[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH v3 5/6] dt-bindings: of: Add restricted DMA pool

To: Claire Chang <tientzu@xxxxxxxxxxxx>
From: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Date: Thu, 7 Jan 2021 13:00:32 -0500
Cc: Rob Herring <robh+dt@xxxxxxxxxx>, mpe@xxxxxxxxxxxxxx, benh@xxxxxxxxxxxxxxxxxxx, paulus@xxxxxxxxx, "list@xxxxxxx:IOMMU DRIVERS <iommu@xxxxxxxxxxxxxxxxxxxxxxxxxx>, Joerg Roedel <joro@xxxxxxxxxx>," <joro@xxxxxxxxxx>, will@xxxxxxxxxx, Frank Rowand <frowand.list@xxxxxxxxx>, boris.ostrovsky@xxxxxxxxxx, jgross@xxxxxxxx, sstabellini@xxxxxxxxxx, Christoph Hellwig <hch@xxxxxx>, Marek Szyprowski <m.szyprowski@xxxxxxxxxxx>, Robin Murphy <robin.murphy@xxxxxxx>, grant.likely@xxxxxxx, xypron.glpk@xxxxxx, Thierry Reding <treding@xxxxxxxxxx>, mingo@xxxxxxxxxx, bauerman@xxxxxxxxxxxxx, peterz@xxxxxxxxxxxxx, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>, Saravana Kannan <saravanak@xxxxxxxxxx>, rafael.j.wysocki@xxxxxxxxx, heikki.krogerus@xxxxxxxxxxxxxxx, Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>, rdunlap@xxxxxxxxxxxxx, dan.j.williams@xxxxxxxxx, Bartosz Golaszewski <bgolaszewski@xxxxxxxxxxxx>, linux-devicetree <devicetree@xxxxxxxxxxxxxxx>, lkml <linux-kernel@xxxxxxxxxxxxxxx>, linuxppc-dev@xxxxxxxxxxxxxxxx, "list@xxxxxxx:IOMMU DRIVERS <iommu@xxxxxxxxxxxxxxxxxxxxxxxxxx>, Joerg Roedel <joro@xxxxxxxxxx>," <iommu@xxxxxxxxxxxxxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Tomasz Figa <tfiga@xxxxxxxxxxxx>, Nicolas Boichat <drinkcat@xxxxxxxxxxxx>
Delivery-date: Thu, 07 Jan 2021 18:05:00 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Fri, Jan 08, 2021 at 01:39:43AM +0800, Claire Chang wrote:
> On Thu, Jan 7, 2021 at 2:58 AM Konrad Rzeszutek Wilk
> <konrad.wilk@xxxxxxxxxx> wrote:
> >
> > On Wed, Jan 06, 2021 at 11:41:23AM +0800, Claire Chang wrote:
> > > Introduce the new compatible string, restricted-dma-pool, for restricted
> > > DMA. One can specify the address and length of the restricted DMA memory
> > > region by restricted-dma-pool in the device tree.
> > >
> > > Signed-off-by: Claire Chang <tientzu@xxxxxxxxxxxx>
> > > ---
> > >  .../reserved-memory/reserved-memory.txt       | 24 +++++++++++++++++++
> > >  1 file changed, 24 insertions(+)
> > >
> > > diff --git 
> > > a/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt 
> > > b/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
> > > index e8d3096d922c..44975e2a1fd2 100644
> > > --- 
> > > a/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
> > > +++ 
> > > b/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
> > > @@ -51,6 +51,20 @@ compatible (optional) - standard definition
> > >            used as a shared pool of DMA buffers for a set of devices. It 
> > > can
> > >            be used by an operating system to instantiate the necessary 
> > > pool
> > >            management subsystem if necessary.
> > > +        - restricted-dma-pool: This indicates a region of memory meant 
> > > to be
> > > +          used as a pool of restricted DMA buffers for a set of devices. 
> > > The
> > > +          memory region would be the only region accessible to those 
> > > devices.
> > > +          When using this, the no-map and reusable properties must not 
> > > be set,
> > > +          so the operating system can create a virtual mapping that will 
> > > be used
> > > +          for synchronization. The main purpose for restricted DMA is to
> > > +          mitigate the lack of DMA access control on systems without an 
> > > IOMMU,
> > > +          which could result in the DMA accessing the system memory at
> > > +          unexpected times and/or unexpected addresses, possibly leading 
> > > to data
> > > +          leakage or corruption. The feature on its own provides a basic 
> > > level
> > > +          of protection against the DMA overwriting buffer contents at
> > > +          unexpected times. However, to protect against general data 
> > > leakage and
> > > +          system memory corruption, the system needs to provide way to 
> > > restrict
> > > +          the DMA to a predefined memory region.
> >
> > Heya!
> >
> > I think I am missing something obvious here so please bear with my
> > questions:
> >
> >  - This code adds the means of having the SWIOTLB pool tied to a specific
> >    memory correct?
> 
> It doesn't affect the existing SWIOTLB. It just utilizes the existing SWIOTLB
> code to create another DMA pool tied to a specific memory region for a given 
> set
> of devices. It bounces the streaming DMA (map/unmap) in and out of that region
> and does the memory allocation (dma_direct_alloc) from the same region.

Right, so why can't it follow the same mechanism that Xen SWIOTLB does - which
had exactly the same problem (needed special handling on the pool) - and do
a similar code?

> 
> >
> >
> >  - Nothing stops the physical device from bypassing the SWIOTLB buffer.
> >    That is if an errant device screwed up the length or DMA address, the
> >    SWIOTLB would gladly do what the device told it do?
> 
> So the system needs to provide a way to lock down the memory access, e.g. MPU.

OK! Would it be prudent to have this in the description above perhaps?
> 
> >
> >  - This has to be combined with SWIOTLB-force-ish to always use the
> >    bounce buffer, otherwise you could still do DMA without using
> >    SWIOTLB (by not hitting the criteria for needing to use SWIOTLB)?
> 
> Since restricted DMA is for the devices that are not behind an IOMMU, I change
> the criteria
> `if (unlikely(swiotlb_force == SWIOTLB_FORCE))`
> to
> `if (unlikely(swiotlb_force == SWIOTLB_FORCE) || dev->dma_io_tlb_mem)`
> in dma_direct_map_page().
> 
> Also, even if SWIOTLB=force, the restricted DMA pool is preferred if available
> (get_io_tlb_mem in https://lore.kernel.org/patchwork/patch/1360995/).
> 
> Thanks!

Follow-Ups:
- Re: [RFC PATCH v3 5/6] dt-bindings: of: Add restricted DMA pool
  - From: Florian Fainelli

References:
- [RFC PATCH v3 0/6] Restricted DMA
  - From: Claire Chang
- [RFC PATCH v3 5/6] dt-bindings: of: Add restricted DMA pool
  - From: Claire Chang
- Re: [RFC PATCH v3 5/6] dt-bindings: of: Add restricted DMA pool
  - From: Konrad Rzeszutek Wilk
- Re: [RFC PATCH v3 5/6] dt-bindings: of: Add restricted DMA pool
  - From: Claire Chang

Prev by Date: Re: [RFC PATCH v3 0/6] Restricted DMA
Next by Date: Re: [RFC PATCH v3 2/6] swiotlb: Add restricted DMA pool
Previous by thread: Re: [RFC PATCH v3 5/6] dt-bindings: of: Add restricted DMA pool
Next by thread: Re: [RFC PATCH v3 5/6] dt-bindings: of: Add restricted DMA pool
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.