[{"id":1760520,"web_url":"http://patchwork.ozlabs.org/comment/1760520/","msgid":"<20170830214541.GZ8154@bhelgaas-glaptop.roam.corp.google.com>","list_archive_url":null,"date":"2017-08-30T21:45:41","subject":"Re: [PATCH v3] iommu: Prevent VMD child devices from being remapping\n\ttargets","submitter":{"id":67298,"url":"http://patchwork.ozlabs.org/api/people/67298/","name":"Bjorn Helgaas","email":"helgaas@kernel.org"},"content":"On Wed, Aug 30, 2017 at 03:05:59PM -0600, Jon Derrick wrote:\n> VMD child devices must use the VMD endpoint's ID as the requester.\n> Because of this, there needs to be a way to link the parent VMD\n> endpoint's iommu group and associated mappings to the VMD child devices\n> such that attaching and detaching child devices modify the endpoint's\n> mappings, while preventing early detaching on a singular device removal\n> or unbinding.\n> \n> The reassignment of individual VMD child devices devices to VMs is\n> outside the scope of VMD, but may be implemented in the future. For now\n> it is best to prevent any such attempts.\n> \n> This patch prevents VMD child devices from returning an IOMMU, which\n> prevents it from exposing an iommu_group sysfs directories and allowing\n> subsequent binding by userspace-access drivers such as VFIO.\n> \n> Signed-off-by: Jon Derrick <jonathan.derrick@intel.com>\n\nApplied to pci/host-vmd for v4.14, thanks!\n\n> ---\n> v2->3, wrapped in x86 ifdef to avoid ia64 compilation errors\n> \n>  drivers/iommu/intel-iommu.c | 7 +++++++\n>  1 file changed, 7 insertions(+)\n> \n> diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c\n> index 687f18f..2800a6e 100644\n> --- a/drivers/iommu/intel-iommu.c\n> +++ b/drivers/iommu/intel-iommu.c\n> @@ -901,6 +901,13 @@ static struct intel_iommu *device_to_iommu(struct device *dev, u8 *bus, u8 *devf\n>  \t\tstruct pci_dev *pf_pdev;\n>  \n>  \t\tpdev = to_pci_dev(dev);\n> +\n> +#ifdef CONFIG_X86\n> +\t\t/* VMD child devices currently cannot be handled individually */\n> +\t\tif (is_vmd(pdev->bus))\n> +\t\t\treturn NULL;\n> +#endif\n> +\n>  \t\t/* VFs aren't listed in scope tables; we need to look up\n>  \t\t * the PF instead to find the IOMMU. */\n>  \t\tpf_pdev = pci_physfn(pdev);\n> -- \n> 1.8.3.1\n>","headers":{"Return-Path":"<linux-pci-owner@vger.kernel.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=linux-pci-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","mail.kernel.org;\n\tdmarc=none (p=none dis=none) header.from=kernel.org","mail.kernel.org;\n\tspf=none smtp.mailfrom=helgaas@kernel.org"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xjJw86pdkz9s8P\n\tfor <incoming@patchwork.ozlabs.org>;\n\tThu, 31 Aug 2017 07:45:44 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1750814AbdH3Vpo (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);\n\tWed, 30 Aug 2017 17:45:44 -0400","from mail.kernel.org ([198.145.29.99]:41234 \"EHLO mail.kernel.org\"\n\trhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP\n\tid S1750761AbdH3Vpn (ORCPT <rfc822;linux-pci@vger.kernel.org>);\n\tWed, 30 Aug 2017 17:45:43 -0400","from localhost (unknown [64.22.249.253])\n\t(using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))\n\t(No client certificate requested)\n\tby mail.kernel.org (Postfix) with ESMTPSA id E6EC121A94;\n\tWed, 30 Aug 2017 21:45:42 +0000 (UTC)"],"DMARC-Filter":"OpenDMARC Filter v1.3.2 mail.kernel.org E6EC121A94","Date":"Wed, 30 Aug 2017 16:45:41 -0500","From":"Bjorn Helgaas <helgaas@kernel.org>","To":"Jon Derrick <jonathan.derrick@intel.com>","Cc":"iommu@lists.linux-foundation.org, linux-pci@vger.kernel.org,\n\tKeith Busch <keith.busch@intel.com>","Subject":"Re: [PATCH v3] iommu: Prevent VMD child devices from being remapping\n\ttargets","Message-ID":"<20170830214541.GZ8154@bhelgaas-glaptop.roam.corp.google.com>","References":"<1504127159-186529-1-git-send-email-jonathan.derrick@intel.com>","MIME-Version":"1.0","Content-Type":"text/plain; charset=us-ascii","Content-Disposition":"inline","In-Reply-To":"<1504127159-186529-1-git-send-email-jonathan.derrick@intel.com>","User-Agent":"Mutt/1.5.21 (2010-09-15)","Sender":"linux-pci-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<linux-pci.vger.kernel.org>","X-Mailing-List":"linux-pci@vger.kernel.org"}}]