LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH] of: restricted dma: Don't fail device probe on rmem init failure
@ 2021-08-05 9:47 Will Deacon
2021-08-05 10:26 ` Robin Murphy
2021-08-06 14:11 ` Rob Herring
0 siblings, 2 replies; 4+ messages in thread
From: Will Deacon @ 2021-08-05 9:47 UTC (permalink / raw)
To: linux-kernel
Cc: iommu, Will Deacon, Claire Chang, Konrad Rzeszutek Wilk,
Robin Murphy, Christoph Hellwig, Rob Herring
If CONFIG_DMA_RESTRICTED_POOL=n then probing a device with a reference
to a "restricted-dma-pool" will fail with a reasonably cryptic error:
| pci-host-generic: probe of 10000.pci failed with error -22
Print a more helpful message in this case and try to continue probing
the device as we do if the kernel doesn't have the restricted DMA patches
applied or either CONFIG_OF_ADDRESS or CONFIG_HAS_DMA =n.
Cc: Claire Chang <tientzu@chromium.org>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Rob Herring <robh+dt@kernel.org>
Signed-off-by: Will Deacon <will@kernel.org>
---
drivers/of/address.c | 8 ++++----
drivers/of/device.c | 2 +-
drivers/of/of_private.h | 8 +++-----
3 files changed, 8 insertions(+), 10 deletions(-)
diff --git a/drivers/of/address.c b/drivers/of/address.c
index 973257434398..f6bf4b423c2a 100644
--- a/drivers/of/address.c
+++ b/drivers/of/address.c
@@ -997,7 +997,7 @@ int of_dma_get_range(struct device_node *np, const struct bus_dma_region **map)
return ret;
}
-int of_dma_set_restricted_buffer(struct device *dev, struct device_node *np)
+void of_dma_set_restricted_buffer(struct device *dev, struct device_node *np)
{
struct device_node *node, *of_node = dev->of_node;
int count, i;
@@ -1022,11 +1022,11 @@ int of_dma_set_restricted_buffer(struct device *dev, struct device_node *np)
*/
if (of_device_is_compatible(node, "restricted-dma-pool") &&
of_device_is_available(node))
- return of_reserved_mem_device_init_by_idx(dev, of_node,
- i);
+ break;
}
- return 0;
+ if (i != count && of_reserved_mem_device_init_by_idx(dev, of_node, i))
+ dev_warn(dev, "failed to initialise \"restricted-dma-pool\" memory node\n");
}
#endif /* CONFIG_HAS_DMA */
diff --git a/drivers/of/device.c b/drivers/of/device.c
index 2defdca418ec..258a2b099410 100644
--- a/drivers/of/device.c
+++ b/drivers/of/device.c
@@ -166,7 +166,7 @@ int of_dma_configure_id(struct device *dev, struct device_node *np,
arch_setup_dma_ops(dev, dma_start, size, iommu, coherent);
if (!iommu)
- return of_dma_set_restricted_buffer(dev, np);
+ of_dma_set_restricted_buffer(dev, np);
return 0;
}
diff --git a/drivers/of/of_private.h b/drivers/of/of_private.h
index f557bd22b0cf..bc883f69496b 100644
--- a/drivers/of/of_private.h
+++ b/drivers/of/of_private.h
@@ -163,18 +163,16 @@ struct bus_dma_region;
#if defined(CONFIG_OF_ADDRESS) && defined(CONFIG_HAS_DMA)
int of_dma_get_range(struct device_node *np,
const struct bus_dma_region **map);
-int of_dma_set_restricted_buffer(struct device *dev, struct device_node *np);
+void of_dma_set_restricted_buffer(struct device *dev, struct device_node *np);
#else
static inline int of_dma_get_range(struct device_node *np,
const struct bus_dma_region **map)
{
return -ENODEV;
}
-static inline int of_dma_set_restricted_buffer(struct device *dev,
- struct device_node *np)
+static inline void of_dma_set_restricted_buffer(struct device *dev,
+ struct device_node *np)
{
- /* Do nothing, successfully. */
- return 0;
}
#endif
--
2.32.0.605.g8dce9f2422-goog
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] of: restricted dma: Don't fail device probe on rmem init failure
2021-08-05 9:47 [PATCH] of: restricted dma: Don't fail device probe on rmem init failure Will Deacon
@ 2021-08-05 10:26 ` Robin Murphy
2021-08-06 11:41 ` Will Deacon
2021-08-06 14:11 ` Rob Herring
1 sibling, 1 reply; 4+ messages in thread
From: Robin Murphy @ 2021-08-05 10:26 UTC (permalink / raw)
To: Will Deacon, linux-kernel
Cc: iommu, Claire Chang, Konrad Rzeszutek Wilk, Christoph Hellwig,
Rob Herring
On 2021-08-05 10:47, Will Deacon wrote:
> If CONFIG_DMA_RESTRICTED_POOL=n then probing a device with a reference
> to a "restricted-dma-pool" will fail with a reasonably cryptic error:
>
> | pci-host-generic: probe of 10000.pci failed with error -22
>
> Print a more helpful message in this case and try to continue probing
> the device as we do if the kernel doesn't have the restricted DMA patches
> applied or either CONFIG_OF_ADDRESS or CONFIG_HAS_DMA =n.
Makes sense to me;
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Although if we allow probe to succeed when a pool really was there for a
reason, it may end up being much more fatal if the driver then tries to
do a DMA transfer to any old memory and the device access causes an
SError, or the VM to be killed, or whatever. That's not quite the same
as the stubbed cases where the respective platforms couldn't have a
genuine pool to parse either way, but as you say it is what could happen
already if the user tried to use an older kernel, and I think the chance
of of_reserved_mem_device_init_by_idx() failing without something being
terminally wrong anyway - invalid DT, not enough RAM, etc. - is low
enough that it's probably not a major concern. Plus I'd hope that the
memory protection schemes people do actually implement don't take such
such a zero-tolerance approach anyway - allowing a malicious or
malfunctioning device to take down the system because it tried to make a
rogue access which *was* already contained seems a bit silly.
Robin.
> Cc: Claire Chang <tientzu@chromium.org>
> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> Cc: Robin Murphy <robin.murphy@arm.com>
> Cc: Christoph Hellwig <hch@lst.de>
> Cc: Rob Herring <robh+dt@kernel.org>
> Signed-off-by: Will Deacon <will@kernel.org>
> ---
> drivers/of/address.c | 8 ++++----
> drivers/of/device.c | 2 +-
> drivers/of/of_private.h | 8 +++-----
> 3 files changed, 8 insertions(+), 10 deletions(-)
>
> diff --git a/drivers/of/address.c b/drivers/of/address.c
> index 973257434398..f6bf4b423c2a 100644
> --- a/drivers/of/address.c
> +++ b/drivers/of/address.c
> @@ -997,7 +997,7 @@ int of_dma_get_range(struct device_node *np, const struct bus_dma_region **map)
> return ret;
> }
>
> -int of_dma_set_restricted_buffer(struct device *dev, struct device_node *np)
> +void of_dma_set_restricted_buffer(struct device *dev, struct device_node *np)
> {
> struct device_node *node, *of_node = dev->of_node;
> int count, i;
> @@ -1022,11 +1022,11 @@ int of_dma_set_restricted_buffer(struct device *dev, struct device_node *np)
> */
> if (of_device_is_compatible(node, "restricted-dma-pool") &&
> of_device_is_available(node))
> - return of_reserved_mem_device_init_by_idx(dev, of_node,
> - i);
> + break;
> }
>
> - return 0;
> + if (i != count && of_reserved_mem_device_init_by_idx(dev, of_node, i))
> + dev_warn(dev, "failed to initialise \"restricted-dma-pool\" memory node\n");
> }
> #endif /* CONFIG_HAS_DMA */
>
> diff --git a/drivers/of/device.c b/drivers/of/device.c
> index 2defdca418ec..258a2b099410 100644
> --- a/drivers/of/device.c
> +++ b/drivers/of/device.c
> @@ -166,7 +166,7 @@ int of_dma_configure_id(struct device *dev, struct device_node *np,
> arch_setup_dma_ops(dev, dma_start, size, iommu, coherent);
>
> if (!iommu)
> - return of_dma_set_restricted_buffer(dev, np);
> + of_dma_set_restricted_buffer(dev, np);
>
> return 0;
> }
> diff --git a/drivers/of/of_private.h b/drivers/of/of_private.h
> index f557bd22b0cf..bc883f69496b 100644
> --- a/drivers/of/of_private.h
> +++ b/drivers/of/of_private.h
> @@ -163,18 +163,16 @@ struct bus_dma_region;
> #if defined(CONFIG_OF_ADDRESS) && defined(CONFIG_HAS_DMA)
> int of_dma_get_range(struct device_node *np,
> const struct bus_dma_region **map);
> -int of_dma_set_restricted_buffer(struct device *dev, struct device_node *np);
> +void of_dma_set_restricted_buffer(struct device *dev, struct device_node *np);
> #else
> static inline int of_dma_get_range(struct device_node *np,
> const struct bus_dma_region **map)
> {
> return -ENODEV;
> }
