From: Alex Williamson <alex.williamson@redhat.com>
To: Ilya Lesokhin <ilyal@mellanox.com>
Cc: kvm@vger.kernel.org, linux-pci@vger.kernel.org,
bhelgaas@google.com, noaos@mellanox.com, haggaie@mellanox.com,
ogerlitz@mellanox.com, liranl@mellanox.com
Subject: Re: [PATCH 2/4] IOMMU: Force the VFs of an untrusted PF device to be in the PFs IOMMU group
Date: Thu, 9 Jun 2016 16:21:20 -0600 [thread overview]
Message-ID: <20160609162120.43082847@ul30vt.home> (raw)
In-Reply-To: <1465474173-53960-3-git-send-email-ilyal@mellanox.com>
On Thu, 9 Jun 2016 15:09:30 +0300
Ilya Lesokhin <ilyal@mellanox.com> wrote:
> Add a new PCI_DEV_FLAGS_UNTRUSTED to indicate that a PCI device
> is probed by a driver that gives untrusted entities access to that device.
> Make iommu_group_get_for_pci_dev check the new flag when an IOMMU
> group is selected for a virtual function.
> Mark VFIO devices with the new flag.
>
> Signed-off-by: Ilya Lesokhin <ilyal@mellanox.com>
> ---
> drivers/iommu/iommu.c | 4 ++++
> drivers/vfio/pci/vfio_pci.c | 3 +++
> include/linux/pci.h | 3 +++
> 3 files changed, 10 insertions(+)
>
> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
> index 3000051..9bb914c 100644
> --- a/drivers/iommu/iommu.c
> +++ b/drivers/iommu/iommu.c
> @@ -749,6 +749,10 @@ struct iommu_group *pci_device_group(struct device *dev)
> struct pci_bus *bus;
> struct iommu_group *group = NULL;
> u64 devfns[4] = { 0 };
> +
> + if (pdev->is_virtfn &&
> + (pdev->physfn->dev_flags & PCI_DEV_FLAGS_UNTRUSTED))
> + return iommu_group_get(&pdev->physfn->dev);
This deserves a comment in the code as well as the commit log, but more
importantly the side effect of this is that the user can't make use of
separate IOMMU domains for the PF vs the VF. I think this ends up
making the entire solution incompatible with things like vIOMMU since
we really need to be able to create separate address spaces per device
to make that work. What's the point of enabling SR-IOV from userspace
if we can't do things like assign VFs to nested guests or userspace in
the guest? This is an incomplete feature with that restriction.
Thanks,
Alex
>
> if (WARN_ON(!dev_is_pci(dev)))
> return ERR_PTR(-EINVAL);
> diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c
> index 188b1ff..72d048e 100644
> --- a/drivers/vfio/pci/vfio_pci.c
> +++ b/drivers/vfio/pci/vfio_pci.c
> @@ -1180,6 +1180,8 @@ static int vfio_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
> pci_set_power_state(pdev, PCI_D3hot);
> }
>
> + pdev->dev_flags |= PCI_DEV_FLAGS_UNTRUSTED;
> +
> return ret;
> }
>
> @@ -1187,6 +1189,7 @@ static void vfio_pci_remove(struct pci_dev *pdev)
> {
> struct vfio_pci_device *vdev;
>
> + pdev->dev_flags &= ~PCI_DEV_FLAGS_UNTRUSTED;
> vdev = vfio_del_group_dev(&pdev->dev);
> if (!vdev)
> return;
> diff --git a/include/linux/pci.h b/include/linux/pci.h
> index b67e4df..bef9115 100644
> --- a/include/linux/pci.h
> +++ b/include/linux/pci.h
> @@ -174,6 +174,9 @@ enum pci_dev_flags {
> PCI_DEV_FLAGS_NO_PM_RESET = (__force pci_dev_flags_t) (1 << 7),
> /* Get VPD from function 0 VPD */
> PCI_DEV_FLAGS_VPD_REF_F0 = (__force pci_dev_flags_t) (1 << 8),
> + /* Untrusted software controls this device
> + * The VFs of this device should be put in the device's IOMMUs group*/
> + PCI_DEV_FLAGS_UNTRUSTED = (__force pci_dev_flags_t) (1 << 9),
> };
>
> enum pci_irq_reroute_variant {
next prev parent reply other threads:[~2016-06-09 22:21 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-09 12:09 [PATCH 0/4] VFIO SR-IOV support Ilya Lesokhin
2016-06-09 12:09 ` [PATCH 1/4] VFIO: Probe new devices in a live VFIO group with the VFIO driver Ilya Lesokhin
2016-06-09 22:21 ` Alex Williamson
2016-06-13 6:33 ` Ilya Lesokhin
2016-06-13 16:02 ` Alex Williamson
2016-06-09 12:09 ` [PATCH 2/4] IOMMU: Force the VFs of an untrusted PF device to be in the PFs IOMMU group Ilya Lesokhin
2016-06-09 12:56 ` kbuild test robot
2016-06-09 15:21 ` kbuild test robot
2016-06-09 22:21 ` Alex Williamson [this message]
2016-06-13 7:08 ` Ilya Lesokhin
2016-06-13 16:00 ` Alex Williamson
2016-06-16 12:46 ` Ilya Lesokhin
2016-06-09 12:09 ` [PATCH 3/4] PCI: Expose iov_set_numvfs and iov_resource_size for modules Ilya Lesokhin
2016-06-09 12:27 ` kbuild test robot
2016-06-09 12:09 ` [PATCH 4/4] VFIO: Add support for SR-IOV extended capablity Ilya Lesokhin
2016-06-09 12:09 ` [PATCH 4/4] VFIO: Add support for SRIOV " Ilya Lesokhin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160609162120.43082847@ul30vt.home \
--to=alex.williamson@redhat.com \
--cc=bhelgaas@google.com \
--cc=haggaie@mellanox.com \
--cc=ilyal@mellanox.com \
--cc=kvm@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=liranl@mellanox.com \
--cc=noaos@mellanox.com \
--cc=ogerlitz@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).