lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3631c0ca-4c8d-4cef-aa40-13e3acd22123@linux.intel.com>
Date: Mon, 19 Aug 2024 11:34:50 +0800
From: Baolu Lu <baolu.lu@...ux.intel.com>
To: Yi Liu <yi.l.liu@...el.com>, Joerg Roedel <joro@...tes.org>,
 Will Deacon <will@...nel.org>, Robin Murphy <robin.murphy@....com>,
 Jason Gunthorpe <jgg@...pe.ca>, Kevin Tian <kevin.tian@...el.com>
Cc: baolu.lu@...ux.intel.com, iommu@...ts.linux.dev,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] iommu/vt-d: Move PCI PASID enablement to probe path

On 2024/8/19 11:14, Yi Liu wrote:
> On 2024/8/16 18:49, Lu Baolu wrote:
>> Currently, PCI PASID is enabled alongside PCI ATS when an iommu domain is
>> attached to the device and disabled when the device transitions to block
>> translation mode. This approach is inappropriate as PCI PASID is a device
>> feature independent of the type of the attached domain.
>>
>> Enable PCI PASID during the IOMMU device probe and disables it during the
>> release path.
>>
>> Suggested-by: Yi Liu <yi.l.liu@...el.com>
>> Signed-off-by: Lu Baolu <baolu.lu@...ux.intel.com>
>> ---
>>   drivers/iommu/intel/iommu.c | 27 +++++++++++++--------------
>>   1 file changed, 13 insertions(+), 14 deletions(-)
>>
>> diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
>> index 9ff8b83c19a3..5a8080c71b04 100644
>> --- a/drivers/iommu/intel/iommu.c
>> +++ b/drivers/iommu/intel/iommu.c
>> @@ -1322,15 +1322,6 @@ static void iommu_enable_pci_caps(struct 
>> device_domain_info *info)
>>           return;
>>       pdev = to_pci_dev(info->dev);
>> -
>> -    /* The PCIe spec, in its wisdom, declares that the behaviour of
>> -       the device if you enable PASID support after ATS support is
>> -       undefined. So always enable PASID support on devices which
>> -       have it, even if we can't yet know if we're ever going to
>> -       use it. */
>> -    if (info->pasid_supported && !pci_enable_pasid(pdev, 
>> info->pasid_supported & ~1))
>> -        info->pasid_enabled = 1;
>> -
>>       if (info->ats_supported && pci_ats_page_aligned(pdev) &&
>>           !pci_enable_ats(pdev, VTD_PAGE_SHIFT)) {
>>           info->ats_enabled = 1;
>> @@ -1352,11 +1343,6 @@ static void iommu_disable_pci_caps(struct 
>> device_domain_info *info)
>>           info->ats_enabled = 0;
>>           domain_update_iotlb(info->domain);
>>       }
>> -
>> -    if (info->pasid_enabled) {
>> -        pci_disable_pasid(pdev);
>> -        info->pasid_enabled = 0;
>> -    }
>>   }
>>   static void intel_flush_iotlb_all(struct iommu_domain *domain)
>> @@ -4110,6 +4096,16 @@ static struct iommu_device 
>> *intel_iommu_probe_device(struct device *dev)
>>           }
>>       }
>> +    /*
>> +     * The PCIe spec, in its wisdom, declares that the behaviour of the
>> +     * device is undefined if you enable PASID support after ATS 
>> support.
>> +     * So always enable PASID support on devices which have it, even if
>> +     * we can't yet know if we're ever going to use it.
>> +     */
>> +    if (info->pasid_supported &&
>> +        !pci_enable_pasid(pdev, info->pasid_supported & ~1))
>> +        info->pasid_enabled = 1;
>> +
>>       intel_iommu_debugfs_create_dev(info);
>>       return &iommu->iommu;
>> @@ -4128,6 +4124,9 @@ static void intel_iommu_release_device(struct 
>> device *dev)
>>       struct device_domain_info *info = dev_iommu_priv_get(dev);
>>       struct intel_iommu *iommu = info->iommu;
>> +    if (info->pasid_enabled)
>> +        pci_disable_pasid(to_pci_dev(dev));
>> +
> 
> would it make sense to move this behind the
> intel_iommu_debugfs_remove_dev(info)? This seems to mirror the order of the
> intel_iommu_probe_device(). Or you may set info->pasid_enabled to 0 in case
> of any code uses it before info is freed if keeping this order. Otherwise,
> lgtm. thanks for the quick action. 🙂

The info->pasid_enabled change should not impact the behavior of
intel_iommu_debugfs_remove_dev(), and I didn't find any issue during my
test.

Anyway, to make it more consistent with previous behavior, maybe I could
move the part where we turn on/off pasid to the end of the probe and the
start of the release.

Additional change likes below?

diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index 5a8080c71b04..76b317f1d1de 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -4096,6 +4096,8 @@ static struct iommu_device 
*intel_iommu_probe_device(struct device *dev)
                 }
         }

+       intel_iommu_debugfs_create_dev(info);
+
         /*
          * The PCIe spec, in its wisdom, declares that the behaviour of the
          * device is undefined if you enable PASID support after ATS 
support.
@@ -4106,8 +4108,6 @@ static struct iommu_device 
*intel_iommu_probe_device(struct device *dev)
             !pci_enable_pasid(pdev, info->pasid_supported & ~1))
                 info->pasid_enabled = 1;

-       intel_iommu_debugfs_create_dev(info);
-
         return &iommu->iommu;
  free_table:
         intel_pasid_free_table(dev);

Thanks,
baolu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