Re: [PATCH] PCI: Relax ACS requirement for Intel RCiEP devices.

public inbox for linux-pci@vger.kernel.org
 help / color / mirror / Atom feed

From: Alex Williamson <alex.williamson@redhat.com>
To: "Raj, Ashok" <ashok.raj@intel.com>
Cc: Bjorn Helgaas <helgaas@kernel.org>,
	linux-pci@vger.kernel.org, Bjorn Helgaas <bhelgaas@google.com>,
	Joerg Roedel <joro@8bytes.org>,
	linux-kernel@vger.kernel.org, iommu@lists.linux-foundation.org,
	Lu Baolu <baolu.lu@linux.intel.com>,
	Darrel Goeddel <DGoeddel@forcepoint.com>,
	Mark Scott <mscott@forcepoint.com>,
	Romil Sharma <rsharma@forcepoint.com>
Subject: Re: [PATCH] PCI: Relax ACS requirement for Intel RCiEP devices.
Date: Mon, 1 Jun 2020 15:56:55 -0600	[thread overview]
Message-ID: <20200601155655.1519bc86@x1.home> (raw)
In-Reply-To: <20200601214023.GA15310@otc-nc-03>

On Mon, 1 Jun 2020 14:40:23 -0700
"Raj, Ashok" <ashok.raj@intel.com> wrote:

> On Mon, Jun 01, 2020 at 04:25:19PM -0500, Bjorn Helgaas wrote:
> > On Thu, May 28, 2020 at 01:57:42PM -0700, Ashok Raj wrote:  
> > > All Intel platforms guarantee that all root complex implementations
> > > must send transactions up to IOMMU for address translations. Hence for
> > > RCiEP devices that are Vendor ID Intel, can claim exception for lack of
> > > ACS support.
> > > 
> > > 
> > > 3.16 Root-Complex Peer to Peer Considerations
> > > When DMA remapping is enabled, peer-to-peer requests through the
> > > Root-Complex must be handled
> > > as follows:
> > > • The input address in the request is translated (through first-level,
> > >   second-level or nested translation) to a host physical address (HPA).
> > >   The address decoding for peer addresses must be done only on the
> > >   translated HPA. Hardware implementations are free to further limit
> > >   peer-to-peer accesses to specific host physical address regions
> > >   (or to completely disallow peer-forwarding of translated requests).
> > > • Since address translation changes the contents (address field) of
> > >   the PCI Express Transaction Layer Packet (TLP), for PCI Express
> > >   peer-to-peer requests with ECRC, the Root-Complex hardware must use
> > >   the new ECRC (re-computed with the translated address) if it
> > >   decides to forward the TLP as a peer request.
> > > • Root-ports, and multi-function root-complex integrated endpoints, may
> > >   support additional peerto-peer control features by supporting PCI Express
> > >   Access Control Services (ACS) capability. Refer to ACS capability in
> > >   PCI Express specifications for details.
> > > 
> > > Since Linux didn't give special treatment to allow this exception, certain
> > > RCiEP MFD devices are getting grouped in a single iommu group. This
> > > doesn't permit a single device to be assigned to a guest for instance.
> > > 
> > > In one vendor system: Device 14.x were grouped in a single IOMMU group.
> > > 
> > > /sys/kernel/iommu_groups/5/devices/0000:00:14.0
> > > /sys/kernel/iommu_groups/5/devices/0000:00:14.2
> > > /sys/kernel/iommu_groups/5/devices/0000:00:14.3
> > > 
> > > After the patch:
> > > /sys/kernel/iommu_groups/5/devices/0000:00:14.0
> > > /sys/kernel/iommu_groups/5/devices/0000:00:14.2
> > > /sys/kernel/iommu_groups/6/devices/0000:00:14.3 <<< new group
> > > 
> > > 14.0 and 14.2 are integrated devices, but legacy end points.
> > > Whereas 14.3 was a PCIe compliant RCiEP.
> > > 
> > > 00:14.3 Network controller: Intel Corporation Device 9df0 (rev 30)
> > > Capabilities: [40] Express (v2) Root Complex Integrated Endpoint, MSI 00
> > > 
> > > This permits assigning this device to a guest VM.
> > > 
> > > Fixes: f096c061f552 ("iommu: Rework iommu_group_get_for_pci_dev()")
> > > Signed-off-by: Ashok Raj <ashok.raj@intel.com>
> > > To: Joerg Roedel <joro@8bytes.org>
> > > To: Bjorn Helgaas <bhelgaas@google.com>
> > > Cc: linux-kernel@vger.kernel.org
> > > Cc: iommu@lists.linux-foundation.org
> > > Cc: Lu Baolu <baolu.lu@linux.intel.com>
> > > Cc: Alex Williamson <alex.williamson@redhat.com>
> > > Cc: Darrel Goeddel <DGoeddel@forcepoint.com>
> > > Cc: Mark Scott <mscott@forcepoint.com>,
> > > Cc: Romil Sharma <rsharma@forcepoint.com>
> > > Cc: Ashok Raj <ashok.raj@intel.com>  
> > 
> > Tentatively applied to pci/virtualization for v5.8, thanks!
> > 
> > The spec says this handling must apply "when DMA remapping is
> > enabled".  The patch does not check whether DMA remapping is enabled.
> > 
> > Is there any case where DMA remapping is *not* enabled, and we rely on
> > this patch to tell us whether the device is isolated?  It sounds like
> > it may give the wrong answer in such a case?
> > 
> > Can you confirm that I don't need to worry about this?    
> 
> I think all of this makes sense only when DMA remapping is enabled.
> Otherwise there is no enforcement for isolation. 

Yep, without an IOMMU all devices operate in the same IOVA space and we
have no isolation.  We only enable ACS when an IOMMU driver requests it
and it's only used by IOMMU code to determine IOMMU grouping of
devices.  Thanks,

Alex

next prev parent reply	other threads:[~2020-06-01 21:57 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-28 20:57 [PATCH] PCI: Relax ACS requirement for Intel RCiEP devices Ashok Raj
2020-05-28 21:38 ` Alex Williamson
2020-05-28 21:54   ` Raj, Ashok
2020-05-29 15:59   ` Darrel Goeddel
2020-06-01 21:25 ` Bjorn Helgaas
2020-06-01 21:40   ` Raj, Ashok
2020-06-01 21:56     ` Alex Williamson [this message]
2020-06-01 22:41       ` Bjorn Helgaas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200601155655.1519bc86@x1.home \
    --to=alex.williamson@redhat.com \
    --cc=DGoeddel@forcepoint.com \
    --cc=ashok.raj@intel.com \
    --cc=baolu.lu@linux.intel.com \
    --cc=bhelgaas@google.com \
    --cc=helgaas@kernel.org \
    --cc=iommu@lists.linux-foundation.org \
    --cc=joro@8bytes.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pci@vger.kernel.org \
    --cc=mscott@forcepoint.com \
    --cc=rsharma@forcepoint.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox