RE: [PATCH 2/2] iommu/vt-d: Share DMAR fault IRQ to prevent vector exhaustion

[Tian, Kevin]

> From: Jacob Pan <jacob.jun.pan@xxxxxxxxxxxxxxx>
> Sent: Thursday, April 4, 2024 7:46 AM
> 
> DMAR fault interrupt is used for per-IOMMU unrecoverable fault reporting,
> it occurs only if there is a kernel programming error or serious hardware
> failure. In other words, they should never occur under normal circumstances.

this is not accurate. When a device is assigned to a malicious guest then
it's not unusual to observe faults.

in this context you probably meant that it's not a performance path hence
sharing the vector is acceptable.

>
> @@ -1182,7 +1182,6 @@ static void free_iommu(struct intel_iommu
> *iommu)
>  			iommu->pr_irq = 0;
>  		}
>  		free_irq(iommu->fault_irq, iommu);
> -		dmar_free_hwirq(iommu->fault_irq);

You still want to free the vector for the iommu which first gets the
vector allocated.

> @@ -1956,9 +1955,8 @@ void dmar_msi_mask(struct irq_data *data)
>  	raw_spin_unlock_irqrestore(&iommu->register_lock, flag);
>  }
> 
> -void dmar_msi_write(int irq, struct msi_msg *msg)
> +static void dmar_msi_write_msg(struct intel_iommu *iommu, int irq, struct
> msi_msg *msg)
>  {

what about iommu_msi_write_msg() to match the first parameter?

otherwise it leads to a slightly circled calltrace:
	dmar_msi_write_msg()
		dmar_msi_write()
			dmar_msi_write_msg()

> +
> +	/*
> +	 * Only the owner IOMMU of the shared IRQ has its fault event
> +	 * interrupt unmasked after request_irq(), the rest are explicitly
> +	 * unmasked.
> +	 */
> +	if (!(iommu->flags & VTD_FLAG_FAULT_IRQ_OWNER))
> +		dmar_fault_irq_unmask(iommu);
> +

em there is a problem in dmar_msi_mask() and dmar_msi_mask()
which only touches the owner IOMMU. With this shared vector
approach we should mask/unmask all IOMMU's together.