Re: [PATCH v4 3/3] iommu/arm-smmu-qcom: Implement S2CR quirk
On Mon 19 Oct 09:04 CDT 2020, Robin Murphy wrote: > On 2020-10-17 05:39, Bjorn Andersson wrote: > > The firmware found in some Qualcomm platforms intercepts writes to S2CR > > in order to replace bypass type streams with fault; and ignore S2CR > > updates of type fault. > > > > Detect this behavior and implement a custom write_s2cr function in order > > to trick the firmware into supporting bypass streams by the means of > > configuring the stream for translation using a reserved and disabled > > context bank. > > > > Also circumvent the problem of configuring faulting streams by > > configuring the stream as bypass. > > > > Signed-off-by: Bjorn Andersson > > --- > > > > Changes since v3: > > - Move the reservation of the "identity context bank" to the Qualcomm > > specific > >implementation. > > - Implement the S2CR quirk with the newly introduced write_s2cr callback. > > > > drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 68 ++ > > 1 file changed, 68 insertions(+) > > > > diff --git a/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c > > b/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c > > index 0089048342dd..c0f42d6a6e01 100644 > > --- a/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c > > +++ b/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c > > @@ -10,8 +10,14 @@ > > struct qcom_smmu { > > struct arm_smmu_device smmu; > > + bool bypass_cbndx; > > Nit: variables named "*ndx" usually hold an actual index value. If it's just > a flag then maybe name it something like "use_bypass_context"? > > > }; > > +static struct qcom_smmu *to_qcom_smmu(struct arm_smmu_device *smmu) > > +{ > > + return container_of(smmu, struct qcom_smmu, smmu); > > +} > > + > > static const struct of_device_id qcom_smmu_client_of_match[] > > __maybe_unused = { > > { .compatible = "qcom,adreno" }, > > { .compatible = "qcom,mdp4" }, > > @@ -25,9 +31,32 @@ static const struct of_device_id > > qcom_smmu_client_of_match[] __maybe_unused = { > > static int qcom_smmu_cfg_probe(struct arm_smmu_device *smmu) > > { > > + unsigned int last_s2cr = ARM_SMMU_GR0_S2CR(smmu->num_mapping_groups - > > 1); > > + struct qcom_smmu *qsmmu = to_qcom_smmu(smmu); > > + u32 reg; > > u32 smr; > > int i; > > + /* > > +* With some firmware versions writes to S2CR of type FAULT are > > +* ignored, and writing BYPASS will end up written as FAULT in the > > +* register. Perform a write to S2CR to detect if this is the case and > > +* if so reserve a context bank to emulate bypass streams. > > +*/ > > + reg = FIELD_PREP(ARM_SMMU_S2CR_TYPE, S2CR_TYPE_BYPASS) | > > + FIELD_PREP(ARM_SMMU_S2CR_CBNDX, 0xff) | > > + FIELD_PREP(ARM_SMMU_S2CR_PRIVCFG, S2CR_PRIVCFG_DEFAULT); > > + arm_smmu_gr0_write(smmu, last_s2cr, reg); > > + reg = arm_smmu_gr0_read(smmu, last_s2cr); > > + if (FIELD_GET(ARM_SMMU_S2CR_TYPE, reg) != S2CR_TYPE_BYPASS) { > > + qsmmu->bypass_cbndx = smmu->num_context_banks - 1; > > Oh, so maybe the name is in fact OK but the type is wrong :/ > > I guess this does happens to work out, but for the wrong reason... > Odd, but "it works on my machine"... Sorry about that. > > + > > + set_bit(qsmmu->bypass_cbndx, smmu->context_map); > > + > > + reg = FIELD_PREP(ARM_SMMU_CBAR_TYPE, > > CBAR_TYPE_S1_TRANS_S2_BYPASS); > > + arm_smmu_gr1_write(smmu, > > ARM_SMMU_GR1_CBAR(qsmmu->bypass_cbndx), reg); > > + } > > + > > for (i = 0; i < smmu->num_mapping_groups; i++) { > > smr = arm_smmu_gr0_read(smmu, ARM_SMMU_GR0_SMR(i)); > > @@ -46,6 +75,44 @@ static int qcom_smmu_cfg_probe(struct arm_smmu_device > > *smmu) > > return 0; > > } > > +static void qcom_smmu_write_s2cr(struct arm_smmu_device *smmu, int idx) > > +{ > > + struct arm_smmu_s2cr *s2cr = smmu->s2crs + idx; > > + struct qcom_smmu *qsmmu = to_qcom_smmu(smmu); > > + u32 cbndx = s2cr->cbndx; > > + u32 type = s2cr->type; > > + u32 reg; > > + > > + if (qsmmu->bypass_cbndx) { > > Note that if we are talking indices here then 0 would be perfectly valid in > general. This works out OK in practice given that we're always reserving the > last implemented context above, and if we ever *did* only have one such that > index 0 is the last then we're going to have a bad time either way, but it's > not necessarily the most obvious. > Right. In the event that we have a SMMU instance with a single context bank hitting this quirk would probably be bad regardless, as the cfg_probe would have just stolen the only available context bank for bypass purposes :) But I've updated this to keep track of the need for bypass separate from the index. We don't have a lot of SMMU controllers, so it's not a big waste. > > + if (type == S2CR_TYPE_BYPASS) { > > + /* > > +* Firmware with quirky S2CR handling will substitute > > +* BYPASS writes with FAULT, so point the stream to the > > +
Re: [PATCH v4 3/3] iommu/arm-smmu-qcom: Implement S2CR quirk
On 2020-10-17 05:39, Bjorn Andersson wrote: The firmware found in some Qualcomm platforms intercepts writes to S2CR in order to replace bypass type streams with fault; and ignore S2CR updates of type fault. Detect this behavior and implement a custom write_s2cr function in order to trick the firmware into supporting bypass streams by the means of configuring the stream for translation using a reserved and disabled context bank. Also circumvent the problem of configuring faulting streams by configuring the stream as bypass. Signed-off-by: Bjorn Andersson --- Changes since v3: - Move the reservation of the "identity context bank" to the Qualcomm specific implementation. - Implement the S2CR quirk with the newly introduced write_s2cr callback. drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 68 ++ 1 file changed, 68 insertions(+) diff --git a/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c b/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c index 0089048342dd..c0f42d6a6e01 100644 --- a/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c +++ b/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c @@ -10,8 +10,14 @@ struct qcom_smmu { struct arm_smmu_device smmu; + bool bypass_cbndx; Nit: variables named "*ndx" usually hold an actual index value. If it's just a flag then maybe name it something like "use_bypass_context"? }; +static struct qcom_smmu *to_qcom_smmu(struct arm_smmu_device *smmu) +{ + return container_of(smmu, struct qcom_smmu, smmu); +} + static const struct of_device_id qcom_smmu_client_of_match[] __maybe_unused = { { .compatible = "qcom,adreno" }, { .compatible = "qcom,mdp4" }, @@ -25,9 +31,32 @@ static const struct of_device_id qcom_smmu_client_of_match[] __maybe_unused = { static int qcom_smmu_cfg_probe(struct arm_smmu_device *smmu) { + unsigned int last_s2cr = ARM_SMMU_GR0_S2CR(smmu->num_mapping_groups - 1); + struct qcom_smmu *qsmmu = to_qcom_smmu(smmu); + u32 reg; u32 smr; int i; + /* +* With some firmware versions writes to S2CR of type FAULT are +* ignored, and writing BYPASS will end up written as FAULT in the +* register. Perform a write to S2CR to detect if this is the case and +* if so reserve a context bank to emulate bypass streams. +*/ + reg = FIELD_PREP(ARM_SMMU_S2CR_TYPE, S2CR_TYPE_BYPASS) | + FIELD_PREP(ARM_SMMU_S2CR_CBNDX, 0xff) | + FIELD_PREP(ARM_SMMU_S2CR_PRIVCFG, S2CR_PRIVCFG_DEFAULT); + arm_smmu_gr0_write(smmu, last_s2cr, reg); + reg = arm_smmu_gr0_read(smmu, last_s2cr); + if (FIELD_GET(ARM_SMMU_S2CR_TYPE, reg) != S2CR_TYPE_BYPASS) { + qsmmu->bypass_cbndx = smmu->num_context_banks - 1; Oh, so maybe the name is in fact OK but the type is wrong :/ I guess this does happens to work out, but for the wrong reason... + + set_bit(qsmmu->bypass_cbndx, smmu->context_map); + + reg = FIELD_PREP(ARM_SMMU_CBAR_TYPE, CBAR_TYPE_S1_TRANS_S2_BYPASS); + arm_smmu_gr1_write(smmu, ARM_SMMU_GR1_CBAR(qsmmu->bypass_cbndx), reg); + } + for (i = 0; i < smmu->num_mapping_groups; i++) { smr = arm_smmu_gr0_read(smmu, ARM_SMMU_GR0_SMR(i)); @@ -46,6 +75,44 @@ static int qcom_smmu_cfg_probe(struct arm_smmu_device *smmu) return 0; } +static void qcom_smmu_write_s2cr(struct arm_smmu_device *smmu, int idx) +{ + struct arm_smmu_s2cr *s2cr = smmu->s2crs + idx; + struct qcom_smmu *qsmmu = to_qcom_smmu(smmu); + u32 cbndx = s2cr->cbndx; + u32 type = s2cr->type; + u32 reg; + + if (qsmmu->bypass_cbndx) { Note that if we are talking indices here then 0 would be perfectly valid in general. This works out OK in practice given that we're always reserving the last implemented context above, and if we ever *did* only have one such that index 0 is the last then we're going to have a bad time either way, but it's not necessarily the most obvious. + if (type == S2CR_TYPE_BYPASS) { + /* +* Firmware with quirky S2CR handling will substitute +* BYPASS writes with FAULT, so point the stream to the +* reserved context bank and ask for translation on the +* stream +*/ + type = S2CR_TYPE_TRANS; + cbndx = qsmmu->bypass_cbndx; + } else if (type == S2CR_TYPE_FAULT) { + /* +* Firmware with quirky S2CR handling will ignore FAULT +* writes, so trick it to write FAULT by asking for a +* BYPASS. +*/ + type = S2CR_TYPE_BYPASS; Ha, that's brilliant :) + cbndx = 0xff; + } + } + + reg = FIELD_PREP(ARM_
[PATCH v4 3/3] iommu/arm-smmu-qcom: Implement S2CR quirk
The firmware found in some Qualcomm platforms intercepts writes to S2CR in order to replace bypass type streams with fault; and ignore S2CR updates of type fault. Detect this behavior and implement a custom write_s2cr function in order to trick the firmware into supporting bypass streams by the means of configuring the stream for translation using a reserved and disabled context bank. Also circumvent the problem of configuring faulting streams by configuring the stream as bypass. Signed-off-by: Bjorn Andersson --- Changes since v3: - Move the reservation of the "identity context bank" to the Qualcomm specific implementation. - Implement the S2CR quirk with the newly introduced write_s2cr callback. drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 68 ++ 1 file changed, 68 insertions(+) diff --git a/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c