linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Lu Baolu <baolu.lu@linux.intel.com>
To: Joerg Roedel <joro@8bytes.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Bjorn Helgaas <bhelgaas@google.com>
Cc: ashok.raj@intel.com, jacob.jun.pan@intel.com,
	kevin.tian@intel.com, Christoph Hellwig <hch@lst.de>,
	Robin Murphy <robin.murphy@arm.com>,
	iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org,
	Lu Baolu <baolu.lu@linux.intel.com>
Subject: [RFC PATCH 4/4] iommu: Determine default domain type before allocating domain
Date: Wed,  1 Jan 2020 13:26:48 +0800	[thread overview]
Message-ID: <20200101052648.14295-5-baolu.lu@linux.intel.com> (raw)
In-Reply-To: <20200101052648.14295-1-baolu.lu@linux.intel.com>

Determine the default domain type for each group and use it to
allocate the iommu domain.

Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
---
 drivers/iommu/iommu.c | 35 ++++++++++++++++++++++++++++++++---
 1 file changed, 32 insertions(+), 3 deletions(-)

diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
index 716326a2ee5b..fc1df1acbd25 100644
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -43,6 +43,7 @@ struct iommu_group {
 	int id;
 	struct iommu_domain *default_domain;
 	struct iommu_domain *domain;
+	unsigned int def_domain_type;
 };
 
 struct group_device {
@@ -1383,6 +1384,33 @@ static int alloc_iommu_group(struct device *dev, void *data)
 	return 0;
 }
 
+static void get_group_def_domain_type(struct iommu_group *group)
+{
+	struct group_device *tmp = NULL;
+
+	mutex_lock(&group->mutex);
+	list_for_each_entry(tmp, &group->devices, list) {
+		struct device *dev = tmp->dev;
+
+		/*
+		 * If there are any untrusted devices in the group, force
+		 * IOMMU_DOMAIN_DMA to prevent DMA attack from malicious
+		 * devices.
+		 */
+		if (dev_is_pci(dev) && to_pci_dev(dev)->untrusted) {
+			group->def_domain_type = IOMMU_DOMAIN_DMA;
+			break;
+		}
+
+		if (dev->iommu_passthrough)
+			group->def_domain_type = IOMMU_DOMAIN_IDENTITY;
+	}
+	mutex_unlock(&group->mutex);
+
+	if (!group->def_domain_type)
+		group->def_domain_type = iommu_def_domain_type;
+}
+
 /**
  * iommu_group_get_for_dev - Find or create the IOMMU group for a device
  * @dev: target device
@@ -1412,13 +1440,14 @@ struct iommu_group *iommu_group_get_for_dev(struct device *dev)
 	if (!group->default_domain) {
 		struct iommu_domain *dom;
 
-		dom = __iommu_domain_alloc(dev->bus, iommu_def_domain_type);
-		if (!dom && iommu_def_domain_type != IOMMU_DOMAIN_DMA) {
+		get_group_def_domain_type(group);
+		dom = __iommu_domain_alloc(dev->bus, group->def_domain_type);
+		if (!dom && group->def_domain_type != IOMMU_DOMAIN_DMA) {
 			dom = __iommu_domain_alloc(dev->bus, IOMMU_DOMAIN_DMA);
 			if (dom) {
 				dev_warn(dev,
 					 "failed to allocate default IOMMU domain of type %u; falling back to IOMMU_DOMAIN_DMA",
-					 iommu_def_domain_type);
+					 group->def_domain_type);
 			}
 		}
 
-- 
2.17.1


  parent reply	other threads:[~2020-01-01  5:28 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-01  5:26 [RFC PATCH 0/4] iommu: Per-group default domain type Lu Baolu
2020-01-01  5:26 ` [RFC PATCH 1/4] driver core: Add iommu_passthrough to struct device Lu Baolu
2020-01-01  5:26 ` [RFC PATCH 2/4] PCI: Add "pci=iommu_passthrough=" parameter for iommu passthrough Lu Baolu
2020-01-18  0:18   ` Bjorn Helgaas
2020-01-18  2:04     ` Lu Baolu
2020-01-21 14:17   ` Bjorn Helgaas
2020-01-22  4:49     ` Lu Baolu
2020-01-01  5:26 ` [RFC PATCH 3/4] iommu: Preallocate iommu group when probing devices Lu Baolu
2020-01-17 10:21   ` Joerg Roedel
2020-01-18  2:18     ` Lu Baolu
2020-01-19  6:29     ` Lu Baolu
2020-01-21 12:45       ` Robin Murphy
2020-01-22  5:39         ` Lu Baolu
2020-01-23 14:55           ` Robin Murphy
2020-01-01  5:26 ` Lu Baolu [this message]
2020-01-20  9:44 ` [RFC PATCH 0/4] iommu: Per-group default domain type John Garry
2020-01-21  0:43   ` Lu Baolu
2020-01-21 10:14     ` John Garry
2020-01-22  4:58       ` Lu Baolu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200101052648.14295-5-baolu.lu@linux.intel.com \
    --to=baolu.lu@linux.intel.com \
    --cc=ashok.raj@intel.com \
    --cc=bhelgaas@google.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=hch@lst.de \
    --cc=iommu@lists.linux-foundation.org \
    --cc=jacob.jun.pan@intel.com \
    --cc=joro@8bytes.org \
    --cc=kevin.tian@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=robin.murphy@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).