From patchwork Wed Aug 30 21:05:59 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jon Derrick X-Patchwork-Id: 9930819 X-Patchwork-Delegate: bhelgaas@google.com Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C01426022E for ; Wed, 30 Aug 2017 21:18:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B221F287A8 for ; Wed, 30 Aug 2017 21:18:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A604A287AD; Wed, 30 Aug 2017 21:18:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 284AA287A8 for ; Wed, 30 Aug 2017 21:18:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750828AbdH3VS1 (ORCPT ); Wed, 30 Aug 2017 17:18:27 -0400 Received: from mga01.intel.com ([192.55.52.88]:40312 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750814AbdH3VS0 (ORCPT ); Wed, 30 Aug 2017 17:18:26 -0400 Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Aug 2017 14:18:26 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.41,450,1498546800"; d="scan'208";a="143847715" Received: from nsgse-neoncity01.lm.intel.com (HELO nsgse-neoncity01.localdomain) ([10.232.118.5]) by orsmga005.jf.intel.com with ESMTP; 30 Aug 2017 14:18:25 -0700 From: Jon Derrick To: Bjorn Helgaas Cc: , , Keith Busch , Jon Derrick Subject: [PATCH v3] iommu: Prevent VMD child devices from being remapping targets Date: Wed, 30 Aug 2017 15:05:59 -0600 Message-Id: <1504127159-186529-1-git-send-email-jonathan.derrick@intel.com> X-Mailer: git-send-email 1.8.3.1 Sender: linux-pci-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-pci@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP VMD child devices must use the VMD endpoint's ID as the requester. Because of this, there needs to be a way to link the parent VMD endpoint's iommu group and associated mappings to the VMD child devices such that attaching and detaching child devices modify the endpoint's mappings, while preventing early detaching on a singular device removal or unbinding. The reassignment of individual VMD child devices devices to VMs is outside the scope of VMD, but may be implemented in the future. For now it is best to prevent any such attempts. This patch prevents VMD child devices from returning an IOMMU, which prevents it from exposing an iommu_group sysfs directories and allowing subsequent binding by userspace-access drivers such as VFIO. Signed-off-by: Jon Derrick --- v2->3, wrapped in x86 ifdef to avoid ia64 compilation errors drivers/iommu/intel-iommu.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c index 687f18f..2800a6e 100644 --- a/drivers/iommu/intel-iommu.c +++ b/drivers/iommu/intel-iommu.c @@ -901,6 +901,13 @@ static struct intel_iommu *device_to_iommu(struct device *dev, u8 *bus, u8 *devf struct pci_dev *pf_pdev; pdev = to_pci_dev(dev); + +#ifdef CONFIG_X86 + /* VMD child devices currently cannot be handled individually */ + if (is_vmd(pdev->bus)) + return NULL; +#endif + /* VFs aren't listed in scope tables; we need to look up * the PF instead to find the IOMMU. */ pf_pdev = pci_physfn(pdev);