From: Jason Gunthorpe <jgg@nvidia.com>
To: Nicolin Chen <nicolinc@nvidia.com>
Cc: will@kernel.org, robin.murphy@arm.com, kevin.tian@intel.com,
joro@8bytes.org, praan@google.com, kees@kernel.org,
baolu.lu@linux.intel.com, miko.lenczewski@arm.com,
smostafa@google.com, linux-arm-kernel@lists.infradead.org,
iommu@lists.linux.dev, linux-kernel@vger.kernel.org,
stable@vger.kernel.org, jamien@nvidia.com
Subject: Re: [PATCH v5 1/6] iommu/arm-smmu-v3: Add arm_smmu_kdump_adopt_strtab() for kdump
Date: Tue, 19 May 2026 14:10:03 -0300 [thread overview]
Message-ID: <20260519171003.GD3602937@nvidia.com> (raw)
In-Reply-To: <0582326eeadd4ae2b16fd4914e9bd46da5a251d3.1778416609.git.nicolinc@nvidia.com>
On Sun, May 10, 2026 at 02:23:00PM -0700, Nicolin Chen wrote:
> +#include <linux/dma-direct.h>
Nope, never do this, it is an internal header.
> +/*
> + * Adopting the crashed kernel's stream table has risks: the physical addresses
> + * read from ARM_SMMU_STRTAB_BASE / L1 descriptors may be corrupted. Reject any
> + * range that overlaps the kdump kernel's critical regions.
> + */
> +static bool arm_smmu_kdump_phys_is_corrupted(phys_addr_t base, size_t size)
> +{
> + /*
> + * On arm64 kdump, iomem_resource entries are typically:
> + * ------------------------------------------------------------
> + * | Entry | IORESOURCE_ Flags | IORES_DESC_ Desc |
> + * ------------------------------------------------------------
> + * | System RAM | MEM + BUSY + SYSRAM | NONE |
> + * | MMIO regions | MEM + BUSY | NONE |
> + * | Reserved memory | MEM | NONE |
> + * ------------------------------------------------------------
> + *
> + * Test and reject any overlap with MEM + BUSY, covering/excluding:
> + * + System RAM: silent corruption of kdump kernel's own memory
> + * + MMIO regions: fatal SError on cacheable speculative access
> + * - Reserved memory: crashed kernel's stream table might reside
> + */
> + if (region_intersects(base, size, IORESOURCE_MEM | IORESOURCE_BUSY,
> + IORES_DESC_NONE) != REGION_DISJOINT)
> + return true;
> +
> + /*
> + * Note: physical holes are absent from iomem_resource, so a corrupted
> + * address pointing into one will not be caught here. Closing that gap
> + * requires a firmware memory map and is left as a future improvement.
> + */
> + return false;
> +}
Something like this should not be in the smmu driver, this is some
core kdump code. I'd drop it, I don't see other drivers doing this?
> +static int arm_smmu_kdump_adopt_l2_strtab(struct arm_smmu_device *smmu, u32 sid,
> + u32 l1_idx, u64 l2_dma, u32 span,
> + struct arm_smmu_strtab_l2 **l2table)
> +{
> + phys_addr_t base = dma_to_phys(smmu->dev, l2_dma);
The thing stored in the L2PTR is a *phys*, the HW doesn't support any
kind of translation. When using dma_alloc_coherent we never get a phys
so it uses the dma_addr_t and assumes it is == phys.
But on this flow this is *phys* and should remain phys. Never touch
dma_addr_t.
> + struct arm_smmu_strtab_l2 *table;
> + size_t size;
> +
> + /*
> + * Only a coherent SMMU is supported at this moment. For a non-coherent
> + * SMMU that wants to support ARM_SMMU_OPT_KDUMP_ADOPT, try MEMREMAP_WC.
> + */
> + if (WARN_ON(!(smmu->features & ARM_SMMU_FEAT_COHERENCY)))
> + return -EOPNOTSUPP;
> +
> + /*
> + * Retest the memremap inputs in case the L1 descriptor was overwritten
> + * since adopt. Reject this master's insert; panic or SMMU-disable would
> + * either lose the vmcore or cascade aborts. Do not try to fix it, as it
> + * would break all other SIDs in the same bus (PCI case). The corruption
> + * blast radius is already bounded to that bus range.
> + */
> + if (span != STRTAB_SPLIT + 1) {
> + dev_err(smmu->dev,
> + "kdump: L1[%u] span %u changed since adopt (was %u)\n",
> + l1_idx, span, STRTAB_SPLIT + 1);
> + return -EINVAL;
> + }
> static int arm_smmu_init_l2_strtab(struct arm_smmu_device *smmu, u32 sid)
> {
> dma_addr_t l2ptr_dma;
> struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
> struct arm_smmu_strtab_l2 **l2table;
> + u32 l1_idx = arm_smmu_strtab_l1_idx(sid);
>
> - l2table = &cfg->l2.l2ptrs[arm_smmu_strtab_l1_idx(sid)];
> + l2table = &cfg->l2.l2ptrs[l1_idx];
> if (*l2table)
> return 0;
>
> + /* Deferred adoption of the crashed kernel's L2 table */
> + if (smmu->options & ARM_SMMU_OPT_KDUMP_ADOPT) {
> + u64 l2ptr = le64_to_cpu(cfg->l2.l1tab[l1_idx].l2ptr);
> + dma_addr_t l2_dma = l2ptr & STRTAB_L1_DESC_L2PTR_MASK;
Like here, this should by phys_addr_t
> +static int arm_smmu_kdump_adopt_strtab_2lvl(struct arm_smmu_device *smmu,
> + u32 cfg_reg, dma_addr_t dma)
Same issues with dma_addr_t
> +static int arm_smmu_kdump_adopt_strtab_linear(struct arm_smmu_device *smmu,
> + u32 cfg_reg, dma_addr_t dma)
> +{
Same issues with dma_addr_t
> +static void arm_smmu_kdump_adopt_cleanup(struct arm_smmu_device *smmu, u32 fmt)
> +{
> + struct arm_smmu_strtab_cfg *cfg = &smmu->strtab_cfg;
> +
> + if (fmt == STRTAB_BASE_CFG_FMT_2LVL) {
> + if (cfg->l2.l2ptrs)
> + devm_kfree(smmu->dev, cfg->l2.l2ptrs);
> + if (!IS_ERR_OR_NULL(cfg->l2.l1tab))
> + devm_memunmap(smmu->dev, cfg->l2.l1tab);
> + } else if (fmt == STRTAB_BASE_CFG_FMT_LINEAR) {
> + if (!IS_ERR_OR_NULL(cfg->linear.table))
> + devm_memunmap(smmu->dev, cfg->linear.table);
> + }
> +}
If we have a cleanup function why is it using devm? Call the cleanup
function during remove too?
Jason
next prev parent reply other threads:[~2026-05-19 17:10 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-10 21:22 [PATCH v5 0/6] iommu/arm-smmu-v3: Fix device crash on kdump kernel Nicolin Chen
2026-05-10 21:23 ` [PATCH v5 1/6] iommu/arm-smmu-v3: Add arm_smmu_kdump_adopt_strtab() for kdump Nicolin Chen
2026-05-19 17:10 ` Jason Gunthorpe [this message]
2026-05-19 18:11 ` Nicolin Chen
2026-05-10 21:23 ` [PATCH v5 2/6] iommu/arm-smmu-v3: Implement is_attach_deferred() " Nicolin Chen
2026-05-19 17:43 ` Jason Gunthorpe
2026-05-10 21:23 ` [PATCH v5 3/6] iommu/arm-smmu-v3: Suppress EVTQ/PRIQ events in kdump kernel Nicolin Chen
2026-05-19 17:44 ` Jason Gunthorpe
2026-05-19 20:13 ` Nicolin Chen
2026-05-19 22:27 ` Jason Gunthorpe
2026-05-10 21:23 ` [PATCH v5 4/6] iommu/arm-smmu-v3: Skip EVTQ/PRIQ setup " Nicolin Chen
2026-05-19 17:45 ` Jason Gunthorpe
2026-05-10 21:23 ` [PATCH v5 5/6] iommu/arm-smmu-v3: Retain CR0_SMMUEN during kdump device reset Nicolin Chen
2026-05-10 21:23 ` [PATCH v5 6/6] iommu/arm-smmu-v3: Detect ARM_SMMU_OPT_KDUMP_ADOPT in probe() Nicolin Chen
2026-05-19 17:58 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260519171003.GD3602937@nvidia.com \
--to=jgg@nvidia.com \
--cc=baolu.lu@linux.intel.com \
--cc=iommu@lists.linux.dev \
--cc=jamien@nvidia.com \
--cc=joro@8bytes.org \
--cc=kees@kernel.org \
--cc=kevin.tian@intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miko.lenczewski@arm.com \
--cc=nicolinc@nvidia.com \
--cc=praan@google.com \
--cc=robin.murphy@arm.com \
--cc=smostafa@google.com \
--cc=stable@vger.kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox