Re: [PATCH v3 09/14] iommu/arm-smmu: Prevent forced unbinding of Arm SMMU drivers
From: John Garry
Date: Wed Nov 27 2019 - 06:04:30 EST
On 26/11/2019 20:27, Saravana Kannan wrote:
On Tue, Nov 26, 2019 at 1:13 AM John Garry <john.garry@xxxxxxxxxx> wrote:
On 21/11/2019 11:49, Will Deacon wrote:
Forcefully unbinding the Arm SMMU drivers is a pretty dangerous operation,
since it will likely lead to catastrophic failure for any DMA devices
mastering through the SMMU being unbound. When the driver then attempts
to "handle" the fatal faults, it's very easy to trip over dead data
structures, leading to use-after-free.
On John's machine, he reports that the machine was "unusable" due to
loss of the storage controller following a forced unbind of the SMMUv3
driver:
| # cd ./bus/platform/drivers/arm-smmu-v3
| # echo arm-smmu-v3.0.auto > unbind
| hisi_sas_v2_hw HISI0162:01: CQE_AXI_W_ERR (0x800) found!
| platform arm-smmu-v3.0.auto: CMD_SYNC timeout at 0x00000146
| [hwprod 0x00000146, hwcons 0x00000000]
Prevent this forced unbinding of the drivers by setting "suppress_bind_attrs"
to true.
This seems a reasonable approach for now.
BTW, I'll give this series a spin this week, which again looks to be
your iommu/module branch, excluding the new IORT patch.
Hi Saravana,
Is this on a platform where of_devlink creates device links between
the iommu device and its suppliers?I'm guessing no? Because device
links should for unbinding of all the consumers before unbinding the
supplier.
I'm only really interested in ACPI, TBH.
Looks like it'll still allow the supplier to unbind if the consumers
don't allow unbinding. Is that the case here?
So just unbinding the driver from a device does not delete the device
nor exit the device from it's IOMMU group - so we keep the reference to
the SMMU ko. As such, I don't know how to realistically test unloading
the SMMU ko when we have platform devices involved. Maybe someone can
enlighten me...
Thanks,
John