Re: [PATCH v5 7/7] iommu/vt-d: Differentiate relaxable and non relaxable RMRRs

From: Auger Eric
Date: Wed May 29 2019 - 11:47:25 EST


Hi Lu,

On 5/29/19 4:34 AM, Lu Baolu wrote:
> Hi,
>
> On 5/28/19 7:50 PM, Eric Auger wrote:
>> Now we have a new IOMMU_RESV_DIRECT_RELAXABLE reserved memory
>> region type, let's report USB and GFX RMRRs as relaxable ones.
>>
>> We introduce a new device_rmrr_is_relaxable() helper to check
>> whether the rmrr belongs to the relaxable category.
>>
>> This allows to have a finer reporting at IOMMU API level of
>> reserved memory regions. This will be exploitable by VFIO to
>> define the usable IOVA range and detect potential conflicts
>> between the guest physical address space and host reserved
>> regions.
>>
>> Signed-off-by: Eric Auger <eric.auger@xxxxxxxxxx>
>>
>> ---
>>
>> v3 -> v4:
>> - introduce device_rmrr_is_relaxable and reshuffle the comments
>> ---
>> Â drivers/iommu/intel-iommu.c | 55 +++++++++++++++++++++++++++----------
>> Â 1 file changed, 40 insertions(+), 15 deletions(-)
>>
>> diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
>> index 9302351818ab..01c82f848470 100644
>> --- a/drivers/iommu/intel-iommu.c
>> +++ b/drivers/iommu/intel-iommu.c
>> @@ -2920,6 +2920,36 @@ static bool device_has_rmrr(struct device *dev)
>> ÂÂÂÂÂ return false;
>> Â }
>> Â +/*
>> + * device_rmrr_is_relaxable - Test whether the RMRR of this device
>> + * is relaxable (ie. is allowed to be not enforced under some
>> conditions)
>> + *
>> + * @dev: device handle
>> + *
>> + * We assume that PCI USB devices with RMRRs have them largely
>> + * for historical reasons and that the RMRR space is not actively
>> used post
>> + * boot. This exclusion may change if vendors begin to abuse it.
>> + *
>> + * The same exception is made for graphics devices, with the
>> requirement that
>> + * any use of the RMRR regions will be torn down before assigning the
>> device
>> + * to a guest.
>> + *
>> + * Return: true if the RMRR is relaxable
>> + */
>> +static bool device_rmrr_is_relaxable(struct device *dev)
>> +{
>> +ÂÂÂ struct pci_dev *pdev;
>> +
>> +ÂÂÂ if (!dev_is_pci(dev))
>> +ÂÂÂÂÂÂÂ return false;
>> +
>> +ÂÂÂ pdev = to_pci_dev(dev);
>> +ÂÂÂ if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
>> +ÂÂÂÂÂÂÂ return true;
>> +ÂÂÂ else
>> +ÂÂÂÂÂÂÂ return false;
>> +}
>
> I know this is only code refactoring. But strictly speaking, the rmrr of
> any USB host device is ignorable only if quirk_usb_early_handoff() has
> been called. There, the control of USB host controller will be handed
> over from BIOS to OS and the corresponding SMI are disabled.
>
> This function is registered in drivers/usb/host/pci-quirks.c
>
> DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_ANY_ID, PCI_ANY_ID,
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ PCI_CLASS_SERIAL_USB, 8, quirk_usb_early_handoff);
>
> and only get compiled if CONFIG_USB_PCI is enabled.
>
> Hence, it's safer to say:
>
> +#ifdef CONFIG_USB_PCI
> +ÂÂÂ if (IS_USB_DEVICE(pdev))
> +ÂÂÂÂÂÂÂ return true;
> +#endif /* CONFIG_USB_PCI */
>
> I am okay if we keep this untouched and make this change within a
> separated patch.

As we first checked whether the device was a pci device, isn't it
sufficient to guarantee the quirk is setup?

As you suggested, I am inclined to keep it as a separate patch anyway.

Thank you for the review!

Best Regards

Eric
>
>> +
>> Â /*
>> ÂÂ * There are a couple cases where we need to restrict the
>> functionality of
>>  * devices associated with RMRRs. The first is when evaluating a
>> device for
>> @@ -2934,25 +2964,16 @@ static bool device_has_rmrr(struct device *dev)
>> ÂÂ * We therefore prevent devices associated with an RMRR from
>> participating in
>> ÂÂ * the IOMMU API, which eliminates them from device assignment.
>> ÂÂ *
>> - * In both cases we assume that PCI USB devices with RMRRs have them
>> largely
>> - * for historical reasons and that the RMRR space is not actively
>> used post
>> - * boot. This exclusion may change if vendors begin to abuse it.
>> - *
>> - * The same exception is made for graphics devices, with the
>> requirement that
>> - * any use of the RMRR regions will be torn down before assigning the
>> device
>> - * to a guest.
>> + * In both cases, devices which have relaxable RMRRs are not
>> concerned by this
>> + * restriction. See device_rmrr_is_relaxable comment.
>> ÂÂ */
>> Â static bool device_is_rmrr_locked(struct device *dev)
>> Â {
>> ÂÂÂÂÂ if (!device_has_rmrr(dev))
>> ÂÂÂÂÂÂÂÂÂ return false;
>> Â -ÂÂÂ if (dev_is_pci(dev)) {
>> -ÂÂÂÂÂÂÂ struct pci_dev *pdev = to_pci_dev(dev);
>> -
>> -ÂÂÂÂÂÂÂ if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
>> -ÂÂÂÂÂÂÂÂÂÂÂ return false;
>> -ÂÂÂ }
>> +ÂÂÂ if (device_rmrr_is_relaxable(dev))
>> +ÂÂÂÂÂÂÂ return false;
>> Â ÂÂÂÂÂ return true;
>> Â }
>> @@ -5494,6 +5515,7 @@ static void intel_iommu_get_resv_regions(struct
>> device *device,
>> ÂÂÂÂÂÂÂÂÂ for_each_active_dev_scope(rmrr->devices, rmrr->devices_cnt,
>> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ i, i_dev) {
>> ÂÂÂÂÂÂÂÂÂÂÂÂÂ struct iommu_resv_region *resv;
>> +ÂÂÂÂÂÂÂÂÂÂÂ enum iommu_resv_type type;
>> ÂÂÂÂÂÂÂÂÂÂÂÂÂ size_t length;
>> Â ÂÂÂÂÂÂÂÂÂÂÂÂÂ if (i_dev != device &&
>> @@ -5501,9 +5523,12 @@ static void intel_iommu_get_resv_regions(struct
>> device *device,
>> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ continue;
>> Â ÂÂÂÂÂÂÂÂÂÂÂÂÂ length = rmrr->end_address - rmrr->base_address + 1;
>> +
>> +ÂÂÂÂÂÂÂÂÂÂÂ type = device_rmrr_is_relaxable(device) ?
>> +ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ IOMMU_RESV_DIRECT_RELAXABLE : IOMMU_RESV_DIRECT;
>> +
>> ÂÂÂÂÂÂÂÂÂÂÂÂÂ resv = iommu_alloc_resv_region(rmrr->base_address,
>> -ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ length, prot,
>> -ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ IOMMU_RESV_DIRECT);
>> +ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ length, prot, type);
>> ÂÂÂÂÂÂÂÂÂÂÂÂÂ if (!resv)
>> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ break;
>> Â
>
> Other looks good to me.
>
> Reviewed-by: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>
>
> Best regards,
> Baolu