From: Rob Herring <robh@kernel.org>
To: Marek Vasut <marek.vasut@gmail.com>
Cc: Robin Murphy <robin.murphy@arm.com>,
Geert Uytterhoeven <geert@linux-m68k.org>,
Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>,
PCI <linux-pci@vger.kernel.org>,
Geert Uytterhoeven <geert+renesas@glider.be>,
Wolfram Sang <wsa@the-dreams.de>,
"open list:MEDIA DRIVERS FOR RENESAS - FCP"
<linux-renesas-soc@vger.kernel.org>
Subject: Re: [PATCH V3 2/3] PCI: rcar: Do not abort on too many inbound dma-ranges
Date: Thu, 17 Oct 2019 09:36:07 -0500 [thread overview]
Message-ID: <CAL_JsqKEjzO3s=bBf_TxTAXTzLTcX=8ccFXLfowhPOHWzNET9A@mail.gmail.com> (raw)
In-Reply-To: <6af92fb1-a154-3e03-d239-0417da5a5094@gmail.com>
On Thu, Oct 17, 2019 at 9:00 AM Marek Vasut <marek.vasut@gmail.com> wrote:
>
> On 10/17/19 3:06 PM, Robin Murphy wrote:
> > On 17/10/2019 11:55, Marek Vasut wrote:
> >> On 10/17/19 9:06 AM, Geert Uytterhoeven wrote:
> >>
> >> [...]
> >>
> >>>>>>> I suppose if your intent is to use inbound windows as a poor man's
> >>>>>>> IOMMU to prevent accesses to the holes, then yes you would list them
> >>>>>>> out. But I think that's wrong and difficult to maintain. You'd also
> >>>>>>> need to deal with reserved-memory regions too.
> >>>>>>
> >>>>>> What's the problem with that? The bootloader has all that information
> >>>>>> and can patch the DT correctly. In fact, in my specific case, I have
> >>>>>> platform which can be populated with differently sized DRAM, so the
> >>>>>> holes are also dynamically calculated ; there is no one DT then, the
> >>>>>> bootloader is responsible to generate the dma-ranges accordingly.
> >>>>>
> >>>>> The problems are it doesn't work:
> >>>>>
> >>>>> Your dma-mask and offset are not going to be correct.
> >>>>>
> >>>>> You are running out of inbound windows. Your patch does nothing to
> >>>>> solve that. The solution would be merging multiple dma-ranges entries
> >>>>> to a single inbound window. We'd have to do that both for dma-mask and
> >>>>> inbound windows. The former would also have to figure out which
> >>>>> entries apply to setting up dma-mask. I'm simply suggesting just do
> >>>>> that up front and avoid any pointless splits.
> >>>>
> >>>> But then the PCI device can trigger a transaction to non-existent DRAM
> >>>> and cause undefined behavior. Surely we do not want that ?
> >>>
> >>> The PCI device will trigger transactions to memory only when instructed
> >>> to do so by Linux, right? Hence if Linux takes into account
> >>> chosen/memory
> >>> and dma-ranges, there is no problem?
> >>
> >> Unless of course the remote device initiates a transfer. And if the
> >> controller is programmed such that accesses to the missing DRAM in the
> >> holes are not filtered out by the controller, then the controller will
> >> gladly let the transaction through. Do we really want to let this
> >> happen ?
> >
> > If you've got devices making random unsolicited accesses then who's to
> > say they wouldn't also hit valid windows and corrupt memory? If it's
> > happening at all you've already lost.
>
> Not necessarily. If your controller is programmed correctly with just
> the ranges that are valid, then it will filter out at least the accesses
> outside of valid memory. If it is programmed incorrectly, as you
> suggest, then the accesses will go through, causing undefined behavior.
>
> And note that there is such weird buggy PCI hardware. A slightly
> unrelated example are some of the ath9k, which are generating spurious
> MSIs even if they are in legacy PCI IRQ mode. If the controller is
> configured correctly, even those buggy cards work, because it can filter
> the spurious MSIs out. If not, they do not.
How do those devices work on h/w without inbound window configuration
or they don't?
How do the spurious MSIs only go to invalid addresses and not valid addresses?
> That's why I would prefer to configure the controller correctly, not
> just hope that nothing bad will come out of misconfiguring it slightly.
Again, just handling the first N dma-ranges entries and ignoring the
rest is not 'configure the controller correctly'.
> > And realistically, if the address
> > isn't valid then it's not going to make much difference anyway - in
> > probably 99% of cases, either the transaction doesn't hit a window and
> > the host bridge returns a completer abort, or it does hit a window, the
> > AXI side returns DECERR or SLVERR, and the host bridge translates that
> > into a completer abort. Consider also that many PCI IPs don't have
> > discrete windows and just map the entirety of PCI mem space directly to
> > the system PA space.
>
> And in that 1% of cases, we are OK with failure which could have been
> easily prevented if the controller was programmed correctly ? That does
> not look like a good thing.
You don't need dma-ranges if you want to handle holes in DRAM. Use
memblock to get this information. Then it will work if you boot using
UEFI too.
dma-ranges at the PCI bridge should be restrictions in the PCI bridge,
not ones somewhere else in the system.
Rob
next prev parent reply other threads:[~2019-10-17 14:36 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-09 17:57 [PATCH V3 1/3] PCI: rcar: Move the inbound index check marek.vasut
2019-08-09 17:57 ` [PATCH V3 2/3] PCI: rcar: Do not abort on too many inbound dma-ranges marek.vasut
2019-08-16 13:23 ` Simon Horman
2019-08-16 13:28 ` Marek Vasut
2019-08-16 13:38 ` Simon Horman
2019-08-16 17:41 ` Marek Vasut
2019-10-21 10:18 ` Andrew Murray
2019-10-26 18:03 ` Marek Vasut
2019-10-26 20:36 ` Andrew Murray
2019-10-26 21:06 ` Andrew Murray
2019-11-06 23:37 ` Marek Vasut
2019-11-07 14:19 ` Andrew Murray
2019-11-16 15:48 ` Marek Vasut
2019-11-18 18:42 ` Robin Murphy
2019-12-22 7:46 ` Marek Vasut
2019-10-16 15:00 ` Lorenzo Pieralisi
2019-10-16 15:10 ` Marek Vasut
2019-10-16 15:26 ` Lorenzo Pieralisi
2019-10-16 15:29 ` Marek Vasut
2019-10-16 16:18 ` Lorenzo Pieralisi
2019-10-16 18:12 ` Rob Herring
2019-10-16 18:17 ` Marek Vasut
2019-10-16 20:25 ` Rob Herring
2019-10-16 21:15 ` Marek Vasut
2019-10-16 22:26 ` Rob Herring
2019-10-16 22:33 ` Marek Vasut
2019-10-17 7:06 ` Geert Uytterhoeven
2019-10-17 10:55 ` Marek Vasut
2019-10-17 13:06 ` Robin Murphy
2019-10-17 14:00 ` Marek Vasut
2019-10-17 14:36 ` Rob Herring [this message]
2019-10-17 15:01 ` Marek Vasut
2019-10-18 9:53 ` Lorenzo Pieralisi
2019-10-18 12:22 ` Marek Vasut
2019-10-18 12:53 ` Robin Murphy
2019-10-18 14:26 ` Marek Vasut
2019-10-18 15:44 ` Robin Murphy
2019-10-18 16:44 ` Marek Vasut
2019-10-18 17:35 ` Robin Murphy
2019-10-18 18:44 ` Marek Vasut
2019-10-21 8:32 ` Geert Uytterhoeven
2019-11-19 12:10 ` Robin Murphy
2019-10-18 10:06 ` Andrew Murray
2019-10-18 10:17 ` Geert Uytterhoeven
2019-10-18 11:40 ` Andrew Murray
2019-08-09 17:57 ` [PATCH V3 3/3] PCI: rcar: Recalculate inbound range alignment for each controller entry marek.vasut
2019-10-21 10:39 ` Andrew Murray
2019-08-16 10:52 ` [PATCH V3 1/3] PCI: rcar: Move the inbound index check Lorenzo Pieralisi
2019-08-16 10:59 ` Marek Vasut
2019-08-16 11:10 ` Lorenzo Pieralisi
2019-10-15 20:14 ` Marek Vasut
2019-10-21 10:11 ` Andrew Murray
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAL_JsqKEjzO3s=bBf_TxTAXTzLTcX=8ccFXLfowhPOHWzNET9A@mail.gmail.com' \
--to=robh@kernel.org \
--cc=geert+renesas@glider.be \
--cc=geert@linux-m68k.org \
--cc=linux-pci@vger.kernel.org \
--cc=linux-renesas-soc@vger.kernel.org \
--cc=lorenzo.pieralisi@arm.com \
--cc=marek.vasut@gmail.com \
--cc=robin.murphy@arm.com \
--cc=wsa@the-dreams.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).