# Pastebin xjB3JX7R
Long story short, it appears that 'Mali LPAE' is also lacking the start 
level notion of VMSA, and expects a full 4-level table even for <40 bits 
when level 0 effectively redundant. Thus walking the 3-level table that 
io-pgtable comes back with ends up going wildly wrong. The hack below 
seems to do the job for me; if Clément can confirm (on T-720 you'll 
still need the userspace hack to force 32-bit jobs as well) then I think 
I'll cook up a proper refactoring of the allocator to put things right.

Robin.


----->8-----
diff --git a/drivers/iommu/io-pgtable-arm.c b/drivers/iommu/io-pgtable-arm.c
index 546968d8a349..f29da6e8dc08 100644
--- a/drivers/iommu/io-pgtable-arm.c
+++ b/drivers/iommu/io-pgtable-arm.c
@@ -1023,12 +1023,14 @@ arm_mali_lpae_alloc_pgtable(struct 
io_pgtable_cfg *cfg, void *cookie)
        iop = arm_64_lpae_alloc_pgtable_s1(cfg, cookie);
        if (iop) {
                u64 mair, ttbr;
+               struct arm_lpae_io_pgtable *data = io_pgtable_ops_to_data(&iop->ops);

+               data->levels = 4;
                /* Copy values as union fields overlap */
                mair = cfg->arm_lpae_s1_cfg.mair[0];
                ttbr = cfg->arm_lpae_s1_cfg.ttbr[0];
Long story short, it appears that 'Mali LPAE' is also lacking the start 
level notion of VMSA, and expects a full 4-level table even for <40 bits 
when level 0 effectively redundant. Thus walking the 3-level table that 
io-pgtable comes back with ends up going wildly wrong. The hack below 
seems to do the job for me; if Clément can confirm (on T-720 you'll 
still need the userspace hack to force 32-bit jobs as well) then I think 
I'll cook up a proper refactoring of the allocator to put things right.

Robin.


----->8-----
diff --git a/drivers/iommu/io-pgtable-arm.c b/drivers/iommu/io-pgtable-arm.c
index 546968d8a349..f29da6e8dc08 100644
--- a/drivers/iommu/io-pgtable-arm.c
+++ b/drivers/iommu/io-pgtable-arm.c
@@ -1023,12 +1023,14 @@ arm_mali_lpae_alloc_pgtable(struct 
io_pgtable_cfg *cfg, void *cookie)
        iop = arm_64_lpae_alloc_pgtable_s1(cfg, cookie);
        if (iop) {
                u64 mair, ttbr;
+               struct arm_lpae_io_pgtable *data = io_pgtable_ops_to_data(&iop->ops);

+               data->levels = 4;
                /* Copy values as union fields overlap */
                mair = cfg->arm_lpae_s1_cfg.mair[0];
                ttbr = cfg->arm_lpae_s1_cfg.ttbr[0];