From: "Tian, Kevin" <kevin.tian@intel.com>
To: Jan Beulich <jbeulich@suse.com>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Cc: Paul Durrant <paul@xen.org>,
"Cooper, Andrew" <andrew.cooper3@citrix.com>
Subject: RE: [PATCH 3/9] VT-d: undo device mappings upon error
Date: Thu, 24 Jun 2021 05:13:43 +0000 [thread overview]
Message-ID: <MWHPR11MB18866D57EB9E61A2F43D5A8D8C079@MWHPR11MB1886.namprd11.prod.outlook.com> (raw)
In-Reply-To: <d6370703-97e3-2571-5ae3-8a5ec11e9bcd@suse.com>
> From: Jan Beulich <jbeulich@suse.com>
> Sent: Wednesday, June 9, 2021 5:28 PM
>
> When
> - flushes (supposedly not possible anymore after XSA-373),
> - secondary mappings for legacy PCI devices behind bridges,
> - secondary mappings for chipset quirks, or
> - find_upstream_bridge() invocations
> fail, the successfully established device mappings should not be left
> around.
>
> Further, when (parts of) unmapping fail, simply returning an error is
> typically not enough. Crash the domain instead in such cases, arranging
> for domain cleanup to continue in a best effort manner despite such
> failures.
>
> Finally make domain_context_unmap()'s error behavior consistent in the
> legacy PCI device case: Don't bail from the function in one special
> case, but always just exit the switch statement.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> Reviewed-by: Paul Durrant <paul@xen.org>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
>
> --- a/xen/drivers/passthrough/vtd/iommu.c
> +++ b/xen/drivers/passthrough/vtd/iommu.c
> @@ -1442,9 +1442,15 @@ int domain_context_mapping_one(
> if ( !seg && !rc )
> rc = me_wifi_quirk(domain, bus, devfn, MAP_ME_PHANTOM_FUNC);
>
> + if ( rc )
> + domain_context_unmap_one(domain, iommu, bus, devfn);
> +
> return rc;
> }
>
> +static int domain_context_unmap(struct domain *d, uint8_t devfn,
> + struct pci_dev *pdev);
> +
> static int domain_context_mapping(struct domain *domain, u8 devfn,
> struct pci_dev *pdev)
> {
> @@ -1505,16 +1511,21 @@ static int domain_context_mapping(struct
> if ( ret )
> break;
>
> - if ( find_upstream_bridge(seg, &bus, &devfn, &secbus) < 1 )
> - break;
> + if ( (ret = find_upstream_bridge(seg, &bus, &devfn, &secbus)) < 1 )
> + {
> + if ( !ret )
> + break;
> + ret = -ENXIO;
> + }
>
> /*
> * Mapping a bridge should, if anything, pass the struct pci_dev of
> * that bridge. Since bridges don't normally get assigned to guests,
> * their owner would be the wrong one. Pass NULL instead.
> */
> - ret = domain_context_mapping_one(domain, drhd->iommu, bus, devfn,
> - NULL);
> + if ( ret >= 0 )
> + ret = domain_context_mapping_one(domain, drhd->iommu, bus,
> devfn,
> + NULL);
>
> /*
> * Devices behind PCIe-to-PCI/PCIx bridge may generate different
> @@ -1531,6 +1542,9 @@ static int domain_context_mapping(struct
> ret = domain_context_mapping_one(domain, drhd->iommu, secbus,
> 0,
> NULL);
>
> + if ( ret )
> + domain_context_unmap(domain, devfn, pdev);
> +
> break;
>
> default:
> @@ -1609,6 +1623,19 @@ int domain_context_unmap_one(
> if ( !iommu->drhd->segment && !rc )
> rc = me_wifi_quirk(domain, bus, devfn, UNMAP_ME_PHANTOM_FUNC);
>
> + if ( rc && !is_hardware_domain(domain) && domain != dom_io )
> + {
> + if ( domain->is_dying )
