From: Claire Chang <tientzu@chromium.org>
To: Joerg Roedel <joro@8bytes.org>, Will Deacon <will@kernel.org>,
Frank Rowand <frowand.list@gmail.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
boris.ostrovsky@oracle.com, jgross@suse.com,
Christoph Hellwig <hch@lst.de>,
Marek Szyprowski <m.szyprowski@samsung.com>
Cc: benh@kernel.crashing.org, paulus@samba.org,
"list@263.net:IOMMU DRIVERS" <iommu@lists.linux-foundation.org>,
sstabellini@kernel.org, Robin Murphy <robin.murphy@arm.com>,
grant.likely@arm.com, xypron.glpk@gmx.de,
Thierry Reding <treding@nvidia.com>,
mingo@kernel.org, bauerman@linux.ibm.com, peterz@infradead.org,
Greg KH <gregkh@linuxfoundation.org>,
Saravana Kannan <saravanak@google.com>,
"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>,
heikki.krogerus@linux.intel.com,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Randy Dunlap <rdunlap@infradead.org>,
Dan Williams <dan.j.williams@intel.com>,
Bartosz Golaszewski <bgolaszewski@baylibre.com>,
linux-devicetree <devicetree@vger.kernel.org>,
lkml <linux-kernel@vger.kernel.org>,
linuxppc-dev@lists.ozlabs.org, xen-devel@lists.xenproject.org,
Nicolas Boichat <drinkcat@chromium.org>,
Jim Quinlan <james.quinlan@broadcom.com>,
tfiga@chromium.org, bskeggs@redhat.com, bhelgaas@google.com,
chris@chris-wilson.co.uk, tientzu@chromium.org, daniel@ffwll.ch,
airlied@linux.ie, dri-devel@lists.freedesktop.org,
intel-gfx@lists.freedesktop.org, jani.nikula@linux.intel.com,
jxgao@google.com, joonas.lahtinen@linux.intel.com,
linux-pci@vger.kernel.org, maarten.lankhorst@linux.intel.com,
matthew.auld@intel.com, nouveau@lists.freedesktop.org,
rodrigo.vivi@intel.com, thomas.hellstrom@linux.intel.com
Subject: [PATCH v5 15/16] dt-bindings: of: Add restricted DMA pool
Date: Thu, 22 Apr 2021 16:15:07 +0800 [thread overview]
Message-ID: <20210422081508.3942748-16-tientzu@chromium.org> (raw)
In-Reply-To: <20210422081508.3942748-1-tientzu@chromium.org>
Introduce the new compatible string, restricted-dma-pool, for restricted
DMA. One can specify the address and length of the restricted DMA memory
region by restricted-dma-pool in the reserved-memory node.
Signed-off-by: Claire Chang <tientzu@chromium.org>
---
.../reserved-memory/reserved-memory.txt | 24 +++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt b/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
index e8d3096d922c..fc9a12c2f679 100644
--- a/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
+++ b/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
@@ -51,6 +51,20 @@ compatible (optional) - standard definition
used as a shared pool of DMA buffers for a set of devices. It can
be used by an operating system to instantiate the necessary pool
management subsystem if necessary.
+ - restricted-dma-pool: This indicates a region of memory meant to be
+ used as a pool of restricted DMA buffers for a set of devices. The
+ memory region would be the only region accessible to those devices.
+ When using this, the no-map and reusable properties must not be set,
+ so the operating system can create a virtual mapping that will be used
+ for synchronization. The main purpose for restricted DMA is to
+ mitigate the lack of DMA access control on systems without an IOMMU,
+ which could result in the DMA accessing the system memory at
+ unexpected times and/or unexpected addresses, possibly leading to data
+ leakage or corruption. The feature on its own provides a basic level
+ of protection against the DMA overwriting buffer contents at
+ unexpected times. However, to protect against general data leakage and
+ system memory corruption, the system needs to provide way to lock down
+ the memory access, e.g., MPU.
- vendor specific string in the form <vendor>,[<device>-]<usage>
no-map (optional) - empty property
- Indicates the operating system must not create a virtual mapping
@@ -120,6 +134,11 @@ one for multimedia processing (named multimedia-memory@77000000, 64MiB).
compatible = "acme,multimedia-memory";
reg = <0x77000000 0x4000000>;
};
+
+ restricted_dma_mem_reserved: restricted_dma_mem_reserved {
+ compatible = "restricted-dma-pool";
+ reg = <0x50000000 0x400000>;
+ };
};
/* ... */
@@ -138,4 +157,9 @@ one for multimedia processing (named multimedia-memory@77000000, 64MiB).
memory-region = <&multimedia_reserved>;
/* ... */
};
+
+ pcie_device: pcie_device@0,0 {
+ memory-region = <&restricted_dma_mem_reserved>;
+ /* ... */
+ };
};
--
2.31.1.368.gbe11c130af-goog
WARNING: multiple messages have this Message-ID (diff)
From: Claire Chang <tientzu@chromium.org>
To: Joerg Roedel <joro@8bytes.org>, Will Deacon <will@kernel.org>,
Frank Rowand <frowand.list@gmail.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
boris.ostrovsky@oracle.com, jgross@suse.com,
Christoph Hellwig <hch@lst.de>,
Marek Szyprowski <m.szyprowski@samsung.com>
Cc: heikki.krogerus@linux.intel.com,
thomas.hellstrom@linux.intel.com, peterz@infradead.org,
joonas.lahtinen@linux.intel.com, dri-devel@lists.freedesktop.org,
chris@chris-wilson.co.uk, grant.likely@arm.com, paulus@samba.org,
mingo@kernel.org, jxgao@google.com, sstabellini@kernel.org,
Saravana Kannan <saravanak@google.com>,
xypron.glpk@gmx.de,
"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>,
Bartosz Golaszewski <bgolaszewski@baylibre.com>,
bskeggs@redhat.com, linux-pci@vger.kernel.org,
xen-devel@lists.xenproject.org,
Thierry Reding <treding@nvidia.com>,
intel-gfx@lists.freedesktop.org, matthew.auld@intel.com,
linux-devicetree <devicetree@vger.kernel.org>,
daniel@ffwll.ch, airlied@linux.ie,
maarten.lankhorst@linux.intel.com, linuxppc-dev@lists.ozlabs.org,
jani.nikula@linux.intel.com,
Nicolas Boichat <drinkcat@chromium.org>,
rodrigo.vivi@intel.com, bhelgaas@google.com,
tientzu@chromium.org, Dan Williams <dan.j.williams@intel.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
nouveau@lists.freedesktop.org,
Greg KH <gregkh@linuxfoundation.org>,
Randy Dunlap <rdunlap@infradead.org>,
lkml <linux-kernel@vger.kernel.org>,
tfiga@chromium.org,
"list@263.net:IOMMU DRIVERS" <iommu@lists.linux-foundation.org>,
Jim Quinlan <james.quinlan@broadcom.com>,
Robin Murphy <robin.murphy@arm.com>,
bauerman@linux.ibm.com
Subject: [PATCH v5 15/16] dt-bindings: of: Add restricted DMA pool
Date: Thu, 22 Apr 2021 16:15:07 +0800 [thread overview]
Message-ID: <20210422081508.3942748-16-tientzu@chromium.org> (raw)
In-Reply-To: <20210422081508.3942748-1-tientzu@chromium.org>
Introduce the new compatible string, restricted-dma-pool, for restricted
DMA. One can specify the address and length of the restricted DMA memory
region by restricted-dma-pool in the reserved-memory node.
Signed-off-by: Claire Chang <tientzu@chromium.org>
---
.../reserved-memory/reserved-memory.txt | 24 +++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt b/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
index e8d3096d922c..fc9a12c2f679 100644
--- a/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
+++ b/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
@@ -51,6 +51,20 @@ compatible (optional) - standard definition
used as a shared pool of DMA buffers for a set of devices. It can
be used by an operating system to instantiate the necessary pool
management subsystem if necessary.
+ - restricted-dma-pool: This indicates a region of memory meant to be
+ used as a pool of restricted DMA buffers for a set of devices. The
+ memory region would be the only region accessible to those devices.
+ When using this, the no-map and reusable properties must not be set,
+ so the operating system can create a virtual mapping that will be used
+ for synchronization. The main purpose for restricted DMA is to
+ mitigate the lack of DMA access control on systems without an IOMMU,
+ which could result in the DMA accessing the system memory at
+ unexpected times and/or unexpected addresses, possibly leading to data
+ leakage or corruption. The feature on its own provides a basic level
+ of protection against the DMA overwriting buffer contents at
+ unexpected times. However, to protect against general data leakage and
+ system memory corruption, the system needs to provide way to lock down
+ the memory access, e.g., MPU.
- vendor specific string in the form <vendor>,[<device>-]<usage>
no-map (optional) - empty property
- Indicates the operating system must not create a virtual mapping
@@ -120,6 +134,11 @@ one for multimedia processing (named multimedia-memory@77000000, 64MiB).
compatible = "acme,multimedia-memory";
reg = <0x77000000 0x4000000>;
};
+
+ restricted_dma_mem_reserved: restricted_dma_mem_reserved {
+ compatible = "restricted-dma-pool";
+ reg = <0x50000000 0x400000>;
+ };
};
/* ... */
@@ -138,4 +157,9 @@ one for multimedia processing (named multimedia-memory@77000000, 64MiB).
memory-region = <&multimedia_reserved>;
/* ... */
};
+
+ pcie_device: pcie_device@0,0 {
+ memory-region = <&restricted_dma_mem_reserved>;
+ /* ... */
+ };
};
--
2.31.1.368.gbe11c130af-goog
WARNING: multiple messages have this Message-ID (diff)
From: Claire Chang <tientzu@chromium.org>
To: Joerg Roedel <joro@8bytes.org>, Will Deacon <will@kernel.org>,
Frank Rowand <frowand.list@gmail.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
boris.ostrovsky@oracle.com, jgross@suse.com,
Christoph Hellwig <hch@lst.de>,
Marek Szyprowski <m.szyprowski@samsung.com>
Cc: heikki.krogerus@linux.intel.com,
thomas.hellstrom@linux.intel.com, peterz@infradead.org,
benh@kernel.crashing.org, joonas.lahtinen@linux.intel.com,
dri-devel@lists.freedesktop.org, chris@chris-wilson.co.uk,
grant.likely@arm.com, paulus@samba.org, mingo@kernel.org,
jxgao@google.com, sstabellini@kernel.org,
Saravana Kannan <saravanak@google.com>,
xypron.glpk@gmx.de,
"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>,
Bartosz Golaszewski <bgolaszewski@baylibre.com>,
bskeggs@redhat.com, linux-pci@vger.kernel.org,
xen-devel@lists.xenproject.org,
Thierry Reding <treding@nvidia.com>,
intel-gfx@lists.freedesktop.org, matthew.auld@intel.com,
linux-devicetree <devicetree@vger.kernel.org>,
daniel@ffwll.ch, airlied@linux.ie,
maarten.lankhorst@linux.intel.com,
Robin Murphy <robin.murphy@arm.com>,
jani.nikula@linux.intel.com,
Nicolas Boichat <drinkcat@chromium.org>,
rodrigo.vivi@intel.com, bhelgaas@google.com,
tientzu@chromium.org, Dan Williams <dan.j.williams@intel.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
nouveau@lists.freedesktop.org,
Greg KH <gregkh@linuxfoundation.org>,
Randy Dunlap <rdunlap@infradead.org>,
lkml <linux-kernel@vger.kernel.org>,
tfiga@chromium.org,
"list@263.net:IOMMU DRIVERS" <iommu@lists.linux-foundation.org>,
Jim Quinlan <james.quinlan@broadcom.com>,
linuxppc-dev@lists.ozlabs.org, bauerman@linux.ibm.com
Subject: [Nouveau] [PATCH v5 15/16] dt-bindings: of: Add restricted DMA pool
Date: Thu, 22 Apr 2021 16:15:07 +0800 [thread overview]
Message-ID: <20210422081508.3942748-16-tientzu@chromium.org> (raw)
In-Reply-To: <20210422081508.3942748-1-tientzu@chromium.org>
Introduce the new compatible string, restricted-dma-pool, for restricted
DMA. One can specify the address and length of the restricted DMA memory
region by restricted-dma-pool in the reserved-memory node.
Signed-off-by: Claire Chang <tientzu@chromium.org>
---
.../reserved-memory/reserved-memory.txt | 24 +++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt b/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
index e8d3096d922c..fc9a12c2f679 100644
--- a/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
+++ b/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
@@ -51,6 +51,20 @@ compatible (optional) - standard definition
used as a shared pool of DMA buffers for a set of devices. It can
be used by an operating system to instantiate the necessary pool
management subsystem if necessary.
+ - restricted-dma-pool: This indicates a region of memory meant to be
+ used as a pool of restricted DMA buffers for a set of devices. The
+ memory region would be the only region accessible to those devices.
+ When using this, the no-map and reusable properties must not be set,
+ so the operating system can create a virtual mapping that will be used
+ for synchronization. The main purpose for restricted DMA is to
+ mitigate the lack of DMA access control on systems without an IOMMU,
+ which could result in the DMA accessing the system memory at
+ unexpected times and/or unexpected addresses, possibly leading to data
+ leakage or corruption. The feature on its own provides a basic level
+ of protection against the DMA overwriting buffer contents at
+ unexpected times. However, to protect against general data leakage and
+ system memory corruption, the system needs to provide way to lock down
+ the memory access, e.g., MPU.
- vendor specific string in the form <vendor>,[<device>-]<usage>
no-map (optional) - empty property
- Indicates the operating system must not create a virtual mapping
@@ -120,6 +134,11 @@ one for multimedia processing (named multimedia-memory@77000000, 64MiB).
compatible = "acme,multimedia-memory";
reg = <0x77000000 0x4000000>;
};
+
+ restricted_dma_mem_reserved: restricted_dma_mem_reserved {
+ compatible = "restricted-dma-pool";
+ reg = <0x50000000 0x400000>;
+ };
};
/* ... */
@@ -138,4 +157,9 @@ one for multimedia processing (named multimedia-memory@77000000, 64MiB).
