Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp1237389lqp; Fri, 22 Mar 2024 09:07:16 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCV32e84kbZXgnAmSrenh/duQ+AAKY9BPM8142vsVn5zsK0DJ9XJBMOzg71UGSUB+l0X6ARCvyKR6OgJrhLfxohmFAnN75QVQ9pXF1rkkw== X-Google-Smtp-Source: AGHT+IHvI/t7gAiSQbnRGvzr6v3LwEJ8y3e/gaGsljn2+nLw97iR+bIoGXZGVeZLkgD7Q4u3CH8h X-Received: by 2002:a05:622a:13cc:b0:431:bd0:7988 with SMTP id p12-20020a05622a13cc00b004310bd07988mr3472892qtk.16.1711123635887; Fri, 22 Mar 2024 09:07:15 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711123635; cv=pass; d=google.com; s=arc-20160816; b=l4dtFEygwAZsBYsKuwfZ+jCaG55nm5b9qdcTVADS91k5HbKjwtidTpe2GGkPh7e6yL 44nRerdbPGQNty6xUD4cazHzJXq9/nppJnZjBfMg+tpfM14mSIMqyHIoL0JT2yXrlVft AcK7JVtd+Q0cnSuVABEcwQ2f94d8hbh6EqgCfPNUCWcr8kSnajiZIrnqv4C/uR4r72fr zwmpjTpZAU2JSEY5wKMoSQci5Yf4Io5yLZ/Ulek8XHgbUMMdPTR0+eBBmoqdSEkO45Kh qBhd2xjrU3tfm3kkSKBoqSeMzZp+eSU1C7vMPCOZVCg5lUjdf6IGVCqTSD48UfdIyy/B mbwA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:references :message-id:subject:cc:to:from:date:dkim-signature; bh=Jcf6b4jftwdD7kN22xeWgdUehIZlJ/EisHlNVDzhl/U=; fh=ZtVvF4/lJfL2ZGHxU6tEmx1S42F8QdnjrdQ5P1s5YpI=; b=v5hvEXRgwgFHQTUryGz6hYiUe+nXk3ZwApDLFs26ZKnHF6hkHl2puxJ+1IG56KA2Hx 7b8PUzlNp8vhuvX4XdeUQjgKW56klZmCaagHEJE/cHs8QOsEDnYpH5m2S9ny9za/Oqz8 9YJ8Cy7X2m0WXd5/JKNX0oDUyn7HmlwLKo02J/gROLMI2k7k5lPC8gWTm8VPUnA9O2S0 0v+yZAlmWH8vqxGW64oXWi1yZYuZHZ5bmdPn84+b56lKrTkY0SgGjgEHpBE2unvuEVME ci/0hJuU3LdV74hVnXwGnUYqZhzuD7YIUw8mfpcEgXueuCh+bnYpHOWmx2wsebOjGuOk soLA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="b/dUuBgB"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-111746-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-111746-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id r3-20020ac85c83000000b004313b65f459si111110qta.514.2024.03.22.09.07.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Mar 2024 09:07:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-111746-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="b/dUuBgB"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-111746-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-111746-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 664891C22C6D for ; Fri, 22 Mar 2024 16:06:58 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7BCAA56B84; Fri, 22 Mar 2024 16:06:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="b/dUuBgB" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9FCCE5A0E3; Fri, 22 Mar 2024 16:06:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711123606; cv=none; b=cMpu6YyNnQpaSnUazhTQ49mHDyRTsGpkvyHt9CxsmqDfIQBKy5N8glIEG3gmPhZptRFaBs5dGLFMuhIBmq4XT/9f+DgFRr8g9AKhn4ZzUQ/xiXU3U9n1YnwwzDHQVgxWpzH7L8rEMrkTOgO6CZ4zJRG2/Dqbshf+PsqSO1j6miA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711123606; c=relaxed/simple; bh=jNixdvLmbYlpPwGHT7OTZy68M8BgCmi9z9/4OazvKY4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=JWUNaC1gDW0zCdlRjLyibAhtsXxyvmWj7oXq/RohOhncXSonJcmTUdkA87BWCjct9cgFLFKhKLpryssf5ipVuOELGNKJ9d5RnIgtV7gQJSXMXt62YsHOblnAsAkkjJwx08DVNU8S4MDQRxR4dannKk8T8ja8gdI07BbNX1L+N0s= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=b/dUuBgB; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id D579AC433C7; Fri, 22 Mar 2024 16:06:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711123605; bh=jNixdvLmbYlpPwGHT7OTZy68M8BgCmi9z9/4OazvKY4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=b/dUuBgBeKZmVhtE3pwalY6r0uugrKLvrgDZXcvghTaAAojqhL0kwxziiKqXCFdJC jBP2neVKoOYX4/xAsKu5gAYcJ73FwKBaNqU0qv3s+0WSy1ChUnxpnW30mU038ivEuN E1rZiLKtRvVR2I0I7P47ljUKcLtObluNFzwFNONVlrVb5TtUPVnVVImj2Oz5VaJgOJ XNMRq1Rm+mqTRoMc2Ajqe1TU+ol/PWTzRMvJdJ80F/oDYCDTm4UhLrG7E6YSMWAyhu AFVkXigGZF7Lk8M09QzMjCl7pYPfoVg4NdZpyGfZk1uRk1uYgozedLoAVplzgORzSK DYPcCtEC58itw== Date: Fri, 22 Mar 2024 16:06:40 +0000 From: Will Deacon To: Tyler Hicks Cc: Robin Murphy , Jason Gunthorpe , Jerry Snitselaar , linux-arm-kernel@lists.infradead.org, iommu@lists.linux.dev, linux-kernel@vger.kernel.org, Dexuan Cui , Easwar Hariharan Subject: Re: Why is the ARM SMMU v1/v2 put into bypass mode on kexec? Message-ID: <20240322160640.GF5634@willie-the-truck> References: <120d0dec-450f-41f8-9e05-fd763e84f6dd@arm.com> <20240319154756.GB2901@willie-the-truck> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) On Tue, Mar 19, 2024 at 02:14:26PM -0500, Tyler Hicks wrote: > On 2024-03-19 15:47:56, Will Deacon wrote: > > On Tue, Mar 19, 2024 at 12:57:52PM +0000, Robin Murphy wrote: > > > Beyond properly quiescing and resetting the system back to a boot-time > > > state, the outgoing kernel in a kexec can only really do things which affect > > > itself. Sure, we *could* configure the SMMU to block all traffic and disable > > > the interrupt to avoid getting stuck in a storm of faults on the way out, > > > but what does that mean for the incoming kexec payload? That it can have the > > > pleasure of discovering the SMMU, innocently enabling the interrupt and > > > getting stuck in an unexpected storm of faults. Or perhaps just resetting > > > the SMMU into a disabled state and thus still unwittingly allowing its > > > memory to be corrupted by the previous kernel not supporting kexec properly. > > > > Right, it's hard to win if DMA-active devices weren't quiesced properly > > by the outgoing kernel. Either the SMMU was left in abort (leading to the > > problems you list above) or the SMMU is left in bypass (leading to possible > > data corruption). Which is better? > > My thoughts are that a loud and obvious failure (via unidentified stream > fault messages and/or a possible interrupt storm preventing the new > kernel from booting) is favorable to silent and subtle data corruption > of the target kernel. Looking at the SMMUv3 spec, the architecture does actually allow hardware to reset into an aborting state: [GBPA.ABORT] | Note: An implementation can reset this field to 1, in order to | implement a default deny policy on reset. so perhaps it's not that unreasonable. I just dread the flood of emails I'll get because the SMMU driver is noisy due to missing ->shutdown() callbacks elsewhere :/ > > The best solution is obviously to implement those missing ->shutdown() > > callbacks. > > Completely agree here but it can be difficult to even identify that a > missing ->shutdown hook is the root cause without code changes to put > the SMMU into abort mode and sleep for a bit in the SMMU's ->shutdown > hook. Perhaps that's the thing to tackle first, then? If we make it easier for folks to diagnose and fix the missing ->shutdown() callbacks, then going into abort is much more reasonable, Will