From: Bjorn Helgaas <helgaas@kernel.org>
To: Ilya Lesokhin <ilyal@mellanox.com>
Cc: kvm@vger.kernel.org, linux-pci@vger.kernel.org,
bhelgaas@google.com, alex.williamson@redhat.com,
noaos@mellanox.com, haggaie@mellanox.com, ogerlitz@mellanox.com,
liranl@mellanox.com
Subject: Re: [RFC V2 2/4] IOMMU: Force the VFs of an untrusted PF device to be in the PFs IOMMU group
Date: Thu, 25 Feb 2016 09:37:26 -0600 [thread overview]
Message-ID: <20160225153726.GD8120@localhost> (raw)
In-Reply-To: <1454574537-123466-3-git-send-email-ilyal@mellanox.com>
On Thu, Feb 04, 2016 at 10:28:55AM +0200, Ilya Lesokhin wrote:
> Add a new PCI_DEV_FLAGS_UNTRUSTED to indicate that a PCI device
> is probed by a driver that gives untrusted entities access to that device.
> Make iommu_group_get_for_pci_dev check the new flag when an IOMMU
> group is selected for a virtual function.
> Mark VFIO devices with the new flag.
>
> Signed-off-by: Ilya Lesokhin <ilyal@mellanox.com>
> ---
> drivers/iommu/iommu.c | 4 ++++
> drivers/vfio/pci/vfio_pci.c | 3 +++
> include/linux/pci.h | 1 +
> 3 files changed, 8 insertions(+)
>
> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
> index 049df49..864b459 100644
> --- a/drivers/iommu/iommu.c
> +++ b/drivers/iommu/iommu.c
> @@ -738,6 +738,10 @@ static struct iommu_group *iommu_group_get_for_pci_dev(struct pci_dev *pdev)
> struct iommu_group *group = NULL;
> u64 devfns[4] = { 0 };
>
> + if (pdev->is_virtfn &&
> + (pdev->physfn->dev_flags & PCI_DEV_FLAGS_UNTRUSTED))
> + return iommu_group_get(&pdev->physfn->dev);
> +
> /*
> * Find the upstream DMA alias for the device. A device must not
> * be aliased due to topology in order to have its own IOMMU group.
> diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c
> index 964ad57..ddcfd2c 100644
> --- a/drivers/vfio/pci/vfio_pci.c
> +++ b/drivers/vfio/pci/vfio_pci.c
> @@ -982,6 +982,8 @@ static int vfio_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
> pci_set_power_state(pdev, PCI_D3hot);
> }
>
> + pdev->dev_flags |= PCI_DEV_FLAGS_UNTRUSTED;
> +
> return ret;
> }
>
> @@ -989,6 +991,7 @@ static void vfio_pci_remove(struct pci_dev *pdev)
> {
> struct vfio_pci_device *vdev;
>
> + pdev->dev_flags &= ~PCI_DEV_FLAGS_UNTRUSTED;
> vdev = vfio_del_group_dev(&pdev->dev);
> if (!vdev)
> return;
> diff --git a/include/linux/pci.h b/include/linux/pci.h
> index e90eb22..6330327 100644
> --- a/include/linux/pci.h
> +++ b/include/linux/pci.h
> @@ -182,6 +182,7 @@ enum pci_dev_flags {
> PCI_DEV_FLAGS_NO_PM_RESET = (__force pci_dev_flags_t) (1 << 7),
> /* Get VPD from function 0 VPD */
> PCI_DEV_FLAGS_VPD_REF_F0 = (__force pci_dev_flags_t) (1 << 8),
> + PCI_DEV_FLAGS_UNTRUSTED = (__force pci_dev_flags_t) (1 << 9),
I'm raising my eyebrows a bit at this. PCI_DEV_FLAGS_UNTRUSTED
doesn't seem like a PCI core property, so it seems like the PCI core
is an innocent bystander here (it neither sets nor checks the flag),
and you're asking it to keep track of bookkeeping details for other
unrelated entities.
> };
>
> enum pci_irq_reroute_variant {
> --
> 1.8.3.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-pci" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2016-02-25 15:37 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-04 8:28 [RFC V2 0/4] VFIO SRIOV support Ilya Lesokhin
2016-02-04 8:28 ` [RFC V2 1/4] VFIO: Probe new devices in a live VFIO group with the VFIO driver Ilya Lesokhin
2016-02-04 8:28 ` [RFC V2 2/4] IOMMU: Force the VFs of an untrusted PF device to be in the PFs IOMMU group Ilya Lesokhin
2016-02-25 15:37 ` Bjorn Helgaas [this message]
2016-02-25 17:54 ` Bjorn Helgaas
2016-02-04 8:28 ` [RFC V2 3/4] PCI: Expose iov_set_numvfs and iov_resource_size for modules Ilya Lesokhin
2016-02-04 8:28 ` [RFC V2 4/4] VFIO: Add support for SRIOV extended capablity Ilya Lesokhin
2016-02-25 15:35 ` [RFC V2 0/4] VFIO SRIOV support Bjorn Helgaas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160225153726.GD8120@localhost \
--to=helgaas@kernel.org \
--cc=alex.williamson@redhat.com \
--cc=bhelgaas@google.com \
--cc=haggaie@mellanox.com \
--cc=ilyal@mellanox.com \
--cc=kvm@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=liranl@mellanox.com \
--cc=noaos@mellanox.com \
--cc=ogerlitz@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).