linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v2] iommu/vt-d: avoid unnecessory panic if iommu init fail in tboot system
@ 2020-11-10  7:19 Zhenzhong Duan
  2020-11-10 15:53 ` Lukasz Hawrylko
                   ` (4 more replies)
  0 siblings, 5 replies; 8+ messages in thread
From: Zhenzhong Duan @ 2020-11-10  7:19 UTC (permalink / raw)
  To: linux-kernel
  Cc: ning.sun, tglx, mingo, bp, x86, dwmw2, baolu.lu, joro, iommu,
	tboot-devel, Zhenzhong Duan

"intel_iommu=off" command line is used to disable iommu but iommu is force
enabled in a tboot system for security reason.

However for better performance on high speed network device, a new option
"intel_iommu=tboot_noforce" is introduced to disable the force on.

By default kernel should panic if iommu init fail in tboot for security
reason, but it's unnecessory if we use "intel_iommu=tboot_noforce,off".

Fix the code setting force_on and move intel_iommu_tboot_noforce
from tboot code to intel iommu code.

Fixes: 7304e8f28bb2 ("iommu/vt-d: Correctly disable Intel IOMMU force on")
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@gmail.com>
---
v2: move ckeck of intel_iommu_tboot_noforce into iommu code per Baolu.

 arch/x86/kernel/tboot.c     | 3 ---
 drivers/iommu/intel/iommu.c | 5 +++--
 include/linux/intel-iommu.h | 1 -
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
index 992fb14..420be87 100644
--- a/arch/x86/kernel/tboot.c
+++ b/arch/x86/kernel/tboot.c
@@ -514,9 +514,6 @@ int tboot_force_iommu(void)
 	if (!tboot_enabled())
 		return 0;
 
-	if (intel_iommu_tboot_noforce)
-		return 1;
-
 	if (no_iommu || swiotlb || dmar_disabled)
 		pr_warn("Forcing Intel-IOMMU to enabled\n");
 
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index 1b1ca63..4d9b298 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -179,7 +179,7 @@ static inline unsigned long virt_to_dma_pfn(void *p)
  * (used when kernel is launched w/ TXT)
  */
 static int force_on = 0;
-int intel_iommu_tboot_noforce;
+static int intel_iommu_tboot_noforce;
 static int no_platform_optin;
 
 #define ROOT_ENTRY_NR (VTD_PAGE_SIZE/sizeof(struct root_entry))
@@ -4885,7 +4885,8 @@ int __init intel_iommu_init(void)
 	 * Intel IOMMU is required for a TXT/tboot launch or platform
 	 * opt in, so enforce that.
 	 */
-	force_on = tboot_force_iommu() || platform_optin_force_iommu();
+	force_on = (!intel_iommu_tboot_noforce && tboot_force_iommu()) ||
+		    platform_optin_force_iommu();
 
 	if (iommu_init_mempool()) {
 		if (force_on)
diff --git a/include/linux/intel-iommu.h b/include/linux/intel-iommu.h
index fbf5b3e..d956987 100644
--- a/include/linux/intel-iommu.h
+++ b/include/linux/intel-iommu.h
@@ -798,7 +798,6 @@ struct context_entry *iommu_context_addr(struct intel_iommu *iommu, u8 bus,
 extern int iommu_calculate_max_sagaw(struct intel_iommu *iommu);
 extern int dmar_disabled;
 extern int intel_iommu_enabled;
-extern int intel_iommu_tboot_noforce;
 extern int intel_iommu_gfx_mapped;
 #else
 static inline int iommu_calculate_agaw(struct intel_iommu *iommu)
-- 
1.8.3.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread
* Re: [PATCH v2] iommu/vt-d: avoid unnecessory panic if iommu init fail in tboot system
  2020-11-10  7:19 [PATCH v2] iommu/vt-d: avoid unnecessory panic if iommu init fail in tboot system Zhenzhong Duan
@ 2020-11-10 15:53 ` Lukasz Hawrylko
  2020-11-11  0:24   ` Zhenzhong Duan
  2020-11-11  2:17 ` Lu Baolu
                   ` (3 subsequent siblings)
  4 siblings, 1 reply; 8+ messages in thread
From: Lukasz Hawrylko @ 2020-11-10 15:53 UTC (permalink / raw)
  To: Zhenzhong Duan, linux-kernel
  Cc: ning.sun, tglx, mingo, bp, x86, dwmw2, baolu.lu, joro, iommu,
	tboot-devel

