Message ID | 20200701110302.75199-4-giovanni.cabiddu@intel.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | vfio/pci: add blocklist and disable qat | expand |
On Wed, Jul 01, 2020 at 12:03:00PM +0100, Giovanni Cabiddu wrote: > The current generation of Intel® QuickAssist Technology devices > are not designed to run in an untrusted environment because of the > following issues reported in the release notes in > https://01.org/intel-quickassist-technology: It would be nice if this link were directly clickable, e.g., if there were no trailing ":" or something. And it would be even better if it went to a specific doc that described these issues. I assume these are errata, and it's not easy to figure out which doc mentions them. > QATE-39220 - GEN - Intel® QAT API submissions with bad addresses that > trigger DMA to invalid or unmapped addresses can cause a > platform hang > QATE-7495 - GEN - An incorrectly formatted request to Intel® QAT can > hang the entire Intel® QAT Endpoint > > This patch adds the following QAT devices to the blocklist: DH895XCC, > C3XXX and C62X. > > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> > --- > drivers/vfio/pci/vfio_pci.c | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > > diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c > index ea5904ca6cbf..dcac5408c764 100644 > --- a/drivers/vfio/pci/vfio_pci.c > +++ b/drivers/vfio/pci/vfio_pci.c > @@ -75,6 +75,21 @@ static inline bool vfio_vga_disabled(void) > > static bool vfio_pci_dev_in_blocklist(struct pci_dev *pdev) > { > + switch (pdev->vendor) { > + case PCI_VENDOR_ID_INTEL: > + switch (pdev->device) { > + case PCI_DEVICE_ID_INTEL_QAT_C3XXX: > + case PCI_DEVICE_ID_INTEL_QAT_C3XXX_VF: > + case PCI_DEVICE_ID_INTEL_QAT_C62X: > + case PCI_DEVICE_ID_INTEL_QAT_C62X_VF: > + case PCI_DEVICE_ID_INTEL_QAT_DH895XCC: > + case PCI_DEVICE_ID_INTEL_QAT_DH895XCC_VF: > + return true; > + default: > + return false; > + } > + } > + > return false; > } > > -- > 2.26.2 >
On Wed, Jul 01, 2020 at 04:28:12PM -0500, Bjorn Helgaas wrote: > On Wed, Jul 01, 2020 at 12:03:00PM +0100, Giovanni Cabiddu wrote: > > The current generation of Intel® QuickAssist Technology devices > > are not designed to run in an untrusted environment because of the > > following issues reported in the release notes in > > https://01.org/intel-quickassist-technology: > > It would be nice if this link were directly clickable, e.g., if there > were no trailing ":" or something. > > And it would be even better if it went to a specific doc that > described these issues. I assume these are errata, and it's not easy > to figure out which doc mentions them. Sure. I will fix the commit message in the next revision and point to the actual document: https://01.org/sites/default/files/downloads/336211-015-qatsoftwareforlinux-rn-hwv1.7-final.pdf Regards,
On Fri, Jul 10, 2020 at 04:08:19PM +0100, Giovanni Cabiddu wrote: > On Wed, Jul 01, 2020 at 04:28:12PM -0500, Bjorn Helgaas wrote: > > On Wed, Jul 01, 2020 at 12:03:00PM +0100, Giovanni Cabiddu wrote: > > > The current generation of Intel® QuickAssist Technology devices > > > are not designed to run in an untrusted environment because of the > > > following issues reported in the release notes in > > > https://01.org/intel-quickassist-technology: > > > > It would be nice if this link were directly clickable, e.g., if there > > were no trailing ":" or something. > > > > And it would be even better if it went to a specific doc that > > described these issues. I assume these are errata, and it's not easy > > to figure out which doc mentions them. > Sure. I will fix the commit message in the next revision and point to the > actual document: > https://01.org/sites/default/files/downloads/336211-015-qatsoftwareforlinux-rn-hwv1.7-final.pdf Since URLs tend to go stale, please also include the Intel document number and title. When you update this, you might also update the subject lines. It looks like the VFIO convention is "vfio/pci: <Capitalized> ...", based on "git log --oneline drivers/vfio/pci/". And "QAT" should be capitalized also since it's not a word by itself (and to match usage in the spec). Bjorn
