On Tue, Aug 20, 2019 at 05:12:11PM +0100, Robin Murphy wrote: > On 20/08/2019 16:45, Will Deacon wrote: > > To prevent any potential issues arising from speculative Address > > Translation Requests from an ATS-enabled PCIe endpoint, rework our ATS > > enabling/disabling logic so that we enable ATS at the SMMU before we > > enable it at the endpoint, and disable things in the opposite order. > > > > Signed-off-by: Will Deacon <[email protected]> > > --- > > drivers/iommu/arm-smmu-v3.c | 44 > > ++++++++++++++++++++++++++------------------ > > 1 file changed, 26 insertions(+), 18 deletions(-) > > > > diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c > > index 3402b1bc8e94..9096eca0c480 100644 > > --- a/drivers/iommu/arm-smmu-v3.c > > +++ b/drivers/iommu/arm-smmu-v3.c > > @@ -2283,31 +2283,34 @@ static void arm_smmu_install_ste_for_dev(struct > > arm_smmu_master *master) > > } > > } > > -static int arm_smmu_enable_ats(struct arm_smmu_master *master) > > +static bool arm_smmu_ats_supported(struct arm_smmu_master *master) > > { > > - int ret; > > - size_t stu; > > struct pci_dev *pdev; > > struct arm_smmu_device *smmu = master->smmu; > > struct iommu_fwspec *fwspec = dev_iommu_fwspec_get(master->dev); > > if (!(smmu->features & ARM_SMMU_FEAT_ATS) || !dev_is_pci(master->dev) || > > !(fwspec->flags & IOMMU_FWSPEC_PCI_RC_ATS) || pci_ats_disabled()) > > - return -ENXIO; > > + return false; > > pdev = to_pci_dev(master->dev); > > - if (pdev->untrusted) > > - return -EPERM; > > + return !pdev->untrusted && pdev->ats_cap; > > +} > > - /* Smallest Translation Unit: log2 of the smallest supported granule */ > > - stu = __ffs(smmu->pgsize_bitmap); > > +static void arm_smmu_enable_ats(struct arm_smmu_master *master) > > +{ > > + size_t stu; > > + struct pci_dev *pdev; > > + struct arm_smmu_device *smmu = master->smmu; > > - ret = pci_enable_ats(pdev, stu); > > - if (ret) > > - return ret; > > + if (master->ats_enabled || !dev_is_pci(master->dev)) > > + return; > > - master->ats_enabled = true; > > - return 0; > > + /* Smallest Translation Unit: log2 of the smallest supported granule */ > > + stu = __ffs(smmu->pgsize_bitmap); > > + pdev = to_pci_dev(master->dev); > > + if (pci_enable_ats(pdev, stu)) > > + dev_err(master->dev, "Failed to enable ATS (STU %zu)\n", stu); > > } > > static void arm_smmu_disable_ats(struct arm_smmu_master *master) > > @@ -2317,10 +2320,14 @@ static void arm_smmu_disable_ats(struct > > arm_smmu_master *master) > > if (!master->ats_enabled || !dev_is_pci(master->dev)) > > Hmm, while you've got the lid off, that dev_is_pci() test is clearly > redundant.
Good point; I'll kill it. > > return; > > + pci_disable_ats(to_pci_dev(master->dev)); > > + /* > > + * Ensure ATS is disabled at the endpoint before we issue the > > + * ATC invalidation via the SMMU. > > + */ > > + wmb(); > > arm_smmu_atc_inv_to_cmd(0, 0, 0, &cmd); > > arm_smmu_atc_inv_master(master, &cmd); > > - pci_disable_ats(to_pci_dev(master->dev)); > > - master->ats_enabled = false; > > } > > static void arm_smmu_detach_dev(struct arm_smmu_master *master) > > @@ -2335,10 +2342,10 @@ static void arm_smmu_detach_dev(struct > > arm_smmu_master *master) > > list_del(&master->domain_head); > > spin_unlock_irqrestore(&smmu_domain->devices_lock, flags); > > + arm_smmu_disable_ats(master); > > master->domain = NULL; > > + master->ats_enabled = false; > > arm_smmu_install_ste_for_dev(master); > > - > > - arm_smmu_disable_ats(master); > > } > > static int arm_smmu_attach_dev(struct iommu_domain *domain, struct device > > *dev) > > @@ -2383,12 +2390,13 @@ static int arm_smmu_attach_dev(struct iommu_domain > > *domain, struct device *dev) > > spin_unlock_irqrestore(&smmu_domain->devices_lock, flags); > > if (smmu_domain->stage != ARM_SMMU_DOMAIN_BYPASS) > > - arm_smmu_enable_ats(master); > > + master->ats_enabled = arm_smmu_ats_supported(master); > > So for non-bypass domains we pretend ATS is already enabled iff it could > possibly be... > > > if (smmu_domain->stage == ARM_SMMU_DOMAIN_S1) > > arm_smmu_write_ctx_desc(smmu, &smmu_domain->s1_cfg); > > arm_smmu_install_ste_for_dev(master); > > + arm_smmu_enable_ats(master); > > ...which ensures this won't actually touch the PCIe cap, unless of course > when STE.EATS == 0. Are you sure about that? Argh, too many "ats_enabled" flags! (there's another one in the pci device). I should probably invert the check, but let me have a play -- the idea is that arm_smmu_master::ats_enabled is initially used to configure the STE and then acts as a proxy for the STE state after that. Thanks for the review. Will _______________________________________________ iommu mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/iommu