Hi Zhenzhong

On Tue, 2020-11-10 at 15:19 +0800, Zhenzhong Duan wrote:
> "intel_iommu=off" command line is used to disable iommu but iommu is force
> enabled in a tboot system for security reason.
> 
> However for better performance on high speed network device, a new option
> "intel_iommu=tboot_noforce" is introduced to disable the force on.
> 
> By default kernel should panic if iommu init fail in tboot for security
> reason, but it's unnecessory if we use "intel_iommu=tboot_noforce,off".
> 
> Fix the code setting force_on and move intel_iommu_tboot_noforce
> from tboot code to intel iommu code.
> 
> Fixes: 7304e8f28bb2 ("iommu/vt-d: Correctly disable Intel IOMMU force on")
> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@gmail.com>
> ---
> v2: move ckeck of intel_iommu_tboot_noforce into iommu code per Baolu.

I have check it on my TXT testing environment with latest TBOOT,
everything works as expected.

Thanks,
Lukasz


^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH v2] iommu/vt-d: avoid unnecessory panic if iommu init fail in tboot system
  2020-11-10 15:53 ` Lukasz Hawrylko
@ 2020-11-11  0:24   ` Zhenzhong Duan
  0 siblings, 0 replies; 8+ messages in thread
From: Zhenzhong Duan @ 2020-11-11  0:24 UTC (permalink / raw)
  To: Lukasz Hawrylko
  Cc: linux-kernel, ning.sun, Thomas Gleixner, Ingo Molnar,
	Borislav Petkov, x86, David Woodhouse, Lu Baolu, Joerg Roedel,
	iommu, tboot-devel

Hi Lukasz,

On Tue, Nov 10, 2020 at 11:53 PM Lukasz Hawrylko
<lukasz.hawrylko@linux.intel.com> wrote:
>
> Hi Zhenzhong
>
> On Tue, 2020-11-10 at 15:19 +0800, Zhenzhong Duan wrote:
> > "intel_iommu=off" command line is used to disable iommu but iommu is force
> > enabled in a tboot system for security reason.
> >
> > However for better performance on high speed network device, a new option
> > "intel_iommu=tboot_noforce" is introduced to disable the force on.
> >
> > By default kernel should panic if iommu init fail in tboot for security
> > reason, but it's unnecessory if we use "intel_iommu=tboot_noforce,off".
> >
> > Fix the code setting force_on and move intel_iommu_tboot_noforce
> > from tboot code to intel iommu code.
> >
> > Fixes: 7304e8f28bb2 ("iommu/vt-d: Correctly disable Intel IOMMU force on")
> > Signed-off-by: Zhenzhong Duan <zhenzhong.duan@gmail.com>
> > ---
> > v2: move ckeck of intel_iommu_tboot_noforce into iommu code per Baolu.
>
> I have check it on my TXT testing environment with latest TBOOT,
> everything works as expected.

Thanks very much for help checking, may I have your Tested-by?

Zhenzhong

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH v2] iommu/vt-d: avoid unnecessory panic if iommu init fail in tboot system
  2020-11-10  7:19 [PATCH v2] iommu/vt-d: avoid unnecessory panic if iommu init fail in tboot system Zhenzhong Duan
  2020-11-10 15:53 ` Lukasz Hawrylko
@ 2020-11-11  2:17 ` Lu Baolu
  2020-11-12  8:13 ` Lukasz Hawrylko
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 8+ messages in thread
From: Lu Baolu @ 2020-11-11  2:17 UTC (permalink / raw)
  To: Zhenzhong Duan, linux-kernel
  Cc: baolu.lu, ning.sun, tglx, mingo, bp, x86, dwmw2, joro, iommu,
	tboot-devel

Hi Zhenzhong,

On 11/10/20 3:19 PM, Zhenzhong Duan wrote:
> "intel_iommu=off" command line is used to disable iommu but iommu is force
> enabled in a tboot system for security reason.
> 
> However for better performance on high speed network device, a new option
> "intel_iommu=tboot_noforce" is introduced to disable the force on.
> 
> By default kernel should panic if iommu init fail in tboot for security
> reason, but it's unnecessory if we use "intel_iommu=tboot_noforce,off".
> 
> Fix the code setting force_on and move intel_iommu_tboot_noforce
> from tboot code to intel iommu code.
> 
> Fixes: 7304e8f28bb2 ("iommu/vt-d: Correctly disable Intel IOMMU force on")
> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@gmail.com>

Thanks for the patch.

