Commit a48ce36e authored by Lu Baolu's avatar Lu Baolu Committed by Joerg Roedel

iommu: Prevent RESV_DIRECT devices from blocking domains

The IOMMU_RESV_DIRECT flag indicates that a memory region must be mapped
1:1 at all times. This means that the region must always be accessible to
the device, even if the device is attached to a blocking domain. This is
equal to saying that IOMMU_RESV_DIRECT flag prevents devices from being
attached to blocking domains.

This also implies that devices that implement RESV_DIRECT regions will be
prevented from being assigned to user space since taking the DMA ownership
immediately switches to a blocking domain.

The rule of preventing devices with the IOMMU_RESV_DIRECT regions from
being assigned to user space has existed in the Intel IOMMU driver for
a long time. Now, this rule is being lifted up to a general core rule,
as other architectures like AMD and ARM also have RMRR-like reserved
regions. This has been discussed in the community mailing list and refer
to below link for more details.

Other places using unmanaged domains for kernel DMA must follow the
iommu_get_resv_regions() and setup IOMMU_RESV_DIRECT - we do not restrict
them in the core code.

Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Alex Williamson <alex.williamson@redhat.com>
Cc: Kevin Tian <kevin.tian@intel.com>
Signed-off-by: default avatarJason Gunthorpe <jgg@nvidia.com>
Link: https://lore.kernel.org/linux-iommu/BN9PR11MB5276E84229B5BD952D78E9598C639@BN9PR11MB5276.namprd11.prod.outlook.comSigned-off-by: default avatarLu Baolu <baolu.lu@linux.intel.com>
Reviewed-by: default avatarJason Gunthorpe <jgg@nvidia.com>
Acked-by: default avatarJoerg Roedel <jroedel@suse.de>
Link: https://lore.kernel.org/r/20230724060352.113458-2-baolu.lu@linux.intel.comSigned-off-by: default avatarJoerg Roedel <jroedel@suse.de>
parent f5ccf55e
...@@ -960,14 +960,12 @@ static int iommu_create_device_direct_mappings(struct iommu_domain *domain, ...@@ -960,14 +960,12 @@ static int iommu_create_device_direct_mappings(struct iommu_domain *domain,
unsigned long pg_size; unsigned long pg_size;
int ret = 0; int ret = 0;
if (!iommu_is_dma_domain(domain)) pg_size = domain->pgsize_bitmap ? 1UL << __ffs(domain->pgsize_bitmap) : 0;
return 0;
BUG_ON(!domain->pgsize_bitmap);
pg_size = 1UL << __ffs(domain->pgsize_bitmap);
INIT_LIST_HEAD(&mappings); INIT_LIST_HEAD(&mappings);
if (WARN_ON_ONCE(iommu_is_dma_domain(domain) && !pg_size))
return -EINVAL;
iommu_get_resv_regions(dev, &mappings); iommu_get_resv_regions(dev, &mappings);
/* We need to consider overlapping regions for different devices */ /* We need to consider overlapping regions for different devices */
...@@ -975,13 +973,17 @@ static int iommu_create_device_direct_mappings(struct iommu_domain *domain, ...@@ -975,13 +973,17 @@ static int iommu_create_device_direct_mappings(struct iommu_domain *domain,
dma_addr_t start, end, addr; dma_addr_t start, end, addr;
size_t map_size = 0; size_t map_size = 0;
start = ALIGN(entry->start, pg_size); if (entry->type == IOMMU_RESV_DIRECT)
end = ALIGN(entry->start + entry->length, pg_size); dev->iommu->require_direct = 1;
if (entry->type != IOMMU_RESV_DIRECT && if ((entry->type != IOMMU_RESV_DIRECT &&
entry->type != IOMMU_RESV_DIRECT_RELAXABLE) entry->type != IOMMU_RESV_DIRECT_RELAXABLE) ||
!iommu_is_dma_domain(domain))
continue; continue;
start = ALIGN(entry->start, pg_size);
end = ALIGN(entry->start + entry->length, pg_size);
for (addr = start; addr <= end; addr += pg_size) { for (addr = start; addr <= end; addr += pg_size) {
phys_addr_t phys_addr; phys_addr_t phys_addr;
...@@ -2122,6 +2124,21 @@ static int __iommu_device_set_domain(struct iommu_group *group, ...@@ -2122,6 +2124,21 @@ static int __iommu_device_set_domain(struct iommu_group *group,
{ {
int ret; int ret;
/*
* If the device requires IOMMU_RESV_DIRECT then we cannot allow
* the blocking domain to be attached as it does not contain the
* required 1:1 mapping. This test effectively excludes the device
* being used with iommu_group_claim_dma_owner() which will block
* vfio and iommufd as well.
*/
if (dev->iommu->require_direct &&
(new_domain->type == IOMMU_DOMAIN_BLOCKED ||
new_domain == group->blocking_domain)) {
dev_warn(dev,
"Firmware has requested this device have a 1:1 IOMMU mapping, rejecting configuring the device without a 1:1 mapping. Contact your platform vendor.\n");
return -EINVAL;
}
if (dev->iommu->attach_deferred) { if (dev->iommu->attach_deferred) {
if (new_domain == group->default_domain) if (new_domain == group->default_domain)
return 0; return 0;
......
...@@ -411,6 +411,7 @@ struct iommu_fault_param { ...@@ -411,6 +411,7 @@ struct iommu_fault_param {
* @priv: IOMMU Driver private data * @priv: IOMMU Driver private data
* @max_pasids: number of PASIDs this device can consume * @max_pasids: number of PASIDs this device can consume
* @attach_deferred: the dma domain attachment is deferred * @attach_deferred: the dma domain attachment is deferred
* @require_direct: device requires IOMMU_RESV_DIRECT regions
* *
* TODO: migrate other per device data pointers under iommu_dev_data, e.g. * TODO: migrate other per device data pointers under iommu_dev_data, e.g.
* struct iommu_group *iommu_group; * struct iommu_group *iommu_group;
...@@ -424,6 +425,7 @@ struct dev_iommu { ...@@ -424,6 +425,7 @@ struct dev_iommu {
void *priv; void *priv;
u32 max_pasids; u32 max_pasids;
u32 attach_deferred:1; u32 attach_deferred:1;
u32 require_direct:1;
}; };
int iommu_device_register(struct iommu_device *iommu, int iommu_device_register(struct iommu_device *iommu,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment