[3/3] iommu: prevent VMD child devices from being remapping targets

Message ID 20170807195713.10963-3-jonathan.derrick@intel.com
State Changes Requested
Headers show

Commit Message

Jon Derrick Aug. 7, 2017, 7:57 p.m.
VMD child devices must use the VMD endpoint's ID as the DMA source.
Because of this, there needs to be a way to link the parent VMD
endpoint's DMAR domain to the VMD child devices' DMAR domain such that
attaching and detaching child devices modify the endpoint's DMAR mapping
and prevents early detaching.

This is outside the scope of VMD, so disable binding child devices to
prevent unforeseen issues. This functionality may be implemented in the
future.

This patch prevents VMD child devices from returning an IOMMU, which
prevents it from exposing iommu_group sysfs directories and subsequent
binding by userspace-access drivers such as VFIO.

Signed-off-by: Jon Derrick <jonathan.derrick@intel.com>
---
 drivers/iommu/intel-iommu.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Jon Derrick Aug. 9, 2017, 5:13 p.m. | #1
Hi Robin, thanks for the reply.

On 08/11/2017 12:25 PM, Robin Murphy wrote:
> On 07/08/17 20:57, Jon Derrick wrote:
>> VMD child devices must use the VMD endpoint's ID as the DMA source.
>> Because of this, there needs to be a way to link the parent VMD
>> endpoint's DMAR domain to the VMD child devices' DMAR domain such that
>> attaching and detaching child devices modify the endpoint's DMAR mapping
>> and prevents early detaching.
> > That sounds like either pci_device_group() needs modifying, or perhaps
> that intel-iommu needs its own extended iommu_ops::device_group
> implementation, to ensure that VMD child devices get put in the same
> group as their parent - if they share requester IDs they can't feasibly
> be attached to different domains anyway.
> 
> Robin.
Yes it seems like that to me too. I have a high-level understanding of
the changes required but not too much in the nitty-gritty details. It's
a bit more complicated anyways because VMD emerges a set of root ports,
and AFAICT, PCI ACS end at the root ports and iommu groups rely on ACS
to group devices. Either way it's not within the scope of VMD.
Bjorn Helgaas Aug. 11, 2017, 5:17 p.m. | #2
On Mon, Aug 07, 2017 at 01:57:13PM -0600, Jon Derrick wrote:
> VMD child devices must use the VMD endpoint's ID as the DMA source.
> Because of this, there needs to be a way to link the parent VMD
> endpoint's DMAR domain to the VMD child devices' DMAR domain such that
> attaching and detaching child devices modify the endpoint's DMAR mapping
> and prevents early detaching.
> 
> This is outside the scope of VMD, so disable binding child devices to
> prevent unforeseen issues. This functionality may be implemented in the
> future.
> 
> This patch prevents VMD child devices from returning an IOMMU, which
> prevents it from exposing iommu_group sysfs directories and subsequent
> binding by userspace-access drivers such as VFIO.
> 
> Signed-off-by: Jon Derrick <jonathan.derrick@intel.com>
> ---
>  drivers/iommu/intel-iommu.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
> index 687f18f..651a6cd 100644
> --- a/drivers/iommu/intel-iommu.c
> +++ b/drivers/iommu/intel-iommu.c
> @@ -905,6 +905,11 @@ static struct intel_iommu *device_to_iommu(struct device *dev, u8 *bus, u8 *devf
>  		 * the PF instead to find the IOMMU. */
>  		pf_pdev = pci_physfn(pdev);
>  		dev = &pf_pdev->dev;
> +
> +		/* VMD child devices currently cannot be handled individually */
> +		if (pci_bus_is_vmd(pdev->bus))

Aah, this is the bigger reason why you want a general "is VMD" thing.
But this is still basically x86-specific code (I do see the ia64 in
Kconfig, so I guess maybe ia64 as well).

But pci_bus_is_vmd() doesn't feel like a generally useful concept.  I
see why you need things like this quirk, but it's not clear what
useful things other code could do with pci_bus_is_vmd() because we
don't have a generic concept of how VMD buses are different than other
PCI buses.

> +			return NULL;
> +
>  		segment = pci_domain_nr(pdev->bus);
>  	} else if (has_acpi_companion(dev))
>  		dev = &ACPI_COMPANION(dev)->dev;
> -- 
> 2.9.4
>
Robin Murphy Aug. 11, 2017, 6:25 p.m. | #3
On 07/08/17 20:57, Jon Derrick wrote:
> VMD child devices must use the VMD endpoint's ID as the DMA source.
> Because of this, there needs to be a way to link the parent VMD
> endpoint's DMAR domain to the VMD child devices' DMAR domain such that
> attaching and detaching child devices modify the endpoint's DMAR mapping
> and prevents early detaching.

That sounds like either pci_device_group() needs modifying, or perhaps
that intel-iommu needs its own extended iommu_ops::device_group
implementation, to ensure that VMD child devices get put in the same
group as their parent - if they share requester IDs they can't feasibly
be attached to different domains anyway.

Robin.

> This is outside the scope of VMD, so disable binding child devices to
> prevent unforeseen issues. This functionality may be implemented in the
> future.
> 
> This patch prevents VMD child devices from returning an IOMMU, which
> prevents it from exposing iommu_group sysfs directories and subsequent
> binding by userspace-access drivers such as VFIO.
> 
> Signed-off-by: Jon Derrick <jonathan.derrick@intel.com>
> ---
>  drivers/iommu/intel-iommu.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
> index 687f18f..651a6cd 100644
> --- a/drivers/iommu/intel-iommu.c
> +++ b/drivers/iommu/intel-iommu.c
> @@ -905,6 +905,11 @@ static struct intel_iommu *device_to_iommu(struct device *dev, u8 *bus, u8 *devf
>  		 * the PF instead to find the IOMMU. */
>  		pf_pdev = pci_physfn(pdev);
>  		dev = &pf_pdev->dev;
> +
> +		/* VMD child devices currently cannot be handled individually */
> +		if (pci_bus_is_vmd(pdev->bus))
> +			return NULL;
> +
>  		segment = pci_domain_nr(pdev->bus);
>  	} else if (has_acpi_companion(dev))
>  		dev = &ACPI_COMPANION(dev)->dev;
>

Patch

diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
index 687f18f..651a6cd 100644
--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -905,6 +905,11 @@  static struct intel_iommu *device_to_iommu(struct device *dev, u8 *bus, u8 *devf
 		 * the PF instead to find the IOMMU. */
 		pf_pdev = pci_physfn(pdev);
 		dev = &pf_pdev->dev;
+
+		/* VMD child devices currently cannot be handled individually */
+		if (pci_bus_is_vmd(pdev->bus))
+			return NULL;
+
 		segment = pci_domain_nr(pdev->bus);
 	} else if (has_acpi_companion(dev))
 		dev = &ACPI_COMPANION(dev)->dev;