Acked-by: Lu Baolu <baolu.lu@linux.intel.com>

Best regards,
baolu

> ---
> v2: move ckeck of intel_iommu_tboot_noforce into iommu code per Baolu.
> 
>   arch/x86/kernel/tboot.c     | 3 ---
>   drivers/iommu/intel/iommu.c | 5 +++--
>   include/linux/intel-iommu.h | 1 -
>   3 files changed, 3 insertions(+), 6 deletions(-)
> 
> diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
> index 992fb14..420be87 100644
> --- a/arch/x86/kernel/tboot.c
> +++ b/arch/x86/kernel/tboot.c
> @@ -514,9 +514,6 @@ int tboot_force_iommu(void)
>   	if (!tboot_enabled())
>   		return 0;
>   
> -	if (intel_iommu_tboot_noforce)
> -		return 1;
> -
>   	if (no_iommu || swiotlb || dmar_disabled)
>   		pr_warn("Forcing Intel-IOMMU to enabled\n");
>   
> diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
> index 1b1ca63..4d9b298 100644
> --- a/drivers/iommu/intel/iommu.c
> +++ b/drivers/iommu/intel/iommu.c
> @@ -179,7 +179,7 @@ static inline unsigned long virt_to_dma_pfn(void *p)
>    * (used when kernel is launched w/ TXT)
>    */
>   static int force_on = 0;
> -int intel_iommu_tboot_noforce;
> +static int intel_iommu_tboot_noforce;
>   static int no_platform_optin;
>   
>   #define ROOT_ENTRY_NR (VTD_PAGE_SIZE/sizeof(struct root_entry))
> @@ -4885,7 +4885,8 @@ int __init intel_iommu_init(void)
>   	 * Intel IOMMU is required for a TXT/tboot launch or platform
>   	 * opt in, so enforce that.
>   	 */
> -	force_on = tboot_force_iommu() || platform_optin_force_iommu();
> +	force_on = (!intel_iommu_tboot_noforce && tboot_force_iommu()) ||
> +		    platform_optin_force_iommu();
>   
>   	if (iommu_init_mempool()) {
>   		if (force_on)
> diff --git a/include/linux/intel-iommu.h b/include/linux/intel-iommu.h
> index fbf5b3e..d956987 100644
> --- a/include/linux/intel-iommu.h
> +++ b/include/linux/intel-iommu.h
> @@ -798,7 +798,6 @@ struct context_entry *iommu_context_addr(struct intel_iommu *iommu, u8 bus,
>   extern int iommu_calculate_max_sagaw(struct intel_iommu *iommu);
>   extern int dmar_disabled;
>   extern int intel_iommu_enabled;
> -extern int intel_iommu_tboot_noforce;
>   extern int intel_iommu_gfx_mapped;
>   #else
>   static inline int iommu_calculate_agaw(struct intel_iommu *iommu)
> 

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH v2] iommu/vt-d: avoid unnecessory panic if iommu init fail in tboot system
  2020-11-10  7:19 [PATCH v2] iommu/vt-d: avoid unnecessory panic if iommu init fail in tboot system Zhenzhong Duan
  2020-11-10 15:53 ` Lukasz Hawrylko
  2020-11-11  2:17 ` Lu Baolu
@ 2020-11-12  8:13 ` Lukasz Hawrylko
  2020-11-17 23:32 ` Lu Baolu
  2020-11-18 14:19 ` Will Deacon
  4 siblings, 0 replies; 8+ messages in thread
From: Lukasz Hawrylko @ 2020-11-12  8:13 UTC (permalink / raw)
  To: Zhenzhong Duan, linux-kernel
  Cc: ning.sun, tglx, mingo, bp, x86, dwmw2, baolu.lu, joro, iommu,
	tboot-devel

