The series patches have extensive descriptions as to the problem and
solution, but in short a PCIe topology like:
-- DSP 02:00.0 -> End Point A
Root 00:00.0 -> USP 01:00.0 --|
-- DSP 02:03.0 -> End Point B
Will generate unique single device groups for every device even if ACS is
not enabled on the two DSP ports. This is a serious failure for the VFIO
security model.
This entire series goes further and makes some additional improvements to
the ACS validation found while studying this problem. The groups around a
PCIe to PCI bridge are shrunk to not include the PCIe bridge.
The last patches implement "ACS Enhanced" on top of it. Due to how ACS
Enhanced was defined as a non-backward compatible feature it is important
to get SW support out there.
Due to potential VFIO complaints this should go to a linux-next tree to
give it some more exposure.
This has been tested on a system here with 5 different PCIe switches from
two vendors, a PCIe-PCI bridge, and a complex set of ACS flags.
This is on github: https://github.com/jgunthorpe/linux/commits/pcie_switch_groups
Jason Gunthorpe (11):
PCI: Move REQ_ACS_FLAGS into pci_regs.h as PCI_ACS_ISOLATED
PCI: Add pci_bus_isolation()
iommu: Compute iommu_groups properly for PCIe switches
iommu: Organize iommu_group by member size
PCI: Add pci_reachable_set()
iommu: Use pci_reachable_set() in pci_device_group()
iommu: Validate that pci_for_each_dma_alias() matches the groups
PCI: Add the ACS Enhanced Capability definitions
PCI: Enable ACS Enhanced bits for enable_acs and config_acs
PCI: Check ACS DSP/USP redirect bits in pci_enable_pasid()
PCI: Check ACS Extended flags for pci_bus_isolated()
drivers/iommu/iommu.c | 439 ++++++++++++++++++++++------------
drivers/pci/ats.c | 4 +-
drivers/pci/pci.c | 73 +++++-
drivers/pci/search.c | 250 +++++++++++++++++++
include/linux/pci.h | 43 ++++
include/uapi/linux/pci_regs.h | 18 ++
6 files changed, 661 insertions(+), 166 deletions(-)
base-commit: e04c78d86a9699d136910cfc0bdcf01087e3267e
--
2.43.0