memory-region = <&multimedia_reserved>;
/* ... */
};
+
+ pcie_device: pcie_device@0,0 {
+ memory-region = <&restricted_dma_mem_reserved>;
+ /* ... */
+ };
};
--
2.31.1.368.gbe11c130af-goog
_______________________________________________
Nouveau mailing list
Nouveau@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/nouveau
WARNING: multiple messages have this Message-ID (diff)
From: Claire Chang <tientzu@chromium.org>
To: Joerg Roedel <joro@8bytes.org>, Will Deacon <will@kernel.org>,
Frank Rowand <frowand.list@gmail.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
boris.ostrovsky@oracle.com, jgross@suse.com,
Christoph Hellwig <hch@lst.de>,
Marek Szyprowski <m.szyprowski@samsung.com>
Cc: heikki.krogerus@linux.intel.com,
thomas.hellstrom@linux.intel.com, peterz@infradead.org,
benh@kernel.crashing.org, joonas.lahtinen@linux.intel.com,
dri-devel@lists.freedesktop.org, chris@chris-wilson.co.uk,
grant.likely@arm.com, paulus@samba.org, mingo@kernel.org,
jxgao@google.com, sstabellini@kernel.org,
Saravana Kannan <saravanak@google.com>,
xypron.glpk@gmx.de,
"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>,
Bartosz Golaszewski <bgolaszewski@baylibre.com>,
bskeggs@redhat.com, linux-pci@vger.kernel.org,
xen-devel@lists.xenproject.org,
Thierry Reding <treding@nvidia.com>,
intel-gfx@lists.freedesktop.org, matthew.auld@intel.com,
linux-devicetree <devicetree@vger.kernel.org>,
daniel@ffwll.ch, airlied@linux.ie,
maarten.lankhorst@linux.intel.com, linuxppc-dev@lists.ozlabs.org,
jani.nikula@linux.intel.com,
Nicolas Boichat <drinkcat@chromium.org>,
rodrigo.vivi@intel.com, bhelgaas@google.com,
tientzu@chromium.org, Dan Williams <dan.j.williams@intel.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
nouveau@lists.freedesktop.org,
Greg KH <gregkh@linuxfoundation.org>,
Randy Dunlap <rdunlap@infradead.org>,
lkml <linux-kernel@vger.kernel.org>,
"list@263.net:IOMMU DRIVERS" <iommu@lists.linux-foundation.org>,
Jim Quinlan <james.quinlan@broadcom.com>,
Robin Murphy <robin.murphy@arm.com>,
bauerman@linux.ibm.com
Subject: [PATCH v5 15/16] dt-bindings: of: Add restricted DMA pool
Date: Thu, 22 Apr 2021 16:15:07 +0800 [thread overview]
Message-ID: <20210422081508.3942748-16-tientzu@chromium.org> (raw)
In-Reply-To: <20210422081508.3942748-1-tientzu@chromium.org>
Introduce the new compatible string, restricted-dma-pool, for restricted
DMA. One can specify the address and length of the restricted DMA memory
region by restricted-dma-pool in the reserved-memory node.
Signed-off-by: Claire Chang <tientzu@chromium.org>
---
.../reserved-memory/reserved-memory.txt | 24 +++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt b/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
index e8d3096d922c..fc9a12c2f679 100644
--- a/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
+++ b/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
@@ -51,6 +51,20 @@ compatible (optional) - standard definition
used as a shared pool of DMA buffers for a set of devices. It can
be used by an operating system to instantiate the necessary pool
management subsystem if necessary.
+ - restricted-dma-pool: This indicates a region of memory meant to be
+ used as a pool of restricted DMA buffers for a set of devices. The
+ memory region would be the only region accessible to those devices.
+ When using this, the no-map and reusable properties must not be set,
+ so the operating system can create a virtual mapping that will be used
+ for synchronization. The main purpose for restricted DMA is to
+ mitigate the lack of DMA access control on systems without an IOMMU,
+ which could result in the DMA accessing the system memory at
+ unexpected times and/or unexpected addresses, possibly leading to data
+ leakage or corruption. The feature on its own provides a basic level
+ of protection against the DMA overwriting buffer contents at
+ unexpected times. However, to protect against general data leakage and
+ system memory corruption, the system needs to provide way to lock down
+ the memory access, e.g., MPU.
- vendor specific string in the form <vendor>,[<device>-]<usage>
no-map (optional) - empty property
- Indicates the operating system must not create a virtual mapping
@@ -120,6 +134,11 @@ one for multimedia processing (named multimedia-memory@77000000, 64MiB).
compatible = "acme,multimedia-memory";
reg = <0x77000000 0x4000000>;
};
+
+ restricted_dma_mem_reserved: restricted_dma_mem_reserved {
+ compatible = "restricted-dma-pool";
+ reg = <0x50000000 0x400000>;
+ };
};
/* ... */
@@ -138,4 +157,9 @@ one for multimedia processing (named multimedia-memory@77000000, 64MiB).
memory-region = <&multimedia_reserved>;
/* ... */
};
+
+ pcie_device: pcie_device@0,0 {
+ memory-region = <&restricted_dma_mem_reserved>;
+ /* ... */
+ };
};
--
2.31.1.368.gbe11c130af-goog
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
WARNING: multiple messages have this Message-ID (diff)
From: Claire Chang <tientzu@chromium.org>
To: Joerg Roedel <joro@8bytes.org>, Will Deacon <will@kernel.org>,
Frank Rowand <frowand.list@gmail.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
boris.ostrovsky@oracle.com, jgross@suse.com,
Christoph Hellwig <hch@lst.de>,
Marek Szyprowski <m.szyprowski@samsung.com>
Cc: heikki.krogerus@linux.intel.com,
thomas.hellstrom@linux.intel.com, peterz@infradead.org,
dri-devel@lists.freedesktop.org, chris@chris-wilson.co.uk,
grant.likely@arm.com, paulus@samba.org, mingo@kernel.org,
jxgao@google.com, sstabellini@kernel.org,
Saravana Kannan <saravanak@google.com>,
xypron.glpk@gmx.de,
"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>,
Bartosz Golaszewski <bgolaszewski@baylibre.com>,
bskeggs@redhat.com, linux-pci@vger.kernel.org,
xen-devel@lists.xenproject.org,
Thierry Reding <treding@nvidia.com>,
intel-gfx@lists.freedesktop.org, matthew.auld@intel.com,
linux-devicetree <devicetree@vger.kernel.org>,
airlied@linux.ie, Robin Murphy <robin.murphy@arm.com>,
Nicolas Boichat <drinkcat@chromium.org>,
rodrigo.vivi@intel.com, bhelgaas@google.com,
tientzu@chromium.org, Dan Williams <dan.j.williams@intel.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
nouveau@lists.freedesktop.org,
Greg KH <gregkh@linuxfoundation.org>,
Randy Dunlap <rdunlap@infradead.org>,
lkml <linux-kernel@vger.kernel.org>,
tfiga@chromium.org,
"list@263.net:IOMMU DRIVERS" <iommu@lists.linux-foundation.org>,
Jim Quinlan <james.quinlan@broadcom.com>,
linuxppc-dev@lists.ozlabs.org, bauerman@linux.ibm.com
Subject: [PATCH v5 15/16] dt-bindings: of: Add restricted DMA pool
Date: Thu, 22 Apr 2021 16:15:07 +0800 [thread overview]
Message-ID: <20210422081508.3942748-16-tientzu@chromium.org> (raw)
In-Reply-To: <20210422081508.3942748-1-tientzu@chromium.org>
Introduce the new compatible string, restricted-dma-pool, for restricted
DMA. One can specify the address and length of the restricted DMA memory
region by restricted-dma-pool in the reserved-memory node.
Signed-off-by: Claire Chang <tientzu@chromium.org>
---
.../reserved-memory/reserved-memory.txt | 24 +++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt b/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
index e8d3096d922c..fc9a12c2f679 100644
--- a/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
+++ b/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
@@ -51,6 +51,20 @@ compatible (optional) - standard definition
used as a shared pool of DMA buffers for a set of devices. It can
be used by an operating system to instantiate the necessary pool
management subsystem if necessary.
+ - restricted-dma-pool: This indicates a region of memory meant to be
+ used as a pool of restricted DMA buffers for a set of devices. The
+ memory region would be the only region accessible to those devices.
+ When using this, the no-map and reusable properties must not be set,
+ so the operating system can create a virtual mapping that will be used
+ for synchronization. The main purpose for restricted DMA is to
+ mitigate the lack of DMA access control on systems without an IOMMU,
+ which could result in the DMA accessing the system memory at
+ unexpected times and/or unexpected addresses, possibly leading to data
+ leakage or corruption. The feature on its own provides a basic level
+ of protection against the DMA overwriting buffer contents at
+ unexpected times. However, to protect against general data leakage and
+ system memory corruption, the system needs to provide way to lock down
+ the memory access, e.g., MPU.
- vendor specific string in the form <vendor>,[<device>-]<usage>
no-map (optional) - empty property
- Indicates the operating system must not create a virtual mapping
@@ -120,6 +134,11 @@ one for multimedia processing (named multimedia-memory@77000000, 64MiB).
compatible = "acme,multimedia-memory";
reg = <0x77000000 0x4000000>;
};
+
+ restricted_dma_mem_reserved: restricted_dma_mem_reserved {
+ compatible = "restricted-dma-pool";
+ reg = <0x50000000 0x400000>;
+ };
};
/* ... */
@@ -138,4 +157,9 @@ one for multimedia processing (named multimedia-memory@77000000, 64MiB).
memory-region = <&multimedia_reserved>;
/* ... */
};
+
+ pcie_device: pcie_device@0,0 {
+ memory-region = <&restricted_dma_mem_reserved>;
+ /* ... */
+ };
};
--
2.31.1.368.gbe11c130af-goog
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
WARNING: multiple messages have this Message-ID (diff)
From: Claire Chang <tientzu@chromium.org>
To: Joerg Roedel <joro@8bytes.org>, Will Deacon <will@kernel.org>,
Frank Rowand <frowand.list@gmail.com>,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
boris.ostrovsky@oracle.com, jgross@suse.com,
Christoph Hellwig <hch@lst.de>,
Marek Szyprowski <m.szyprowski@samsung.com>
Cc: heikki.krogerus@linux.intel.com,
thomas.hellstrom@linux.intel.com, peterz@infradead.org,
benh@kernel.crashing.org, dri-devel@lists.freedesktop.org,
chris@chris-wilson.co.uk, grant.likely@arm.com, paulus@samba.org,
mingo@kernel.org, jxgao@google.com, sstabellini@kernel.org,
Saravana Kannan <saravanak@google.com>,
xypron.glpk@gmx.de,
"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>,
Bartosz Golaszewski <bgolaszewski@baylibre.com>,
bskeggs@redhat.com, linux-pci@vger.kernel.org,
xen-devel@lists.xenproject.org,
Thierry Reding <treding@nvidia.com>,
intel-gfx@lists.freedesktop.org, matthew.auld@intel.com,
linux-devicetree <devicetree@vger.kernel.org>,
airlied@linux.ie, Robin Murphy <robin.murphy@arm.com>,
Nicolas Boichat <drinkcat@chromium.org>,
bhelgaas@google.com, tientzu@chromium.org,
Dan Williams <dan.j.williams@intel.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
nouveau@lists.freedesktop.org,
Greg KH <gregkh@linuxfoundation.org>,
Randy Dunlap <rdunlap@infradead.org>,
lkml <linux-kernel@vger.kernel.org>,
tfiga@chromium.org,
"list@263.net:IOMMU DRIVERS" <iommu@lists.linux-foundation.org>,
Jim Quinlan <james.quinlan@broadcom.com>,
linuxppc-dev@lists.ozlabs.org, bauerman@linux.ibm.com
Subject: [Intel-gfx] [PATCH v5 15/16] dt-bindings: of: Add restricted DMA pool
Date: Thu, 22 Apr 2021 16:15:07 +0800 [thread overview]
Message-ID: <20210422081508.3942748-16-tientzu@chromium.org> (raw)
In-Reply-To: <20210422081508.3942748-1-tientzu@chromium.org>
Introduce the new compatible string, restricted-dma-pool, for restricted
DMA. One can specify the address and length of the restricted DMA memory
region by restricted-dma-pool in the reserved-memory node.
Signed-off-by: Claire Chang <tientzu@chromium.org>
---
.../reserved-memory/reserved-memory.txt | 24 +++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt b/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
index e8d3096d922c..fc9a12c2f679 100644
--- a/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
+++ b/Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
@@ -51,6 +51,20 @@ compatible (optional) - standard definition
used as a shared pool of DMA buffers for a set of devices. It can
be used by an operating system to instantiate the necessary pool
management subsystem if necessary.
+ - restricted-dma-pool: This indicates a region of memory meant to be
+ used as a pool of restricted DMA buffers for a set of devices. The
+ memory region would be the only region accessible to those devices.
+ When using this, the no-map and reusable properties must not be set,
+ so the operating system can create a virtual mapping that will be used
+ for synchronization. The main purpose for restricted DMA is to
+ mitigate the lack of DMA access control on systems without an IOMMU,
+ which could result in the DMA accessing the system memory at
+ unexpected times and/or unexpected addresses, possibly leading to data
+ leakage or corruption. The feature on its own provides a basic level
+ of protection against the DMA overwriting buffer contents at
+ unexpected times. However, to protect against general data leakage and
+ system memory corruption, the system needs to provide way to lock down
+ the memory access, e.g., MPU.
- vendor specific string in the form <vendor>,[<device>-]<usage>
no-map (optional) - empty property
- Indicates the operating system must not create a virtual mapping
@@ -120,6 +134,11 @@ one for multimedia processing (named multimedia-memory@77000000, 64MiB).
compatible = "acme,multimedia-memory";
reg = <0x77000000 0x4000000>;
};
+
+ restricted_dma_mem_reserved: restricted_dma_mem_reserved {
+ compatible = "restricted-dma-pool";
+ reg = <0x50000000 0x400000>;
+ };
};
/* ... */
@@ -138,4 +157,9 @@ one for multimedia processing (named multimedia-memory@77000000, 64MiB).
memory-region = <&multimedia_reserved>;
/* ... */
};
+
+ pcie_device: pcie_device@0,0 {
+ memory-region = <&restricted_dma_mem_reserved>;
+ /* ... */
+ };
};
--
2.31.1.368.gbe11c130af-goog
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
next prev parent reply other threads:[~2021-04-22 8:17 UTC|newest]
Thread overview: 182+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-22 8:14 [PATCH v5 00/16] Restricted DMA Claire Chang
2021-04-22 8:14 ` [Intel-gfx] " Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` [Nouveau] " Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` [PATCH v5 01/16] swiotlb: Fix the type of index Claire Chang
2021-04-22 8:14 ` [Intel-gfx] " Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` [Nouveau] " Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-23 7:11 ` Christoph Hellwig
2021-04-23 7:11 ` [Intel-gfx] " Christoph Hellwig
2021-04-23 7:11 ` Christoph Hellwig
2021-04-23 7:11 ` [Nouveau] " Christoph Hellwig
2021-04-23 7:11 ` Christoph Hellwig
2021-04-22 8:14 ` [PATCH v5 02/16] swiotlb: Refactor swiotlb init functions Claire Chang
2021-04-22 8:14 ` [Intel-gfx] " Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` [Nouveau] " Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` [PATCH v5 03/16] swiotlb: Refactor swiotlb_create_debugfs Claire Chang
2021-04-22 8:14 ` [Intel-gfx] " Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` [Nouveau] " Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` [PATCH v5 04/16] swiotlb: Add DMA_RESTRICTED_POOL Claire Chang
2021-04-22 8:14 ` [Intel-gfx] " Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` [Nouveau] " Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` [PATCH v5 05/16] swiotlb: Add restricted DMA pool initialization Claire Chang
2021-04-22 8:14 ` [Intel-gfx] " Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` [Nouveau] " Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-23 11:34 ` Steven Price
2021-04-23 11:34 ` [Intel-gfx] " Steven Price
2021-04-23 11:34 ` Steven Price
2021-04-23 11:34 ` Steven Price
2021-04-23 11:34 ` [Nouveau] " Steven Price
2021-04-23 11:34 ` Steven Price
2021-04-26 16:37 ` Claire Chang
2021-04-26 16:37 ` Claire Chang
2021-04-26 16:37 ` [Intel-gfx] " Claire Chang
2021-04-26 16:37 ` Claire Chang
2021-04-26 16:37 ` Claire Chang
2021-04-26 16:37 ` [Nouveau] " Claire Chang
2021-04-26 16:37 ` Claire Chang
2021-04-28 9:50 ` Steven Price
2021-04-28 9:50 ` [Intel-gfx] " Steven Price
2021-04-28 9:50 ` Steven Price
2021-04-28 9:50 ` Steven Price
2021-04-28 9:50 ` [Nouveau] " Steven Price
2021-04-28 9:50 ` Steven Price
2021-04-22 8:14 ` [PATCH v5 06/16] swiotlb: Add a new get_io_tlb_mem getter Claire Chang
2021-04-22 8:14 ` [Intel-gfx] " Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` [Nouveau] " Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` [PATCH v5 07/16] swiotlb: Update is_swiotlb_buffer to add a struct device argument Claire Chang
2021-04-22 8:14 ` [Intel-gfx] " Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:14 ` [Nouveau] " Claire Chang
2021-04-22 8:14 ` Claire Chang
2021-04-22 8:15 ` [PATCH v5 08/16] swiotlb: Update is_swiotlb_active " Claire Chang
2021-04-22 8:15 ` [Intel-gfx] " Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` [Nouveau] " Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-23 13:31 ` Robin Murphy
2021-04-23 13:31 ` [Intel-gfx] " Robin Murphy
2021-04-23 13:31 ` Robin Murphy
2021-04-23 13:31 ` Robin Murphy
2021-04-23 13:31 ` [Nouveau] " Robin Murphy
2021-04-23 13:31 ` Robin Murphy
2021-04-26 16:37 ` Claire Chang
2021-04-26 16:37 ` Claire Chang
2021-04-26 16:37 ` [Intel-gfx] " Claire Chang
2021-04-26 16:37 ` Claire Chang
2021-04-26 16:37 ` Claire Chang
2021-04-26 16:37 ` [Nouveau] " Claire Chang
2021-04-26 16:37 ` Claire Chang
2021-04-22 8:15 ` [PATCH v5 09/16] swiotlb: Bounce data from/to restricted DMA pool if available Claire Chang
2021-04-22 8:15 ` [Intel-gfx] " Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` [Nouveau] " Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` [PATCH v5 10/16] swiotlb: Move alloc_size to find_slots Claire Chang
2021-04-22 8:15 ` [Intel-gfx] " Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` [Nouveau] " Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` [PATCH v5 11/16] swiotlb: Refactor swiotlb_tbl_unmap_single Claire Chang
2021-04-22 8:15 ` [Intel-gfx] " Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` [Nouveau] " Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` [PATCH v5 12/16] dma-direct: Add a new wrapper __dma_direct_free_pages() Claire Chang