b/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c index 0089048342dd..c0f42d6a6e01 100644 --- a/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c +++ b/drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c @@ -10,8 +10,14 @@ struct qcom_smmu { struct arm_smmu_device smmu; + bool bypass_cbndx; }; +static struct qcom_smmu *to_qcom_smmu(struct arm_smmu_device *smmu) +{ + return container_of(smmu, struct qcom_smmu, smmu); +} + static const struct of_device_id qcom_smmu_client_of_match[] __maybe_unused = { { .compatible = "qcom,adreno" }, { .compatible = "qcom,mdp4" }, @@ -25,9 +31,32 @@ static const struct of_device_id qcom_smmu_client_of_match[] __maybe_unused = { static int qcom_smmu_cfg_probe(struct arm_smmu_device *smmu) { + unsigned int last_s2cr = ARM_SMMU_GR0_S2CR(smmu->num_mapping_groups - 1); + struct qcom_smmu *qsmmu = to_qcom_smmu(smmu); + u32 reg; u32 smr; int i; + /* +* With some firmware versions writes to S2CR of type FAULT are +* ignored, and writing BYPASS will end up written as FAULT in the +* register. Perform a write to S2CR to detect if this is the case and +* if so reserve a context bank to emulate bypass streams. +*/ + reg = FIELD_PREP(ARM_SMMU_S2CR_TYPE, S2CR_TYPE_BYPASS) | + FIELD_PREP(ARM_SMMU_S2CR_CBNDX, 0xff) | + FIELD_PREP(ARM_SMMU_S2CR_PRIVCFG, S2CR_PRIVCFG_DEFAULT); + arm_smmu_gr0_write(smmu, last_s2cr, reg); + reg = arm_smmu_gr0_read(smmu, last_s2cr); + if (FIELD_GET(ARM_SMMU_S2CR_TYPE, reg) != S2CR_TYPE_BYPASS) { + qsmmu->bypass_cbndx = smmu->num_context_banks - 1; + + set_bit(qsmmu->bypass_cbndx, smmu->context_map); + + reg = FIELD_PREP(ARM_SMMU_CBAR_TYPE, CBAR_TYPE_S1_TRANS_S2_BYPASS); + arm_smmu_gr1_write(smmu, ARM_SMMU_GR1_CBAR(qsmmu->bypass_cbndx), reg); + } + for (i = 0; i < smmu->num_mapping_groups; i++) { smr = arm_smmu_gr0_read(smmu, ARM_SMMU_GR0_SMR(i)); @@ -46,6 +75,44 @@ static int qcom_smmu_cfg_probe(struct arm_smmu_device *smmu) return 0; } +static void qcom_smmu_write_s2cr(struct arm_smmu_device *smmu, int idx) +{ + struct arm_smmu_s2cr *s2cr = smmu->s2crs + idx; + struct qcom_smmu *qsmmu = to_qcom_smmu(smmu); + u32 cbndx = s2cr->cbndx; + u32 type = s2cr->type; + u32 reg; + + if (qsmmu->bypass_cbndx) { + if (type == S2CR_TYPE_BYPASS) { + /* +* Firmware with quirky S2CR handling will substitute +* BYPASS writes with FAULT, so point the stream to the +* reserved context bank and ask for translation on the +* stream +*/ + type = S2CR_TYPE_TRANS; + cbndx = qsmmu->bypass_cbndx; + } else if (type == S2CR_TYPE_FAULT) { + /* +* Firmware with quirky S2CR handling will ignore FAULT +* writes, so trick it to write FAULT by asking for a +* BYPASS. +*/ + type = S2CR_TYPE_BYPASS; + cbndx = 0xff; + } + } + + reg = FIELD_PREP(ARM_SMMU_S2CR_TYPE, type) | + FIELD_PREP(ARM_SMMU_S2CR_CBNDX, cbndx) | + FIELD_PREP(ARM_SMMU_S2CR_PRIVCFG, s2cr->privcfg); + + if (smmu->features & ARM_SMMU_FEAT_EXIDS && smmu->smrs && smmu->smrs[idx].valid) + reg |= ARM_SMMU_S2CR_EXIDVALID; + arm_smmu_gr0_write(smmu, ARM_SMMU_GR0_S2CR(idx), reg); +} + static int qcom_smmu_def_domain_type(struct device *dev) { const struct of_device_id *match = @@ -87,6 +154,7 @@ static const struct arm_smmu_impl qcom_smmu_impl = { .cfg_probe = qcom_smmu_cfg_probe, .def_domain_type = qcom_smmu_def_domain_type, .reset = qcom_smmu500_reset, + .write_s2cr = qcom_smmu_write_s2cr, }; struct a