iommu/arm-smmu: Avoid constant zero in TLBI writes

Apparently, some Qualcomm arm64 platforms which appear to expose their SMMU global register space are still, in fact, using a hypervisor to mediate it by trapping and emulating register accesses. Sadly, some deployed versions of said trapping code have bugs wherein they go horribly wrong for stores using r31 (i.e. XZR/WZR) as the source register. While this can be mitigated for GCC today by tweaking the constraints for the implementation of writel_relaxed(), to avoid any potential arms race with future compilers more aggressively optimising register allocation, the simple way is to just remove all the problematic constant zeros. For the write-only TLB operations, the actual value is irrelevant anyway and any old nearby variable will provide a suitable GPR to encode. The one point at which we really do need a zero to clear a context bank happens before any of the TLB maintenance where crashes have been reported, so is apparently not a problem... :/ Reported-by: N AngeloGioacchino Del Regno <kholk11@gmail.com> Tested-by: N Marc Gonzalez <marc.w.gonzalez@free.fr> Signed-off-by: N Robin Murphy <robin.murphy@arm.com> Signed-off-by: N Marc Gonzalez <marc.w.gonzalez@free.fr> Acked-by: N Will Deacon <will.deacon@arm.com> Cc: stable@vger.kernel.org Signed-off-by: N Joerg Roedel <jroedel@suse.de>

iommu/arm-smmu: Avoid constant zero in TLBI writes
Apparently, some Qualcomm arm64 platforms which appear to expose their SMMU global register space are still, in fact, using a hypervisor to mediate it by trapping and emulating register accesses. Sadly, some deployed versions of said trapping code have bugs wherein they go horribly wrong for stores using r31 (i.e. XZR/WZR) as the source register. While this can be mitigated for GCC today by tweaking the constraints for the implementation of writel_relaxed(), to avoid any potential arms race with future compilers more aggressively optimising register allocation, the simple way is to just remove all the problematic constant zeros. For the write-only TLB operations, the actual value is irrelevant anyway and any old nearby variable will provide a suitable GPR to encode. The one point at which we really do need a zero to clear a context bank happens before any of the TLB maintenance where crashes have been reported, so is apparently not a problem... :/ Reported-by: N AngeloGioacchino Del Regno <kholk11@gmail.com> Tested-by: N Marc Gonzalez <marc.w.gonzalez@free.fr> Signed-off-by: N Robin Murphy <robin.murphy@arm.com> Signed-off-by: N Marc Gonzalez <marc.w.gonzalez@free.fr> Acked-by: N Will Deacon <will.deacon@arm.com> Cc: stable@vger.kernel.org Signed-off-by: N Joerg Roedel <jroedel@suse.de>
4e4abae3 · Robin Murphy · Joerg Roedel · 66d78ad3 · 4e4abae3
隐藏空白更改
内联并排

Showing with 12 addition and 3 deletion

drivers/iommu/arm-smmu.c drivers/iommu/arm-smmu.c +12 -3

未找到文件。
--- a/drivers/iommu/arm-smmu.c
+++ b/drivers/iommu/arm-smmu.c
@@ -59,6 +59,15 @@

 #include "arm-smmu-regs.h"

+/*
+ * Apparently, some Qualcomm arm64 platforms which appear to expose their SMMU
+ * global register space are still, in fact, using a hypervisor to mediate it
+ * by trapping and emulating register accesses. Sadly, some deployed versions
+ * of said trapping code have bugs wherein they go horribly wrong for stores
+ * using r31 (i.e. XZR/WZR) as the source register.
+ */
+#define QCOM_DUMMY_VAL -1
+
 #define ARM_MMU500_ACTLR_CPRE		(1 << 1)

 #define ARM_MMU500_ACR_CACHE_LOCK	(1 << 26)
@@ -423,7 +432,7 @@ static void __arm_smmu_tlb_sync(struct arm_smmu_device *smmu,
 {
 	unsigned int spin_cnt, delay;

-	writel_relaxed(0, sync);
+	writel_relaxed(QCOM_DUMMY_VAL, sync);
 	for (delay = 1; delay < TLB_LOOP_TIMEOUT; delay *= 2) {
 		for (spin_cnt = TLB_SPIN_COUNT; spin_cnt > 0; spin_cnt--) {
 			if (!(readl_relaxed(status) & sTLBGSTATUS_GSACTIVE))
@@ -1763,8 +1772,8 @@ static void arm_smmu_device_reset(struct arm_smmu_device *smmu)
 	}

 	/* Invalidate the TLB, just in case */
-	writel_relaxed(0, gr0_base + ARM_SMMU_GR0_TLBIALLH);
-	writel_relaxed(0, gr0_base + ARM_SMMU_GR0_TLBIALLNSNH);
+	writel_relaxed(QCOM_DUMMY_VAL, gr0_base + ARM_SMMU_GR0_TLBIALLH);
+	writel_relaxed(QCOM_DUMMY_VAL, gr0_base + ARM_SMMU_GR0_TLBIALLNSNH);

 	reg = readl_relaxed(ARM_SMMU_GR0_NS(smmu) + ARM_SMMU_GR0_sCR0);