On Fri, Jul 10, 2020 at 10:37:45AM -0500, Bjorn Helgaas wrote: > On Fri, Jul 10, 2020 at 04:08:19PM +0100, Giovanni Cabiddu wrote: > > On Wed, Jul 01, 2020 at 04:28:12PM -0500, Bjorn Helgaas wrote: > > > On Wed, Jul 01, 2020 at 12:03:00PM +0100, Giovanni Cabiddu wrote: > > > > The current generation of Intel® QuickAssist Technology devices > > > > are not designed to run in an untrusted environment because of the > > > > following issues reported in the release notes in > > > > https://01.org/intel-quickassist-technology: > > > > > > It would be nice if this link were directly clickable, e.g., if there > > > were no trailing ":" or something. > > > > > > And it would be even better if it went to a specific doc that > > > described these issues. I assume these are errata, and it's not easy > > > to figure out which doc mentions them. > > Sure. I will fix the commit message in the next revision and point to the > > actual document: > > https://01.org/sites/default/files/downloads/336211-015-qatsoftwareforlinux-rn-hwv1.7-final.pdf > > Since URLs tend to go stale, please also include the Intel document > number and title. Oh, and is "01.org" really the right place for that? It looks like an Intel document, so I'd expect it to be somewhere on intel.com. I'm still a little confused. That doc seems to be about *software* and Linux software in particular. But when you said these "devices are not designed to run in an untrusted environment", I thought you meant there was some *hardware* design issue that caused a problem. Bjorn
On Fri, 10 Jul 2020 10:44:33 -0500 Bjorn Helgaas <helgaas@kernel.org> wrote: > On Fri, Jul 10, 2020 at 10:37:45AM -0500, Bjorn Helgaas wrote: > > On Fri, Jul 10, 2020 at 04:08:19PM +0100, Giovanni Cabiddu wrote: > > > On Wed, Jul 01, 2020 at 04:28:12PM -0500, Bjorn Helgaas wrote: > > > > On Wed, Jul 01, 2020 at 12:03:00PM +0100, Giovanni Cabiddu wrote: > > > > > The current generation of Intel® QuickAssist Technology devices > > > > > are not designed to run in an untrusted environment because of the > > > > > following issues reported in the release notes in > > > > > https://01.org/intel-quickassist-technology: > > > > > > > > It would be nice if this link were directly clickable, e.g., if there > > > > were no trailing ":" or something. > > > > > > > > And it would be even better if it went to a specific doc that > > > > described these issues. I assume these are errata, and it's not easy > > > > to figure out which doc mentions them. > > > Sure. I will fix the commit message in the next revision and point to the > > > actual document: > > > https://01.org/sites/default/files/downloads/336211-015-qatsoftwareforlinux-rn-hwv1.7-final.pdf > > > > Since URLs tend to go stale, please also include the Intel document > > number and title. > > Oh, and is "01.org" really the right place for that? It looks like an > Intel document, so I'd expect it to be somewhere on intel.com. > > I'm still a little confused. That doc seems to be about *software* > and Linux software in particular. But when you said these "devices > are not designed to run in an untrusted environment", I thought you > meant there was some *hardware* design issue that caused a problem. There seems to be a fair bit of hardware errata in the doc too, see: 3.1.2 QATE-7495 - GEN - An incorrectly formatted request to Intel® QAT can hang the entire Intel® QAT Endpoint 3.1.9 QATE-39220 - GEN - QAT API submissions with bad addresses that trigger DMA to invalid or unmapped addresses can cause a platform hang 3.1.17 QATE-52389 - SR-IOV -Huge pages may not be compatible with QAT VF usage 3.1.19 QATE-60953 - GEN – Intel® QAT API submissions with bad addresses that trigger DMA to invalid or unmapped addresses can impact QAT service availability Thanks, Alex
On Fri, Jul 10, 2020 at 10:10:34AM -0600, Alex Williamson wrote: > On Fri, 10 Jul 2020 10:44:33 -0500 > Bjorn Helgaas <helgaas@kernel.org> wrote: > > > On Fri, Jul 10, 2020 at 10:37:45AM -0500, Bjorn Helgaas wrote: > > > On Fri, Jul 10, 2020 at 04:08:19PM +0100, Giovanni Cabiddu wrote: > > > > On Wed, Jul 01, 2020 at 04:28:12PM -0500, Bjorn Helgaas wrote: > > > > > On Wed, Jul 01, 2020 at 12:03:00PM +0100, Giovanni Cabiddu wrote: > > > > > > The current generation of Intel® QuickAssist Technology devices > > > > > > are not designed to run in an untrusted environment because of the > > > > > > following issues reported in the release notes in > > > > > > https://01.org/intel-quickassist-technology: > > > > > > > > > > It would be nice if this link were directly clickable, e.g., if there > > > > > were no trailing ":" or something. > > > > > > > > > > And it would be even better if it went to a specific doc that > > > > > described these issues. I assume these are errata, and it's not easy > > > > > to figure out which doc mentions them. > > > > Sure. I will fix the commit message in the next revision and point to the > > > > actual document: > > > > https://01.org/sites/default/files/downloads/336211-015-qatsoftwareforlinux-rn-hwv1.7-final.pdf > > > > > > Since URLs tend to go stale, please also include the Intel document > > > number and title. > > > > Oh, and is "01.org" really the right place for that? It looks like an > > Intel document, so I'd expect it to be somewhere on intel.com. > > > > I'm still a little confused. That doc seems to be about *software* > > and Linux software in particular. But when you said these "devices > > are not designed to run in an untrusted environment", I thought you > > meant there was some *hardware* design issue that caused a problem. Yes, the problem is in hardware. > There seems to be a fair bit of hardware errata in the doc too, see: > > 3.1.2 QATE-7495 - GEN - An incorrectly formatted request to Intel® QAT can > hang the entire Intel® QAT Endpoint > > 3.1.9 QATE-39220 - GEN - QAT API submissions with bad addresses that > trigger DMA to invalid or unmapped addresses can cause a platform > hang > > 3.1.17 QATE-52389 - SR-IOV -Huge pages may not be compatible with QAT > VF usage > > 3.1.19 QATE-60953 - GEN – Intel® QAT API submissions with bad addresses > that trigger DMA to invalid or unmapped addresses can impact QAT > service availability Correct, that document contains errata for both the QAT HW and the current software. Regards,
diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c index ea5904ca6cbf..dcac5408c764 100644 --- a/drivers/vfio/pci/vfio_pci.c +++ b/drivers/vfio/pci/vfio_pci.c @@ -75,6 +75,21 @@ static inline bool vfio_vga_disabled(void) static bool vfio_pci_dev_in_blocklist(struct pci_dev *pdev) { + switch (pdev->vendor) { + case PCI_VENDOR_ID_INTEL: + switch (pdev->device) { + case PCI_DEVICE_ID_INTEL_QAT_C3XXX: + case PCI_DEVICE_ID_INTEL_QAT_C3XXX_VF: + case PCI_DEVICE_ID_INTEL_QAT_C62X: + case PCI_DEVICE_ID_INTEL_QAT_C62X_VF: + case PCI_DEVICE_ID_INTEL_QAT_DH895XCC: + case PCI_DEVICE_ID_INTEL_QAT_DH895XCC_VF: + return true; + default: + return false; + } + } + return false; }
The current generation of Intel® QuickAssist Technology devices are not designed to run in an untrusted environment because of the following issues reported in the release notes in https://01.org/intel-quickassist-technology: QATE-39220 - GEN - Intel® QAT API submissions with bad addresses that trigger DMA to invalid or unmapped addresses can cause a platform hang QATE-7495 - GEN - An incorrectly formatted request to Intel® QAT can hang the entire Intel® QAT Endpoint This patch adds the following QAT devices to the blocklist: DH895XCC, C3XXX and C62X. Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> --- drivers/vfio/pci/vfio_pci.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+)