From patchwork Sun Sep 8 17:32:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jan Kiszka X-Patchwork-Id: 13795580 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8A154E6FE49 for ; Sun, 8 Sep 2024 17:34:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Content-Transfer-Encoding: Content-Type:MIME-Version:Message-ID:Date:Subject:Cc:To:From:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=Bq4vCAet2h4Ojz5quDJlJSc0D89NtJEmgPMW4y5XBP0=; b=G72Q0mXl+TQ2itR+YvB3zUKHyJ K0tU5QpwBslJs9C+GcEzkvnAKViLw06sKLzhEIliK4HjvP38V/bEBXJQPe/sW8Jn7/98W70/JNtvG YY1M8qc5h35dBhtU6cUiShjVVxA11ZHVnaT6NWNeKw8zZ+OON0f5M2QGS6Jt+HlnxxGeCUa/TfXoY tLWLPW8oNco261dXKiysMcquBrGeqoGCCvaeCqphx4uqJjAy8zSaYalGYfCR3E9XnlbLBB1ui0Bzr a9cQgzxw6VuuGXyGiZOvWpLohC1YI5KU8L/bKmLIjJgjJA12pxbn2u2LEI2Xwb/h/Th8zbPtmPc29 wrCApB3w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1snLnG-0000000HBHY-1PpK; Sun, 08 Sep 2024 17:33:46 +0000 Received: from mta-65-225.siemens.flowmailer.net ([185.136.65.225]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1snLmD-0000000HAyS-00Qv for linux-arm-kernel@lists.infradead.org; Sun, 08 Sep 2024 17:32:43 +0000 Received: by mta-65-225.siemens.flowmailer.net with ESMTPSA id 202409081732359fbabd302bee8d6c11 for ; Sun, 08 Sep 2024 19:32:35 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1; d=siemens.com; i=jan.kiszka@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc; bh=Bq4vCAet2h4Ojz5quDJlJSc0D89NtJEmgPMW4y5XBP0=; b=gm14SeiLuXz21ajH3mUS3vqvu2kLWJg7Umy/cDox7C3y7o0Q1CaEn7OWG4JOMhK9j2lkc/ V4evyclind2ptOO5TKqcv3/3zNtDxe8u3v5a6lzwxJA7+RjK8FMeka5fCCf2dfyhtVukKBjJ eNtPv7reSlIodtfIvf10tT5BzGDape5NT38iGSnICy3Ag/E7M7dUacrx07438kZlTf4Uhjuq aq3OoGGdFKv5LxDi2ihM0rn+y+TLo35BC98Nuatm2rXv8uu27EmyUXS6wAH2iUnj+PTy96k3 6XCytNWbQ1zXt/OrkgbErj061Hl7JC86n3Kk1m9RLFnHH3FMukPJ1cGQ==; From: Jan Kiszka To: Nishanth Menon , Santosh Shilimkar , Vignesh Raghavendra , Tero Kristo , Rob Herring , Krzysztof Kozlowski , Conor Dooley , devicetree@vger.kernel.org, linux-kernel@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org, linux-pci@vger.kernel.org, Siddharth Vadapalli , Bao Cheng Su , Hua Qian Li , Diogo Ivo , Bjorn Helgaas , =?utf-8?q?Krzysztof_Wilczy=C5=84ski?= , Lorenzo Pieralisi Subject: [PATCH v5 0/7] soc: ti: Add and use PVU on K3-AM65 for DMA isolation Date: Sun, 8 Sep 2024 19:32:26 +0200 Message-ID: MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-294854:519-21489:flowmailer X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240908_103241_482546_674FC54C X-CRM114-Status: GOOD ( 17.89 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Changes in v5: - resolve review comments on pci-host bindings - reduce DMA memory regions to 1 - swiotlb does not support more - move activation into overlay (controlled via firmware) - use ks_init_vmap helper instead of loop in rework ks_init_restricted_dma - add more comments to pci-keystone - use 2 chained TLBs of PVU to support maximum of swiotlb (320 MB) Changes in v4: - reorder patch queue, moving all DTS changes to the back - limit activation to IOT2050 Advanced variants - move DMA pool to allow firmware-based expansion it up to 512M Changes in v3: - fix ti,am654-pvu.yaml according to review comments - address review comments on ti,am65-pci-host.yaml - differentiate between different compatibles in ti,am65-pci-host.yaml - move pvu nodes to k3-am65-main.dtsi - reorder patch series, pulling bindings and generic DT bits to the front Changes in v2: - fix dt_bindings_check issues (patch 1) - address first review comments (patch 2) - extend ti,am65-pci-host bindings for PVU (new patch 3) Only few of the K3 SoCs have an IOMMU and, thus, can isolate the system against DMA-based attacks of external PCI devices. The AM65 is without an IOMMU, but it comes with something close to it: the Peripheral Virtualization Unit (PVU). The PVU was originally designed to establish static compartments via a hypervisor, isolate those DMA-wise against each other and the host and even allow remapping of guest-physical addresses. But it only provides a static translation region, not page-granular mappings. Thus, it cannot be handled transparently like an IOMMU. Now, to use the PVU for the purpose of isolated PCI devices from the Linux host, this series takes a different approach. It defines a restricted-dma-pool for the PCI host, using swiotlb to map all DMA buffers from a static memory carve-out. And to enforce that the devices actually follow this, a special PVU soc driver is introduced. The driver permits access to the GIC ITS and otherwise waits for other drivers that detect devices with constrained DMA to register pools with the PVU. For the AM65, the first (and possibly only) driver where this is introduced is the pci-keystone host controller. Finally, this series provides a DT overlay for the IOT2050 Advanced devices (all have MiniPCIe or M.2 extension slots) to make use of this protection scheme. Application of this overlay will be handled by firmware. Due to the cross-cutting nature of these changes, multiple subsystems are affected. However, I wanted to present the whole thing in one series to allow everyone to review with the complete picture in hands. If preferred, I can also split the series up, of course. Jan CC: Bjorn Helgaas CC: "Krzysztof WilczyƄski" CC: linux-pci@vger.kernel.org CC: Lorenzo Pieralisi Jan Kiszka (7): dt-bindings: soc: ti: Add AM65 peripheral virtualization unit dt-bindings: PCI: ti,am65: Extend for use with PVU soc: ti: Add IOMMU-like PVU driver PCI: keystone: Add support for PVU-based DMA isolation on AM654 arm64: dts: ti: k3-am65-main: Add PVU nodes arm64: dts: ti: k3-am65-main: Add VMAP registers to PCI root complexes arm64: dts: ti: iot2050: Add overlay for DMA isolation for devices behind PCI RC .../bindings/pci/ti,am65-pci-host.yaml | 29 +- .../bindings/soc/ti/ti,am654-pvu.yaml | 51 ++ arch/arm64/boot/dts/ti/Makefile | 5 + arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 38 +- ...am6548-iot2050-advanced-dma-isolation.dtso | 33 ++ drivers/pci/controller/dwc/pci-keystone.c | 108 ++++ drivers/soc/ti/Kconfig | 4 + drivers/soc/ti/Makefile | 1 + drivers/soc/ti/ti-pvu.c | 500 ++++++++++++++++++ include/linux/ti-pvu.h | 16 + 10 files changed, 778 insertions(+), 7 deletions(-) create mode 100644 Documentation/devicetree/bindings/soc/ti/ti,am654-pvu.yaml create mode 100644 arch/arm64/boot/dts/ti/k3-am6548-iot2050-advanced-dma-isolation.dtso create mode 100644 drivers/soc/ti/ti-pvu.c create mode 100644 include/linux/ti-pvu.h