2021-04-22 8:15 ` [Intel-gfx] " Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` [Nouveau] " Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` [PATCH v5 13/16] swiotlb: Add restricted DMA alloc/free support Claire Chang
2021-04-22 8:15 ` [Intel-gfx] " Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` [Nouveau] " Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` [PATCH v5 14/16] dma-direct: Allocate memory from restricted DMA pool if available Claire Chang
2021-04-22 8:15 ` [Intel-gfx] " Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` [Nouveau] " Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-23 13:46 ` Robin Murphy
2021-04-23 13:46 ` [Intel-gfx] " Robin Murphy
2021-04-23 13:46 ` Robin Murphy
2021-04-23 13:46 ` Robin Murphy
2021-04-23 13:46 ` [Nouveau] " Robin Murphy
2021-04-23 13:46 ` Robin Murphy
2021-05-03 14:26 ` Claire Chang
2021-05-03 14:26 ` Claire Chang
2021-05-03 14:26 ` [Intel-gfx] " Claire Chang
2021-05-03 14:26 ` Claire Chang
2021-05-03 14:26 ` Claire Chang
2021-05-03 14:26 ` [Nouveau] " Claire Chang
2021-05-03 14:26 ` Claire Chang
2021-04-22 8:15 ` Claire Chang [this message]
2021-04-22 8:15 ` [Intel-gfx] [PATCH v5 15/16] dt-bindings: of: Add restricted DMA pool Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` [Nouveau] " Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` [PATCH v5 16/16] of: Add plumbing for " Claire Chang
2021-04-22 8:15 ` [Intel-gfx] " Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 8:15 ` [Nouveau] " Claire Chang
2021-04-22 8:15 ` Claire Chang
2021-04-22 12:11 ` [Intel-gfx] " kernel test robot
2021-04-22 15:09 ` kernel test robot
2021-04-23 2:52 ` Claire Chang
2021-04-23 2:52 ` Claire Chang
2021-04-23 2:52 ` [Intel-gfx] " Claire Chang
2021-04-23 2:52 ` Claire Chang
2021-04-23 2:52 ` Claire Chang
2021-04-23 2:52 ` [Nouveau] " Claire Chang
2021-04-23 2:52 ` Claire Chang
2021-04-23 13:35 ` Robin Murphy
2021-04-23 13:35 ` [Intel-gfx] " Robin Murphy
2021-04-23 13:35 ` Robin Murphy
2021-04-23 13:35 ` Robin Murphy
2021-04-23 13:35 ` [Nouveau] " Robin Murphy
2021-04-23 13:35 ` Robin Murphy
2021-04-26 16:38 ` Claire Chang
2021-04-26 16:38 ` Claire Chang
2021-04-26 16:38 ` [Intel-gfx] " Claire Chang
2021-04-26 16:38 ` Claire Chang
2021-04-26 16:38 ` Claire Chang
2021-04-26 16:38 ` [Nouveau] " Claire Chang
2021-04-26 16:38 ` Claire Chang
2021-04-22 9:37 ` [Intel-gfx] ✗ Fi.CI.BUILD: failure for Restricted DMA Patchwork
2021-05-10 9:53 ` [PATCH v5 00/16] " Claire Chang
2021-05-10 9:53 ` Claire Chang
2021-05-10 9:53 ` [Intel-gfx] " Claire Chang
2021-05-10 9:53 ` Claire Chang
2021-05-10 9:53 ` Claire Chang
2021-05-10 9:53 ` [Nouveau] " Claire Chang
2021-05-10 9:53 ` Claire Chang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210422081508.3942748-16-tientzu@chromium.org \
--to=tientzu@chromium.org \
--cc=airlied@linux.ie \
--cc=andriy.shevchenko@linux.intel.com \
--cc=bauerman@linux.ibm.com \
--cc=benh@kernel.crashing.org \
--cc=bgolaszewski@baylibre.com \
--cc=bhelgaas@google.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bskeggs@redhat.com \
--cc=chris@chris-wilson.co.uk \
--cc=dan.j.williams@intel.com \
--cc=daniel@ffwll.ch \
--cc=devicetree@vger.kernel.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=drinkcat@chromium.org \
--cc=frowand.list@gmail.com \
--cc=grant.likely@arm.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@lst.de \
--cc=heikki.krogerus@linux.intel.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=iommu@lists.linux-foundation.org \
--cc=james.quinlan@broadcom.com \
--cc=jani.nikula@linux.intel.com \
--cc=jgross@suse.com \
--cc=joonas.lahtinen@linux.intel.com \
--cc=joro@8bytes.org \
--cc=jxgao@google.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=m.szyprowski@samsung.com \
--cc=maarten.lankhorst@linux.intel.com \
--cc=matthew.auld@intel.com \
--cc=mingo@kernel.org \
--cc=nouveau@lists.freedesktop.org \
--cc=paulus@samba.org \
--cc=peterz@infradead.org \
--cc=rafael.j.wysocki@intel.com \
--cc=rdunlap@infradead.org \
--cc=robin.murphy@arm.com \
--cc=rodrigo.vivi@intel.com \
--cc=saravanak@google.com \
--cc=sstabellini@kernel.org \
--cc=tfiga@chromium.org \
--cc=thomas.hellstrom@linux.intel.com \
--cc=treding@nvidia.com \
--cc=will@kernel.org \
--cc=xen-devel@lists.xenproject.org \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.