On Tue, 2020-11-10 at 15:19 +0800, Zhenzhong Duan wrote:
> "intel_iommu=off" command line is used to disable iommu but iommu is force
> enabled in a tboot system for security reason.
> 
> However for better performance on high speed network device, a new option
> "intel_iommu=tboot_noforce" is introduced to disable the force on.
> 
> By default kernel should panic if iommu init fail in tboot for security
> reason, but it's unnecessory if we use "intel_iommu=tboot_noforce,off".
> 
> Fix the code setting force_on and move intel_iommu_tboot_noforce
> from tboot code to intel iommu code.
> 
> Fixes: 7304e8f28bb2 ("iommu/vt-d: Correctly disable Intel IOMMU force on")
> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@gmail.com>
> ---
> v2: move ckeck of intel_iommu_tboot_noforce into iommu code per Baolu.
> 

Tested-by: Lukasz Hawrylko <lukasz.hawrylko@linux.intel.com>


^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH v2] iommu/vt-d: avoid unnecessory panic if iommu init fail in tboot system
  2020-11-10  7:19 [PATCH v2] iommu/vt-d: avoid unnecessory panic if iommu init fail in tboot system Zhenzhong Duan
                   ` (2 preceding siblings ...)
  2020-11-12  8:13 ` Lukasz Hawrylko
@ 2020-11-17 23:32 ` Lu Baolu
  2020-11-18 13:28   ` Will Deacon
  2020-11-18 14:19 ` Will Deacon
  4 siblings, 1 reply; 8+ messages in thread
From: Lu Baolu @ 2020-11-17 23:32 UTC (permalink / raw)
  To: Zhenzhong Duan, linux-kernel, Will Deacon
  Cc: baolu.lu, ning.sun, tglx, mingo, bp, x86, dwmw2, joro, iommu,
	tboot-devel

+Will

Please consider this patch for v5.10.

Best regards,
baolu

On 2020/11/10 15:19, Zhenzhong Duan wrote:
> "intel_iommu=off" command line is used to disable iommu but iommu is force
> enabled in a tboot system for security reason.
> 
> However for better performance on high speed network device, a new option
> "intel_iommu=tboot_noforce" is introduced to disable the force on.
> 
> By default kernel should panic if iommu init fail in tboot for security
> reason, but it's unnecessory if we use "intel_iommu=tboot_noforce,off".
> 
> Fix the code setting force_on and move intel_iommu_tboot_noforce
> from tboot code to intel iommu code.
> 
> Fixes: 7304e8f28bb2 ("iommu/vt-d: Correctly disable Intel IOMMU force on")
> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@gmail.com>
> ---
> v2: move ckeck of intel_iommu_tboot_noforce into iommu code per Baolu.
> 
>   arch/x86/kernel/tboot.c     | 3 ---
>   drivers/iommu/intel/iommu.c | 5 +++--
>   include/linux/intel-iommu.h | 1 -
>   3 files changed, 3 insertions(+), 6 deletions(-)
> 
> diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
> index 992fb14..420be87 100644
> --- a/arch/x86/kernel/tboot.c
> +++ b/arch/x86/kernel/tboot.c
> @@ -514,9 +514,6 @@ int tboot_force_iommu(void)
>   	if (!tboot_enabled())
>   		return 0;
>   
> -	if (intel_iommu_tboot_noforce)
> -		return 1;
> -
>   	if (no_iommu || swiotlb || dmar_disabled)
>   		pr_warn("Forcing Intel-IOMMU to enabled\n");
>   
> diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
> index 1b1ca63..4d9b298 100644
> --- a/drivers/iommu/intel/iommu.c
> +++ b/drivers/iommu/intel/iommu.c
> @@ -179,7 +179,7 @@ static inline unsigned long virt_to_dma_pfn(void *p)
>    * (used when kernel is launched w/ TXT)
>    */
>   static int force_on = 0;
> -int intel_iommu_tboot_noforce;
> +static int intel_iommu_tboot_noforce;
>   static int no_platform_optin;
>   
>   #define ROOT_ENTRY_NR (VTD_PAGE_SIZE/sizeof(struct root_entry))
> @@ -4885,7 +4885,8 @@ int __init intel_iommu_init(void)
>   	 * Intel IOMMU is required for a TXT/tboot launch or platform
>   	 * opt in, so enforce that.
>   	 */
> -	force_on = tboot_force_iommu() || platform_optin_force_iommu();
> +	force_on = (!intel_iommu_tboot_noforce && tboot_force_iommu()) ||
> +		    platform_optin_force_iommu();
>   
>   	if (iommu_init_mempool()) {
>   		if (force_on)
> diff --git a/include/linux/intel-iommu.h b/include/linux/intel-iommu.h
> index fbf5b3e..d956987 100644
> --- a/include/linux/intel-iommu.h
> +++ b/include/linux/intel-iommu.h
> @@ -798,7 +798,6 @@ struct context_entry *iommu_context_addr(struct intel_iommu *iommu, u8 bus,
>   extern int iommu_calculate_max_sagaw(struct intel_iommu *iommu);
>   extern int dmar_disabled;
>   extern int intel_iommu_enabled;
> -extern int intel_iommu_tboot_noforce;
>   extern int intel_iommu_gfx_mapped;
>   #else
>   static inline int iommu_calculate_agaw(struct intel_iommu *iommu)
> 

