Thread (36 messages) 36 messages, 5 authors, 2017-07-25

[PATCH 3/5] iommu/arm-smmu-v3: add IOMMU_CAP_BYPASS to the ARM SMMUv3 driver

From: Anup Patel <hidden>
Date: 2017-07-20 04:02:04
Also in: kvm, linux-iommu, lkml

On Wed, Jul 19, 2017 at 5:23 PM, Will Deacon [off-list ref] wrote:
On Wed, Jul 19, 2017 at 05:09:05PM +0530, Anup Patel wrote:
quoted
On Wed, Jul 19, 2017 at 5:03 PM, Will Deacon [off-list ref] wrote:
quoted
On Wed, Jul 19, 2017 at 05:01:11PM +0530, Anup Patel wrote:
quoted
On Wed, Jul 19, 2017 at 4:55 PM, Will Deacon [off-list ref] wrote:
quoted
On Wed, Jul 19, 2017 at 04:53:04PM +0530, Anup Patel wrote:
quoted
On Wed, Jul 19, 2017 at 4:30 PM, Robin Murphy [off-list ref] wrote:
quoted
On 19/07/17 10:33, Anup Patel wrote:
quoted
The ARM SMMUv3 support bypassing transactions for which domain
is not configured. The patch adds corresponding IOMMU capability
to advertise this fact.

Signed-off-by: Anup Patel <redacted>
---
 drivers/iommu/arm-smmu-v3.c | 2 ++
 1 file changed, 2 insertions(+)
diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c
index 568c400..a6c7f66 100644
--- a/drivers/iommu/arm-smmu-v3.c
+++ b/drivers/iommu/arm-smmu-v3.c
@@ -1423,6 +1423,8 @@ static bool arm_smmu_capable(enum iommu_cap cap)
              return true;
      case IOMMU_CAP_NOEXEC:
              return true;
+     case IOMMU_CAP_BYPASS:
+             return true;
And this is never true. If Linux knows a device masters through the
SMMU, it will always have a default domain of some sort (either identity
or DMA ops). If Linux doesn't know, then it won't have been able to
initialise the stream table for the relevant stream IDs, thus any
'bypass' DMA is going to raise C_BAD_STE. SMMUv3 can effectively only
bypass unknown stream IDs if disabled entirely.
What if we don't want to use IOMMU for certain device and
due to this we never provide "iommus" DT attribute in the
device DT node. Further, we want to access device without
"iommus" DT attribute from user-space using VFIO no-IOMMU.
Wait, you want to pass a device through to userspace but you don't want to
use the IOMMU? Why not?

If you describe the SMMU in firmware with only a partial topology
description, then you will run into problems with unknown masters trying to
perform DMA. That's the IOMMU doing its job!
We are keeping disable_bypass = false. In other words, we
are using bypass mode for unmatched streams. The real
reason is limited number of SMRs due to which we choose
not to provide "iommus" DT attribute for certain devices.
Understood, but that's not robust for SMMUv3 and we *really* shouldn't have
a user ABI that changes behaviour based on a cmdline option. VFIO should be
requesting its own identity mappings, if that's what you need.
Currently, the iommu_present() check in vfio_iommu_group_get()
is preventing us allow no-IOMMU mode for certain devices.

Is there a better replacement of iommu_present() check in
vfio_iommu_group_get()?
There are two things here:

  1. iommu_present() is pretty useless, because it applies to a "bus" which
     doesn't actually tell you what you need to know for things like the
     platform_bus, where some masters might be upstream of an SMMU and
     others might not be.
I agree with you. The iommu_present() check in vfio_iommu_group_get()
is not much useful. We only reach line which checks iommu_present()
when iommu_group_get() returns NULL for given "struct device *". If there
is no IOMMU group for a "struct device *" then it means there is no IOMMU
HW doing translations for such device.

If we drop the iommu_present() check (due to above reasons) in
vfio_iommu_group_get() then we don't require the IOMMU_CAP_BYPASS
and we can happily drop PATCH1, PATCH2, and PATCH3.

I will remove the iommu_present() check in vfio_iommu_group_get()
because it is only comes into actions when VFIO_NOIOMMU is
enabled. This will also help us drop PATCH1-to-PATCH3.
  2. If a master *is* upstream of an IOMMU and you want to use no-IOMMU,
     then the VFIO no-IOMMU code needs to be extended so that it creates
     an IDENTITY domain on that IOMMU.
The VFIO no-IOMMU mode is equivalent to Linux UIO hence having
IDENTITY domain for VFIO no-IOMMU is not appropriate here.

In fact, going forward it has been suggested to use VFIO no-IOMMU
instead of Linux UIO for user-space poll-mode drivers so that we have
one Linux interface for user-space poll-mode drivers.

Regards,
Anup
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help