tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

iommu/arm-smmu-v3: Mark EATS_TRANS safe when computing the update sequence

If VM wants to toggle EATS_TRANS off at the same time as changing the CFG,
hypervisor will see EATS change to 0 and insert a V=0 breaking update into
the STE even though the VM did not ask for that.

In bare metal, EATS_TRANS is ignored by CFG=ABORT/BYPASS, which is why this
does not cause a problem until we have the nested case where CFG is always
a variation of S2 trans that does use EATS_TRANS.

Relax the rules for EATS_TRANS sequencing, we don't need it to be exact as
the enclosing code will always disable ATS at the PCI device when changing
EATS_TRANS. This ensures there are no ATS transactions that can race with
an EATS_TRANS change so we don't need to carefully sequence these bits.

Fixes: 1e8be08d1c91 ("iommu/arm-smmu-v3: Support IOMMU_DOMAIN_NESTED")
Cc: stable@vger.kernel.org
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Reviewed-by: Shuai Xue <xueshuai@linux.alibaba.com>
Signed-off-by: Nicolin Chen <nicolinc@nvidia.com>
Signed-off-by: Will Deacon <will@kernel.org>

authored by

Jason Gunthorpe and committed by
Will Deacon 7cad8004 f3c1d372

+26
+26
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
··· 1097 1097 void arm_smmu_get_ste_update_safe(const __le64 *cur, const __le64 *target, 1098 1098 __le64 *safe_bits) 1099 1099 { 1100 + const __le64 eats_s1chk = 1101 + FIELD_PREP(STRTAB_STE_1_EATS, STRTAB_STE_1_EATS_S1CHK); 1102 + const __le64 eats_trans = 1103 + FIELD_PREP(STRTAB_STE_1_EATS, STRTAB_STE_1_EATS_TRANS); 1104 + 1105 + /* 1106 + * When an STE changes EATS_TRANS, the sequencing code in the attach 1107 + * logic already will have the PCI cap for ATS disabled. Thus at this 1108 + * moment we can expect that the device will not generate ATS queries 1109 + * and so we don't care about the sequencing of EATS. The purpose of 1110 + * EATS_TRANS is to protect the system from hostile untrusted devices 1111 + * that issue ATS when the PCI config space is disabled. However, if 1112 + * EATS_TRANS is being changed, then we must have already trusted the 1113 + * device as the EATS_TRANS security block is being disabled. 1114 + * 1115 + * Note: now the EATS_TRANS update is moved to the first entry_set(). 1116 + * Changing S2S and EATS might transiently result in S2S=1 and EATS=1 1117 + * which is a bad STE (see "5.2 Stream Table Entry"). In such a case, 1118 + * we can't do a hitless update. Also, it should not be added to the 1119 + * safe bits with STRTAB_STE_1_EATS_S1CHK, because EATS=0b11 would be 1120 + * effectively an errant 0b00 configuration. 1121 + */ 1122 + if (!((cur[1] | target[1]) & cpu_to_le64(eats_s1chk)) && 1123 + !((cur[2] | target[2]) & cpu_to_le64(STRTAB_STE_2_S2S))) 1124 + safe_bits[1] |= cpu_to_le64(eats_trans); 1125 + 1100 1126 /* 1101 1127 * MEV does not meaningfully impact the operation of the HW, it only 1102 1128 * changes how many fault events are generated, thus we can relax it