tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'iommu-fixes-v6.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

Pull iommu fixes from Joerg Roedel:
"Intel VT-d fixes:

- IO/TLB flush fix

- Various pci_dev refcount fixes"

* tag 'iommu-fixes-v6.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
iommu/vt-d: Fix PCI device refcount leak in prq_event_thread()
iommu/vt-d: Add a fix for devices need extra dtlb flush

Linus Torvalds f66f62f8 66065157

+88 -9
+1
drivers/iommu/intel/dmar.c
··· 820 820 info = dmar_alloc_pci_notify_info(dev, 821 821 BUS_NOTIFY_ADD_DEVICE); 822 822 if (!info) { 823 + pci_dev_put(dev); 823 824 return dmar_dev_scope_status; 824 825 } else { 825 826 dmar_pci_bus_add_dev(info);
+70 -3
drivers/iommu/intel/iommu.c
··· 1396 1396 spin_unlock_irqrestore(&domain->lock, flags); 1397 1397 } 1398 1398 1399 + /* 1400 + * The extra devTLB flush quirk impacts those QAT devices with PCI device 1401 + * IDs ranging from 0x4940 to 0x4943. It is exempted from risky_device() 1402 + * check because it applies only to the built-in QAT devices and it doesn't 1403 + * grant additional privileges. 1404 + */ 1405 + #define BUGGY_QAT_DEVID_MASK 0x494c 1406 + static bool dev_needs_extra_dtlb_flush(struct pci_dev *pdev) 1407 + { 1408 + if (pdev->vendor != PCI_VENDOR_ID_INTEL) 1409 + return false; 1410 + 1411 + if ((pdev->device & 0xfffc) != BUGGY_QAT_DEVID_MASK) 1412 + return false; 1413 + 1414 + return true; 1415 + } 1416 + 1399 1417 static void iommu_enable_pci_caps(struct device_domain_info *info) 1400 1418 { 1401 1419 struct pci_dev *pdev; ··· 1496 1478 qdep = info->ats_qdep; 1497 1479 qi_flush_dev_iotlb(info->iommu, sid, info->pfsid, 1498 1480 qdep, addr, mask); 1481 + quirk_extra_dev_tlb_flush(info, addr, mask, PASID_RID2PASID, qdep); 1499 1482 } 1500 1483 1501 1484 static void iommu_flush_dev_iotlb(struct dmar_domain *domain, ··· 3873 3854 struct pci_dev *pdev = NULL; 3874 3855 3875 3856 for_each_pci_dev(pdev) 3876 - if (pdev->external_facing) 3857 + if (pdev->external_facing) { 3858 + pci_dev_put(pdev); 3877 3859 return true; 3860 + } 3878 3861 3879 3862 return false; 3880 3863 } ··· 4511 4490 if (dev_is_pci(dev)) { 4512 4491 if (ecap_dev_iotlb_support(iommu->ecap) && 4513 4492 pci_ats_supported(pdev) && 4514 - dmar_ats_supported(pdev, iommu)) 4493 + dmar_ats_supported(pdev, iommu)) { 4515 4494 info->ats_supported = 1; 4516 - 4495 + info->dtlb_extra_inval = dev_needs_extra_dtlb_flush(pdev); 4496 + } 4517 4497 if (sm_supported(iommu)) { 4518 4498 if (pasid_supported(iommu)) { 4519 4499 int features = pci_pasid_features(pdev); ··· 4952 4930 4953 4931 pr_warn("Recommended TLB entries for ISOCH unit is 16; your BIOS set %d\n", 4954 4932 vtisochctrl); 4933 + } 4934 + 4935 + /* 4936 + * Here we deal with a device TLB defect where device may inadvertently issue ATS 4937 + * invalidation completion before posted writes initiated with translated address 4938 + * that utilized translations matching the invalidation address range, violating 4939 + * the invalidation completion ordering. 4940 + * Therefore, any use cases that cannot guarantee DMA is stopped before unmap is 4941 + * vulnerable to this defect. In other words, any dTLB invalidation initiated not 4942 + * under the control of the trusted/privileged host device driver must use this 4943 + * quirk. 4944 + * Device TLBs are invalidated under the following six conditions: 4945 + * 1. Device driver does DMA API unmap IOVA 4946 + * 2. Device driver unbind a PASID from a process, sva_unbind_device() 4947 + * 3. PASID is torn down, after PASID cache is flushed. e.g. process 4948 + * exit_mmap() due to crash 4949 + * 4. Under SVA usage, called by mmu_notifier.invalidate_range() where 4950 + * VM has to free pages that were unmapped 4951 + * 5. Userspace driver unmaps a DMA buffer 4952 + * 6. Cache invalidation in vSVA usage (upcoming) 4953 + * 4954 + * For #1 and #2, device drivers are responsible for stopping DMA traffic 4955 + * before unmap/unbind. For #3, iommu driver gets mmu_notifier to 4956 + * invalidate TLB the same way as normal user unmap which will use this quirk. 4957 + * The dTLB invalidation after PASID cache flush does not need this quirk. 4958 + * 4959 + * As a reminder, #6 will *NEED* this quirk as we enable nested translation. 4960 + */ 4961 + void quirk_extra_dev_tlb_flush(struct device_domain_info *info, 4962 + unsigned long address, unsigned long mask, 4963 + u32 pasid, u16 qdep) 4964 + { 4965 + u16 sid; 4966 + 4967 + if (likely(!info->dtlb_extra_inval)) 4968 + return; 4969 + 4970 + sid = PCI_DEVID(info->bus, info->devfn); 4971 + if (pasid == PASID_RID2PASID) { 4972 + qi_flush_dev_iotlb(info->iommu, sid, info->pfsid, 4973 + qdep, address, mask); 4974 + } else { 4975 + qi_flush_dev_iotlb_pasid(info->iommu, sid, info->pfsid, 4976 + pasid, qdep, address, mask); 4977 + } 4955 4978 }
+4
drivers/iommu/intel/iommu.h
··· 623 623 u8 pri_enabled:1; 624 624 u8 ats_supported:1; 625 625 u8 ats_enabled:1; 626 + u8 dtlb_extra_inval:1; /* Quirk for devices need extra flush */ 626 627 u8 ats_qdep; 627 628 struct device *dev; /* it's NULL for PCIe-to-PCI bridge */ 628 629 struct intel_iommu *iommu; /* IOMMU used by this device */ ··· 729 728 void qi_flush_dev_iotlb_pasid(struct intel_iommu *iommu, u16 sid, u16 pfsid, 730 729 u32 pasid, u16 qdep, u64 addr, 731 730 unsigned int size_order); 731 + void quirk_extra_dev_tlb_flush(struct device_domain_info *info, 732 + unsigned long address, unsigned long pages, 733 + u32 pasid, u16 qdep); 732 734 void qi_flush_pasid_cache(struct intel_iommu *iommu, u16 did, u64 granu, 733 735 u32 pasid); 734 736
+13 -6
drivers/iommu/intel/svm.c
··· 184 184 return; 185 185 186 186 qi_flush_piotlb(sdev->iommu, sdev->did, svm->pasid, address, pages, ih); 187 - if (info->ats_enabled) 187 + if (info->ats_enabled) { 188 188 qi_flush_dev_iotlb_pasid(sdev->iommu, sdev->sid, info->pfsid, 189 189 svm->pasid, sdev->qdep, address, 190 190 order_base_2(pages)); 191 + quirk_extra_dev_tlb_flush(info, address, order_base_2(pages), 192 + svm->pasid, sdev->qdep); 193 + } 191 194 } 192 195 193 196 static void intel_flush_svm_range_dev(struct intel_svm *svm, ··· 748 745 * If prq is to be handled outside iommu driver via receiver of 749 746 * the fault notifiers, we skip the page response here. 750 747 */ 751 - if (!pdev || intel_svm_prq_report(iommu, &pdev->dev, req)) 752 - handle_bad_prq_event(iommu, req, QI_RESP_INVALID); 748 + if (!pdev) 749 + goto bad_req; 753 750 754 - trace_prq_report(iommu, &pdev->dev, req->qw_0, req->qw_1, 755 - req->priv_data[0], req->priv_data[1], 756 - iommu->prq_seq_number++); 751 + if (intel_svm_prq_report(iommu, &pdev->dev, req)) 752 + handle_bad_prq_event(iommu, req, QI_RESP_INVALID); 753 + else 754 + trace_prq_report(iommu, &pdev->dev, req->qw_0, req->qw_1, 755 + req->priv_data[0], req->priv_data[1], 756 + iommu->prq_seq_number++); 757 + pci_dev_put(pdev); 757 758 prq_advance: 758 759 head = (head + sizeof(*req)) & PRQ_RING_MASK; 759 760 }