Re: [PATCH 3/5] vfio/pci: add qat devices to blocklist

From: Bjorn Helgaas
Date: Wed Jul 01 2020 - 17:28:18 EST


On Wed, Jul 01, 2020 at 12:03:00PM +0100, Giovanni Cabiddu wrote:
> The current generation of Intel® QuickAssist Technology devices
> are not designed to run in an untrusted environment because of the
> following issues reported in the release notes in
> https://01.org/intel-quickassist-technology:

It would be nice if this link were directly clickable, e.g., if there
were no trailing ":" or something.

And it would be even better if it went to a specific doc that
described these issues. I assume these are errata, and it's not easy
to figure out which doc mentions them.

> QATE-39220 - GEN - Intel® QAT API submissions with bad addresses that
> trigger DMA to invalid or unmapped addresses can cause a
> platform hang
> QATE-7495 - GEN - An incorrectly formatted request to Intel® QAT can
> hang the entire Intel® QAT Endpoint
>
> This patch adds the following QAT devices to the blocklist: DH895XCC,
> C3XXX and C62X.
>
> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@xxxxxxxxx>
> ---
> drivers/vfio/pci/vfio_pci.c | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c
> index ea5904ca6cbf..dcac5408c764 100644
> --- a/drivers/vfio/pci/vfio_pci.c
> +++ b/drivers/vfio/pci/vfio_pci.c
> @@ -75,6 +75,21 @@ static inline bool vfio_vga_disabled(void)
>
> static bool vfio_pci_dev_in_blocklist(struct pci_dev *pdev)
> {
> + switch (pdev->vendor) {
> + case PCI_VENDOR_ID_INTEL:
> + switch (pdev->device) {
> + case PCI_DEVICE_ID_INTEL_QAT_C3XXX:
> + case PCI_DEVICE_ID_INTEL_QAT_C3XXX_VF:
> + case PCI_DEVICE_ID_INTEL_QAT_C62X:
> + case PCI_DEVICE_ID_INTEL_QAT_C62X_VF:
> + case PCI_DEVICE_ID_INTEL_QAT_DH895XCC:
> + case PCI_DEVICE_ID_INTEL_QAT_DH895XCC_VF:
> + return true;
> + default:
> + return false;
> + }
> + }
> +
> return false;
> }
>
> --
> 2.26.2
>