From: Jason Gunthorpe <jgg@nvidia.com>
To: iommu@lists.linux.dev, Kevin Tian <kevin.tian@intel.com>,
linux-kselftest@vger.kernel.org
Cc: kvm@vger.kernel.org, Nicolin Chen <nicolinc@nvidia.com>,
Yi Liu <yi.l.liu@intel.com>
Subject: [PATCH 01/14] iommufd: Move isolated msi enforcement to iommufd_device_bind()
Date: Fri, 24 Feb 2023 20:27:46 -0400 [thread overview]
Message-ID: <1-v1-7612f88c19f5+2f21-iommufd_alloc_jgg@nvidia.com> (raw)
In-Reply-To: <0-v1-7612f88c19f5+2f21-iommufd_alloc_jgg@nvidia.com>
With the recent rework this no longer needs to be done at domain
attachment time, we know if the device is usable by iommufd when we bind
it.
The value of msi_device_has_isolated_msi() is not allowed to change while
a driver is bound.
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
---
drivers/iommu/iommufd/device.c | 38 ++++++++++++++++++----------------
1 file changed, 20 insertions(+), 18 deletions(-)
diff --git a/drivers/iommu/iommufd/device.c b/drivers/iommu/iommufd/device.c
index c6f4852a8a0c08..63b65cdfe97f29 100644
--- a/drivers/iommu/iommufd/device.c
+++ b/drivers/iommu/iommufd/device.c
@@ -60,6 +60,26 @@ struct iommufd_device *iommufd_device_bind(struct iommufd_ctx *ictx,
if (!group)
return ERR_PTR(-ENODEV);
+ /*
+ * For historical compat with VFIO the insecure interrupt path is
+ * allowed if the module parameter is set. Insecure means that a MemWr
+ * operation from the device (eg a simple DMA) cannot trigger an
+ * interrupt outside this iommufd context.
+ */
+ if (!iommufd_selftest_is_mock_dev(dev) &&
+ !iommu_group_has_isolated_msi(group)) {
+ if (!allow_unsafe_interrupts) {
+ rc = -EPERM;
+ goto out_group_put;
+ }
+
+ dev_warn(
+ dev,
+ "MSI interrupts are not secure, they cannot be isolated by the platform. "
+ "Check that platform features like interrupt remapping are enabled. "
+ "Use the \"allow_unsafe_interrupts\" module parameter to override\n");
+ }
+
rc = iommu_device_claim_dma_owner(dev, ictx);
if (rc)
goto out_group_put;
@@ -146,24 +166,6 @@ static int iommufd_device_setup_msi(struct iommufd_device *idev,
*/
hwpt->msi_cookie = true;
}
-
- /*
- * For historical compat with VFIO the insecure interrupt path is
- * allowed if the module parameter is set. Insecure means that a MemWr
- * operation from the device (eg a simple DMA) cannot trigger an
- * interrupt outside this iommufd context.
- */
- if (!iommufd_selftest_is_mock_dev(idev->dev) &&
- !iommu_group_has_isolated_msi(idev->group)) {
- if (!allow_unsafe_interrupts)
- return -EPERM;
-
- dev_warn(
- idev->dev,
- "MSI interrupts are not secure, they cannot be isolated by the platform. "
- "Check that platform features like interrupt remapping are enabled. "
- "Use the \"allow_unsafe_interrupts\" module parameter to override\n");
- }
return 0;
}
--
2.39.1
next prev parent reply other threads:[~2023-02-25 0:28 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-25 0:27 [PATCH 00/14] Add iommufd physical device operations for replace and alloc hwpt Jason Gunthorpe
2023-02-25 0:27 ` Jason Gunthorpe [this message]
2023-03-02 7:45 ` [PATCH 01/14] iommufd: Move isolated msi enforcement to iommufd_device_bind() Tian, Kevin
