From: ebiederm@xmission.com (Eric W. Biederman)
To: Neil Horman <nhorman@tuxdriver.com>
Cc: Vivek Goyal <vgoyal@redhat.com>,
iommu@lists.linux-foundation.org, joerg.roedel@amd.com,
hbabu@us.ibm.com, kexec@lists.infradead.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] amd iommu: force flush of iommu prior during shutdown
Date: Wed, 31 Mar 2010 21:04:27 -0700 [thread overview]
Message-ID: <m1vdcbstro.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <20100331202745.GE13406@hmsreliant.think-freely.org> (Neil Horman's message of "Wed\, 31 Mar 2010 16\:27\:45 -0400")
Neil Horman <nhorman@tuxdriver.com> writes:
> On Wed, Mar 31, 2010 at 12:51:25PM -0700, Eric W. Biederman wrote:
>> Neil Horman <nhorman@tuxdriver.com> writes:
>>
>> > On Wed, Mar 31, 2010 at 11:57:46AM -0700, Eric W. Biederman wrote:
>> >> Neil Horman <nhorman@tuxdriver.com> writes:
>> >>
>> >> > On Wed, Mar 31, 2010 at 11:54:30AM -0400, Vivek Goyal wrote:
>> >>
>> >> >> So this call amd_iommu_flush_all_devices() will be able to tell devices
>> >> >> that don't do any more DMAs and hence it is safe to reprogram iommu
>> >> >> mapping entries.
>> >> >>
>> >> > It blocks the cpu until any pending DMA operations are complete. Hmm, as I
>> >> > think about it, there is still a small possibility that a device like a NIC
>> >> > which has several buffers pre-dma-mapped could start a new dma before we
>> >> > completely disabled the iommu, althought thats small. I never saw that in my
>> >> > testing, but hitting that would be fairly difficult I think, since its literally
>> >> > just a few hundred cycles between the flush and the actual hardware disable
>> >> > operation.
>> >> >
>> >> > According to this though:
>> >> > http://support.amd.com/us/Processor_TechDocs/34434-IOMMU-Rev_1.26_2-11-09.pdf
>> >> > That window could be closed fairly easily, but simply disabling read and write
>> >> > permissions for each device table entry prior to calling flush. If we do that,
>> >> > then flush the device table, any subsequently started dma operation would just
>> >> > get noted in the error log, which we could ignore, since we're abot to boot to
>> >> > the kdump kernel anyway.
>> >> >
>> >> > Would you like me to respin w/ that modification?
>> >>
>> >> Disabling permissions on all devices sounds good for the new virtualization
>> >> capable iommus. I think older iommus will still be challenged. I think
>> >> on x86 we have simply been able to avoid using those older iommus.
>> >>
>> >> I like the direction you are going but please let's put this in a
>> >> paranoid iommu enable routine.
>> >>
>> > You mean like initialize the device table so that all devices are default
>> > disabled on boot, and then selectively enable them (perhaps during a
>> > device_attach)? I can give that a spin.
>>
>> That sounds good.
>>
>
> So I'm officially rescinding this patch. It apparently just covered up the
> problem, rather than solved it outright. This is going to take some more
> thought on my part. I read the code a bit closer, and the amd iommu on boot up
> currently marks all its entries as valid and having a valid translation (because
> if they're marked as invalid they're passed through untranslated which strikes
> me as dangerous, since it means a dma address treated as a bus address could
> lead to memory corruption. The saving grace is that they are marked as
> non-readable and non-writeable, so any device doing a dma after the reinit
> should get logged (which it does), and then target aborted (which should
> effectively squash the translation)
>
> I'm starting to wonder if:
>
> 1) some dmas are so long lived they start aliasing new dmas that get mapped in
> the kdump kernel leading to various erroneous behavior
I do know things like arp refreshes used to cause me trouble. I have
a particular memory of kexec into memtest86 and a little while later
memory corruption.
> 2) a slew of target aborts to some hardware results in them being in an
> inconsistent state
>
> I'm going to try marking the dev table on shutdown such that all devices have no
> read/write permissions to see if that changes the situation. It should I think
> give me a pointer as to weather (1) or (2) is the more likely problem.
>
> Lots more thinking to do....
I guess I can see devices getting confused by target aborts.
I'm wondering if (a) we can suppress these DMAs. or (b) we can reset the pci
devices before we use them. With pcie that should be possible.
We used to be able simply not to use the IOMMU in x86 and avoid this trouble.
Now with per device enables it looks like we need to do something with it.
Eric
next prev parent reply other threads:[~2010-04-01 4:04 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-31 15:24 [PATCH] amd iommu: force flush of iommu prior during shutdown Neil Horman
2010-03-31 15:54 ` Vivek Goyal
2010-03-31 18:28 ` Neil Horman
2010-03-31 18:57 ` Eric W. Biederman
2010-03-31 19:18 ` Neil Horman
2010-03-31 19:51 ` Eric W. Biederman
2010-03-31 20:27 ` Neil Horman
2010-04-01 4:04 ` Eric W. Biederman [this message]
2010-04-01 12:49 ` Neil Horman
2010-04-01 14:29 ` Joerg Roedel
2010-04-01 14:47 ` Neil Horman
2010-04-01 15:56 ` Joerg Roedel
2010-04-01 17:11 ` Neil Horman
2010-04-01 20:14 ` Joerg Roedel
2010-04-02 0:00 ` Neil Horman
2010-04-02 0:30 ` Chris Wright
2010-04-02 1:23 ` [PATCH 1/2] x86/amd-iommu: enable iommu before attaching devices Chris Wright
2010-04-02 1:31 ` [PATCH 2/2] x86/amd-iommu: warn when issuing command to uninitiailed cmd buffer Chris Wright
2010-04-02 1:35 ` [PATCH 1/2] x86/amd-iommu: enable iommu before attaching devices Neil Horman
2010-04-02 1:38 ` Chris Wright
2010-04-02 9:11 ` Joerg Roedel
2010-04-02 23:59 ` Chris Wright
2010-04-02 15:59 ` Vivek Goyal
2010-04-02 22:38 ` Chris Wright
2010-04-02 22:55 ` Eric W. Biederman
2010-04-02 23:57 ` Chris Wright
2010-04-03 17:38 ` Joerg Roedel
2010-04-05 14:17 ` Vivek Goyal
2010-04-05 14:32 ` Joerg Roedel
2010-04-05 15:34 ` Neil Horman
2010-03-31 18:43 ` [PATCH] amd iommu: force flush of iommu prior during shutdown Eric W. Biederman
2010-03-31 21:25 ` Chris Wright
2010-04-01 1:13 ` Neil Horman
2010-04-01 1:39 ` Chris Wright
2010-04-01 2:24 ` Vivek Goyal
2010-04-01 12:53 ` Neil Horman
2010-04-01 15:02 ` Vivek Goyal
2010-04-01 15:13 ` Neil Horman
2010-04-01 2:44 ` Vivek Goyal
2010-04-01 7:10 ` Chris Wright
2010-04-01 12:56 ` Neil Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1vdcbstro.fsf@fess.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=hbabu@us.ibm.com \
--cc=iommu@lists.linux-foundation.org \
--cc=joerg.roedel@amd.com \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox