lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1866625.IobQ9Gjlxr@kista>
Date:   Fri, 14 Oct 2022 17:03:54 +0200
From:   Jernej Škrabec <jernej.skrabec@...il.com>
To:     maxime@...no.tech, joro@...tes.org, will@...nel.org, wens@...e.org,
        samuel@...lland.org, Robin Murphy <robin.murphy@....com>
Cc:     iommu@...ts.linux.dev, linux-arm-kernel@...ts.infradead.org,
        linux-sunxi@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: Re: [PATCH 5/5] iommu/sun50i: Invalidate iova in map and unmap callback

Dne petek, 14. oktober 2022 ob 12:23:25 CEST je Robin Murphy napisal(a):
> On 2022-10-13 19:12, Jernej Skrabec wrote:
> > Mapped and unmapped iova addresses needs to be invalidated immediately
> > or otherwise they might or might not work when used by master or CPU.
> > 
> > This was discovered when running video decoder conformity test with
> > Cedrus. Some videos were now and then decoded incorrectly and generated
> > page faults.
> > 
> > Fixes: 4100b8c229b3 ("iommu: Add Allwinner H6 IOMMU driver")
> > Signed-off-by: Jernej Skrabec <jernej.skrabec@...il.com>
> > ---
> > 
> >   drivers/iommu/sun50i-iommu.c | 51 ++++++++++++++++++++++++++++++++++++
> >   1 file changed, 51 insertions(+)
> > 
> > diff --git a/drivers/iommu/sun50i-iommu.c b/drivers/iommu/sun50i-iommu.c
> > index 7c3b2ac552da..21e47ce6946a 100644
> > --- a/drivers/iommu/sun50i-iommu.c
> > +++ b/drivers/iommu/sun50i-iommu.c
> > @@ -518,6 +518,53 @@ static u32 *sun50i_dte_get_page_table(struct
> > sun50i_iommu_domain *sun50i_domain,> 
> >   	return page_table;
> >   
> >   }
> > 
> > +static void sun50i_iommu_zap_iova(struct sun50i_iommu *iommu, unsigned
> > long iova) +{
> > +	unsigned long flags;
> > +	u32 reg;
> > +	int ret;
> > +
> > +	spin_lock_irqsave(&iommu->iommu_lock, flags);
> > +
> > +	iommu_write(iommu, IOMMU_AUTO_GATING_REG, 0);
> > +
> > +	iommu_write(iommu, IOMMU_TLB_IVLD_ADDR_REG, iova);
> > +	iommu_write(iommu, IOMMU_TLB_IVLD_ADDR_MASK_REG, GENMASK(11, 0));
> > +	iommu_write(iommu, IOMMU_TLB_IVLD_ENABLE_REG,
> > IOMMU_TLB_IVLD_ENABLE_ENABLE); +
> > +	ret = readl_poll_timeout_atomic(iommu->base + 
IOMMU_TLB_IVLD_ENABLE_REG,
> > +					reg, !reg, 1, 2000);
> > +	if (ret)
> > +		dev_warn(iommu->dev, "TLB invalidation timed out!\n");
> > +
> > +	iommu_write(iommu, IOMMU_AUTO_GATING_REG, 
IOMMU_AUTO_GATING_ENABLE);
> > +
> > +	spin_unlock_irqrestore(&iommu->iommu_lock, flags);
> > +}
> > +
> > +static void sun50i_iommu_zap_ptw_cache(struct sun50i_iommu *iommu,
> > unsigned long iova) +{
> > +	unsigned long flags;
> > +	u32 reg;
> > +	int ret;
> > +
> > +	spin_lock_irqsave(&iommu->iommu_lock, flags);
> > +
> > +	iommu_write(iommu, IOMMU_AUTO_GATING_REG, 0);
> > +
> > +	iommu_write(iommu, IOMMU_PC_IVLD_ADDR_REG, iova);
> > +	iommu_write(iommu, IOMMU_PC_IVLD_ENABLE_REG,
> > IOMMU_PC_IVLD_ENABLE_ENABLE); +
> > +	ret = readl_poll_timeout_atomic(iommu->base + 
IOMMU_PC_IVLD_ENABLE_REG,
> > +					reg, !reg, 1, 2000);
> > +	if (ret)
> > +		dev_warn(iommu->dev, "PTW cache invalidation timed out!
\n");
> > +
> > +	iommu_write(iommu, IOMMU_AUTO_GATING_REG, 
IOMMU_AUTO_GATING_ENABLE);
> > +
> > +	spin_unlock_irqrestore(&iommu->iommu_lock, flags);
> > +}
> > +
> > 
> >   static int sun50i_iommu_map(struct iommu_domain *domain, unsigned long
> >   iova,>   
> >   			    phys_addr_t paddr, size_t size, int 
prot, gfp_t gfp)
> >   
> >   {
> > 
> > @@ -546,6 +593,8 @@ static int sun50i_iommu_map(struct iommu_domain
> > *domain, unsigned long iova,> 
> >   	*pte_addr = sun50i_mk_pte(paddr, prot);
> >   	sun50i_table_flush(sun50i_domain, pte_addr, 1);
> > 
> > +	sun50i_iommu_zap_iova(iommu, iova);
> > +	sun50i_iommu_zap_ptw_cache(iommu, iova);
> 
> Consider hooking up .sync_map if you need that behaviour. I'd guess the
> address/mask combination allows invalidating multiple pages at once,
> which would be a heck of a lot more efficient.
> 
> In principle we probably shouldn't need walk cache maintenance for just
> changing leaf entries, so that could perhaps be pushed further down into
> sun50i_dte_get_page_table().

Note that this is my first foray into iommu and sun50i-iommu documentation is 
confusing to say the least (it has english words in it, but their combination 
often doesn't make sense.) 

I'll try that, thanks. Without this invalidation, handing buffer between two 
iommu supported peripherals works, but CPU access often doesn't. PTW cache can 
be invalidated only one by one. It's TLB invalidation that has mask.

> 
> >   out:
> >   	return ret;
> > 
> > @@ -571,6 +620,8 @@ static size_t sun50i_iommu_unmap(struct iommu_domain
> > *domain, unsigned long iova> 
> >   	memset(pte_addr, 0, sizeof(*pte_addr));
> >   	sun50i_table_flush(sun50i_domain, pte_addr, 1);
> > 
> > +	sun50i_iommu_zap_iova(sun50i_domain->iommu, iova);
> > +	sun50i_iommu_zap_ptw_cache(sun50i_domain->iommu, iova);
> 
> Hmm, we already have .iotlb_sync hooked up for this, so at best adding
> more maintenance here is simply redundant, but at worst it would be
> papering over some bug in sun50i_iommu_iotlb_sync() - if unmaps really
> aren't working properly then that wants fixing instead. Of course it
> could also be enhanced to use the gather mechanism to perform more
> selective invalidations, but that's another patch in its own right.

.iotlb_sync assumes that flush operation will to the same thing as invalidation 
of each entry separately. It obviously doesn't, as my testing shows. I'll 
rewrite .iotlb_sync to do invalidation instead of flush and check if that 
works.

I have two questions:
1. documentation says it's mandatory to do TLB and PTW invalidation in 
interrupt handler when page fault occurs. Do you see a reason for that?
2. vendor driver and other iommu drivers have spin lock guards across whole 
.iova_to_phys, .map and .unmap functions. Should I add them here too?

Best regards,
Jernej

> 
> Thanks,
> Robin.
> 
> >   	return SZ_4K;
> >   
> >   }


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