From: "Michael S. Tsirkin" <mst@redhat.com>
To: Alex Williamson <alex.williamson@redhat.com>
Cc: chen.fan.fnst@cn.fujitsu.com, Cao jin <caoj.fnst@cn.fujitsu.com>,
qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH v14 Resend 08/13] vfio: add check host bus reset is support or not
Date: Thu, 24 Dec 2015 20:06:45 +0200 [thread overview]
Message-ID: <20151224200603-mutt-send-email-mst@redhat.com> (raw)
In-Reply-To: <1450979226.2950.108.camel@redhat.com>
On Thu, Dec 24, 2015 at 10:47:06AM -0700, Alex Williamson wrote:
> On Thu, 2015-12-24 at 16:32 +0200, Michael S. Tsirkin wrote:
> > On Thu, Dec 17, 2015 at 09:41:49AM +0800, Cao jin wrote:
> > > From: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
> > >
> > > when init vfio devices done, we should test all the devices
> > > supported
> > > aer whether conflict with others. For each one, get the hot reset
> > > info for the affected device list. For each affected device, all
> > > should attach to the VM and on/below the same bus. also, we should
> > > test
> > > all of the non-AER supporting vfio-pci devices on or below the
> > > target
> > > bus to verify they have a reset mechanism.
> > >
> > > Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>
> > > ---
> > > hw/vfio/pci.c | 236
> > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
> > > hw/vfio/pci.h | 1 +
> > > 2 files changed, 230 insertions(+), 7 deletions(-)
> > >
> > > diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
> > > index d00b0e4..6926dcc 100644
> > > --- a/hw/vfio/pci.c
> > > +++ b/hw/vfio/pci.c
> > > @@ -1806,6 +1806,216 @@ static int vfio_add_std_cap(VFIOPCIDevice
> > > *vdev, uint8_t pos)
> > > return 0;
> > > }
> > >
> > > +static bool vfio_pci_host_slot_match(PCIHostDeviceAddress *host1,
> > > + PCIHostDeviceAddress *host2)
> > > +{
> > > + return (host1->domain == host2->domain && host1->bus == host2-
> > > >bus &&
> > > + host1->slot == host2->slot);
> > > +}
> > > +
> > > +static bool vfio_pci_host_match(PCIHostDeviceAddress *host1,
> > > + PCIHostDeviceAddress *host2)
> > > +{
> > > + return (vfio_pci_host_slot_match(host1, host2) &&
> > > + host1->function == host2->function);
> > > +}
> > > +
> > > +struct VFIODeviceFind {
> > > + PCIDevice *pdev;
> > > + bool found;
> > > +};
> > > +
> > > +static void vfio_check_device_noreset(PCIBus *bus, PCIDevice
> > > *pdev,
> > > + void *opaque)
> > > +{
> > > + DeviceState *dev = DEVICE(pdev);
> > > + DeviceClass *dc = DEVICE_GET_CLASS(dev);
> > > + VFIOPCIDevice *vdev;
> > > + struct VFIODeviceFind *find = opaque;
> > > +
> > > + if (find->found) {
> > > + return;
> > > + }
> > > +
> > > + if (!object_dynamic_cast(OBJECT(dev), "vfio-pci")) {
> > > + if (!dc->reset) {
> > > + goto found;
> > > + }
> > > + return;
> > > + }
> > > + vdev = DO_UPCAST(VFIOPCIDevice, pdev, pdev);
> > > + if (!(vdev->features & VFIO_FEATURE_ENABLE_AER) &&
> > > + !vdev->vbasedev.reset_works) {
> > > + goto found;
> > > + }
> > > +
> > > + return;
> > > +found:
> > > + find->pdev = pdev;
> > > + find->found = true;
> > > +}
> > > +
> > > +static void device_find(PCIBus *bus, PCIDevice *pdev, void
> > > *opaque)
> > > +{
> > > + struct VFIODeviceFind *find = opaque;
> > > +
> > > + if (find->found) {
> > > + return;
> > > + }
> > > +
> > > + if (pdev == find->pdev) {
> > > + find->found = true;
> > > + }
> > > +}
> > > +
