0x1009; boot with "arm-smmu.disable_bypass=0" to allow, but this may have security implications
> [ 7.693174] arm-smmu 12000000.iommu: GFSR 0x80000002, GFSYNR0 0x00000000, GFSYNR1 0x00001009, GFSYNR2 0x00000000
>
> Note that stream ID 0x9 is TEGRA186_SID_NVDISPLAY, which is associated
> with the display controllers. One of these display controllers is live
> because it was turned on by the bootloader to show a splash screen.
>
> What I don't really understand is why it thinks that that stream ID is
> unknown. One possibility I see is that perhaps the S2CR(0) and/or SMR(0)
> registers might have gotten overwritten, but I don't see where that may
> happen.
>
> The errors stop eventually when the display controller is hooked up
> properly via the DMA API, but the whole purpose here is obviously to get
> to that point much earlier.
>
> Any ideas what I might be doing wrong? Any comments on the general
> approach?

Nevermind that, I figured out that I was missingthe initialization of
some of the S2CR variables. I've got something that I think is working
now, though I don't know yet how to go about cleaning up the initial
mapping and "recycling" it.

I'll clean things up a bit, run some more tests and post a new patch
that can serve as a basis for discussion.

Thierry

Attachment: signature.asc
Description: PGP signature