[0/9] IOMMU: XSA-373 follow-on

Message ID	03285055-47ff-ab10-ae76-0553f28f136d@suse.com (mailing list archive)
Headers	show Return-Path: <SRS0=5TPE=LD=lists.xenproject.org=xen-devel-bounces@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2C0886120F Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org> To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org> Cc: Paul Durrant <paul@xen.org>, Andrew Cooper <andrew.cooper3@citrix.com>, Kevin Tian <kevin.tian@intel.com> From: Jan Beulich <jbeulich@suse.com> Subject: [PATCH 0/9] IOMMU: XSA-373 follow-on Message-ID: <03285055-47ff-ab10-ae76-0553f28f136d@suse.com> Date: Wed, 9 Jun 2021 11:25:50 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1
Series	IOMMU: XSA-373 follow-on \| expand [0/9] IOMMU: XSA-373 follow-on [1/9] AMD/IOMMU: redo awaiting of command completion [2/9] AMD/IOMMU: re-work locking around sending of commands [3/9] VT-d: undo device mappings upon error [4/9] VT-d: adjust domid map updating when unmapping context [5/9] VT-d: clear_fault_bits() should clear all fault bits [6/9] VT-d: don't lose errors when flushing TLBs on multiple IOMMUs [7/9] VT-d: centralize mapping of QI entries [8/9] VT-d: drop/move a few QI related constants [9/9] IOMMU/PCI: don't let domain cleanup continue when device de-assignment failed

Message ID

03285055-47ff-ab10-ae76-0553f28f136d@suse.com (mailing list archive)

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2C0886120F
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Cc: Paul Durrant <paul@xen.org>, Andrew Cooper <andrew.cooper3@citrix.com>,
 Kevin Tian <kevin.tian@intel.com>
From: Jan Beulich <jbeulich@suse.com>
Subject: [PATCH 0/9] IOMMU: XSA-373 follow-on
Message-ID: <03285055-47ff-ab10-ae76-0553f28f136d@suse.com>
Date: Wed, 9 Jun 2021 11:25:50 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.11.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e18219f6-e490-40f1-3a97-08d92b289331
X-MS-TrafficTypeDiagnostic: VI1PR04MB3118:
X-Microsoft-Antispam-PRVS: 
	<VI1PR04MB3118F80F6EC8A0432EEC5BB0B3369@VI1PR04MB3118.eurprd04.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:6430;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	FsTcU4LMiYiKh2eC8pM//S8hMpo2y1hpZvSPMSd+Q/PANdz4RRCZUQzlX1by65BAVdeTyO/3B+1knBa/YwVg9XRfNsl5oajgcGrVWKA7l07dRQq5qW8EgRjE3YZByjt0UIgtrECERmYVT6kEt9k7mAqU4j7Jk7zB0Wtz8Pnlhiej+bXaFh/8W0SmCZOZLmZG7OBkXhIv7zU0Nh6QJh52B9bo1lJucOyi2Hn+8LRcjpj0GPFOlwQwD15dbj3lrXA6PM5sGpAEgei048SF5HelbbOb9zqlPA+5cZ1ZqrS0DSW9qg2+VH4ENrsDIiFaiRVb/d8E7ZW/f4hDLud1VsKnYh2nxKhkMSev5nFuLrwPcdQGJcKobiBfG7NkVM1f47iKtiNdXPGa30s6IBKPo0kfoPE+mr8YX25MD92dMjOagUZtZR4wscMt7zliUo8tnQCHjaEdxOO2cGgnkVjVdvsxya9adsp9ABQbddtWCKhmzgfkrsKaO59gYEMLdL01MVRoIJnNIPb5QNuJOJIE0LfGpJ1+AVViISqz8mYoOwkV/p/yBTsU0xuy9aZVFqNeH46ZQJKsUpM6u68FIqawKMtG5xVLoCLbqwnn/j5UzTZ+agiWQFFzn2ZJwDYciCjcb4DfAlW//MgxA3Cmy+JAypwCumoeS3RespUAAJbyGa+8Bf+FnJ2DvvUqA6GBezKw0QQ2
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VI1PR04MB5600.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(136003)(376002)(39860400002)(366004)(346002)(396003)(16526019)(38100700002)(4326008)(26005)(66556008)(186003)(8936002)(66476007)(4744005)(6916009)(83380400001)(8676002)(956004)(2616005)(5660300002)(86362001)(31686004)(2906002)(478600001)(6486002)(16576012)(31696002)(54906003)(316002)(66946007)(36756003)(45980500001)(43740500002);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?1dDTjlPT6lCNI62BL8iMp1StRB6sgM?=
	=?utf-8?q?ANTwRbqq6cc1TOC23ew4vNXu5lpuIOrsUeFXpsB66nDbLa3HmMl1rc/GO83FAqXRV?=
	=?utf-8?q?3cmEMYySri2ryLfrIIIMXJn5ujlEO1H0iChLN746LEVy7JHwwDSI1ojFdEmOP0848?=
	=?utf-8?q?ys1FnhnnJaq/3ZFng7KhxPYn4H8a4twl/6tGP6qzQMLmFy88oD5wIb1JxSUJVahX8?=
	=?utf-8?q?LQopO2R2L59broNjJL00wuztIDc5uCEFRfIFJ8uaWXnYLhdn2iFrBuRqXMwjtPNQz?=
	=?utf-8?q?srkpOqNrV0sw1kfHjHaVq/MTX0dqVO/nN8zRXixHPtkV1cv/zHA8ZDWzvykd8NKtF?=
	=?utf-8?q?WJa+eaGyQRd2bO4xjTWejx5KU4hLnhlvVvqV+VTDVdWparX0RO83QOkCXRSKc/qZW?=
	=?utf-8?q?NlQg0By3EWsJX/2WwdugrAwoKP1ZmhG/S1duRCQMweapqW9cAN4cnyMS1wZZ4TZWq?=
	=?utf-8?q?L8PXjfrAIUbEz3yBkvptS0gnIfCbUceaQBzcHjmI+DBS7r8Zgx4DGddt1f0+WsszY?=
	=?utf-8?q?/glc0wjGKkegHE8pVtKqzuU0PlC+xY2rHr5m7Z8aaMWRU8uxkQHVZfyiyW6skkxkz?=
	=?utf-8?q?zW81Fq6ElD1NNBTQIVcJJV13V5XKbyGfLgWsmnpRjrO6E+5iidL03z/BmOIOOAjQ1?=
	=?utf-8?q?9rMmIKDDUmijNu0j9oj4tNjLZVhNV60DM2/8S/urSIGiWHO1XS4oU1tEA9szCRv2c?=
	=?utf-8?q?WOG4gKRTz24yMkNXghN4iLWQlvktZXJhmKiMoB0RHWiAdfA/cjzMsIMl4lzOv7U2F?=
	=?utf-8?q?rXl7tBmKPUL0NuOzJpzhBNhJlKvkrHfLFWwnKtkZJpw1UmDVH70X390CcQZTKlb1T?=
	=?utf-8?q?Kk5C/YpxUdZCAQvYIkbYHAfNkfAB1u8A9IDynZ3Gue9kcmPxjDZP+qvuh9HQTxHoZ?=
	=?utf-8?q?DCTF2KM20EPArAIkfq29ExuShOxuyvoWrG7GaQvvaMju72ngYk5KYqXvj+n6QVTrZ?=
	=?utf-8?q?hDQt84g8CgbnuooGFa+5dN8E14S12ZBtaSo6Kewh3ugLpCqxl6qxQdTOYXUt2S4TZ?=
	=?utf-8?q?qGN7r/i/sElfaICT/0jlcjjXeStSlHsoG0lAAnxEDCGdp7i6ZTqibE8LGLFm0Xki6?=
	=?utf-8?q?Env91KWUKxg/LCN8dus230JEICs1PTy5t6smfeQY1FAK62TRNJm4aSwv+ALNBadOZ?=
	=?utf-8?q?PGxxrzm40NA+qZhnrOak4m0TfX5zNolbz3vxjm0xD/SPBG6yys9yYxoJ98z5/hkyn?=
	=?utf-8?q?juI8+J8OJQVmMHUHFfcSKCZffNO1bdAO9dWIfXbZbXJL9+kjk0TrxABzahNN8q+z0?=
	=?utf-8?q?hDys9D9MHWO0xs?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 e18219f6-e490-40f1-3a97-08d92b289331
X-MS-Exchange-CrossTenant-AuthSource: VI1PR04MB5600.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2021 09:25:51.9118
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 6m3KFYPI3MsUJGpbOpCU87LPGAEUL4hicN8b7JErFSpEfEPJUx6OmX5KhtasOPh5zFFxXrYJSz1IxAf62cPjfw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB3118

