diff mbox series

[3/5] vfio/pci: add qat devices to blocklist

Message ID 20200701110302.75199-4-giovanni.cabiddu@intel.com (mailing list archive)
State New, archived
Headers show
Series vfio/pci: add blocklist and disable qat | expand

Commit Message

Cabiddu, Giovanni July 1, 2020, 11:03 a.m. UTC
The current generation of Intel® QuickAssist Technology devices
are not designed to run in an untrusted environment because of the
following issues reported in the release notes in
https://01.org/intel-quickassist-technology:

QATE-39220 - GEN - Intel® QAT API submissions with bad addresses that
             trigger DMA to invalid or unmapped addresses can cause a
             platform hang
QATE-7495  - GEN - An incorrectly formatted request to Intel® QAT can
             hang the entire Intel® QAT Endpoint

This patch adds the following QAT devices to the blocklist: DH895XCC,
C3XXX and C62X.

Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
---
 drivers/vfio/pci/vfio_pci.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

Comments

Bjorn Helgaas July 1, 2020, 9:28 p.m. UTC | #1
On Wed, Jul 01, 2020 at 12:03:00PM +0100, Giovanni Cabiddu wrote:
> The current generation of Intel® QuickAssist Technology devices
> are not designed to run in an untrusted environment because of the
> following issues reported in the release notes in
> https://01.org/intel-quickassist-technology:

It would be nice if this link were directly clickable, e.g., if there
were no trailing ":" or something.

And it would be even better if it went to a specific doc that
described these issues.  I assume these are errata, and it's not easy
to figure out which doc mentions them.

> QATE-39220 - GEN - Intel® QAT API submissions with bad addresses that
>              trigger DMA to invalid or unmapped addresses can cause a
>              platform hang
> QATE-7495  - GEN - An incorrectly formatted request to Intel® QAT can
>              hang the entire Intel® QAT Endpoint
> 
> This patch adds the following QAT devices to the blocklist: DH895XCC,
> C3XXX and C62X.
> 
> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> ---
>  drivers/vfio/pci/vfio_pci.c | 15 +++++++++++++++
>  1 file changed, 15 insertions(+)
> 
> diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c
> index ea5904ca6cbf..dcac5408c764 100644
> --- a/drivers/vfio/pci/vfio_pci.c
> +++ b/drivers/vfio/pci/vfio_pci.c
> @@ -75,6 +75,21 @@ static inline bool vfio_vga_disabled(void)
>  
>  static bool vfio_pci_dev_in_blocklist(struct pci_dev *pdev)
>  {
> +	switch (pdev->vendor) {
> +	case PCI_VENDOR_ID_INTEL:
> +		switch (pdev->device) {
> +		case PCI_DEVICE_ID_INTEL_QAT_C3XXX:
> +		case PCI_DEVICE_ID_INTEL_QAT_C3XXX_VF:
> +		case PCI_DEVICE_ID_INTEL_QAT_C62X:
> +		case PCI_DEVICE_ID_INTEL_QAT_C62X_VF:
> +		case PCI_DEVICE_ID_INTEL_QAT_DH895XCC:
> +		case PCI_DEVICE_ID_INTEL_QAT_DH895XCC_VF:
> +			return true;
> +		default:
> +			return false;
> +		}
> +	}
> +
>  	return false;
>  }
>  
> -- 
> 2.26.2
>
Cabiddu, Giovanni July 10, 2020, 3:08 p.m. UTC | #2
On Wed, Jul 01, 2020 at 04:28:12PM -0500, Bjorn Helgaas wrote:
> On Wed, Jul 01, 2020 at 12:03:00PM +0100, Giovanni Cabiddu wrote:
> > The current generation of Intel® QuickAssist Technology devices
> > are not designed to run in an untrusted environment because of the
> > following issues reported in the release notes in
> > https://01.org/intel-quickassist-technology:
> 
> It would be nice if this link were directly clickable, e.g., if there
> were no trailing ":" or something.
> 
> And it would be even better if it went to a specific doc that
> described these issues.  I assume these are errata, and it's not easy
> to figure out which doc mentions them.
Sure. I will fix the commit message in the next revision and point to the
actual document:
https://01.org/sites/default/files/downloads/336211-015-qatsoftwareforlinux-rn-hwv1.7-final.pdf

