| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <010101747c453de8-892b662e-2836-4c7e-a61d-07b0542e8111-000000@us-west-2.amazonses.com>
Date: Fri, 11 Sep 2020 08:25:46 +0000
From: Sai Prakash Ranjan <saiprakash.ranjan@...eaurora.org>
To: Bjorn Andersson <bjorn.andersson@...aro.org>
Cc: Will Deacon <will@...nel.org>, Robin Murphy <robin.murphy@....com>,
Joerg Roedel <joro@...tes.org>,
Jordan Crouse <jcrouse@...eaurora.org>,
Rob Clark <robdclark@...omium.org>,
Sibi Sankar <sibis@...eaurora.org>,
linux-arm-kernel@...ts.infradead.org,
iommu@...ts.linux-foundation.org, linux-kernel@...r.kernel.org,
linux-arm-msm@...r.kernel.org
Subject: Re: [PATCH v3 4/8] iommu/arm-smmu-qcom: Emulate bypass by using
context banks
On 2020-09-04 21:25, Bjorn Andersson wrote:
> Some firmware found on various Qualcomm platforms traps writes to S2CR
> of type BYPASS and writes FAULT into the register. In particular, this
> prevents us from marking the streams for the display controller as
> BYPASS to allow continued scanout of the screen through the
> initialization of the ARM SMMU.
>
> This adds a Qualcomm specific cfg_probe function, which probes for the
> broken behavior of the S2CR registers and implements a custom
> alloc_context_bank() that when necessary allocates a context bank
> (without translation) for these domains as well.
>
> Signed-off-by: Bjorn Andersson <bjorn.andersson@...aro.org>
> ---
>
> Changes since v2:
> - Move quirk from arm_smmudevice to qcom_smmu, as we localize the quirk
> handling to the Qualcomm specific implemntation.
>
> drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 52 ++++++++++++++++++++++
> 1 file changed, 52 insertions(+)
>
> diff --git a/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c
> b/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c
> index 229fc8ff8cea..284761a1cd8e 100644
> --- a/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c
> +++ b/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c
> @@ -11,8 +11,14 @@
>
> struct qcom_smmu {
> struct arm_smmu_device smmu;
> + bool bypass_broken;
> };
>
> +static struct qcom_smmu *to_qcom_smmu(struct arm_smmu_device *smmu)
> +{
> + return container_of(smmu, struct qcom_smmu, smmu);
> +}
> +
> #define QCOM_ADRENO_SMMU_GPU_SID 0
>
> static bool qcom_adreno_smmu_is_gpu_device(struct device *dev)
> @@ -162,6 +168,50 @@ static const struct of_device_id
> qcom_smmu_client_of_match[] __maybe_unused = {
> { }
> };
>
> +static int qcom_smmu_alloc_context_bank(struct arm_smmu_domain
> *smmu_domain,
> + struct arm_smmu_device *smmu,
> + struct device *dev, int start)
> +{
> + struct iommu_domain *domain = &smmu_domain->domain;
> + struct qcom_smmu *qsmmu = to_qcom_smmu(smmu);
> +
> + /* Keep identity domains as bypass, unless bypass is broken */
> + if (domain->type == IOMMU_DOMAIN_IDENTITY && !qsmmu->bypass_broken)
> + return ARM_SMMU_CBNDX_BYPASS;
> +
> + /*
> + * The identity domain to emulate bypass is the only domain without a
> + * dev, use the last context bank for this to avoid collisions with
> + * active contexts during initialization.
> + */
> + if (!dev)
> + start = smmu->num_context_banks - 1;
> +
> + return __arm_smmu_alloc_bitmap(smmu->context_map, start,
> smmu->num_context_banks);
> +}
> +
> +static int qcom_smmu_cfg_probe(struct arm_smmu_device *smmu)
> +{
> + unsigned int last_s2cr = ARM_SMMU_GR0_S2CR(smmu->num_mapping_groups -
> 1);
> + struct qcom_smmu *qsmmu = to_qcom_smmu(smmu);
> + u32 reg;
> +
> + /*
> + * With some firmware writes to S2CR of type FAULT are ignored, and
> + * writing BYPASS will end up as FAULT in the register. Perform a
> write
> + * to S2CR to detect if this is the case with the current firmware.
> + */
> + reg = FIELD_PREP(ARM_SMMU_S2CR_TYPE, S2CR_TYPE_BYPASS) |
> + FIELD_PREP(ARM_SMMU_S2CR_CBNDX, 0xff) |
> + FIELD_PREP(ARM_SMMU_S2CR_PRIVCFG, S2CR_PRIVCFG_DEFAULT);
> + arm_smmu_gr0_write(smmu, last_s2cr, reg);
> + reg = arm_smmu_gr0_read(smmu, last_s2cr);
> + if (FIELD_GET(ARM_SMMU_S2CR_TYPE, reg) != S2CR_TYPE_BYPASS)
> + qsmmu->bypass_broken = true;
> +
Clever :)
Reviewed-by: Sai Prakash Ranjan <saiprakash.ranjan@...eaurora.org>
Tested-by: Sai Prakash Ranjan <saiprakash.ranjan@...eaurora.org>
--
QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a
member
of Code Aurora Forum, hosted by The Linux Foundation
Powered by blists - more mailing lists