From: Auger Eric <eric.auger@redhat.com> To: Tomasz Nowicki <tn@semihalf.com>, eric.auger.pro@gmail.com, christoffer.dall@linaro.org, marc.zyngier@arm.com, robin.murphy@arm.com, alex.williamson@redhat.com, will.deacon@arm.com, joro@8bytes.org, tglx@linutronix.de, jason@lakedaemon.net, linux-arm-kernel@lists.infradead.org Cc: drjones@redhat.com, kvm@vger.kernel.org, punit.agrawal@arm.com, linux-kernel@vger.kernel.org, geethasowjanya.akula@gmail.com, diana.craciun@nxp.com, iommu@lists.linux-foundation.org, pranav.sawargaonkar@gmail.com, bharat.bhushan@nxp.com, shankerd@codeaurora.org, gpkulkarni@gmail.com Subject: Re: [PATCH v8 14/18] irqdomain: irq_domain_check_msi_remap Date: Tue, 17 Jan 2017 14:53:50 +0100 [thread overview] Message-ID: <f5aacc54-ca8e-cb09-461a-6105346b18b9@redhat.com> (raw) In-Reply-To: <8db94e75-7939-c6da-2101-cfa73827c16c@semihalf.com> Hi Tomasz, On 17/01/2017 14:40, Tomasz Nowicki wrote: > On 11.01.2017 10:41, Eric Auger wrote: >> This new function checks whether all MSI irq domains >> implement IRQ remapping. This is useful to understand >> whether VFIO passthrough is safe with respect to interrupts. >> >> On ARM typically an MSI controller can sit downstream >> to the IOMMU without preventing VFIO passthrough. >> As such any assigned device can write into the MSI doorbell. >> In case the MSI controller implements IRQ remapping, assigned >> devices will not be able to trigger interrupts towards the >> host. On the contrary, the assignment must be emphasized as >> unsafe with respect to interrupts. >> >> Signed-off-by: Eric Auger <eric.auger@redhat.com> >> Reviewed-by: Marc Zyngier <marc.zyngier@arm.com> >> >> --- >> v7 -> v8: >> - remove goto in irq_domain_check_msi_remap >> - Added Marc's R-b >> >> v5 -> v6: >> - use irq_domain_hierarchical_is_msi_remap() >> - comment rewording >> >> v4 -> v5: >> - Handle DOMAIN_BUS_FSL_MC_MSI domains >> - Check parents >> --- >> include/linux/irqdomain.h | 1 + >> kernel/irq/irqdomain.c | 22 ++++++++++++++++++++++ >> 2 files changed, 23 insertions(+) >> >> diff --git a/include/linux/irqdomain.h b/include/linux/irqdomain.h >> index bc2f571..188eced 100644 >> --- a/include/linux/irqdomain.h >> +++ b/include/linux/irqdomain.h >> @@ -222,6 +222,7 @@ struct irq_domain *irq_domain_add_legacy(struct >> device_node *of_node, >> void *host_data); >> extern struct irq_domain *irq_find_matching_fwspec(struct irq_fwspec >> *fwspec, >> enum irq_domain_bus_token bus_token); >> +extern bool irq_domain_check_msi_remap(void); >> extern void irq_set_default_host(struct irq_domain *host); >> extern int irq_domain_alloc_descs(int virq, unsigned int nr_irqs, >> irq_hw_number_t hwirq, int node, >> diff --git a/kernel/irq/irqdomain.c b/kernel/irq/irqdomain.c >> index 876e131..d889751 100644 >> --- a/kernel/irq/irqdomain.c >> +++ b/kernel/irq/irqdomain.c >> @@ -278,6 +278,28 @@ struct irq_domain >> *irq_find_matching_fwspec(struct irq_fwspec *fwspec, >> EXPORT_SYMBOL_GPL(irq_find_matching_fwspec); >> >> /** >> + * irq_domain_check_msi_remap - Check whether all MSI >> + * irq domains implement IRQ remapping >> + */ >> +bool irq_domain_check_msi_remap(void) >> +{ >> + struct irq_domain *h; >> + bool ret = true; >> + >> + mutex_lock(&irq_domain_mutex); >> + list_for_each_entry(h, &irq_domain_list, link) { >> + if (irq_domain_is_msi(h) && >> + !irq_domain_hierarchical_is_msi_remap(h)) { >> + ret = false; >> + break; >> + } >> + } >> + mutex_unlock(&irq_domain_mutex); >> + return ret; >> +} > > Above function returns true, even though there is no MSI irq domains. Is > it intentional ? >From the VFIO integration point of view this is what we want. If there is no MSI controller in the system, we have no vulnerability with respect to IRQ assignment and we consider the system as safe. If requested I can add a comment? Thanks Eric > > Thanks, > Tomasz
WARNING: multiple messages have this Message-ID (diff)
From: eric.auger@redhat.com (Auger Eric) To: linux-arm-kernel@lists.infradead.org Subject: [PATCH v8 14/18] irqdomain: irq_domain_check_msi_remap Date: Tue, 17 Jan 2017 14:53:50 +0100 [thread overview] Message-ID: <f5aacc54-ca8e-cb09-461a-6105346b18b9@redhat.com> (raw) In-Reply-To: <8db94e75-7939-c6da-2101-cfa73827c16c@semihalf.com> Hi Tomasz, On 17/01/2017 14:40, Tomasz Nowicki wrote: > On 11.01.2017 10:41, Eric Auger wrote: >> This new function checks whether all MSI irq domains >> implement IRQ remapping. This is useful to understand >> whether VFIO passthrough is safe with respect to interrupts. >> >> On ARM typically an MSI controller can sit downstream >> to the IOMMU without preventing VFIO passthrough. >> As such any assigned device can write into the MSI doorbell. >> In case the MSI controller implements IRQ remapping, assigned >> devices will not be able to trigger interrupts towards the >> host. On the contrary, the assignment must be emphasized as >> unsafe with respect to interrupts. >> >> Signed-off-by: Eric Auger <eric.auger@redhat.com> >> Reviewed-by: Marc Zyngier <marc.zyngier@arm.com> >> >> --- >> v7 -> v8: >> - remove goto in irq_domain_check_msi_remap >> - Added Marc's R-b >> >> v5 -> v6: >> - use irq_domain_hierarchical_is_msi_remap() >> - comment rewording >> >> v4 -> v5: >> - Handle DOMAIN_BUS_FSL_MC_MSI domains >> - Check parents >> --- >> include/linux/irqdomain.h | 1 + >> kernel/irq/irqdomain.c | 22 ++++++++++++++++++++++ >> 2 files changed, 23 insertions(+) >> >> diff --git a/include/linux/irqdomain.h b/include/linux/irqdomain.h >> index bc2f571..188eced 100644 >> --- a/include/linux/irqdomain.h >> +++ b/include/linux/irqdomain.h >> @@ -222,6 +222,7 @@ struct irq_domain *irq_domain_add_legacy(struct >> device_node *of_node, >> void *host_data); >> extern struct irq_domain *irq_find_matching_fwspec(struct irq_fwspec >> *fwspec, >> enum irq_domain_bus_token bus_token); >> +extern bool irq_domain_check_msi_remap(void); >> extern void irq_set_default_host(struct irq_domain *host); >> extern int irq_domain_alloc_descs(int virq, unsigned int nr_irqs, >> irq_hw_number_t hwirq, int node, >> diff --git a/kernel/irq/irqdomain.c b/kernel/irq/irqdomain.c >> index 876e131..d889751 100644 >> --- a/kernel/irq/irqdomain.c >> +++ b/kernel/irq/irqdomain.c >> @@ -278,6 +278,28 @@ struct irq_domain >> *irq_find_matching_fwspec(struct irq_fwspec *fwspec, >> EXPORT_SYMBOL_GPL(irq_find_matching_fwspec); >> >> /** >> + * irq_domain_check_msi_remap - Check whether all MSI >> + * irq domains implement IRQ remapping >> + */ >> +bool irq_domain_check_msi_remap(void) >> +{ >> + struct irq_domain *h; >> + bool ret = true; >> + >> + mutex_lock(&irq_domain_mutex); >> + list_for_each_entry(h, &irq_domain_list, link) { >> + if (irq_domain_is_msi(h) && >> + !irq_domain_hierarchical_is_msi_remap(h)) { >> + ret = false; >> + break; >> + } >> + } >> + mutex_unlock(&irq_domain_mutex); >> + return ret; >> +} > > Above function returns true, even though there is no MSI irq domains. Is > it intentional ? >From the VFIO integration point of view this is what we want. If there is no MSI controller in the system, we have no vulnerability with respect to IRQ assignment and we consider the system as safe. If requested I can add a comment? Thanks Eric > > Thanks, > Tomasz
next prev parent reply other threads:[~2017-01-17 13:53 UTC|newest] Thread overview: 125+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-01-11 9:41 [PATCH v8 00/18] KVM PCIe/MSI passthrough on ARM/ARM64 and IOVA reserved regions Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` [PATCH v8 01/18] iommu/dma: Allow MSI-only cookies Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-17 11:59 ` Tomasz Nowicki 2017-01-17 11:59 ` Tomasz Nowicki 2017-01-17 11:59 ` Tomasz Nowicki 2017-01-17 11:59 ` Tomasz Nowicki 2017-01-11 9:41 ` [PATCH v8 02/18] iommu: Rename iommu_dm_regions into iommu_resv_regions Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-17 12:08 ` Tomasz Nowicki 2017-01-17 12:08 ` Tomasz Nowicki 2017-01-17 12:08 ` Tomasz Nowicki 2017-01-17 12:08 ` Tomasz Nowicki 2017-01-11 9:41 ` [PATCH v8 03/18] iommu: Add a new type field in iommu_resv_region Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` [PATCH v8 04/18] iommu: iommu_alloc_resv_region Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-17 12:12 ` Tomasz Nowicki 2017-01-17 12:12 ` Tomasz Nowicki 2017-01-17 12:12 ` Tomasz Nowicki 2017-01-17 12:12 ` Tomasz Nowicki 2017-01-11 9:41 ` [PATCH v8 05/18] iommu: Only map direct mapped regions Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-17 12:13 ` Tomasz Nowicki 2017-01-17 12:13 ` Tomasz Nowicki 2017-01-17 12:13 ` Tomasz Nowicki 2017-01-17 12:13 ` Tomasz Nowicki 2017-01-11 9:41 ` [PATCH v8 06/18] iommu: iommu_get_group_resv_regions Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-17 12:14 ` Tomasz Nowicki 2017-01-17 12:14 ` Tomasz Nowicki 2017-01-17 12:14 ` Tomasz Nowicki 2017-01-17 12:14 ` Tomasz Nowicki 2017-01-11 9:41 ` [PATCH v8 07/18] iommu: Implement reserved_regions iommu-group sysfs file Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` [PATCH v8 08/18] iommu/vt-d: Implement reserved region get/put callbacks Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` [PATCH v8 09/18] iommu/amd: Declare MSI and HT regions as reserved IOVA regions Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` [PATCH v8 10/18] iommu/arm-smmu: Implement reserved region get/put callbacks Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-17 13:20 ` Tomasz Nowicki 2017-01-17 13:20 ` Tomasz Nowicki 2017-01-17 13:20 ` Tomasz Nowicki 2017-01-17 13:20 ` Tomasz Nowicki 2017-01-11 9:41 ` [PATCH v8 11/18] iommu/arm-smmu-v3: " Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-17 14:13 ` Tomasz Nowicki 2017-01-17 14:13 ` Tomasz Nowicki 2017-01-17 14:13 ` Tomasz Nowicki 2017-01-17 14:13 ` Tomasz Nowicki 2017-01-11 9:41 ` [PATCH v8 12/18] irqdomain: Add irq domain MSI and MSI_REMAP flags Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-18 8:35 ` Tomasz Nowicki 2017-01-18 8:35 ` Tomasz Nowicki 2017-01-18 8:35 ` Tomasz Nowicki 2017-01-11 9:41 ` [PATCH v8 13/18] genirq/msi: Set IRQ_DOMAIN_FLAG_MSI on MSI domain creation Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-18 8:36 ` Tomasz Nowicki 2017-01-18 8:36 ` Tomasz Nowicki 2017-01-18 8:36 ` Tomasz Nowicki 2017-01-18 8:36 ` Tomasz Nowicki 2017-01-11 9:41 ` [PATCH v8 14/18] irqdomain: irq_domain_check_msi_remap Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-17 13:40 ` Tomasz Nowicki 2017-01-17 13:40 ` Tomasz Nowicki 2017-01-17 13:40 ` Tomasz Nowicki 2017-01-17 13:53 ` Auger Eric [this message] 2017-01-17 13:53 ` Auger Eric 2017-01-17 14:06 ` Tomasz Nowicki 2017-01-17 14:06 ` Tomasz Nowicki 2017-01-17 14:06 ` Tomasz Nowicki 2017-01-17 14:06 ` Tomasz Nowicki 2017-01-18 8:40 ` Tomasz Nowicki 2017-01-18 8:40 ` Tomasz Nowicki 2017-01-18 8:40 ` Tomasz Nowicki 2017-01-11 9:41 ` [PATCH v8 15/18] irqchip/gicv3-its: Sets IRQ_DOMAIN_FLAG_MSI_REMAP Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` [PATCH v8 16/18] vfio/type1: Allow transparent MSI IOVA allocation Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-13 23:04 ` Alex Williamson 2017-01-13 23:04 ` Alex Williamson 2017-01-13 23:04 ` Alex Williamson 2017-01-11 9:41 ` [PATCH v8 17/18] vfio/type1: Check MSI remapping at irq domain level Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-13 23:04 ` Alex Williamson 2017-01-13 23:04 ` Alex Williamson 2017-01-13 23:04 ` Alex Williamson 2017-01-11 9:41 ` [PATCH v8 18/18] iommu/arm-smmu: Do not advertise IOMMU_CAP_INTR_REMAP anymore Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-11 9:41 ` Eric Auger 2017-01-18 11:46 ` Tomasz Nowicki 2017-01-18 11:46 ` Tomasz Nowicki 2017-01-12 3:59 ` [PATCH v8 00/18] KVM PCIe/MSI passthrough on ARM/ARM64 and IOVA reserved regions Bharat Bhushan 2017-01-12 3:59 ` Bharat Bhushan 2017-01-12 3:59 ` Bharat Bhushan 2017-01-12 7:40 ` Auger Eric 2017-01-12 7:40 ` Auger Eric 2017-01-12 7:40 ` Auger Eric 2017-01-13 13:59 ` Tomasz Nowicki 2017-01-13 13:59 ` Tomasz Nowicki 2017-01-13 13:59 ` Tomasz Nowicki 2017-01-16 9:07 ` Auger Eric 2017-01-16 9:07 ` Auger Eric 2017-01-16 9:07 ` Auger Eric 2017-01-18 13:02 ` Auger Eric 2017-01-18 13:02 ` Auger Eric 2017-01-18 13:02 ` Auger Eric
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=f5aacc54-ca8e-cb09-461a-6105346b18b9@redhat.com \ --to=eric.auger@redhat.com \ --cc=alex.williamson@redhat.com \ --cc=bharat.bhushan@nxp.com \ --cc=christoffer.dall@linaro.org \ --cc=diana.craciun@nxp.com \ --cc=drjones@redhat.com \ --cc=eric.auger.pro@gmail.com \ --cc=geethasowjanya.akula@gmail.com \ --cc=gpkulkarni@gmail.com \ --cc=iommu@lists.linux-foundation.org \ --cc=jason@lakedaemon.net \ --cc=joro@8bytes.org \ --cc=kvm@vger.kernel.org \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=marc.zyngier@arm.com \ --cc=pranav.sawargaonkar@gmail.com \ --cc=punit.agrawal@arm.com \ --cc=robin.murphy@arm.com \ --cc=shankerd@codeaurora.org \ --cc=tglx@linutronix.de \ --cc=tn@semihalf.com \ --cc=will.deacon@arm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.