[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH RESEND 3/3][4.16?] VT-d: don't needlessly engage the untrusted-MSI workaround

  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Fri, 12 Nov 2021 11:33:34 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=119T01OvQDSJZiVFnQp9OnVNrOzjtoeevn1TMHaqy9Y=; b=IoyvklUvwEy992ZW+C7heIWUZS2+r1rVdgWPHBuVOrNfopThmpHKt10m8e4z1wAV7cDkjsee2xyihqb+DzEh/aSFpKg8zwsdggqN/fwaz+IuzfrJIshTaiOpH/BUSRB/f0ZkFRUe3OuexqP05bGVo4fky+zuw/YHxWDUj9oRHHHxS4AtRvHd84pLg0jzlk0LXGsqpp6rDvIg+CAK98jFm7vCYBWONBMznDet4hcQwZdXIt8ukOGXT8sstwG1ZXJo6Ip8bTheIGMMM/J/LlhHkINdHmp5WOyhLFRFbX7TI7gwjdnrvIE5WcXoEGgFLf6V8fYO5JEIdvLuXHrtTr9Wew==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ly3uqgL6f7AnYvGAH15dThTyrQYDEDkXBDla1UaFKVOfflL3bwxYS+TB5POiBI3a5iTac9NX/ZYKSQG2KIjLESYZ92/BwD5+zPfEtq6/1h/o5hrF8AM5uh5bncWsoEeHwPVJeo6OsxoUYD0T91zLGrxsWB+89Q4yP7jNrs2hpSYsalX5iTvpApjOEdHq9EYLNUeG7BsC9IUwEfk0ZnQq7jWL+5zlG7bnn/APQv1JEP8azP4wKXng8xuZmmuVjDYDTMGMfVncNXrzqRPFJlqzvDS+LG5LJCj1CAaphIl0kC7k23RbUV+uJqCgvJk1dIJnW5V1xHd5PGrHqRmYLMC+KQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>
  • Delivery-date: Fri, 12 Nov 2021 10:33:41 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
The quarantine domain doesn't count as a DomU, as it won't itself
trigger any bad behavior. The workaround only needs enabling when an
actual DomU is about to gain control of a device. This then also means
enabling of the workaround can be deferred until immediately ahead of
the call to domain_context_mapping(). While there also stop open-coding
is_hardware_domain().

Fixes: 319f9a0ba94c ("passthrough: quarantine PCI devices")
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx>

--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -2404,14 +2404,6 @@ static int reassign_device_ownership(
     int ret;
 
     /*
-     * Devices assigned to untrusted domains (here assumed to be any domU)
-     * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected
-     * by the root complex unless interrupt remapping is enabled.
-     */
-    if ( (target != hardware_domain) && !iommu_intremap )
-        untrusted_msi = true;
-
-    /*
      * If the device belongs to the hardware domain, and it has RMRR, don't
      * remove it from the hardware domain, because BIOS may use RMRR at
      * booting time.
@@ -2455,6 +2447,15 @@ static int reassign_device_ownership(
     if ( !has_arch_pdevs(target) )
         vmx_pi_hooks_assign(target);
 
+    /*
+     * Devices assigned to untrusted domains (here assumed to be any domU)
+     * can attempt to send arbitrary LAPIC/MSI messages. We are unprotected
+     * by the root complex unless interrupt remapping is enabled.
+     */
+    if ( !iommu_intremap && !is_hardware_domain(target) &&
+         !is_system_domain(target) )
+        untrusted_msi = true;
+
     ret = domain_context_mapping(target, devfn, pdev);
     if ( ret )
     {

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.