From patchwork Wed Aug 15 01:28:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zhen Lei X-Patchwork-Id: 144254 Delivered-To: patch@linaro.org Received: by 2002:a2e:9754:0:0:0:0:0 with SMTP id f20-v6csp249498ljj; Tue, 14 Aug 2018 18:32:36 -0700 (PDT) X-Google-Smtp-Source: AA+uWPwLZtsvWGgAQRvxb8V7Z/CRoJ0EvMSkyHO7K20Zx38u58gsWQZjAfWZpMKQnOWCPctHcjaP X-Received: by 2002:a62:f40a:: with SMTP id r10-v6mr25697481pff.47.1534296756338; Tue, 14 Aug 2018 18:32:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534296756; cv=none; d=google.com; s=arc-20160816; b=wnWs1ejR+iVsMaGl3fimFR2I1yrGd8AqV0PWZeQV1SUx/gXtzg27HryRQEaLEgpVcj ZxSpc8B+1joLc1GhZkTTLb5x4scd4NQhtw7arYlfQJNn1/guBxnsk+fOrab+bcxQ9v2X 6GeDb/9ma7cMpPDSNQxnB2zwuN1PZrgoY02Pww9YeRRqSoZyc3VqUTNbzytU2T3hMyBR pJQYj+NNYoh/C9pRO2VFUsEQ7kQaMIt5J41JW6ZbBS/qfe19vUncXrQEVwWRd+gJKYDZ JMA+LwZmX6eGE3EUf/SqTiBdvSK1ta/VyAqWmI65TC0ilJcN3xnKsXQVorcfwH5tuvEc O67A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from:arc-authentication-results; bh=SK2+KKl1TX7IGA7UL4wZbzNdlM0OzsslU/qADjeeBm8=; b=vQX40mn7C52hdS7p/8qaKJAaj14VSogBIIjlFH5S8+mVrCOry7BkB1ThmnzW8jRjN+ D5xOBjuoNIyhDXaGYIsml78fmNPmuFX8xM2OyVEdt7R3vF3zj6JRT1vcQYZbNW4OjuPA 6eEiFx6NBluylFuDFv9v4by9tOKMv+1ry5oyEh//bZaQO29MjAfxN9Uw7hlF8DxnS88A mAz5mA5rYSnVUrwBLGcjuSgzCpL0C4xR1sXBLhDKut801FStssodCetBTUOrDDbvfhxn OoXodFlaX2re8ii/5Oxi/7w/wORFpX/lM+MhfNqZgiKgF7wug/79DUDucIcUZk1WYunr G5pQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f3-v6si17747230pld.366.2018.08.14.18.32.36; Tue, 14 Aug 2018 18:32:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726218AbeHOEW0 (ORCPT + 32 others); Wed, 15 Aug 2018 00:22:26 -0400 Received: from szxga06-in.huawei.com ([45.249.212.32]:43463 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725847AbeHOEWZ (ORCPT ); Wed, 15 Aug 2018 00:22:25 -0400 Received: from DGGEMS403-HUB.china.huawei.com (unknown [172.30.72.58]) by Forcepoint Email with ESMTP id DAEC63A23B2EA; Wed, 15 Aug 2018 09:32:30 +0800 (CST) Received: from localhost (10.177.23.164) by DGGEMS403-HUB.china.huawei.com (10.3.19.203) with Microsoft SMTP Server id 14.3.399.0; Wed, 15 Aug 2018 09:32:25 +0800 From: Zhen Lei To: Robin Murphy , Will Deacon , Joerg Roedel , linux-arm-kernel , iommu , linux-kernel CC: Zhen Lei , LinuxArm , Hanjun Guo , Libin , "John Garry" Subject: [PATCH v5 0/5] add non-strict mode support for arm-smmu-v3 Date: Wed, 15 Aug 2018 09:28:25 +0800 Message-ID: <1534296510-12888-1-git-send-email-thunder.leizhen@huawei.com> X-Mailer: git-send-email 1.9.5.msysgit.0 MIME-Version: 1.0 X-Originating-IP: [10.177.23.164] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org v4 -> v5: 1. change the type of global variable and struct member named "non_strict" from "int" to "bool". 2. cancel the unnecessary parameter "strict" of __arm_lpae_unmap which was added in v4. 3. change boot option "arm_iommu" to "iommu.non_strict". 4. convert __iommu_dma_unmap to use iommu_unmap_fast()/iommu_tlb_sync(), because non-leaf unmaps still need to be synchronous. Thanks for Robin's review comments. v3 -> v4: 1. Add a new member "non_strict" in struct iommu_domain to mark whether that domain use non-strict mode or not. This can help us to remove the capability which was added in prior version. 2. Add a new quirk IO_PGTABLE_QUIRK_NON_STRICT, so that we can get "strict mode" in io-pgtable-arm.c according to data->iop.cfg.quirks. 3. rename the new boot option to "arm_iommu". v2 -> v3: Add a bootup option "iommu_strict_mode" to make the manager can choose which mode to be used. The first 5 patches have not changed. + iommu_strict_mode= [arm-smmu-v3] + 0 - strict mode (default) + 1 - non-strict mode v1 -> v2: Use the lowest bit of the io_pgtable_ops.unmap's iova parameter to pass the strict mode: 0, IOMMU_STRICT; 1, IOMMU_NON_STRICT; Treat 0 as IOMMU_STRICT, so that the unmap operation can compatible with other IOMMUs which still use strict mode. In other words, this patch series will not impact other IOMMU drivers. I tried add a new quirk IO_PGTABLE_QUIRK_NON_STRICT in io_pgtable_cfg.quirks, but it can not pass the strict mode of the domain from SMMUv3 driver to io-pgtable module. Add a new member domain_non_strict in struct iommu_dma_cookie, this member will only be initialized when the related domain and IOMMU driver support non-strict mode. v1: In common, a IOMMU unmap operation follow the below steps: 1. remove the mapping in page table of the specified iova range 2. execute tlbi command to invalid the mapping which is cached in TLB 3. wait for the above tlbi operation to be finished 4. free the IOVA resource 5. free the physical memory resource This maybe a problem when unmap is very frequently, the combination of tlbi and wait operation will consume a lot of time. A feasible method is put off tlbi and iova-free operation, when accumulating to a certain number or reaching a specified time, execute only one tlbi_all command to clean up TLB, then free the backup IOVAs. Mark as non-strict mode. But it must be noted that, although the mapping has already been removed in the page table, it maybe still exist in TLB. And the freed physical memory may also be reused for others. So a attacker can persistent access to memory based on the just freed IOVA, to obtain sensible data or corrupt memory. So the VFIO should always choose the strict mode. Some may consider put off physical memory free also, that will still follow strict mode. But for the map_sg cases, the memory allocation is not controlled by IOMMU APIs, so it is not enforceable. Fortunately, Intel and AMD have already applied the non-strict mode, and put queue_iova() operation into the common file dma-iommu.c., and my work is based on it. The difference is that arm-smmu-v3 driver will call IOMMU common APIs to unmap, but Intel and AMD IOMMU drivers are not. Below is the performance data of strict vs non-strict for NVMe device: Randomly Read IOPS: 146K(strict) vs 573K(non-strict) Randomly Write IOPS: 143K(strict) vs 513K(non-strict) Zhen Lei (5): iommu/arm-smmu-v3: fix the implementation of flush_iotlb_all hook iommu/dma: add support for non-strict mode iommu/io-pgtable-arm: add support for non-strict mode iommu/arm-smmu-v3: add support for non-strict mode iommu/arm-smmu-v3: add bootup option "iommu.non_strict" Documentation/admin-guide/kernel-parameters.txt | 13 +++++++++ drivers/iommu/arm-smmu-v3.c | 35 ++++++++++++++++++++++++- drivers/iommu/dma-iommu.c | 29 +++++++++++++++++++- drivers/iommu/io-pgtable-arm.c | 20 +++++++++----- drivers/iommu/io-pgtable.h | 3 +++ drivers/iommu/iommu.c | 1 + include/linux/iommu.h | 1 + 7 files changed, 94 insertions(+), 8 deletions(-) -- 1.8.3