From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41549)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jharg93@gmail.com>) id 1YR61u-0005sb-6y
	for qemu-devel@nongnu.org; Thu, 26 Feb 2015 16:31:35 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <jharg93@gmail.com>) id 1YR61t-0001RE-1e
	for qemu-devel@nongnu.org; Thu, 26 Feb 2015 16:31:34 -0500
Received: from mail-we0-x22c.google.com ([2a00:1450:400c:c03::22c]:37314)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <jharg93@gmail.com>) id 1YR61s-0001R8-Ns
	for qemu-devel@nongnu.org; Thu, 26 Feb 2015 16:31:32 -0500
Received: by wesw55 with SMTP id w55so14985514wes.4
	for <qemu-devel@nongnu.org>; Thu, 26 Feb 2015 13:31:32 -0800 (PST)
MIME-Version: 1.0
In-Reply-To: <20150226144504.GA23124@stefanha-thinkpad.redhat.com>
References: <CAC1AzdfOy+3poMaH_4at-tfVy+fg4rpNN10zbQD4Oj28sZCuPg@mail.gmail.com>
	<20150226144504.GA23124@stefanha-thinkpad.redhat.com>
Date: Thu, 26 Feb 2015 15:31:32 -0600
Message-ID: <CAC1Azdc_QeAk0Q7FnCf+aVdpd9gNLZvqAxkLbmsiLAOG+SP16Q@mail.gmail.com>
From: Jordan Hargrave <jharg93@gmail.com>
Content-Type: multipart/alternative; boundary=001a11c2b050bf8cf8051004795a
Subject: Re: [Qemu-devel] [PATCH] ahci: map memory via device's address
 space instead of address_space_memory
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: qemu-devel@nongnu.org

--001a11c2b050bf8cf8051004795a
Content-Type: text/plain; charset=UTF-8

The problem is the FIS registers have stale data.

SeaBIOS initialization leaves the registers:
PORT_FIS_ADDR = 0x7fae0000
PORT_FIS_ADDR_HI = 0x0

My OS initializes DMAR page tables and then enables the IOMMU translation.
Then OS initializes AHCI driver.  Writes VIRTUAL DMA to FIS registers.
eg. FIS DMA address is 0x10000 (maps to some hardware physical address via
iommu)

The OS writes 0x00 PORT_FIS_ADDR_HI -> qemu calls map_page (0x00 << 32) |
0x7fae0000... 0x7fae0000 is stale, and is not in the IOMMU page map.
Causes a non-recoverable IOMMU fault.



On Thu, Feb 26, 2015 at 8:45 AM, Stefan Hajnoczi <stefanha@gmail.com> wrote:

> On Wed, Feb 25, 2015 at 11:13:09PM -0600, Jordan Hargrave wrote:
> > Referencing this old thread:
> > https://lists.nongnu.org/archive/html/qemu-devel/2014-07/msg00606.html
> >
> > I've run into an issue recently with testing q35 DMAR/intel iommu with
> ahci
> > driver.  My ahci driver writes the upper-32 bits (PORT_FIS_ADDR_HI) first
> > then the lower 32-bits (PORT_FIS_ADDR).
> >
> > The contents of PORT_FIS_ADDR therefore are stale when the
> PORT_FIS_ADDR_HI
> > write calls map_page().  DMAR translation fails at this point as the old
> > stale address (from SEABIOS initialization) is not in the DMAR page
> table.
>
> The AHCI device tries to map on register writes to both the base and
> upper 32-bit registers.  So it should work for a driver that writes
> PORT_FIS_ADDR_HI before PORT_FIS_ADDR.
>
> Does the iommu failure pose a problem?
>
> Stefan
>

--001a11c2b050bf8cf8051004795a
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><div>The problem is the FIS registers have stale data=
.<br><br></div>SeaBIOS initialization leaves the registers:<br></div><div>P=
ORT_FIS_ADDR =3D 0x7fae0000<br></div><div>PORT_FIS_ADDR_HI =3D 0x0<br><br><=
/div><div>My OS initializes DMAR page tables and then enables the IOMMU tra=
nslation.=C2=A0 <br>Then OS initializes AHCI driver.=C2=A0 Writes VIRTUAL D=
MA to FIS registers.<br>eg. FIS DMA address is 0x10000 (maps to some hardwa=
re physical address via iommu)<br><br></div><div>The OS writes 0x00 PORT_FI=
S_ADDR_HI -&gt; qemu calls map_page (0x00 &lt;&lt; 32) | 0x7fae0000... 0x7f=
ae0000 is stale, and is not in the IOMMU page map.=C2=A0 Causes a non-recov=
erable IOMMU fault.<br><br></div><br></div><div class=3D"gmail_extra"><br><=
div class=3D"gmail_quote">On Thu, Feb 26, 2015 at 8:45 AM, Stefan Hajnoczi =
<span dir=3D"ltr">&lt;<a href=3D"mailto:stefanha@gmail.com" target=3D"_blan=
k">stefanha@gmail.com</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_q=
uote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1e=
x"><div class=3D"HOEnZb"><div class=3D"h5">On Wed, Feb 25, 2015 at 11:13:09=
PM -0600, Jordan Hargrave wrote:<br>
&gt; Referencing this old thread:<br>
&gt; <a href=3D"https://lists.nongnu.org/archive/html/qemu-devel/2014-07/ms=
g00606.html" target=3D"_blank">https://lists.nongnu.org/archive/html/qemu-d=
evel/2014-07/msg00606.html</a><br>
&gt;<br>
&gt; I&#39;ve run into an issue recently with testing q35 DMAR/intel iommu =
with ahci<br>
&gt; driver.=C2=A0 My ahci driver writes the upper-32 bits (PORT_FIS_ADDR_H=
I) first<br>
&gt; then the lower 32-bits (PORT_FIS_ADDR).<br>
&gt;<br>
&gt; The contents of PORT_FIS_ADDR therefore are stale when the PORT_FIS_AD=
DR_HI<br>
&gt; write calls map_page().=C2=A0 DMAR translation fails at this point as =
the old<br>
&gt; stale address (from SEABIOS initialization) is not in the DMAR page ta=
ble.<br>
<br>
</div></div>The AHCI device tries to map on register writes to both the bas=
e and<br>
upper 32-bit registers.=C2=A0 So it should work for a driver that writes<br=
>
PORT_FIS_ADDR_HI before PORT_FIS_ADDR.<br>
<br>
Does the iommu failure pose a problem?<br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
Stefan<br>
</font></span></blockquote></div><br></div>

--001a11c2b050bf8cf8051004795a--