* [PATCH] Request backport of a vfio patch for 5.4 stable
@ 2021-01-11 17:31 Matthew Rosato
2021-01-11 17:31 ` [PATCH] vfio iommu: Add dma available capability Matthew Rosato
2021-01-13 17:51 ` [PATCH] Request backport of a vfio patch for 5.4 stable Sasha Levin
0 siblings, 2 replies; 3+ messages in thread
From: Matthew Rosato @ 2021-01-11 17:31 UTC (permalink / raw)
To: stable; +Cc: alex.williamson, cohuck
Upstream commit 7d6e1329652e ("vfio iommu: Add dma available capability")
should probably have been identified as a stable candidate originally, as
without this available in a KVM host QEMU guests on at least s390x can
end up with broken PCI passthrough devices, as the guest is unaware of the
vfio DMA limit and can easily overrun it.
The commit in question won't fit cleanly to 5.4, so I've included a
proposed backport patch.
Matthew Rosato (1):
vfio iommu: Add dma available capability
drivers/vfio/vfio_iommu_type1.c | 22 ++++++++++++++++++++++
include/uapi/linux/vfio.h | 15 +++++++++++++++
2 files changed, 37 insertions(+)
--
1.8.3.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH] vfio iommu: Add dma available capability
2021-01-11 17:31 [PATCH] Request backport of a vfio patch for 5.4 stable Matthew Rosato
@ 2021-01-11 17:31 ` Matthew Rosato
2021-01-13 17:51 ` [PATCH] Request backport of a vfio patch for 5.4 stable Sasha Levin
1 sibling, 0 replies; 3+ messages in thread
From: Matthew Rosato @ 2021-01-11 17:31 UTC (permalink / raw)
To: stable; +Cc: alex.williamson, cohuck
[ Upstream commit 7d6e1329652ed971d1b6e0e7bea66fba5044e271 ]
The following functional changes were needed for backport:
- vfio_iommu_type1_get_info doesn't exist, call
vfio_iommu_dma_avail_build_caps from vfio_iommu_type1_ioctl.
- As further fallout from this, vfio_iommu_dma_avail_build_caps must
acquire and release the iommu mutex lock. To do so, the return value is
stored in a local variable as in vfio_iommu_iova_build_caps.
Upstream commit description:
Commit 492855939bdb ("vfio/type1: Limit DMA mappings per container")
added the ability to limit the number of memory backed DMA mappings.
However on s390x, when lazy mapping is in use, we use a very large
number of concurrent mappings. Let's provide the current allowable
number of DMA mappings to userspace via the IOMMU info chain so that
userspace can take appropriate mitigation.
Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
---
drivers/vfio/vfio_iommu_type1.c | 22 ++++++++++++++++++++++
include/uapi/linux/vfio.h | 15 +++++++++++++++
2 files changed, 37 insertions(+)
diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 3b31e83..bc6ba41 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -2303,6 +2303,24 @@ static int vfio_iommu_iova_build_caps(struct vfio_iommu *iommu,
return ret;
}
+static int vfio_iommu_dma_avail_build_caps(struct vfio_iommu *iommu,
+ struct vfio_info_cap *caps)
+{
+ struct vfio_iommu_type1_info_dma_avail cap_dma_avail;
+ int ret;
+
+ mutex_lock(&iommu->lock);
+ cap_dma_avail.header.id = VFIO_IOMMU_TYPE1_INFO_DMA_AVAIL;
+ cap_dma_avail.header.version = 1;
+
+ cap_dma_avail.avail = iommu->dma_avail;
+
+ ret = vfio_info_add_capability(caps, &cap_dma_avail.header,
+ sizeof(cap_dma_avail));
+ mutex_unlock(&iommu->lock);
+ return ret;
+}
+
static long vfio_iommu_type1_ioctl(void *iommu_data,
unsigned int cmd, unsigned long arg)
{
@@ -2349,6 +2367,10 @@ static long vfio_iommu_type1_ioctl(void *iommu_data,
info.iova_pgsizes = vfio_pgsize_bitmap(iommu);
ret = vfio_iommu_iova_build_caps(iommu, &caps);
+
+ if (!ret)
+ ret = vfio_iommu_dma_avail_build_caps(iommu, &caps);
+
if (ret)
return ret;
diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h
index 9e843a1..cabc931 100644
--- a/include/uapi/linux/vfio.h
+++ b/include/uapi/linux/vfio.h
@@ -748,6 +748,21 @@ struct vfio_iommu_type1_info_cap_iova_range {
struct vfio_iova_range iova_ranges[];
};
+/*
+ * The DMA available capability allows to report the current number of
+ * simultaneously outstanding DMA mappings that are allowed.
+ *
+ * The structure below defines version 1 of this capability.
+ *
+ * avail: specifies the current number of outstanding DMA mappings allowed.
+ */
+#define VFIO_IOMMU_TYPE1_INFO_DMA_AVAIL 3
+
+struct vfio_iommu_type1_info_dma_avail {
+ struct vfio_info_cap_header header;
+ __u32 avail;
+};
+
#define VFIO_IOMMU_GET_INFO _IO(VFIO_TYPE, VFIO_BASE + 12)
/**
--
1.8.3.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] Request backport of a vfio patch for 5.4 stable
2021-01-11 17:31 [PATCH] Request backport of a vfio patch for 5.4 stable Matthew Rosato
2021-01-11 17:31 ` [PATCH] vfio iommu: Add dma available capability Matthew Rosato
@ 2021-01-13 17:51 ` Sasha Levin
1 sibling, 0 replies; 3+ messages in thread
From: Sasha Levin @ 2021-01-13 17:51 UTC (permalink / raw)
To: Matthew Rosato; +Cc: stable, alex.williamson, cohuck
On Mon, Jan 11, 2021 at 12:31:27PM -0500, Matthew Rosato wrote:
>Upstream commit 7d6e1329652e ("vfio iommu: Add dma available capability")
>should probably have been identified as a stable candidate originally, as
>without this available in a KVM host QEMU guests on at least s390x can
>end up with broken PCI passthrough devices, as the guest is unaware of the
>vfio DMA limit and can easily overrun it.
>
>The commit in question won't fit cleanly to 5.4, so I've included a
>proposed backport patch.
Queued up, thanks!
--
Thanks,
Sasha
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-01-13 17:52 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-11 17:31 [PATCH] Request backport of a vfio patch for 5.4 stable Matthew Rosato
2021-01-11 17:31 ` [PATCH] vfio iommu: Add dma available capability Matthew Rosato
2021-01-13 17:51 ` [PATCH] Request backport of a vfio patch for 5.4 stable Sasha Levin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.