Difference between usb_alloc_coherent and kzalloc/kmalloc - linux

What is the fundamental difference between using usb_alloc_coherent and kzalloc/kmalloc in context of USB driver. Both does the same, allocate a memory area for URB buffer. But what is the difference of them. Is there any benefit of using usb_alloc_coherent instead of kzalloc/kmalloc?

Drivers are device (endpoint) centric but memory allocation must consult capabilities of the USB controller. This is because it is the controller which performs the DMA from memory onto the USB bus. So usb_alloc_coherent basically wraps the generic dma_alloc_coherent but calls it for the controller, not the endpoint. Using DMA-API instead of just kmalloc ensures that no bounce-buffers will be required.
This saves device driver writes from code ugliness (breaking abstractions) and handling of some corner cases. usb_alloc_coherent also uses a memory poll to speed things up a bit.

The documentation says:
usb_alloc_coherent - allocate dma-consistent buffer for URB_NO_xxx_DMA_MAP
These buffers are used with URB_NO_xxx_DMA_MAP set in urb->transfer_flags
to avoid behaviors like using "DMA bounce buffers", or thrashing IOMMU
hardware during URB completion/resubmit.

Related

How is working the process of direct access to memory in non-SecureOS and SecureOS in trustzone systems

Im not sure if I understand the full flow of CPU direct access to memory in ARM processors,
I interested to know which part of memory access the cache (L1 and L2) ,DMA and MMU(or secure MMU) are participate.
I'm not sure if I understand the process sending data from non-secureOS to SecureOS start from allocating shared buffer via DMA and writing data to to share buffer (between secureOS and non-secureOS) and sending.
Additional questions:
Why DMA needed to communicate between secure or non secure ? Why not possible to use via kernel buffer (kmalloc(), kzalloc(), get_page() and etc.)?
Generally, there is possible to CPU access to memory without DMA ? Does DMA must to participate ?
There is possible no-coherency between CPU(cache L1 or L2) to DMA ?
For example:
non-secureOS write own data to DMA buffer and send to secureOS.
secureOS receive the buffer, non-secureOS change the buffer again without flushing (I think the changes keep in the cache) and finally secureOS read stale fake data from the cache
Everything with TrustZone is accomplished with the 'NS' bit that augments the BUS.
For a TrustZone CPU, L1/L2/TLB (via MMU) need to be aware of the 'NS' bit. Caches and TLB are augmented with a 'NS' bit and are not accessible from the normal world if the 'NS' is clear.
I'm not sure if I understand the process sending data from non-secureOS to SecureOS start from allocating shared buffer via DMA and writing data to to share buffer (between secureOS and non-secureOS) and sending.
The secure/non-secure OS have several means to communicate. A DMA buffer is one way, but it is probably complex and would not be a normal mode. The most basic mechanism is the SMC instruction. This is trapped by monitor mode and accomplishes the same thing as a 'syscall'.
Interpret ARM SMC calls
ARM SMC Calling Convention
SMC on StackOverflow
Another way is to map RAM as world shareable. Typically, this is done with a TZASC, but other Trustzone memory controllers may exist on a system. This is probably best 'bootstrapped' via the smc mechanics.
The use of a DMA controller could extend the world shareable memory buffer to off load CPU work load. However, I think this case is a little pathological and would never be done. Even faster than copying the memory via DMA is just to update the TZASC to make a buffer shareable. There is no copying.
Normal world reads 'secure memory' -> faults.
Normal world reads 'world shared memory' -> access as per normal.
The secure OS can flip the TZASC permissions during run time, if the device is not boot locked.
Why DMA needed to communicate between secure or non secure ? Why not possible to use via kernel buffer (kmalloc(), kzalloc(), get_page() and etc.)?
It is as detailed above. It requires world shareable memory.
Generally, there is possible to CPU access to memory without DMA ? Does DMA must to participate?
No DMA does not need to be involved at all. In fact, I wonder what made you think this is the case?
There is possible no-coherency between CPU(cache L1 or L2) to DMA ? For example: non-secureOS write own data to DMA buffer and send to secureOS. secureOS receive the buffer, non-secureOS change the buffer again without flushing (I think the changes keep in the cache) and finally secureOS read stale fake data from the cache
DMA and caches always have coherency issues. TrustZone doesn't add anything new. If you are using DMA, you need to have the MMU set that as device memory and it will not be cached.
Also, the DMA devices themselves are considered BUS masters. They can be TrustZone aware or some front-end logic if placed on them. In the first case, the controller with flip the 'NS' bit based on documented use patterns. For example a crypto device may present banked registers to normal/secure worlds. Depending on who accessed the device, the DMA will be performed with NS set or clear. For the 2nd case, another device/gasket sets up fixed access for the DMA. It is always either normal or secure access. This is often boot locked.
The DMA (and all hardware beside the CPU) are outside the scope of the CPU. The SOC designer and OEM have to configure the system to match the security requirements of the application. So different devices should map to normal/secure (or dynamic if required). The safest case is to fix these mappings and lock them at boot time. Otherwise, your attack surface grows in attacks against TrustZone.

Memory mapped IO - how does IO device know value has changed?

How does an IO device know that a value in memory pertaining to it has changed in memory mapped IO?
For example, let's say memory address 0 has been dedicated to hold the background color for a VGA device. How does the VGA device know when we change the value in memory[0]? Is the VGA device constantly polling the memory location? Or does the CPU somehow notify the device when it changes the value (and if so how?)?
An example architecture is MIPS. Given that the MIPS instruction set does not have in or out instructions, I don't understand how it could possibly communicate (on change) with the VGA device in the example. Another example is the ARM architecture.
In memory-mapped I/O, performing a memory read/write to the device's memory region will cause the CPU to perform a transaction with the device to fetch/store that value -- either directly through the CPU's memory bus, or through a secondary bus (such as AHB/APB on ARM systems). This memory transaction directly notifies the device that a value is being changed; no separate notification is necessary.
You're assuming that memory-mapped I/O is mapped by normal RAM. This is not the case. Indeed, these devices may behave in ways which are entirely unlike real memory! For instance, a typical UART or SPI device implementation may have a single data register which can be written to to transmit data, or read from to retrieve received data. Similarly, it's not uncommon for interrupt registers to have "clear on read" or "write 1 to clear" semantics.
For what it's worth: in practice, many framebuffer graphics implementations do actually behave as normal memory. What's different is that the memory is stored in a dual-ported RAM (or a time-multiplexed bus), and the video RAMDAC continuously reads through that memory to transmit its contents to an attached display.
A region of the physical address space that is designated as memory-mapped I/O (MMIO) is not mapped to main memory (system memory); it's mapped to I/O registers which are physically part of the I/O device.
To determine how to handle a memory access (read or write), the processor checks first the type of the region to which the target memory address belongs. In any MIPS processor, there are at least two types: Uncached and Cached. MMIO regions are always Uncached. An Uncached memory access request is directly sent to the main memory controller without examining or affecting any of the caches. However, an I/O Uncached memory access request is sent to an I/O controller, and eventually the request will reach the destination I/O device.
Now exactly how the CPU and the I/O device communicate with each other is completely specified by the I/O device itself. So an I/O device would have a specification that discusses how many I/O registers there are and how each of them should be used. An I/O register could be used to hold status flags, control flags, data to be read or written by the CPU, or some combination thereof. Note that since the I/O registers are physically part of the I/O device, then the I/O device can be designed so that it can detect when any of its registers are being read from or written to and take an action accordingly if required.
An I/O device can send an interrupt to the CPU to inform it that some data is available or maybe it wants attention for whatever reason. The CPU can also frequently poll the I/O device by checking some status flag(s) and then take some action accordingly.

Efficient detection if value at memory address has been changed?

This more a general question. Consider an external device. From time to time this device writes data via its device driver to a specific memory address. I want to write a small C program which read out this data. Is there a better way than just polling this address to check if the value has been changed? I want to keep the CPU load low.
I have done some further research
Is "memory mapped IO" an option? My naive idea is to let the external device writes a flag to a "memory mapped IO"-address which triggers a kernel device driver. The driver then "informs" the program which proceed the value. Can this work? How can a driver informs the program?
The answer may depend on what processor you intend to use, what the device is and possibly whether you are using an operating system or RTOS.
Memory mapped I/O per se is not a solution, that simply refers to I/O device registers that can be directly addressed via normal memory access instructions. Most devices will generate an interrupt when certain registers are updated or contain new valid data.
In general if using an RTOS you can arrange for the device driver to signal via a suitable IPC mechanism any client thread(s) that need to handle the data. If you are not using an RTOS, you could simply register a callback with the device driver which it would call whenever the data is updated. What the client does in the call back is its business - including reading the new data.
If the device in question generates interrupts, then the handling can be done on interrupt, if the device is capable of DMA, then it can handle blocks of data autonomously before teh DMA controller generates an DMA interrupt to a handler.

Mapping device memory for Linux 2.6.30 DMA API

I've been struggling with this one, would really appreciate some help. I want to use the internal SRAM (stepping stone - not used after boot) of my At91sam9g45 to speed up some intensive computations and am having trouble meeting all the following conditions:
Memory is accessible from user space. This was easy using the user space mmap() and then kernel remap_pfn_range(). Using the pointer returned, my user space programs can read/write to the SRAM.
Using the kernel DMA API call dma_async_memcpy_buf_to_buf() to do a memcpy using DMA. Within my basic driver, I want to call this operation to copy data from DDR( allocated with kmalloc()) into the SRAM buffer.
So my problem is that I have the user space and physical addresses, but no kernel-space DMA API friendly mapping.
I've tried using ioremap and using the fixed virutal address provided to iotable_init(). None of these seems to result in a kernel virtual address that can be used with something like virt_to_bus (which works for the kmalloc addresses and i think is used within the DMA API).
There's way around and thats just triggering the DMA manually using the physical addresses, but I'd like to try and figure this out. I've been reading through LDD3 and googling, but i can't see any examples of using non-kmalloc memory for the DMA API (except for PCI buses).

What is the difference between DMA and memory-mapped IO?

What is the difference between DMA and memory-mapped IO? They both look similar to me.
Memory-mapped I/O allows the CPU to control hardware by reading and writing specific memory addresses. Usually, this would be used for low-bandwidth operations such as changing control bits.
DMA allows hardware to directly read and write memory without involving the CPU. Usually, this would be used for high-bandwidth operations such as disk I/O or camera video input.
Here is a paper has a thorough comparison between MMIO and DMA.
Design Guidelines for High Performance RDMA Systems
Since others have already answered the question, I'll just add a little bit of history.
Back in the old days, on x86 (PC) hardware, there was only I/O space and memory space. These were two different address spaces, accessed with different bus protocol and different CPU instructions, but able to talk over the same plug-in card slot.
Most devices used I/O space for both the control interface and the bulk data-transfer interface. The simple way to access data was to execute lots of CPU instructions to transfer data one word at a time from an I/O address to a memory address (sometimes known as "bit-banging.")
In order to move data from devices to host memory autonomously, there was no support in the ISA bus protocol for devices to initiate transfers. A compromise solution was invented: the DMA controller. This was a piece of hardware that sat up by the CPU and initiated transfers to move data from a device's I/O address to memory, or vice versa. Because the I/O address is the same, the DMA controller is doing the exact same operations as a CPU would, but a little more efficiently and allowing some freedom to keep running in the background (though possibly not for long as it can't talk to memory).
Fast-forward to the days of PCI, and the bus protocols got a lot smarter: any device can initiate a transfer. So it's possible for, say, a RAID controller card to move any data it likes to or from the host at any time it likes. This is called "bus master" mode, but for no particular reason people continue to refer to this mode as "DMA" even though the old DMA controller is long gone. Unlike old DMA transfers, there is frequently no corresponding I/O address at all, and the bus master mode is frequently the only interface present on the device, with no CPU "bit-banging" mode at all.
Memory-mapped IO means that the device registers are mapped into the machine's memory space - when those memory regions are read or written by the CPU, it's reading from or writing to the device, rather than real memory. To transfer data from the device to an actual memory buffer, the CPU has to read the data from the memory-mapped device registers and write it to the buffer (and the converse for transferring data to the device).
With a DMA transfer, the device is able to directly transfer data to or from a real memory buffer itself. The CPU tells the device the location of the buffer, and then can perform other work while the device is directly accessing memory.
Direct Memory Access (DMA) is a technique to transfer the data from I/O to memory and from memory to I/O without the intervention of the CPU. For this purpose, a special chip, named DMA controller, is used to control all activities and synchronization of data. As result, compare to other data transfer techniques, DMA is much faster.
On the other hand, Virtual memory acts as a cache between main memory and secondary memory. Data is fetched in advance from the secondary memory (hard disk) into the main memory so that data is already available in the main memory when needed. It allows us to run more applications on the system than we have enough physical memory to support.

Resources