Series

IOMMU: XSA-373 follow-on | expand

Message

Jan Beulich June 9, 2021, 9:25 a.m. UTC

A number of further adjustments were left out of the XSA, for not
being a security concern (anymore in some of the cases, with the
changes put in place there). This is the collection, possibly
looking a little random in what it contains.

1: AMD/IOMMU: redo awaiting of command completion
2: AMD/IOMMU: re-work locking around sending of commands
3: VT-d: undo device mappings upon error
4: VT-d: adjust domid map updating when unmapping context
5: VT-d: clear_fault_bits() should clear all fault bits
6: VT-d: don't lose errors when flushing TLBs on multiple IOMMUs
7: VT-d: centralize mapping of QI entries
8: VT-d: drop/move a few QI related constants
9: IOMMU/PCI: don't let domain cleanup continue when device de-assignment failed

Jan

Comments

Jan Beulich June 23, 2021, 6:51 a.m. UTC | #1

On 09.06.2021 11:25, Jan Beulich wrote:
> A number of further adjustments were left out of the XSA, for not
> being a security concern (anymore in some of the cases, with the
> changes put in place there). This is the collection, possibly
> looking a little random in what it contains.
> 
> 1: AMD/IOMMU: redo awaiting of command completion
> 2: AMD/IOMMU: re-work locking around sending of commands

For these two I have v2 largely ready.

> 3: VT-d: undo device mappings upon error
> 4: VT-d: adjust domid map updating when unmapping context
> 5: VT-d: clear_fault_bits() should clear all fault bits
> 6: VT-d: don't lose errors when flushing TLBs on multiple IOMMUs
> 7: VT-d: centralize mapping of QI entries
> 8: VT-d: drop/move a few QI related constants

Kevin, any word on these?

> 9: IOMMU/PCI: don't let domain cleanup continue when device de-assignment failed

Paul, any feedback on this one?

Thanks, Jan

Tian, Kevin June 23, 2021, 6:58 a.m. UTC | #2

> From: Jan Beulich <jbeulich@suse.com>
> Sent: Wednesday, June 23, 2021 2:52 PM
> 
> On 09.06.2021 11:25, Jan Beulich wrote:
> > A number of further adjustments were left out of the XSA, for not
> > being a security concern (anymore in some of the cases, with the
> > changes put in place there). This is the collection, possibly
> > looking a little random in what it contains.
> >
> > 1: AMD/IOMMU: redo awaiting of command completion
> > 2: AMD/IOMMU: re-work locking around sending of commands
> 
> For these two I have v2 largely ready.
> 
> > 3: VT-d: undo device mappings upon error
> > 4: VT-d: adjust domid map updating when unmapping context
> > 5: VT-d: clear_fault_bits() should clear all fault bits
> > 6: VT-d: don't lose errors when flushing TLBs on multiple IOMMUs
> > 7: VT-d: centralize mapping of QI entries
> > 8: VT-d: drop/move a few QI related constants
> 
> Kevin, any word on these?

will take a look later today or tomorrow.

> 
> > 9: IOMMU/PCI: don't let domain cleanup continue when device de-
> assignment failed
> 
> Paul, any feedback on this one?
> 
> Thanks, Jan