From: will.deacon@arm•com (Will Deacon)
To: linux-arm-kernel@lists•infradead.org
Subject: [PATCH 1/4] iommu/arm-smmu: Treat all device transactions as unprivileged
Date: Tue, 9 Feb 2016 14:08:17 +0000 [thread overview]
Message-ID: <20160209140817.GN22874@arm.com> (raw)
In-Reply-To: <6c5730256333b8d941f2c0371c1ab709a454938c.1453830752.git.robin.murphy@arm.com>
On Tue, Jan 26, 2016 at 06:06:34PM +0000, Robin Murphy wrote:
> The IOMMU API has no concept of privilege so assumes all devices and
> mappings are equal, and indeed most non-CPU master devices on an AMBA
> interconnect make little use of the attribute bits on the bus thus by
> default perform unprivileged data accesses.
>
> Some devices, however, believe themselves more equal than others, such
> as programmable DMA controllers whose 'master' thread issues bus
> transactions marked as privileged instruction fetches, while the data
> accesses of its channel threads (under the control of Linux, at least)
> are marked as unprivileged. This poses a problem for implementing the
> DMA API on an IOMMU conforming to ARM VMSAv8, under which a page that is
> unprivileged-writeable is also implicitly privileged-execute-never.
> Given that, there is no one set of attributes with which iommu_map() can
> implement, say, dma_alloc_coherent() that will allow every possible type
> of access without something running into unexecepted permission faults.
>
> Fortunately the SMMU architecture provides a means to mitigate such
> issues by overriding the incoming attributes of a transaction; make use
> of that to strip the privileged/unprivileged status off incoming
> transactions, leaving just the instruction/data dichotomy which the
> IOMMU API does at least understand; Four states good, two states better.
>
> Signed-off-by: Robin Murphy <robin.murphy@arm•com>
> ---
> drivers/iommu/arm-smmu.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/arm-smmu.c b/drivers/iommu/arm-smmu.c
> index 59ee4b8..1f9093d 100644
> --- a/drivers/iommu/arm-smmu.c
> +++ b/drivers/iommu/arm-smmu.c
> @@ -167,6 +167,9 @@
> #define S2CR_TYPE_BYPASS (1 << S2CR_TYPE_SHIFT)
> #define S2CR_TYPE_FAULT (2 << S2CR_TYPE_SHIFT)
>
> +#define S2CR_PRIVCFG_SHIFT 24
> +#define S2CR_PRIVCFG_UNPRIV (2 << S2CR_PRIVCFG_SHIFT)
> +
> /* Context bank attribute registers */
> #define ARM_SMMU_GR1_CBAR(n) (0x0 + ((n) << 2))
> #define CBAR_VMID_SHIFT 0
> @@ -1083,7 +1086,7 @@ static int arm_smmu_domain_add_master(struct arm_smmu_domain *smmu_domain,
> u32 idx, s2cr;
>
> idx = cfg->smrs ? cfg->smrs[i].idx : cfg->streamids[i];
> - s2cr = S2CR_TYPE_TRANS |
> + s2cr = S2CR_TYPE_TRANS | S2CR_PRIVCFG_UNPRIV |
> (smmu_domain->cfg.cbndx << S2CR_CBNDX_SHIFT);
> writel_relaxed(s2cr, gr0_base + ARM_SMMU_GR0_S2CR(idx));
Hmm, do we also need to worry about the bypass case? I guess not for the
moment, but I anticipate horrible things.
Will
next prev parent reply other threads:[~2016-02-09 14:08 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-26 18:06 [PATCH 0/4] Miscellaneous ARM SMMU patches Robin Murphy
2016-01-26 18:06 ` [PATCH 1/4] iommu/arm-smmu: Treat all device transactions as unprivileged Robin Murphy
2016-01-27 6:00 ` Anup Patel
2016-02-09 14:08 ` Will Deacon [this message]
2016-01-26 18:06 ` [PATCH 2/4] iommu/arm-smmu: Allow disabling unmatched stream bypass Robin Murphy
2016-02-09 14:06 ` Will Deacon
2016-02-10 12:10 ` Robin Murphy
2016-02-10 14:25 ` [PATCH v2] " Robin Murphy
2016-01-26 18:06 ` [PATCH 3/4] iommu/arm-smmu: Support DMA-API domains Robin Murphy
2016-01-26 18:06 ` [PATCH 4/4] iommu/arm-smmu: Use per-context TLB sync as appropriate Robin Murphy
2016-02-09 14:15 ` Will Deacon
2016-02-10 11:58 ` Robin Murphy
2016-02-09 14:16 ` [PATCH 0/4] Miscellaneous ARM SMMU patches Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160209140817.GN22874@arm.com \
--to=will.deacon@arm$(echo .)com \
--cc=linux-arm-kernel@lists$(echo .)infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox