mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2026-03-22 07:27:12 +08:00
4da879a0d3
Current `dma_read!`, `dma_write!` macros also use a custom
`addr_of!()`-based implementation for projecting pointers, which has
soundness issue as it relies on absence of `Deref` implementation on types.
It also has a soundness issue where it does not protect against unaligned
fields (when `#[repr(packed)]` is used) so it can generate misaligned
accesses.
This commit migrates them to use the general pointer projection
infrastructure, which handles these cases correctly.
As part of migration, the macro is updated to have an improved surface
syntax. The current macro have
dma_read!(a.b.c[d].e.f)
to mean `a.b.c` is a DMA coherent allocation and it should project into it
with `[d].e.f` and do a read, which is confusing as it makes the indexing
operator integral to the macro (so it will break if you have an array of
`CoherentAllocation`, for example).
This also is problematic as we would like to generalize
`CoherentAllocation` from just slices to arbitrary types.
Make the macro expects `dma_read!(path.to.dma, .path.inside.dma)` as the
canonical syntax. The index operator is no longer special and is just one
type of projection (in additional to field projection). Similarly, make
`dma_write!(path.to.dma, .path.inside.dma, value)` become the canonical
syntax for writing.
Another issue of the current macro is that it is always fallible. This
makes sense with existing design of `CoherentAllocation`, but once we
support fixed size arrays with `CoherentAllocation`, it is desirable to
have the ability to perform infallible indexing as well, e.g. doing a `[0]`
index of `[Foo; 2]` is okay and can be checked at build-time, so forcing
falliblity is non-ideal. To capture this, the macro is changed to use
`[idx]` as infallible projection and `[idx]?` as fallible index projection
(those syntax are part of the general projection infra). A benefit of this
is that while individual indexing operation may fail, the overall
read/write operation is not fallible.
Fixes: ad2907b4e3 ("rust: add dma coherent allocator abstraction")
Reviewed-by: Benno Lossin <lossin@kernel.org>
Signed-off-by: Gary Guo <gary@garyguo.net>
Link: https://patch.msgid.link/20260302164239.284084-4-gary@kernel.org
[ Capitalize safety comments; slightly improve wording in doc-comments.
- Danilo ]
Signed-off-by: Danilo Krummrich <dakr@kernel.org>
159 lines
5.2 KiB
Rust
159 lines
5.2 KiB
Rust
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
mod boot;
|
|
|
|
use kernel::{
|
|
device,
|
|
dma::{
|
|
CoherentAllocation,
|
|
DmaAddress, //
|
|
},
|
|
dma_write,
|
|
pci,
|
|
prelude::*,
|
|
transmute::AsBytes, //
|
|
};
|
|
|
|
pub(crate) mod cmdq;
|
|
pub(crate) mod commands;
|
|
mod fw;
|
|
mod sequencer;
|
|
|
|
pub(crate) use fw::{
|
|
GspFwWprMeta,
|
|
LibosParams, //
|
|
};
|
|
|
|
use crate::{
|
|
gsp::cmdq::Cmdq,
|
|
gsp::fw::{
|
|
GspArgumentsPadded,
|
|
LibosMemoryRegionInitArgument, //
|
|
},
|
|
num,
|
|
};
|
|
|
|
pub(crate) const GSP_PAGE_SHIFT: usize = 12;
|
|
pub(crate) const GSP_PAGE_SIZE: usize = 1 << GSP_PAGE_SHIFT;
|
|
|
|
/// Number of GSP pages to use in a RM log buffer.
|
|
const RM_LOG_BUFFER_NUM_PAGES: usize = 0x10;
|
|
|
|
/// Array of page table entries, as understood by the GSP bootloader.
|
|
#[repr(C)]
|
|
struct PteArray<const NUM_ENTRIES: usize>([u64; NUM_ENTRIES]);
|
|
|
|
/// SAFETY: arrays of `u64` implement `AsBytes` and we are but a wrapper around one.
|
|
unsafe impl<const NUM_ENTRIES: usize> AsBytes for PteArray<NUM_ENTRIES> {}
|
|
|
|
impl<const NUM_PAGES: usize> PteArray<NUM_PAGES> {
|
|
/// Creates a new page table array mapping `NUM_PAGES` GSP pages starting at address `start`.
|
|
fn new(start: DmaAddress) -> Result<Self> {
|
|
let mut ptes = [0u64; NUM_PAGES];
|
|
for (i, pte) in ptes.iter_mut().enumerate() {
|
|
*pte = start
|
|
.checked_add(num::usize_as_u64(i) << GSP_PAGE_SHIFT)
|
|
.ok_or(EOVERFLOW)?;
|
|
}
|
|
|
|
Ok(Self(ptes))
|
|
}
|
|
}
|
|
|
|
/// The logging buffers are byte queues that contain encoded printf-like
|
|
/// messages from GSP-RM. They need to be decoded by a special application
|
|
/// that can parse the buffers.
|
|
///
|
|
/// The 'loginit' buffer contains logs from early GSP-RM init and
|
|
/// exception dumps. The 'logrm' buffer contains the subsequent logs. Both are
|
|
/// written to directly by GSP-RM and can be any multiple of GSP_PAGE_SIZE.
|
|
///
|
|
/// The physical address map for the log buffer is stored in the buffer
|
|
/// itself, starting with offset 1. Offset 0 contains the "put" pointer (pp).
|
|
/// Initially, pp is equal to 0. If the buffer has valid logging data in it,
|
|
/// then pp points to index into the buffer where the next logging entry will
|
|
/// be written. Therefore, the logging data is valid if:
|
|
/// 1 <= pp < sizeof(buffer)/sizeof(u64)
|
|
struct LogBuffer(CoherentAllocation<u8>);
|
|
|
|
impl LogBuffer {
|
|
/// Creates a new `LogBuffer` mapped on `dev`.
|
|
fn new(dev: &device::Device<device::Bound>) -> Result<Self> {
|
|
const NUM_PAGES: usize = RM_LOG_BUFFER_NUM_PAGES;
|
|
|
|
let mut obj = Self(CoherentAllocation::<u8>::alloc_coherent(
|
|
dev,
|
|
NUM_PAGES * GSP_PAGE_SIZE,
|
|
GFP_KERNEL | __GFP_ZERO,
|
|
)?);
|
|
let ptes = PteArray::<NUM_PAGES>::new(obj.0.dma_handle())?;
|
|
|
|
// SAFETY: `obj` has just been created and we are its sole user.
|
|
unsafe {
|
|
// Copy the self-mapping PTE at the expected location.
|
|
obj.0
|
|
.as_slice_mut(size_of::<u64>(), size_of_val(&ptes))?
|
|
.copy_from_slice(ptes.as_bytes())
|
|
};
|
|
|
|
Ok(obj)
|
|
}
|
|
}
|
|
|
|
/// GSP runtime data.
|
|
#[pin_data]
|
|
pub(crate) struct Gsp {
|
|
/// Libos arguments.
|
|
pub(crate) libos: CoherentAllocation<LibosMemoryRegionInitArgument>,
|
|
/// Init log buffer.
|
|
loginit: LogBuffer,
|
|
/// Interrupts log buffer.
|
|
logintr: LogBuffer,
|
|
/// RM log buffer.
|
|
logrm: LogBuffer,
|
|
/// Command queue.
|
|
pub(crate) cmdq: Cmdq,
|
|
/// RM arguments.
|
|
rmargs: CoherentAllocation<GspArgumentsPadded>,
|
|
}
|
|
|
|
impl Gsp {
|
|
// Creates an in-place initializer for a `Gsp` manager for `pdev`.
|
|
pub(crate) fn new(pdev: &pci::Device<device::Bound>) -> impl PinInit<Self, Error> + '_ {
|
|
pin_init::pin_init_scope(move || {
|
|
let dev = pdev.as_ref();
|
|
|
|
Ok(try_pin_init!(Self {
|
|
libos: CoherentAllocation::<LibosMemoryRegionInitArgument>::alloc_coherent(
|
|
dev,
|
|
GSP_PAGE_SIZE / size_of::<LibosMemoryRegionInitArgument>(),
|
|
GFP_KERNEL | __GFP_ZERO,
|
|
)?,
|
|
loginit: LogBuffer::new(dev)?,
|
|
logintr: LogBuffer::new(dev)?,
|
|
logrm: LogBuffer::new(dev)?,
|
|
cmdq: Cmdq::new(dev)?,
|
|
rmargs: CoherentAllocation::<GspArgumentsPadded>::alloc_coherent(
|
|
dev,
|
|
1,
|
|
GFP_KERNEL | __GFP_ZERO,
|
|
)?,
|
|
_: {
|
|
// Initialise the logging structures. The OpenRM equivalents are in:
|
|
// _kgspInitLibosLoggingStructures (allocates memory for buffers)
|
|
// kgspSetupLibosInitArgs_IMPL (creates pLibosInitArgs[] array)
|
|
dma_write!(
|
|
libos, [0]?, LibosMemoryRegionInitArgument::new("LOGINIT", &loginit.0)
|
|
);
|
|
dma_write!(
|
|
libos, [1]?, LibosMemoryRegionInitArgument::new("LOGINTR", &logintr.0)
|
|
);
|
|
dma_write!(libos, [2]?, LibosMemoryRegionInitArgument::new("LOGRM", &logrm.0));
|
|
dma_write!(rmargs, [0]?.inner, fw::GspArgumentsCached::new(cmdq));
|
|
dma_write!(libos, [3]?, LibosMemoryRegionInitArgument::new("RMARGS", rmargs));
|
|
},
|
|
}))
|
|
})
|
|
}
|
|
}
|