Hi, On Mon, Sep 16, 2019 at 11:00 AM Will Deacon <[email protected]> wrote: > > On Fri, Sep 13, 2019 at 03:44:12PM -0700, Doug Anderson wrote: > > On Fri, Sep 13, 2019 at 4:48 AM Robin Murphy <[email protected]> wrote: > > > > > > Although CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT is a welcome tool > > > for smoking out inadequate firmware, the failure mode is non-obvious > > > and can be confusing for end users. Add some special-case reporting of > > > Unidentified Stream Faults to help clarify this particular symptom. > > > > > > CC: Douglas Anderson <[email protected]> > > > > nit that I believe that "Cc" (lowercase 2nd c) is correct. > > > > > Signed-off-by: Robin Murphy <[email protected]> > > > --- > > > drivers/iommu/arm-smmu.c | 5 +++++ > > > drivers/iommu/arm-smmu.h | 2 ++ > > > 2 files changed, 7 insertions(+) > > > > > > diff --git a/drivers/iommu/arm-smmu.c b/drivers/iommu/arm-smmu.c > > > index b7cf24402a94..76ac8c180695 100644 > > > --- a/drivers/iommu/arm-smmu.c > > > +++ b/drivers/iommu/arm-smmu.c > > > @@ -499,6 +499,11 @@ static irqreturn_t arm_smmu_global_fault(int irq, > > > void *dev) > > > dev_err_ratelimited(smmu->dev, > > > "\tGFSR 0x%08x, GFSYNR0 0x%08x, GFSYNR1 0x%08x, GFSYNR2 > > > 0x%08x\n", > > > gfsr, gfsynr0, gfsynr1, gfsynr2); > > > + if (IS_ENABLED(CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT) && > > > + (gfsr & sGFSR_USF)) > > > + dev_err_ratelimited(smmu->dev, > > > + "Stream ID %hu may not be described by firmware, > > > try booting with \"arm-smmu.disable_bypass=0\"\n", > > > + (u16)gfsynr1); > > > > In general it seems like a sane idea to surface an error like this. I > > guess a few nits: > > > > 1. "By firmware" might be a bit misleading. In most cases I'm aware > > of the problem is in the device tree that was bundled together with > > the kernel. If there are actually cases where firmware has baked in a > > device tree and it got this wrong then we might want to spend time > > figuring out what to do about it. > > I thought that was usually the way UEFI systems worked, where the kernel > is updated independently of the device-tree? Either way, that should be > what we're aiming for, even if many platforms require the two to be tied > together.
It's my opinion that until there is a place in the kernel to "fixup" broken device trees that were baked in firmware that it's a bad idea to ship device trees separate from the kernel except if the device trees are exceedingly simple. We'll run into too many problems otherwise, either because the kernel the device tree was written for had downstream patches or someone just made a mistake in them and nobody noticed. I know device trees are supposed to be ABI, but people make mistakes and we need a way to fix them up. ...but that's getting pretty far afield from Robin's patch. > > 2. Presumably booting with "arm-smmu.disable_bypass=0" is in most > > cases the least desirable option available. I always consider kernel > > command line parameters as something of a last resort for > > configuration and would only be something that and end user might do > > if they were given a kernel compiled by someone else (like if someone > > where taking a prebuilt Linux distro and trying to install it onto a > > generic PC). Are you seeing cases where this is happening? If people > > are compiling their own kernel I'd argue that telling them to set > > "CONFIG_ARM_SMMU_DISABLE_BYPASS_BY_DEFAULT" to "no" is much better > > than trying to jam a command line option on. Command line options > > don't scale well. > > Hmm. Recompiling seems like even more of a last resort to me! Depends on what you're doing. If you're not in the habit of compiling a kernel and you're just trying to make one work then the command line is great. If you're trying to manage configuration for a whole bunch of different hardware products then the command line is a terrible place to store config. ...but I guess the summary is that we wouldn't want someone to actually ship a kernel with this option on anyway. ;-) > > 3. Any chance you could make it more obvious that this change is > > undesirable and a last resort? AKA: > > > > "Stream ID x blocked for security reasons; allow anyway by booting > > with arm-smmu.disable_bypass=0" > > How about: > > "Blocked transaction from unknown Stream ID x; boot with > \"arm-smmu.disable_bypass=0\" to allow these transactions, although this > may have security implications." Fine with me if it's not too long for an error message. -Doug _______________________________________________ iommu mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/iommu