> + {
> + printk(XENLOG_ERR "%pd: error %d
> unmapping %04x:%02x:%02x.%u\n",
> + domain, rc, iommu->drhd->segment, bus,
> + PCI_SLOT(devfn), PCI_FUNC(devfn));
> + rc = 0; /* Make upper layers continue in a best effort manner. */
> + }
> + else
> + domain_crash(domain);
> + }
> +
> return rc;
> }
>
> @@ -1661,17 +1688,29 @@ static int domain_context_unmap(struct d
>
> tmp_bus = bus;
> tmp_devfn = devfn;
> - if ( find_upstream_bridge(seg, &tmp_bus, &tmp_devfn, &secbus) < 1 )
> + if ( (ret = find_upstream_bridge(seg, &tmp_bus, &tmp_devfn,
> + &secbus)) < 1 )
> + {
> + if ( ret )
> + {
> + ret = -ENXIO;
> + if ( !domain->is_dying &&
> + !is_hardware_domain(domain) && domain != dom_io )
> + {
> + domain_crash(domain);
> + /* Make upper layers continue in a best effort manner. */
> + ret = 0;
> + }
> + }
> break;
> + }
>
> /* PCIe to PCI/PCIx bridge */
> if ( pdev_type(seg, tmp_bus, tmp_devfn) ==
> DEV_TYPE_PCIe2PCI_BRIDGE )
> {
> ret = domain_context_unmap_one(domain, iommu, tmp_bus,
> tmp_devfn);
> - if ( ret )
> - return ret;
> -
> - ret = domain_context_unmap_one(domain, iommu, secbus, 0);
> + if ( !ret )
> + ret = domain_context_unmap_one(domain, iommu, secbus, 0);
> }
> else /* Legacy PCI bridge */
> ret = domain_context_unmap_one(domain, iommu, tmp_bus,
> tmp_devfn);
next prev parent reply other threads:[~2021-06-24 5:14 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-09 9:25 [PATCH 0/9] IOMMU: XSA-373 follow-on Jan Beulich
2021-06-09 9:26 ` [PATCH 1/9] AMD/IOMMU: redo awaiting of command completion Jan Beulich
2021-06-09 10:36 ` Andrew Cooper
2021-06-09 12:08 ` Jan Beulich
2021-06-09 12:33 ` Andrew Cooper
2021-06-09 12:51 ` Jan Beulich
2021-06-10 12:24 ` Jan Beulich
2021-06-09 9:27 ` [PATCH 2/9] AMD/IOMMU: re-work locking around sending of commands Jan Beulich
2021-06-09 10:53 ` Andrew Cooper
2021-06-09 12:22 ` Jan Beulich
2021-06-10 11:58 ` Jan Beulich
2021-06-10 12:53 ` Jan Beulich
2021-06-09 9:27 ` [PATCH 3/9] VT-d: undo device mappings upon error Jan Beulich
2021-06-24 5:13 ` Tian, Kevin [this message]
2021-06-09 9:28 ` [PATCH 4/9] VT-d: adjust domid map updating when unmapping context Jan Beulich
2021-06-24 5:21 ` Tian, Kevin
2021-06-09 9:28 ` [PATCH 5/9] VT-d: clear_fault_bits() should clear all fault bits Jan Beulich
2021-06-24 5:26 ` Tian, Kevin
2021-06-09 9:29 ` [PATCH 6/9] VT-d: don't lose errors when flushing TLBs on multiple IOMMUs Jan Beulich
2021-06-24 5:28 ` Tian, Kevin
2021-06-09 9:29 ` [PATCH 7/9] VT-d: centralize mapping of QI entries Jan Beulich
2021-06-24 5:31 ` Tian, Kevin
2021-06-09 9:29 ` [PATCH 8/9] VT-d: drop/move a few QI related constants Jan Beulich
2021-06-24 5:32 ` Tian, Kevin
2021-06-09 9:30 ` [PATCH 9/9] IOMMU/PCI: don't let domain cleanup continue when device de-assignment failed Jan Beulich
2021-06-24 15:34 ` Paul Durrant
2021-06-23 6:51 ` Ping: [PATCH 0/9] IOMMU: XSA-373 follow-on Jan Beulich
2021-06-23 6:58 ` Tian, Kevin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MWHPR11MB18866D57EB9E61A2F43D5A8D8C079@MWHPR11MB1886.namprd11.prod.outlook.com \
--to=kevin.tian@intel.com \
--cc=andrew.cooper3@citrix.com \
--cc=jbeulich@suse.com \
--cc=paul@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.