Regards,
Bjorn Helgaas July 10, 2020, 3:37 p.m. UTC | #3
On Fri, Jul 10, 2020 at 04:08:19PM +0100, Giovanni Cabiddu wrote:
> On Wed, Jul 01, 2020 at 04:28:12PM -0500, Bjorn Helgaas wrote:
> > On Wed, Jul 01, 2020 at 12:03:00PM +0100, Giovanni Cabiddu wrote:
> > > The current generation of Intel® QuickAssist Technology devices
> > > are not designed to run in an untrusted environment because of the
> > > following issues reported in the release notes in
> > > https://01.org/intel-quickassist-technology:
> > 
> > It would be nice if this link were directly clickable, e.g., if there
> > were no trailing ":" or something.
> > 
> > And it would be even better if it went to a specific doc that
> > described these issues.  I assume these are errata, and it's not easy
> > to figure out which doc mentions them.
> Sure. I will fix the commit message in the next revision and point to the
> actual document:
> https://01.org/sites/default/files/downloads/336211-015-qatsoftwareforlinux-rn-hwv1.7-final.pdf

Since URLs tend to go stale, please also include the Intel document
number and title.

When you update this, you might also update the subject lines.  It
looks like the VFIO convention is "vfio/pci: <Capitalized> ...",
based on "git log --oneline drivers/vfio/pci/".  And "QAT" should be
capitalized also since it's not a word by itself (and to match usage
in the spec).

Bjorn
Bjorn Helgaas July 10, 2020, 3:44 p.m. UTC | #4
On Fri, Jul 10, 2020 at 10:37:45AM -0500, Bjorn Helgaas wrote:
> On Fri, Jul 10, 2020 at 04:08:19PM +0100, Giovanni Cabiddu wrote:
> > On Wed, Jul 01, 2020 at 04:28:12PM -0500, Bjorn Helgaas wrote:
> > > On Wed, Jul 01, 2020 at 12:03:00PM +0100, Giovanni Cabiddu wrote:
> > > > The current generation of Intel® QuickAssist Technology devices
> > > > are not designed to run in an untrusted environment because of the
> > > > following issues reported in the release notes in
> > > > https://01.org/intel-quickassist-technology:
> > > 
> > > It would be nice if this link were directly clickable, e.g., if there
> > > were no trailing ":" or something.
> > > 
> > > And it would be even better if it went to a specific doc that
> > > described these issues.  I assume these are errata, and it's not easy
> > > to figure out which doc mentions them.
> > Sure. I will fix the commit message in the next revision and point to the
> > actual document:
> > https://01.org/sites/default/files/downloads/336211-015-qatsoftwareforlinux-rn-hwv1.7-final.pdf
> 
> Since URLs tend to go stale, please also include the Intel document
> number and title.

Oh, and is "01.org" really the right place for that?  It looks like an
Intel document, so I'd expect it to be somewhere on intel.com.

I'm still a little confused.  That doc seems to be about *software*
and Linux software in particular.  But when you said these "devices
are not designed to run in an untrusted environment", I thought you
meant there was some *hardware* design issue that caused a problem.

Bjorn
Alex Williamson July 10, 2020, 4:10 p.m. UTC | #5
On Fri, 10 Jul 2020 10:44:33 -0500
Bjorn Helgaas <helgaas@kernel.org> wrote:

> On Fri, Jul 10, 2020 at 10:37:45AM -0500, Bjorn Helgaas wrote:
> > On Fri, Jul 10, 2020 at 04:08:19PM +0100, Giovanni Cabiddu wrote:  
> > > On Wed, Jul 01, 2020 at 04:28:12PM -0500, Bjorn Helgaas wrote:  
> > > > On Wed, Jul 01, 2020 at 12:03:00PM +0100, Giovanni Cabiddu wrote:  
> > > > > The current generation of Intel® QuickAssist Technology devices
> > > > > are not designed to run in an untrusted environment because of the
> > > > > following issues reported in the release notes in
> > > > > https://01.org/intel-quickassist-technology:  
> > > > 
> > > > It would be nice if this link were directly clickable, e.g., if there
> > > > were no trailing ":" or something.
> > > > 
> > > > And it would be even better if it went to a specific doc that
> > > > described these issues.  I assume these are errata, and it's not easy
> > > > to figure out which doc mentions them.  
> > > Sure. I will fix the commit message in the next revision and point to the
> > > actual document:
> > > https://01.org/sites/default/files/downloads/336211-015-qatsoftwareforlinux-rn-hwv1.7-final.pdf  
> > 
> > Since URLs tend to go stale, please also include the Intel document
> > number and title.  
> 
> Oh, and is "01.org" really the right place for that?  It looks like an
> Intel document, so I'd expect it to be somewhere on intel.com.
> 
> I'm still a little confused.  That doc seems to be about *software*
> and Linux software in particular.  But when you said these "devices
> are not designed to run in an untrusted environment", I thought you
> meant there was some *hardware* design issue that caused a problem.

There seems to be a fair bit of hardware errata in the doc too, see:

3.1.2 QATE-7495 - GEN - An incorrectly formatted request to Intel® QAT can
hang the entire Intel® QAT Endpoint

3.1.9 QATE-39220 - GEN - QAT API submissions with bad addresses that
trigger DMA to invalid or unmapped addresses can cause a platform
hang

3.1.17 QATE-52389 - SR-IOV -Huge pages may not be compatible with QAT
VF usage

3.1.19 QATE-60953 - GEN – Intel® QAT API submissions with bad addresses
that trigger DMA to invalid or unmapped addresses can impact QAT
service availability

Thanks,
Alex
Cabiddu, Giovanni July 10, 2020, 4:22 p.m. UTC | #6
On Fri, Jul 10, 2020 at 10:10:34AM -0600, Alex Williamson wrote:
> On Fri, 10 Jul 2020 10:44:33 -0500
> Bjorn Helgaas <helgaas@kernel.org> wrote:
> 
> > On Fri, Jul 10, 2020 at 10:37:45AM -0500, Bjorn Helgaas wrote:
> > > On Fri, Jul 10, 2020 at 04:08:19PM +0100, Giovanni Cabiddu wrote:  
> > > > On Wed, Jul 01, 2020 at 04:28:12PM -0500, Bjorn Helgaas wrote:  
> > > > > On Wed, Jul 01, 2020 at 12:03:00PM +0100, Giovanni Cabiddu wrote:  
> > > > > > The current generation of Intel® QuickAssist Technology devices
> > > > > > are not designed to run in an untrusted environment because of the
> > > > > > following issues reported in the release notes in
> > > > > > https://01.org/intel-quickassist-technology:  
> > > > > 
> > > > > It would be nice if this link were directly clickable, e.g., if there
> > > > > were no trailing ":" or something.
> > > > > 
> > > > > And it would be even better if it went to a specific doc that
> > > > > described these issues.  I assume these are errata, and it's not easy
> > > > > to figure out which doc mentions them.  
> > > > Sure. I will fix the commit message in the next revision and point to the
> > > > actual document:
> > > > https://01.org/sites/default/files/downloads/336211-015-qatsoftwareforlinux-rn-hwv1.7-final.pdf  
> > > 
> > > Since URLs tend to go stale, please also include the Intel document
> > > number and title.  
> > 
> > Oh, and is "01.org" really the right place for that?  It looks like an
> > Intel document, so I'd expect it to be somewhere on intel.com.
> > 
> > I'm still a little confused.  That doc seems to be about *software*
> > and Linux software in particular.  But when you said these "devices
> > are not designed to run in an untrusted environment", I thought you
> > meant there was some *hardware* design issue that caused a problem.
Yes, the problem is in hardware.

> There seems to be a fair bit of hardware errata in the doc too, see:
> 
> 3.1.2 QATE-7495 - GEN - An incorrectly formatted request to Intel® QAT can
> hang the entire Intel® QAT Endpoint
> 
> 3.1.9 QATE-39220 - GEN - QAT API submissions with bad addresses that
> trigger DMA to invalid or unmapped addresses can cause a platform
> hang
> 
> 3.1.17 QATE-52389 - SR-IOV -Huge pages may not be compatible with QAT
> VF usage
> 
> 3.1.19 QATE-60953 - GEN – Intel® QAT API submissions with bad addresses
> that trigger DMA to invalid or unmapped addresses can impact QAT
> service availability
Correct, that document contains errata for both the QAT HW and the
current software.

Regards,
diff mbox series

Patch

diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c
index ea5904ca6cbf..dcac5408c764 100644
--- a/drivers/vfio/pci/vfio_pci.c
+++ b/drivers/vfio/pci/vfio_pci.c
@@ -75,6 +75,21 @@  static inline bool vfio_vga_disabled(void)
 
 static bool vfio_pci_dev_in_blocklist(struct pci_dev *pdev)
 {
+	switch (pdev->vendor) {
+	case PCI_VENDOR_ID_INTEL:
+		switch (pdev->device) {
+		case PCI_DEVICE_ID_INTEL_QAT_C3XXX:
+		case PCI_DEVICE_ID_INTEL_QAT_C3XXX_VF:
+		case PCI_DEVICE_ID_INTEL_QAT_C62X:
+		case PCI_DEVICE_ID_INTEL_QAT_C62X_VF:
+		case PCI_DEVICE_ID_INTEL_QAT_DH895XCC:
+		case PCI_DEVICE_ID_INTEL_QAT_DH895XCC_VF:
+			return true;
+		default:
+			return false;
+		}
+	}
+
 	return false;
 }