> -static inline int of_dma_set_restricted_buffer(struct device *dev,
> - struct device_node *np)
> +static inline void of_dma_set_restricted_buffer(struct device *dev,
> + struct device_node *np)
> {
> - /* Do nothing, successfully. */
> - return 0;
> }
> #endif
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] of: restricted dma: Don't fail device probe on rmem init failure
2021-08-05 10:26 ` Robin Murphy
@ 2021-08-06 11:41 ` Will Deacon
0 siblings, 0 replies; 4+ messages in thread
From: Will Deacon @ 2021-08-06 11:41 UTC (permalink / raw)
To: Robin Murphy
Cc: linux-kernel, iommu, Claire Chang, Konrad Rzeszutek Wilk,
Christoph Hellwig, Rob Herring
On Thu, Aug 05, 2021 at 11:26:15AM +0100, Robin Murphy wrote:
> On 2021-08-05 10:47, Will Deacon wrote:
> > If CONFIG_DMA_RESTRICTED_POOL=n then probing a device with a reference
> > to a "restricted-dma-pool" will fail with a reasonably cryptic error:
> >
> > | pci-host-generic: probe of 10000.pci failed with error -22
> >
> > Print a more helpful message in this case and try to continue probing
> > the device as we do if the kernel doesn't have the restricted DMA patches
> > applied or either CONFIG_OF_ADDRESS or CONFIG_HAS_DMA =n.
>
> Makes sense to me;
>
> Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Cheers.
> Although if we allow probe to succeed when a pool really was there for a
> reason, it may end up being much more fatal if the driver then tries to do a
> DMA transfer to any old memory and the device access causes an SError, or
> the VM to be killed, or whatever. That's not quite the same as the stubbed
> cases where the respective platforms couldn't have a genuine pool to parse
> either way, but as you say it is what could happen already if the user tried
> to use an older kernel, and I think the chance of
> of_reserved_mem_device_init_by_idx() failing without something being
> terminally wrong anyway - invalid DT, not enough RAM, etc. - is low enough
> that it's probably not a major concern. Plus I'd hope that the memory
> protection schemes people do actually implement don't take such such a
> zero-tolerance approach anyway - allowing a malicious or malfunctioning
> device to take down the system because it tried to make a rogue access which
> *was* already contained seems a bit silly.
There's also a case where swiotlb is forced (swiotlb=force) but restricted
DMA pools have been sized and allocated for individual devices in the DT.
In this case, having the guest fallback to the default shared swiotlb
buffer is better than failing the probe if CONFIG_DMA_RESTRICTED_POOL=n.
Will
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] of: restricted dma: Don't fail device probe on rmem init failure
2021-08-05 9:47 [PATCH] of: restricted dma: Don't fail device probe on rmem init failure Will Deacon
2021-08-05 10:26 ` Robin Murphy
@ 2021-08-06 14:11 ` Rob Herring
1 sibling, 0 replies; 4+ messages in thread
From: Rob Herring @ 2021-08-06 14:11 UTC (permalink / raw)
To: Will Deacon
Cc: linux-kernel, Linux IOMMU, Claire Chang, Konrad Rzeszutek Wilk,
Robin Murphy, Christoph Hellwig
On Thu, Aug 5, 2021 at 3:47 AM Will Deacon <will@kernel.org> wrote:
>
> If CONFIG_DMA_RESTRICTED_POOL=n then probing a device with a reference
> to a "restricted-dma-pool" will fail with a reasonably cryptic error:
I'm left wondering why of_dma_set_restricted_buffer() is even enabled
with CONFIG_DMA_RESTRICTED_POOL=n.
of_dma_set_restricted_buffer() should use IS_ENABLED and it should
also be moved to of/device.c. There's no reason for it to be in
of/address.c. It has nothing to do with address parsing.
> | pci-host-generic: probe of 10000.pci failed with error -22
>
> Print a more helpful message in this case and try to continue probing
> the device as we do if the kernel doesn't have the restricted DMA patches
> applied or either CONFIG_OF_ADDRESS or CONFIG_HAS_DMA =n.
I think you'd have to work pretty hard to hit this code path with
either of the above config options off.
> Cc: Claire Chang <tientzu@chromium.org>
> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> Cc: Robin Murphy <robin.murphy@arm.com>
> Cc: Christoph Hellwig <hch@lst.de>
> Cc: Rob Herring <robh+dt@kernel.org>
> Signed-off-by: Will Deacon <will@kernel.org>
> ---
> drivers/of/address.c | 8 ++++----
> drivers/of/device.c | 2 +-
> drivers/of/of_private.h | 8 +++-----
> 3 files changed, 8 insertions(+), 10 deletions(-)
>
> diff --git a/drivers/of/address.c b/drivers/of/address.c
> index 973257434398..f6bf4b423c2a 100644
> --- a/drivers/of/address.c
> +++ b/drivers/of/address.c
> @@ -997,7 +997,7 @@ int of_dma_get_range(struct device_node *np, const struct bus_dma_region **map)
> return ret;
> }
>
> -int of_dma_set_restricted_buffer(struct device *dev, struct device_node *np)
> +void of_dma_set_restricted_buffer(struct device *dev, struct device_node *np)
> {
> struct device_node *node, *of_node = dev->of_node;
> int count, i;
> @@ -1022,11 +1022,11 @@ int of_dma_set_restricted_buffer(struct device *dev, struct device_node *np)
> */
> if (of_device_is_compatible(node, "restricted-dma-pool") &&
> of_device_is_available(node))
> - return of_reserved_mem_device_init_by_idx(dev, of_node,
> - i);
> + break;
> }
>
> - return 0;
> + if (i != count && of_reserved_mem_device_init_by_idx(dev, of_node, i))
> + dev_warn(dev, "failed to initialise \"restricted-dma-pool\" memory node\n");
> }
> #endif /* CONFIG_HAS_DMA */
>
> diff --git a/drivers/of/device.c b/drivers/of/device.c
> index 2defdca418ec..258a2b099410 100644
> --- a/drivers/of/device.c
> +++ b/drivers/of/device.c
> @@ -166,7 +166,7 @@ int of_dma_configure_id(struct device *dev, struct device_node *np,
> arch_setup_dma_ops(dev, dma_start, size, iommu, coherent);
>
> if (!iommu)
> - return of_dma_set_restricted_buffer(dev, np);
> + of_dma_set_restricted_buffer(dev, np);
>
> return 0;
> }
> diff --git a/drivers/of/of_private.h b/drivers/of/of_private.h
> index f557bd22b0cf..bc883f69496b 100644
> --- a/drivers/of/of_private.h
> +++ b/drivers/of/of_private.h
> @@ -163,18 +163,16 @@ struct bus_dma_region;
> #if defined(CONFIG_OF_ADDRESS) && defined(CONFIG_HAS_DMA)
> int of_dma_get_range(struct device_node *np,
> const struct bus_dma_region **map);
> -int of_dma_set_restricted_buffer(struct device *dev, struct device_node *np);
> +void of_dma_set_restricted_buffer(struct device *dev, struct device_node *np);
> #else
> static inline int of_dma_get_range(struct device_node *np,
> const struct bus_dma_region **map)
> {
> return -ENODEV;
> }
> -static inline int of_dma_set_restricted_buffer(struct device *dev,
> - struct device_node *np)
> +static inline void of_dma_set_restricted_buffer(struct device *dev,
> + struct device_node *np)
> {
> - /* Do nothing, successfully. */
> - return 0;
> }
> #endif
>
> --
> 2.32.0.605.g8dce9f2422-goog
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-08-06 14:11 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-05 9:47 [PATCH] of: restricted dma: Don't fail device probe on rmem init failure Will Deacon
2021-08-05 10:26 ` Robin Murphy
2021-08-06 11:41 ` Will Deacon
2021-08-06 14:11 ` Rob Herring
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).