2023-02-25 0:27 ` [PATCH 02/14] iommufd: Add iommufd_group Jason Gunthorpe
2023-03-02 7:55 ` Tian, Kevin
2023-03-02 12:51 ` Jason Gunthorpe
2023-03-03 2:13 ` Tian, Kevin
2023-03-06 19:16 ` Jason Gunthorpe
2023-03-07 2:32 ` Tian, Kevin
2023-02-25 0:27 ` [PATCH 03/14] iommufd: Replace the hwpt->devices list with iommufd_group Jason Gunthorpe
2023-03-02 8:01 ` Tian, Kevin
2023-03-06 20:22 ` Jason Gunthorpe
2023-03-07 2:38 ` Tian, Kevin
2023-03-07 13:53 ` Jason Gunthorpe
2023-03-08 7:29 ` Tian, Kevin
2023-03-08 19:00 ` Jason Gunthorpe
2023-02-25 0:27 ` [PATCH 04/14] iommufd: Use the iommufd_group to avoid duplicate reserved groups and msi setup Jason Gunthorpe
2023-03-02 8:06 ` Tian, Kevin
2023-03-02 12:55 ` Jason Gunthorpe
2023-03-03 2:16 ` Tian, Kevin
2023-02-25 0:27 ` [PATCH 05/14] iommufd: Make sw_msi_start a group global Jason Gunthorpe
2023-03-02 8:09 ` Tian, Kevin
2023-03-06 20:27 ` Jason Gunthorpe
2023-02-25 0:27 ` [PATCH 06/14] iommufd: Move putting a hwpt to a helper function Jason Gunthorpe
2023-03-02 8:12 ` Tian, Kevin
2023-03-06 20:29 ` Jason Gunthorpe
2023-02-25 0:27 ` [PATCH 07/14] iommufd: Add enforced_cache_coherency to iommufd_hw_pagetable_alloc() Jason Gunthorpe
2023-03-02 8:14 ` Tian, Kevin
2023-02-25 0:27 ` [PATCH 08/14] iommu: Introduce a new iommu_group_replace_domain() API Jason Gunthorpe
2023-03-02 8:16 ` Tian, Kevin
2023-02-25 0:27 ` [PATCH 09/14] iommufd: Add iommufd_device_replace() Jason Gunthorpe
2023-02-26 3:01 ` Baolu Lu
2023-02-27 13:58 ` Jason Gunthorpe
2023-02-28 1:50 ` Baolu Lu
2023-02-28 13:51 ` Jason Gunthorpe
2023-03-01 1:55 ` Baolu Lu
2023-02-26 3:13 ` Baolu Lu
2023-02-27 14:00 ` Jason Gunthorpe
2023-02-28 2:10 ` Baolu Lu
2023-02-28 13:52 ` Jason Gunthorpe
2023-03-01 2:23 ` Baolu Lu
2023-03-02 8:20 ` Tian, Kevin
2023-03-06 20:44 ` Jason Gunthorpe
2023-03-07 2:42 ` Tian, Kevin
2023-03-07 13:54 ` Jason Gunthorpe
2023-02-25 0:27 ` [PATCH 10/14] iommufd: Make destroy_rwsem use a lock class per object type Jason Gunthorpe
2023-02-25 0:27 ` [PATCH 11/14] iommufd/selftest: Test iommufd_device_replace() Jason Gunthorpe
2023-02-25 0:27 ` [PATCH 12/14] iommufd: Add IOMMU_HWPT_ALLOC Jason Gunthorpe
2023-03-06 1:42 ` Nicolin Chen
2023-03-06 20:31 ` Jason Gunthorpe
2023-03-17 3:02 ` Tian, Kevin
2023-03-17 4:02 ` Nicolin Chen
2023-03-17 10:20 ` Tian, Kevin
2023-03-21 17:16 ` Jason Gunthorpe
2023-02-25 0:27 ` [PATCH 13/14] iommufd/selftest: Return the real idev id from selftest mock_domain Jason Gunthorpe
2023-02-25 0:27 ` [PATCH 14/14] iommufd/selftest: Add a selftest for IOMMU_HWPT_ALLOC Jason Gunthorpe
2023-02-26 19:29 ` Nicolin Chen
2023-02-27 15:02 ` Jason Gunthorpe
2023-02-28 0:17 ` Nicolin Chen
2023-03-07 8:42 ` [PATCH 00/14] Add iommufd physical device operations for replace and alloc hwpt Tian, Kevin
2023-03-07 12:46 ` Jason Gunthorpe
2023-03-08 2:08 ` Baolu Lu
2023-03-08 7:38 ` Tian, Kevin
2023-03-08 18:59 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1-v1-7612f88c19f5+2f21-iommufd_alloc_jgg@nvidia.com \
--to=jgg@nvidia.com \
--cc=iommu@lists.linux.dev \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=nicolinc@nvidia.com \
--cc=yi.l.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox