* Re: [PATCH] iommu/amd: Enhance def_domain_type to handle untrusted device
2024-04-19 11:47 [PATCH] iommu/amd: Enhance def_domain_type to handle untrusted device Vasant Hegde
@ 2024-04-19 12:12 ` Jason Gunthorpe
2024-04-19 15:24 ` Deucher, Alexander
` (2 subsequent siblings)
3 siblings, 0 replies; 7+ messages in thread
From: Jason Gunthorpe @ 2024-04-19 12:12 UTC (permalink / raw)
To: Vasant Hegde
Cc: iommu, joro, suravee.suthikulpanit, alexander.deucher,
Eric Wagner, Robin Murphy, stable
On Fri, Apr 19, 2024 at 11:47:15AM +0000, Vasant Hegde wrote:
> Previously, IOMMU core layer was forcing IOMMU_DOMAIN_DMA domain for
> untrusted device. This always took precedence over driver's
> def_domain_type(). Commit 59ddce4418da ("iommu: Reorganize
> iommu_get_default_domain_type() to respect def_domain_type()") changed
> the behaviour. Current code calls def_domain_type() but if it doesn't
> return IOMMU_DOMAIN_DMA for untrusted device it throws error. This
> results in IOMMU group (and potentially IOMMU itself) in undetermined
> sstate.
>
> This patch adds untrusted check in AMD IOMMU driver code. So that it
> lets eGPUs behind Thunderbolt work again.
>
> Fine tuning amd_iommu_def_domain_type() will be done later.
As long as this is done, and with the commitment that identity rid
with pasid will be eventually supported as well
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Jason
^ permalink raw reply [flat|nested] 7+ messages in thread
* RE: [PATCH] iommu/amd: Enhance def_domain_type to handle untrusted device
2024-04-19 11:47 [PATCH] iommu/amd: Enhance def_domain_type to handle untrusted device Vasant Hegde
2024-04-19 12:12 ` Jason Gunthorpe
@ 2024-04-19 15:24 ` Deucher, Alexander
2024-04-23 10:11 ` Vasant Hegde
2024-04-19 18:14 ` Eric Wagner
2024-04-21 1:45 ` Baolu Lu
3 siblings, 1 reply; 7+ messages in thread
From: Deucher, Alexander @ 2024-04-19 15:24 UTC (permalink / raw)
To: Hegde, Vasant, iommu, joro
Cc: Suthikulpanit, Suravee, Eric Wagner, Robin Murphy,
Jason Gunthorpe, stable
[Public]
> -----Original Message-----
> From: Hegde, Vasant <Vasant.Hegde@amd.com>
> Sent: Friday, April 19, 2024 7:47 AM
> To: iommu@lists.linux.dev; joro@8bytes.org
> Cc: Suthikulpanit, Suravee <Suravee.Suthikulpanit@amd.com>; Deucher,
> Alexander <Alexander.Deucher@amd.com>; Hegde, Vasant
> <Vasant.Hegde@amd.com>; Eric Wagner <ewagner12@gmail.com>; Robin
> Murphy <robin.murphy@arm.com>; Jason Gunthorpe <jgg@ziepe.ca>;
> stable@kernel.org
> Subject: [PATCH] iommu/amd: Enhance def_domain_type to handle
> untrusted device
>
> Previously, IOMMU core layer was forcing IOMMU_DOMAIN_DMA domain
> for untrusted device. This always took precedence over driver's
> def_domain_type(). Commit 59ddce4418da ("iommu: Reorganize
> iommu_get_default_domain_type() to respect def_domain_type()") changed
> the behaviour. Current code calls def_domain_type() but if it doesn't return
> IOMMU_DOMAIN_DMA for untrusted device it throws error. This results in
> IOMMU group (and potentially IOMMU itself) in undetermined sstate.
>
> This patch adds untrusted check in AMD IOMMU driver code. So that it lets
> eGPUs behind Thunderbolt work again.
>
> Fine tuning amd_iommu_def_domain_type() will be done later.
>
> Reported-by: Eric Wagner <ewagner12@gmail.com>
> Link: https://lore.kernel.org/linux-iommu/CAHudX3zLH6CsRmLE-yb+gRjhh-
> v4bU5_1jW_xCcxOo_oUUZKYg@mail.gmail.com
> Fixes: 59ddce4418da ("iommu: Reorganize
> iommu_get_default_domain_type() to respect def_domain_type()")
> Cc: Robin Murphy <robin.murphy@arm.com>
> Cc: Jason Gunthorpe <jgg@ziepe.ca>
> Cc: stable@kernel.org # v6.7+
> Signed-off-by: Vasant Hegde <vasant.hegde@amd.com>
Assuming it fixes the issue, please add:
Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3182
Alex
> ---
> @Eric,
> Can you please test this patch?
>
> -Vasant
>
> drivers/iommu/amd/iommu.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c
> index e692217fcb28..e405714640b0 100644
> --- a/drivers/iommu/amd/iommu.c
> +++ b/drivers/iommu/amd/iommu.c
> @@ -2754,6 +2754,10 @@ static int amd_iommu_def_domain_type(struct
> device *dev)
> if (!dev_data)
> return 0;
>
> + /* Always use DMA domain for untrusted device */
> + if (to_pci_dev(dev)->untrusted)
> + return IOMMU_DOMAIN_DMA;
> +
> /*
> * Do not identity map IOMMUv2 capable devices when:
> * - memory encryption is active, because some of those devices
> --
> 2.31.1
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] iommu/amd: Enhance def_domain_type to handle untrusted device
2024-04-19 15:24 ` Deucher, Alexander
@ 2024-04-23 10:11 ` Vasant Hegde
0 siblings, 0 replies; 7+ messages in thread
From: Vasant Hegde @ 2024-04-23 10:11 UTC (permalink / raw)
To: Deucher, Alexander, Hegde, Vasant, iommu, joro
Cc: Suthikulpanit, Suravee, Eric Wagner, Robin Murphy,
Jason Gunthorpe, stable
Alex,
On 4/19/2024 8:54 PM, Deucher, Alexander wrote:
> [Public]
>
>> -----Original Message-----
>> From: Hegde, Vasant <Vasant.Hegde@amd.com>
>> Sent: Friday, April 19, 2024 7:47 AM
>> To: iommu@lists.linux.dev; joro@8bytes.org
>> Cc: Suthikulpanit, Suravee <Suravee.Suthikulpanit@amd.com>; Deucher,
>> Alexander <Alexander.Deucher@amd.com>; Hegde, Vasant
>> <Vasant.Hegde@amd.com>; Eric Wagner <ewagner12@gmail.com>; Robin
>> Murphy <robin.murphy@arm.com>; Jason Gunthorpe <jgg@ziepe.ca>;
>> stable@kernel.org
>> Subject: [PATCH] iommu/amd: Enhance def_domain_type to handle
>> untrusted device
>>
>> Previously, IOMMU core layer was forcing IOMMU_DOMAIN_DMA domain
>> for untrusted device. This always took precedence over driver's
>> def_domain_type(). Commit 59ddce4418da ("iommu: Reorganize
>> iommu_get_default_domain_type() to respect def_domain_type()") changed
>> the behaviour. Current code calls def_domain_type() but if it doesn't return
>> IOMMU_DOMAIN_DMA for untrusted device it throws error. This results in
>> IOMMU group (and potentially IOMMU itself) in undetermined sstate.
>>
>> This patch adds untrusted check in AMD IOMMU driver code. So that it lets
>> eGPUs behind Thunderbolt work again.
>>
>> Fine tuning amd_iommu_def_domain_type() will be done later.
>>
>> Reported-by: Eric Wagner <ewagner12@gmail.com>
>> Link: https://lore.kernel.org/linux-iommu/CAHudX3zLH6CsRmLE-yb+gRjhh-
>> v4bU5_1jW_xCcxOo_oUUZKYg@mail.gmail.com
>> Fixes: 59ddce4418da ("iommu: Reorganize
>> iommu_get_default_domain_type() to respect def_domain_type()")
>> Cc: Robin Murphy <robin.murphy@arm.com>
>> Cc: Jason Gunthorpe <jgg@ziepe.ca>
>> Cc: stable@kernel.org # v6.7+
>> Signed-off-by: Vasant Hegde <vasant.hegde@amd.com>
>
> Assuming it fixes the issue, please add:
> Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3182
Sure. Will add it in v2.
-Vasant
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] iommu/amd: Enhance def_domain_type to handle untrusted device
2024-04-19 11:47 [PATCH] iommu/amd: Enhance def_domain_type to handle untrusted device Vasant Hegde
2024-04-19 12:12 ` Jason Gunthorpe
2024-04-19 15:24 ` Deucher, Alexander
@ 2024-04-19 18:14 ` Eric Wagner
2024-04-21 1:45 ` Baolu Lu
3 siblings, 0 replies; 7+ messages in thread
From: Eric Wagner @ 2024-04-19 18:14 UTC (permalink / raw)
To: Vasant Hegde
Cc: iommu, joro, suravee.suthikulpanit, alexander.deucher,
Robin Murphy, Jason Gunthorpe, stable
On Fri, Apr 19, 2024 at 7:47 AM Vasant Hegde <vasant.hegde@amd.com> wrote:
>
> Previously, IOMMU core layer was forcing IOMMU_DOMAIN_DMA domain for
> untrusted device. This always took precedence over driver's
> def_domain_type(). Commit 59ddce4418da ("iommu: Reorganize
> iommu_get_default_domain_type() to respect def_domain_type()") changed
> the behaviour. Current code calls def_domain_type() but if it doesn't
> return IOMMU_DOMAIN_DMA for untrusted device it throws error. This
> results in IOMMU group (and potentially IOMMU itself) in undetermined
> sstate.
>
> This patch adds untrusted check in AMD IOMMU driver code. So that it
> lets eGPUs behind Thunderbolt work again.
>
> Fine tuning amd_iommu_def_domain_type() will be done later.
>
> Reported-by: Eric Wagner <ewagner12@gmail.com>
> Link: https://lore.kernel.org/linux-iommu/CAHudX3zLH6CsRmLE-yb+gRjhh-v4bU5_1jW_xCcxOo_oUUZKYg@mail.gmail.com
> Fixes: 59ddce4418da ("iommu: Reorganize iommu_get_default_domain_type() to respect def_domain_type()")
> Cc: Robin Murphy <robin.murphy@arm.com>
> Cc: Jason Gunthorpe <jgg@ziepe.ca>
> Cc: stable@kernel.org # v6.7+
> Signed-off-by: Vasant Hegde <vasant.hegde@amd.com>
> ---
> @Eric,
> Can you please test this patch?
>
> -Vasant
>
> drivers/iommu/amd/iommu.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c
> index e692217fcb28..e405714640b0 100644
> --- a/drivers/iommu/amd/iommu.c
> +++ b/drivers/iommu/amd/iommu.c
> @@ -2754,6 +2754,10 @@ static int amd_iommu_def_domain_type(struct device *dev)
> if (!dev_data)
> return 0;
>
> + /* Always use DMA domain for untrusted device */
> + if (to_pci_dev(dev)->untrusted)
> + return IOMMU_DOMAIN_DMA;
> +
> /*
> * Do not identity map IOMMUv2 capable devices when:
> * - memory encryption is active, because some of those devices
> --
> 2.31.1
>
Tested the patch and confirmed it fixes the reported issue for me.
Tested-by: Eric Wagner <ewagner12@gmail.com>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] iommu/amd: Enhance def_domain_type to handle untrusted device
2024-04-19 11:47 [PATCH] iommu/amd: Enhance def_domain_type to handle untrusted device Vasant Hegde
` (2 preceding siblings ...)
2024-04-19 18:14 ` Eric Wagner
@ 2024-04-21 1:45 ` Baolu Lu
2024-04-23 10:10 ` Vasant Hegde
3 siblings, 1 reply; 7+ messages in thread
From: Baolu Lu @ 2024-04-21 1:45 UTC (permalink / raw)
To: Vasant Hegde, iommu, joro
Cc: baolu.lu, suravee.suthikulpanit, alexander.deucher, Eric Wagner,
Robin Murphy, Jason Gunthorpe, stable
On 2024/4/19 19:47, Vasant Hegde wrote:
> Previously, IOMMU core layer was forcing IOMMU_DOMAIN_DMA domain for
> untrusted device. This always took precedence over driver's
> def_domain_type(). Commit 59ddce4418da ("iommu: Reorganize
> iommu_get_default_domain_type() to respect def_domain_type()") changed
> the behaviour. Current code calls def_domain_type() but if it doesn't
> return IOMMU_DOMAIN_DMA for untrusted device it throws error. This
> results in IOMMU group (and potentially IOMMU itself) in undetermined
> sstate.
>
> This patch adds untrusted check in AMD IOMMU driver code. So that it
> lets eGPUs behind Thunderbolt work again.
>
> Fine tuning amd_iommu_def_domain_type() will be done later.
>
> Reported-by: Eric Wagner<ewagner12@gmail.com>
> Link:https://lore.kernel.org/linux-iommu/CAHudX3zLH6CsRmLE-yb+gRjhh-v4bU5_1jW_xCcxOo_oUUZKYg@mail.gmail.com
> Fixes: 59ddce4418da ("iommu: Reorganize iommu_get_default_domain_type() to respect def_domain_type()")
> Cc: Robin Murphy<robin.murphy@arm.com>
> Cc: Jason Gunthorpe<jgg@ziepe.ca>
> Cc:stable@kernel.org # v6.7+
> Signed-off-by: Vasant Hegde<vasant.hegde@amd.com>
> ---
> @Eric,
> Can you please test this patch?
>
> -Vasant
>
> drivers/iommu/amd/iommu.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c
> index e692217fcb28..e405714640b0 100644
> --- a/drivers/iommu/amd/iommu.c
> +++ b/drivers/iommu/amd/iommu.c
> @@ -2754,6 +2754,10 @@ static int amd_iommu_def_domain_type(struct device *dev)
> if (!dev_data)
> return 0;
>
> + /* Always use DMA domain for untrusted device */
> + if (to_pci_dev(dev)->untrusted)
> + return IOMMU_DOMAIN_DMA;
Are you sure that dev always represents a pci device? If not, perhaps
here it needs a dev_is_pci() check?
Best regards,
baolu
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] iommu/amd: Enhance def_domain_type to handle untrusted device
2024-04-21 1:45 ` Baolu Lu
@ 2024-04-23 10:10 ` Vasant Hegde
0 siblings, 0 replies; 7+ messages in thread
From: Vasant Hegde @ 2024-04-23 10:10 UTC (permalink / raw)
To: Baolu Lu, Vasant Hegde, iommu, joro
Cc: suravee.suthikulpanit, alexander.deucher, Eric Wagner,
Robin Murphy, Jason Gunthorpe, stable
Hi,
On 4/21/2024 7:15 AM, Baolu Lu wrote:
> On 2024/4/19 19:47, Vasant Hegde wrote:
>> Previously, IOMMU core layer was forcing IOMMU_DOMAIN_DMA domain for
>> untrusted device. This always took precedence over driver's
>> def_domain_type(). Commit 59ddce4418da ("iommu: Reorganize
>> iommu_get_default_domain_type() to respect def_domain_type()") changed
>> the behaviour. Current code calls def_domain_type() but if it doesn't
>> return IOMMU_DOMAIN_DMA for untrusted device it throws error. This
>> results in IOMMU group (and potentially IOMMU itself) in undetermined
>> sstate.
>>
>> This patch adds untrusted check in AMD IOMMU driver code. So that it
>> lets eGPUs behind Thunderbolt work again.
>>
>> Fine tuning amd_iommu_def_domain_type() will be done later.
>>
>> Reported-by: Eric Wagner<ewagner12@gmail.com>
>> Link:https://lore.kernel.org/linux-iommu/CAHudX3zLH6CsRmLE-yb+gRjhh-v4bU5_1jW_xCcxOo_oUUZKYg@mail.gmail.com
>> Fixes: 59ddce4418da ("iommu: Reorganize iommu_get_default_domain_type() to
>> respect def_domain_type()")
>> Cc: Robin Murphy<robin.murphy@arm.com>
>> Cc: Jason Gunthorpe<jgg@ziepe.ca>
>> Cc:stable@kernel.org # v6.7+
>> Signed-off-by: Vasant Hegde<vasant.hegde@amd.com>
>> ---
>> @Eric,
>> Can you please test this patch?
>>
>> -Vasant
>>
>> drivers/iommu/amd/iommu.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c
>> index e692217fcb28..e405714640b0 100644
>> --- a/drivers/iommu/amd/iommu.c
>> +++ b/drivers/iommu/amd/iommu.c
>> @@ -2754,6 +2754,10 @@ static int amd_iommu_def_domain_type(struct device *dev)
>> if (!dev_data)
>> return 0;
>> + /* Always use DMA domain for untrusted device */
>> + if (to_pci_dev(dev)->untrusted)
>> + return IOMMU_DOMAIN_DMA;
>
> Are you sure that dev always represents a pci device? If not, perhaps
> here it needs a dev_is_pci() check?
You are right. I need to add check to verify whether its PCI device or not.
-Vasant
^ permalink raw reply [flat|nested] 7+ messages in thread