From nobody Fri Oct 29 08:31:40 2021 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id D6D171826578; Fri, 29 Oct 2021 08:31:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HgbHw58sCz4SRv; Fri, 29 Oct 2021 08:31:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7AA7114204; Fri, 29 Oct 2021 08:31:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 19T8Vex2073761; Fri, 29 Oct 2021 08:31:40 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 19T8Vew6073760; Fri, 29 Oct 2021 08:31:40 GMT (envelope-from git) Date: Fri, 29 Oct 2021 08:31:40 GMT Message-Id: <202110290831.19T8Vew6073760@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Wojciech Macek Subject: git: 06e6ca6dd350 - main - dmar: Disable protected memory regions after initialization List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: wma X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 06e6ca6dd3508866b584942a6a40739e09453cc6 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by wma: URL: https://cgit.FreeBSD.org/src/commit/?id=06e6ca6dd3508866b584942a6a40739e09453cc6 commit 06e6ca6dd3508866b584942a6a40739e09453cc6 Author: Kornel Duleba AuthorDate: 2021-10-21 14:02:26 +0000 Commit: Wojciech Macek CommitDate: 2021-10-29 08:08:25 +0000 dmar: Disable protected memory regions after initialization Some BIOSes protect memory region they reside in by using DMAR to prevent devices from doing any DMA transactions to that part of RAM. AMI refers to this as "DMA Control Guarantee". Disable the protection when address translation is enabled. I stumbled upon this while investigation a failing coredump on a device which has this feature enabled. Sponsored by: Stormshield Obtained from: Semihalf Reviewed by: kib Differential revision: https://reviews.freebsd.org/D32591 --- sys/x86/iommu/intel_ctx.c | 4 ++++ sys/x86/iommu/intel_dmar.h | 1 + sys/x86/iommu/intel_drv.c | 4 ++++ sys/x86/iommu/intel_utils.c | 27 +++++++++++++++++++++++++++ 4 files changed, 36 insertions(+) diff --git a/sys/x86/iommu/intel_ctx.c b/sys/x86/iommu/intel_ctx.c index 7aedbf159ac7..815dc6146b00 100644 --- a/sys/x86/iommu/intel_ctx.c +++ b/sys/x86/iommu/intel_ctx.c @@ -631,6 +631,10 @@ dmar_get_ctx_for_dev1(struct dmar_unit *dmar, device_t dev, uint16_t rid, * to avoid unneeded command. */ if (enable && !rmrr_init && (dmar->hw_gcmd & DMAR_GCMD_TE) == 0) { + error = dmar_disable_protected_regions(dmar); + if (error != 0) + printf("dmar%d: Failed to disable protected regions\n", + dmar->iommu.unit); error = dmar_enable_translation(dmar); if (error == 0) { if (bootverbose) { diff --git a/sys/x86/iommu/intel_dmar.h b/sys/x86/iommu/intel_dmar.h index 0ad94dbf4123..b34505a4e5d0 100644 --- a/sys/x86/iommu/intel_dmar.h +++ b/sys/x86/iommu/intel_dmar.h @@ -227,6 +227,7 @@ int dmar_flush_write_bufs(struct dmar_unit *unit); void dmar_flush_pte_to_ram(struct dmar_unit *unit, dmar_pte_t *dst); void dmar_flush_ctx_to_ram(struct dmar_unit *unit, dmar_ctx_entry_t *dst); void dmar_flush_root_to_ram(struct dmar_unit *unit, dmar_root_entry_t *dst); +int dmar_disable_protected_regions(struct dmar_unit *unit); int dmar_enable_translation(struct dmar_unit *unit); int dmar_disable_translation(struct dmar_unit *unit); int dmar_load_irt_ptr(struct dmar_unit *unit); diff --git a/sys/x86/iommu/intel_drv.c b/sys/x86/iommu/intel_drv.c index 0b470d7bbf7a..66849dd43053 100644 --- a/sys/x86/iommu/intel_drv.c +++ b/sys/x86/iommu/intel_drv.c @@ -1065,6 +1065,10 @@ dmar_instantiate_rmrr_ctxs(struct iommu_unit *unit) KASSERT((dmar->hw_gcmd & DMAR_GCMD_TE) == 0, ("dmar%d: RMRR not handled but translation is already enabled", dmar->iommu.unit)); + error = dmar_disable_protected_regions(dmar); + if (error != 0) + printf("dmar%d: Failed to disable protected regions\n", + dmar->iommu.unit); error = dmar_enable_translation(dmar); if (bootverbose) { if (error == 0) { diff --git a/sys/x86/iommu/intel_utils.c b/sys/x86/iommu/intel_utils.c index 152c7cac3a7d..4511cceb6444 100644 --- a/sys/x86/iommu/intel_utils.c +++ b/sys/x86/iommu/intel_utils.c @@ -489,6 +489,33 @@ dmar_flush_write_bufs(struct dmar_unit *unit) return (error); } +/* + * Some BIOSes protect memory region they reside in by using DMAR to + * prevent devices from doing any DMA transactions to that part of RAM. + * AMI refers to this as "DMA Control Guarantee". + * We need to disable this when address translation is enabled. + */ +int +dmar_disable_protected_regions(struct dmar_unit *unit) +{ + uint32_t reg; + int error; + + DMAR_ASSERT_LOCKED(unit); + + /* Check if we support the feature. */ + if ((unit->hw_cap & (DMAR_CAP_PLMR | DMAR_CAP_PHMR)) == 0) + return (0); + + reg = dmar_read4(unit, DMAR_PMEN_REG); + reg &= ~DMAR_PMEN_EPM; + dmar_write4(unit, DMAR_PMEN_REG, reg); + DMAR_WAIT_UNTIL(((dmar_read4(unit, DMAR_PMEN_REG) & DMAR_PMEN_PRS) + != 0)); + + return (error); +} + int dmar_enable_translation(struct dmar_unit *unit) {