From: Baolu Lu <baolu.lu@linux.intel.com>
To: Ethan Zhao <haifeng.zhao@linux.intel.com>,
Joerg Roedel <joro@8bytes.org>, Kevin Tian <kevin.tian@intel.com>,
Ashok Raj <ashok.raj@intel.com>
Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
Chenyi Qiang <chenyi.qiang@intel.com>,
iommu@lists.linux-foundation.org,
Jacob jun Pan <jacob.jun.pan@intel.com>
Subject: Re: [PATCH 1/1] iommu/vt-d: Fix RID2PASID setup failure
Date: Wed, 22 Jun 2022 11:22:31 +0800 [thread overview]
Message-ID: <809824df-bb33-a878-0652-02f7eb135fa4@linux.intel.com> (raw)
In-Reply-To: <30d27b02-0fec-d595-75a0-155eee1c84d6@linux.intel.com>
On 2022/6/22 10:56, Ethan Zhao wrote:
> 在 2022/6/20 16:17, Lu Baolu 写道:
>> The IOMMU driver shares the pasid table for PCI alias devices. When the
>> RID2PASID entry of the shared pasid table has been filled by the first
>> device, the subsequent devices will encounter the "DMAR: Setup RID2PASID
>> failed" failure as the pasid entry has already been marke as present. As
>> the result, the IOMMU probing process will be aborted.
>>
>> This fixes it by skipping RID2PASID setting if the pasid entry has been
>> populated. This works because the IOMMU core ensures that only the same
>> IOMMU domain can be attached to all PCI alias devices at the same time.
>> Therefore the subsequent devices just try to setup the RID2PASID entry
>> with the same domain, which is negligible.
> We have two customers reported the issue "DMAR: Setup RID2PASID
> failed",
>
> Two ASPEED devices locate behind one PCIe-PCI bridge and iommu SM, PT
> mode is enabled. Most
>
> Interesting thing is the second device is only used by BIOS, and BIOS
> left it to OS without shutting down,
>
> and it is useless for OS.
This sounds odd. Isn't this a bug?
> Is there practical case multi devices behind
> PCIe-PCI bridge share the same
>
> PASID entry without any security concern ? these two customer's case is
> not.
The devices underneath the PCIe-PCI bridge are alias devices of the
bridge. PCI alias devices always sit in the same group (the minimal unit
that IOMMU guarantees isolation) and can only be attached with a same
domain (managed I/O address space). Hence, there's no security concern
if they further share the pasid table.
Best regards,
baolu
_______________________________________________
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu
WARNING: multiple messages have this Message-ID (diff)
From: Baolu Lu <baolu.lu@linux.intel.com>
To: Ethan Zhao <haifeng.zhao@linux.intel.com>,
Joerg Roedel <joro@8bytes.org>, Kevin Tian <kevin.tian@intel.com>,
Ashok Raj <ashok.raj@intel.com>
Cc: baolu.lu@linux.intel.com, Chenyi Qiang <chenyi.qiang@intel.com>,
Liu Yi L <yi.l.liu@intel.com>,
Jacob jun Pan <jacob.jun.pan@intel.com>,
iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH 1/1] iommu/vt-d: Fix RID2PASID setup failure
Date: Wed, 22 Jun 2022 11:22:31 +0800 [thread overview]
Message-ID: <809824df-bb33-a878-0652-02f7eb135fa4@linux.intel.com> (raw)
In-Reply-To: <30d27b02-0fec-d595-75a0-155eee1c84d6@linux.intel.com>
On 2022/6/22 10:56, Ethan Zhao wrote:
> 在 2022/6/20 16:17, Lu Baolu 写道:
>> The IOMMU driver shares the pasid table for PCI alias devices. When the
>> RID2PASID entry of the shared pasid table has been filled by the first
>> device, the subsequent devices will encounter the "DMAR: Setup RID2PASID
>> failed" failure as the pasid entry has already been marke as present. As
>> the result, the IOMMU probing process will be aborted.
>>
>> This fixes it by skipping RID2PASID setting if the pasid entry has been
>> populated. This works because the IOMMU core ensures that only the same
>> IOMMU domain can be attached to all PCI alias devices at the same time.
>> Therefore the subsequent devices just try to setup the RID2PASID entry
>> with the same domain, which is negligible.
> We have two customers reported the issue "DMAR: Setup RID2PASID
> failed",
>
> Two ASPEED devices locate behind one PCIe-PCI bridge and iommu SM, PT
> mode is enabled. Most
>
> Interesting thing is the second device is only used by BIOS, and BIOS
> left it to OS without shutting down,
>
> and it is useless for OS.
This sounds odd. Isn't this a bug?
> Is there practical case multi devices behind
> PCIe-PCI bridge share the same
>
> PASID entry without any security concern ? these two customer's case is
> not.
The devices underneath the PCIe-PCI bridge are alias devices of the
bridge. PCI alias devices always sit in the same group (the minimal unit
that IOMMU guarantees isolation) and can only be attached with a same
domain (managed I/O address space). Hence, there's no security concern
if they further share the pasid table.
Best regards,
baolu
next prev parent reply other threads:[~2022-06-22 3:22 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-20 8:17 [PATCH 1/1] iommu/vt-d: Fix RID2PASID setup failure Lu Baolu
2022-06-20 8:17 ` Lu Baolu
2022-06-20 8:31 ` Yi Liu
2022-06-20 8:31 ` Yi Liu
2022-06-20 8:57 ` Baolu Lu
2022-06-20 8:57 ` Baolu Lu
2022-06-21 2:54 ` Tian, Kevin
2022-06-21 2:54 ` Tian, Kevin
2022-06-21 3:39 ` Baolu Lu
2022-06-21 3:39 ` Baolu Lu
2022-06-21 3:46 ` Tian, Kevin
2022-06-21 3:46 ` Tian, Kevin
2022-06-21 4:28 ` Baolu Lu
2022-06-21 4:28 ` Baolu Lu
2022-06-21 5:48 ` Tian, Kevin
2022-06-21 5:48 ` Tian, Kevin
2022-06-21 6:15 ` Baolu Lu
2022-06-21 6:15 ` Baolu Lu
2022-06-21 9:03 ` Baolu Lu
2022-06-21 9:03 ` Baolu Lu
2022-06-22 3:06 ` Tian, Kevin
2022-06-22 3:06 ` Tian, Kevin
2022-06-22 3:27 ` Baolu Lu
2022-06-22 3:27 ` Baolu Lu
2022-06-22 3:31 ` Tian, Kevin
2022-06-22 3:31 ` Tian, Kevin
2022-06-22 4:39 ` Baolu Lu
2022-06-22 4:39 ` Baolu Lu
2022-06-22 2:56 ` Ethan Zhao
2022-06-22 3:22 ` Baolu Lu [this message]
2022-06-22 3:22 ` Baolu Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=809824df-bb33-a878-0652-02f7eb135fa4@linux.intel.com \
--to=baolu.lu@linux.intel.com \
--cc=ashok.raj@intel.com \
--cc=chenyi.qiang@intel.com \
--cc=haifeng.zhao@linux.intel.com \
--cc=iommu@lists.linux-foundation.org \
--cc=jacob.jun.pan@intel.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.