Xen project Mailing List

Re: [PATCH RFC] pci/ats: do not allow broken devices to be assigned

To: Roger Pau Monne <roger.pau@xxxxxxxxxx>

Date: Thu, 24 Feb 2022 13:58:31 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WjpLk9EzMqLrv4I7VyEkS5pYbehDb2Yx0JN2Qh2mtOE=; b=aeyy1zzz9RXwMafXCzCEgCQjwQwSk944m/ELUnMRI6nTCfhGVWtWKwZck6YgE2fp0W9KPxwQRgZG95EkALk/6gt3hIhx1lZ87NhB57KpdXue59wsBBNDjS6HfqGB4WR0KPlBZm/Hij9vOCTtSLYXBASrVcLKQglEd9nGrtwnziAt554x8a9TaSqBVkzJHrriZ2m27AIy+yybS4lPoDZcAnaW6y4todWVZdbIwU9htl0LjzLQmFnSd4SwB4i73nTd8NS1XHRzSon/3E7q8hKUho3f7MxqqV1ezTDD52AMk3bRW72ssaBjumkom+BYs6COUDV5M6jtF6ZDCG+G3acFMg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Le5O/5UmblZxSPYVtcrgtGk4kr0AITyou8ND4rLE0wIKMfqg4UKY+lq2hS5rk2bdCcdJkoy80wQLqdVRsJ9p356eEsO4rTC9173XtTGXfnldE2aPClHBKU/6iTsxQj5kIuQd0EAUMoayqR/7nN2VIKCiFRDslzJpld/uxXymuooO982DmX/CiBc7szT6a4SDbK3W3laSuN2yRG/G7vW9OdIo/iMVqbPa4iirWVg7FosxzIAZ+2PPgXPUZqSdwmR3w/RcX5+RmYycjn4+7qotZ+YDwiLbSWobgjKKKl4MsW2Si8vFS9/xPPVglVEe1Xy5gE+wm/eSvhXYNCqOA/mbsQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Paul Durrant <paul@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Oleksandr Andrushchenko <andr2000@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Thu, 24 Feb 2022 12:58:44 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 24.02.2022 13:43, Roger Pau Monne wrote: > Introduce a new field to mark devices as broken: having it set > prevents the device from being assigned to domains. Use the field in > order to mark ATS devices that have failed a flush as broken, thus > preventing them to be assigned to any guest. > > This allows the device IOMMU context entry to be cleaned up properly, > as calling _pci_hide_device will just change the ownership of the > device, but the IOMMU context entry of the device would be left as-is. > It would also leak a Domain ID, as removing the device from it's > previous owner will allow releasing the DID used by the device without > having cleaned up the context entry. > > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> > --- > RFC: I haven't tested the code path, as I have no ATS devices on the > box I'm currently testing on. In any case, ATS is not supported, and > removing the call to _pci_hide_device in iommu_dev_iotlb_flush_timeout > should allow to remove the dependency on recursive pcidevs lock. No objection in principle. Whether this is the only dependency on recursive pcidevs lock isn't really know though, is it? > TBD: it's unclear whether we still need the pcidevs_lock in > iommu_dev_iotlb_flush_timeout. The caller of > iommu_dev_iotlb_flush_timeout is already bogus as it iterates over a > list of pdevs without holding the pcidevs_lock. Analysis of whether / where recursive uses are needed should imo include cases where the lock ought to be held, but currently isn't (like apparently this case). > @@ -1487,6 +1487,11 @@ static int assign_device(struct domain *d, u16 seg, u8 > bus, u8 devfn, u32 flag) > ASSERT(pdev && (pdev->domain == hardware_domain || > pdev->domain == dom_io)); > > + /* Do not allow broken devices to be assigned. */ > + rc = -EBADF; > + if ( pdev->broken ) > + goto done; I think this wants exceptions for Dom0 and DomIO. An admin may be able to fix things in Dom0, e.g. by updating device firmware. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.