Commit 353e3cf8 authored by Will Deacon's avatar Will Deacon

iommu/arm-smmu-v3: Fix ATC invalidation ordering wrt main TLBs

When invalidating the ATC for an PCIe endpoint using ATS, we must take
care to complete invalidation of the main SMMU TLBs beforehand, otherwise
the device could immediately repopulate its ATC with stale translations.

Hooking the ATC invalidation into ->unmap() as we currently do does the
exact opposite: it ensures that the ATC is invalidated *before*  the
main TLBs, which is bogus.

Move ATC invalidation into the actual (leaf) invalidation routines so
that it is always called after completing main TLB invalidation.
Reviewed-by: default avatarRobin Murphy <robin.murphy@arm.com>
Signed-off-by: default avatarWill Deacon <will@kernel.org>
parent bfff88ec
...@@ -1961,6 +1961,7 @@ static void arm_smmu_tlb_inv_context(void *cookie) ...@@ -1961,6 +1961,7 @@ static void arm_smmu_tlb_inv_context(void *cookie)
*/ */
arm_smmu_cmdq_issue_cmd(smmu, &cmd); arm_smmu_cmdq_issue_cmd(smmu, &cmd);
arm_smmu_cmdq_issue_sync(smmu); arm_smmu_cmdq_issue_sync(smmu);
arm_smmu_atc_inv_domain(smmu_domain, 0, 0, 0);
} }
static void arm_smmu_tlb_inv_range(unsigned long iova, size_t size, static void arm_smmu_tlb_inv_range(unsigned long iova, size_t size,
...@@ -1969,7 +1970,7 @@ static void arm_smmu_tlb_inv_range(unsigned long iova, size_t size, ...@@ -1969,7 +1970,7 @@ static void arm_smmu_tlb_inv_range(unsigned long iova, size_t size,
{ {
u64 cmds[CMDQ_BATCH_ENTRIES * CMDQ_ENT_DWORDS]; u64 cmds[CMDQ_BATCH_ENTRIES * CMDQ_ENT_DWORDS];
struct arm_smmu_device *smmu = smmu_domain->smmu; struct arm_smmu_device *smmu = smmu_domain->smmu;
unsigned long end = iova + size; unsigned long start = iova, end = iova + size;
int i = 0; int i = 0;
struct arm_smmu_cmdq_ent cmd = { struct arm_smmu_cmdq_ent cmd = {
.tlbi = { .tlbi = {
...@@ -2001,6 +2002,12 @@ static void arm_smmu_tlb_inv_range(unsigned long iova, size_t size, ...@@ -2001,6 +2002,12 @@ static void arm_smmu_tlb_inv_range(unsigned long iova, size_t size,
} }
arm_smmu_cmdq_issue_cmdlist(smmu, cmds, i, true); arm_smmu_cmdq_issue_cmdlist(smmu, cmds, i, true);
/*
* Unfortunately, this can't be leaf-only since we may have
* zapped an entire table.
*/
arm_smmu_atc_inv_domain(smmu_domain, 0, start, size);
} }
static void arm_smmu_tlb_inv_page_nosync(struct iommu_iotlb_gather *gather, static void arm_smmu_tlb_inv_page_nosync(struct iommu_iotlb_gather *gather,
...@@ -2420,18 +2427,13 @@ static int arm_smmu_map(struct iommu_domain *domain, unsigned long iova, ...@@ -2420,18 +2427,13 @@ static int arm_smmu_map(struct iommu_domain *domain, unsigned long iova,
static size_t arm_smmu_unmap(struct iommu_domain *domain, unsigned long iova, static size_t arm_smmu_unmap(struct iommu_domain *domain, unsigned long iova,
size_t size, struct iommu_iotlb_gather *gather) size_t size, struct iommu_iotlb_gather *gather)
{ {
int ret;
struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain); struct arm_smmu_domain *smmu_domain = to_smmu_domain(domain);
struct io_pgtable_ops *ops = smmu_domain->pgtbl_ops; struct io_pgtable_ops *ops = smmu_domain->pgtbl_ops;
if (!ops) if (!ops)
return 0; return 0;
ret = ops->unmap(ops, iova, size, gather); return ops->unmap(ops, iova, size, gather);
if (ret && arm_smmu_atc_inv_domain(smmu_domain, 0, iova, size))
return 0;
return ret;
} }
static void arm_smmu_flush_iotlb_all(struct iommu_domain *domain) static void arm_smmu_flush_iotlb_all(struct iommu_domain *domain)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment