[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <af1dc92a-ca98-fb22-835f-5ceb85e86b1b@huawei.com>
Date: Wed, 27 Nov 2019 11:04:25 +0000
From: John Garry <john.garry@...wei.com>
To: Saravana Kannan <saravanak@...gle.com>
CC: Will Deacon <will@...nel.org>, <iommu@...ts.linuxfoundation.org>,
LKML <linux-kernel@...r.kernel.org>,
Jean-Philippe Brucker <jean-philippe@...aro.org>,
Jordan Crouse <jcrouse@...eaurora.org>,
"Bjorn Helgaas" <bhelgaas@...gle.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Isaac J. Manjarres" <isaacm@...eaurora.org>,
Robin Murphy <robin.murphy@....com>,
Lorenzo Pieralisi <lorenzo.pieralisi@....com>,
Joerg Roedel <joro@...tes.org>
Subject: Re: [PATCH v3 09/14] iommu/arm-smmu: Prevent forced unbinding of Arm
SMMU drivers
On 26/11/2019 20:27, Saravana Kannan wrote:
> On Tue, Nov 26, 2019 at 1:13 AM John Garry <john.garry@...wei.com> wrote:
>>
>> On 21/11/2019 11:49, Will Deacon wrote:
>>> Forcefully unbinding the Arm SMMU drivers is a pretty dangerous operation,
>>> since it will likely lead to catastrophic failure for any DMA devices
>>> mastering through the SMMU being unbound. When the driver then attempts
>>> to "handle" the fatal faults, it's very easy to trip over dead data
>>> structures, leading to use-after-free.
>>>
>>> On John's machine, he reports that the machine was "unusable" due to
>>> loss of the storage controller following a forced unbind of the SMMUv3
>>> driver:
>>>
>>> | # cd ./bus/platform/drivers/arm-smmu-v3
>>> | # echo arm-smmu-v3.0.auto > unbind
>>> | hisi_sas_v2_hw HISI0162:01: CQE_AXI_W_ERR (0x800) found!
>>> | platform arm-smmu-v3.0.auto: CMD_SYNC timeout at 0x00000146
>>> | [hwprod 0x00000146, hwcons 0x00000000]
>>>
>>> Prevent this forced unbinding of the drivers by setting "suppress_bind_attrs"
>>> to true.
>>
>> This seems a reasonable approach for now.
>>
>> BTW, I'll give this series a spin this week, which again looks to be
>> your iommu/module branch, excluding the new IORT patch.
>
Hi Saravana,
> Is this on a platform where of_devlink creates device links between
> the iommu device and its suppliers?I'm guessing no? Because device
> links should for unbinding of all the consumers before unbinding the
> supplier.
I'm only really interested in ACPI, TBH.
>
> Looks like it'll still allow the supplier to unbind if the consumers
> don't allow unbinding. Is that the case here?
So just unbinding the driver from a device does not delete the device
nor exit the device from it's IOMMU group - so we keep the reference to
the SMMU ko. As such, I don't know how to realistically test unloading
the SMMU ko when we have platform devices involved. Maybe someone can
enlighten me...
Thanks,
John
Powered by blists - more mailing lists