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH v2] iommu/vt-d: avoid unnecessory panic if iommu init fail in tboot system
  2020-11-17 23:32 ` Lu Baolu
@ 2020-11-18 13:28   ` Will Deacon
  0 siblings, 0 replies; 8+ messages in thread
From: Will Deacon @ 2020-11-18 13:28 UTC (permalink / raw)
  To: Lu Baolu
  Cc: Zhenzhong Duan, linux-kernel, ning.sun, tglx, mingo, bp, x86,
	dwmw2, joro, iommu, tboot-devel

On Wed, Nov 18, 2020 at 07:32:25AM +0800, Lu Baolu wrote:
> Please consider this patch for v5.10.

Cheers, I'll stick this onto a fixes branch momentarily.

Will

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH v2] iommu/vt-d: avoid unnecessory panic if iommu init fail in tboot system
  2020-11-10  7:19 [PATCH v2] iommu/vt-d: avoid unnecessory panic if iommu init fail in tboot system Zhenzhong Duan
                   ` (3 preceding siblings ...)
  2020-11-17 23:32 ` Lu Baolu
@ 2020-11-18 14:19 ` Will Deacon
  4 siblings, 0 replies; 8+ messages in thread
From: Will Deacon @ 2020-11-18 14:19 UTC (permalink / raw)
  To: Zhenzhong Duan, linux-kernel
  Cc: catalin.marinas, kernel-team, Will Deacon, tboot-devel, mingo,
	x86, ning.sun, dwmw2, iommu, bp, tglx

On Tue, 10 Nov 2020 15:19:08 +0800, Zhenzhong Duan wrote:
> "intel_iommu=off" command line is used to disable iommu but iommu is force
> enabled in a tboot system for security reason.
> 
> However for better performance on high speed network device, a new option
> "intel_iommu=tboot_noforce" is introduced to disable the force on.
> 
> By default kernel should panic if iommu init fail in tboot for security
> reason, but it's unnecessory if we use "intel_iommu=tboot_noforce,off".
> 
> [...]

Applied to arm64 (for-next/iommu/fixes), thanks!

[1/1] iommu/vt-d: Avoid panic if iommu init fails in tboot system
      https://git.kernel.org/arm64/c/4d213e76a359

Cheers,
-- 
Will

https://fixes.arm64.dev
https://next.arm64.dev
https://will.arm64.dev

^ permalink raw reply	[flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-11-18 14:20 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-10  7:19 [PATCH v2] iommu/vt-d: avoid unnecessory panic if iommu init fail in tboot system Zhenzhong Duan
2020-11-10 15:53 ` Lukasz Hawrylko
2020-11-11  0:24   ` Zhenzhong Duan
2020-11-11  2:17 ` Lu Baolu
2020-11-12  8:13 ` Lukasz Hawrylko
2020-11-17 23:32 ` Lu Baolu
2020-11-18 13:28   ` Will Deacon
2020-11-18 14:19 ` Will Deacon

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).