> > > +static int vfio_check_host_bus_reset(VFIOPCIDevice *vdev)
> > > +{
> > > + PCIBus *bus = vdev->pdev.bus;
> > > + struct vfio_pci_hot_reset_info *info = NULL;
> > > + struct vfio_pci_dependent_device *devices;
> > > + VFIOGroup *group;
> > > + struct VFIODeviceFind find;
> > > + int ret, i;
> > > +
> > > + ret = vfio_get_hot_reset_info(vdev, &info);
> > > + if (ret) {
> > > + error_report("vfio: Cannot enable AER for device %s,"
> > > + " device does not support hot reset.",
> > > + vdev->vbasedev.name);
> > > + goto out;
> > > + }
> > > +
> > > + /* List all affected devices by bus reset */
> > > + devices = &info->devices[0];
> > > +
> > > + /* Verify that we have all the groups required */
> > > + for (i = 0; i < info->count; i++) {
> > > + PCIHostDeviceAddress host;
> > > + VFIOPCIDevice *tmp;
> > > + VFIODevice *vbasedev_iter;
> > > + bool found = false;
> > > +
> > > + host.domain = devices[i].segment;
> > > + host.bus = devices[i].bus;
> > > + host.slot = PCI_SLOT(devices[i].devfn);
> > > + host.function = PCI_FUNC(devices[i].devfn);
> > > +
> > > + /* Skip the current device */
> > > + if (vfio_pci_host_match(&host, &vdev->host)) {
> > > + continue;
> > > + }
> > > +
> > > + /* Ensure we own the group of the affected device */
> > > + QLIST_FOREACH(group, &vfio_group_list, next) {
> > > + if (group->groupid == devices[i].group_id) {
> > > + break;
> > > + }
> > > + }
> > > +
> > > + if (!group) {
> > > + error_report("vfio: Cannot enable AER for device %s, "
> > > + "depends on group %d which is not
> > > owned.",
> > > + vdev->vbasedev.name,
> > > devices[i].group_id);
> > > + ret = -1;
> > > + goto out;
> > > + }
> > > +
> > > + /* Ensure affected devices for reset on/blow the bus */
> > > + QLIST_FOREACH(vbasedev_iter, &group->device_list, next) {
> > > + if (vbasedev_iter->type != VFIO_DEVICE_TYPE_PCI) {
> > > + continue;
> > > + }
> > > + tmp = container_of(vbasedev_iter, VFIOPCIDevice,
> > > vbasedev);
> > > + if (vfio_pci_host_match(&host, &tmp->host)) {
> > > + PCIDevice *pci = PCI_DEVICE(tmp);
> > > +
> > > + /*
> > > + * For multifunction device, due to vfio driver
> > > signal all
> > > + * functions under the upstream link of the end
> > > point. here
> > > + * we validate all functions whether enable AER.
> > > + */
> > > + if (vfio_pci_host_slot_match(&vdev->host, &tmp-
> > > >host) &&
> > > + !(tmp->features & VFIO_FEATURE_ENABLE_AER)) {
> > > + error_report("vfio: Cannot enable AER for
> > > device %s, on same slot"
> > > + " the dependent device %s which
> > > does not enable AER.",
> > > + vdev->vbasedev.name, tmp-
> > > >vbasedev.name);
> > > + ret = -1;
> > > + goto out;
> > > + }
> > > +
> > > + find.pdev = pci;
> > > + find.found = false;
> > > + pci_for_each_device(bus, pci_bus_num(bus),
> > > + device_find, &find);
> > > + if (!find.found) {
> > > + error_report("vfio: Cannot enable AER for
> > > device %s, "
> > > + "the dependent device %s is not
> > > under the same bus",
> > > + vdev->vbasedev.name, tmp-
> > > >vbasedev.name);
> > > + ret = -1;
> > > + goto out;
> > > + }
> > > + found = true;
> > > + break;
> > > + }
> > > + }
> > > +
> > > + /* Ensure all affected devices assigned to VM */
> >
> > I am puzzled.
> > Does not kernel enforce this already?
> > If not it's a security problem.
> > If yes why does userspace need to check this?
>
> DMA isolation and bus level isolation are separate concepts. Each
> function of a multi-function device can have DMA isolation, but a user
> needs to own all of the functions affected by a bus reset in order to
> perform one. An AER configuration can only be created if the user can
> translate a guest bus reset into a host bus reset and therefore needs
> to test whether it has the permissions to do so. I believe over the
> course of reviews we've also added some simplifying constraints around
> this to reduce the problem set, things like all the groups being
> assigned rather than just owned by the user. However, I believe the
> kernel is sound in how it provides security for bus resets. Thanks,
>
> Alex
Yes, sounds good.
So how about just trying to do bus reset at setup time?
If kernel allows this, we know it is safe ...
--
MST
next prev parent reply other threads:[~2015-12-24 18:06 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-17 8:41 [Qemu-devel] [PATCH v14 00/13] vfio-pci: pass the aer error to guest Cao jin
2015-11-17 8:41 ` [Qemu-devel] [PATCH v14 01/13] vfio: extract vfio_get_hot_reset_info as a single function Cao jin
2015-11-17 8:41 ` [Qemu-devel] [PATCH v14 02/13] vfio: squeeze out vfio_pci_do_hot_reset for support bus reset Cao jin
2015-11-17 8:41 ` [Qemu-devel] [PATCH v14 03/13] pcie: modify the capability size assert Cao jin
2015-11-17 8:41 ` [Qemu-devel] [PATCH v14 04/13] vfio: make the 4 bytes aligned for capability size Cao jin
2015-11-17 8:41 ` [Qemu-devel] [PATCH v14 05/13] vfio: add pcie extanded capability support Cao jin
2015-11-17 8:41 ` [Qemu-devel] [PATCH v14 06/13] aer: impove pcie_aer_init to support vfio device Cao jin
2015-11-17 8:41 ` [Qemu-devel] [PATCH v14 07/13] vfio: add aer support for " Cao jin
2015-11-17 8:41 ` [Qemu-devel] [PATCH v14 08/13] vfio: add check host bus reset is support or not Cao jin
2015-12-17 20:32 ` [Qemu-devel] [PATCH v14 Resend " Alex Williamson
2015-12-18 1:14 ` Chen Fan
2015-12-24 14:32 ` Michael S. Tsirkin
2015-12-24 17:47 ` Alex Williamson
2015-12-24 18:06 ` Michael S. Tsirkin [this message]
2015-12-24 18:20 ` Alex Williamson
2015-12-24 18:23 ` Michael S. Tsirkin
2015-12-24 18:41 ` Alex Williamson
2015-12-24 19:42 ` Michael S. Tsirkin
2015-11-17 8:42 ` [Qemu-devel] [PATCH v14 09/13] add check reset mechanism when hotplug vfio device Cao jin
2015-12-17 20:32 ` [Qemu-devel] [PATCH v14 Resend " Alex Williamson
2015-11-17 8:42 ` [Qemu-devel] [PATCH v14 10/13] pci: add pci device pre-post reset callbacks for host bus reset Cao jin
2015-12-17 20:31 ` [Qemu-devel] [PATCH v14 Resend " Alex Williamson
2015-12-18 3:29 ` Chen Fan
2015-12-21 21:07 ` Alex Williamson
2015-12-22 7:18 ` Chen Fan
2015-12-24 5:10 ` Chen Fan
2015-12-24 14:34 ` Michael S. Tsirkin
2015-12-25 1:18 ` Chen Fan
2015-12-23 12:00 ` Michael S. Tsirkin
2015-12-24 5:14 ` Chen Fan
2015-11-17 8:42 ` [Qemu-devel] [PATCH v14 11/13] pcie_aer: expose pcie_aer_msg() interface Cao jin
2015-11-17 8:42 ` [Qemu-devel] [PATCH v14 12/13] vfio-pci: pass the aer error to guest Cao jin
2015-11-17 8:42 ` [Qemu-devel] [PATCH v14 13/13] vfio: add 'aer' property to expose aercap Cao jin
2015-11-18 17:06 ` [Qemu-devel] [PATCH v14 00/13] vfio-pci: pass the aer error to guest Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151224200603-mutt-send-email-mst@redhat.com \
--to=mst@redhat.com \
--cc=alex.williamson@redhat.com \
--cc=caoj.fnst@cn.fujitsu.com \
--cc=chen.fan.fnst@cn.fujitsu.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).