From 579305f75d34429d11e7eeeee9d9e45000a988d3 Mon Sep 17 00:00:00 2001
From: Alex Williamson <alex.williamson@redhat.com>
Date: Thu, 3 Jul 2014 09:51:43 -0600
Subject: iommu/vt-d: Update to use PCI DMA aliases

VT-d code currently makes use of pci_find_upstream_pcie_bridge() in
order to find the topology based alias of a device.  This function has
a few problems.  First, it doesn't check the entire alias path of the
device to the root bus, therefore if a PCIe device is masked upstream,
the wrong result is produced.  Also, it's known to get confused and
give up when it crosses a bridge from a conventional PCI bus to a PCIe
bus that lacks a PCIe capability.  The PCI-core provided DMA alias
support solves both of these problems and additionally adds support
for DMA function quirks allowing VT-d to work with devices like
Marvell and Ricoh with known broken requester IDs.

Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
 drivers/iommu/intel_irq_remapping.c | 55 ++++++++++++++++++++++++++-----------
 1 file changed, 39 insertions(+), 16 deletions(-)

(limited to 'drivers/iommu/intel_irq_remapping.c')

diff --git a/drivers/iommu/intel_irq_remapping.c b/drivers/iommu/intel_irq_remapping.c
index 9b174893f0f5..757e0b0d19ff 100644
--- a/drivers/iommu/intel_irq_remapping.c
+++ b/drivers/iommu/intel_irq_remapping.c
@@ -369,29 +369,52 @@ static int set_hpet_sid(struct irte *irte, u8 id)
 	return 0;
 }
 
+struct set_msi_sid_data {
+	struct pci_dev *pdev;
+	u16 alias;
+};
+
+static int set_msi_sid_cb(struct pci_dev *pdev, u16 alias, void *opaque)
+{
+	struct set_msi_sid_data *data = opaque;
+
+	data->pdev = pdev;
+	data->alias = alias;
+
+	return 0;
+}
+
 static int set_msi_sid(struct irte *irte, struct pci_dev *dev)
 {
-	struct pci_dev *bridge;
+	struct set_msi_sid_data data;
 
 	if (!irte || !dev)
 		return -1;
 
-	/* PCIe device or Root Complex integrated PCI device */
-	if (pci_is_pcie(dev) || !dev->bus->parent) {
-		set_irte_sid(irte, SVT_VERIFY_SID_SQ, SQ_ALL_16,
-			     (dev->bus->number << 8) | dev->devfn);
-		return 0;
-	}
+	pci_for_each_dma_alias(dev, set_msi_sid_cb, &data);
 
-	bridge = pci_find_upstream_pcie_bridge(dev);
-	if (bridge) {
-		if (pci_is_pcie(bridge))/* this is a PCIe-to-PCI/PCIX bridge */
-			set_irte_sid(irte, SVT_VERIFY_BUS, SQ_ALL_16,
-				(bridge->bus->number << 8) | dev->bus->number);
-		else /* this is a legacy PCI bridge */
-			set_irte_sid(irte, SVT_VERIFY_SID_SQ, SQ_ALL_16,
-				(bridge->bus->number << 8) | bridge->devfn);
-	}
+	/*
+	 * DMA alias provides us with a PCI device and alias.  The only case
+	 * where the it will return an alias on a different bus than the
+	 * device is the case of a PCIe-to-PCI bridge, where the alias is for
+	 * the subordinate bus.  In this case we can only verify the bus.
+	 *
+	 * If the alias device is on a different bus than our source device
+	 * then we have a topology based alias, use it.
+	 *
+	 * Otherwise, the alias is for a device DMA quirk and we cannot
+	 * assume that MSI uses the same requester ID.  Therefore use the
+	 * original device.
+	 */
+	if (PCI_BUS_NUM(data.alias) != data.pdev->bus->number)
+		set_irte_sid(irte, SVT_VERIFY_BUS, SQ_ALL_16,
+			     PCI_DEVID(PCI_BUS_NUM(data.alias),
+				       dev->bus->number));
+	else if (data.pdev->bus->number != dev->bus->number)
+		set_irte_sid(irte, SVT_VERIFY_SID_SQ, SQ_ALL_16, data.alias);
+	else
+		set_irte_sid(irte, SVT_VERIFY_SID_SQ, SQ_ALL_16,
+			     PCI_DEVID(dev->bus->number, dev->devfn));
 
 	return 0;
 }
-- 
cgit v1.2.3


From af437469d14e91e8b4273606cac4c08f05bf056e Mon Sep 17 00:00:00 2001
From: Greg Edwards <gedwards@ddn.com>
Date: Wed, 23 Jul 2014 10:13:26 -0600
Subject: iommu/vt-d: Fix race setting IRQ CPU affinity while freeing IRQ

A user process setting the CPU affinity of an IRQ for a KVM
direct-assigned device via /proc/irq/<IRQ#>/smp_affinity can race with
the IRQ being released by QEMU, resulting in a NULL iommu pointer
dereference in get_irte(), causing this crash:

 BUG: unable to handle kernel NULL pointer dereference at 0000000000000090
 IP: [<ffffffff8190a652>] intel_ioapic_set_affinity+0x82/0x1b0
 PGD 99172e067 PUD 1026979067 PMD 0
 Oops: 0000 [#1] SMP
 Modules linked in:
 CPU: 1 PID: 3354 Comm: affin Not tainted 3.16.0-rc7-00007-g31dab71 #1
 Hardware name: Supermicro SYS-F617R2-RT+/X9DRFR, BIOS 3.0a 01/29/2014
 task: ffff881025b0e720 ti: ffff88099173c000 task.ti: ffff88099173c000
 RIP: 0010:[<ffffffff8190a652>]  [<ffffffff8190a652>] intel_ioapic_set_affinity+0x82/0x1b0
 RSP: 0018:ffff88099173fdb0  EFLAGS: 00010046
 RAX: 0000000000000082 RBX: ffff880a36294600 RCX: 0000000000000082
 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8266af00
 RBP: ffff88099173fdf8 R08: 0000000000000000 R09: ffff88103ec00490
 R10: 0000000000000000 R11: 0000000000000000 R12: ffff88099173fe90
 R13: 000000000000005f R14: ffff880faa38fe80 R15: ffff880faa38fe80
 FS:  00007f7161f05740(0000) GS:ffff88107fc40000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000090 CR3: 000000099140d000 CR4: 00000000001427e0
 Stack:
  ffffffff81c44740 ffff88099173fdc8 ffffffff00000000 00000000c991fd3b
  ffff880a36294600 ffff88099173fe90 ffff88099173fe90 0000000000000000
  0000000000000286 ffff88099173fe08 ffffffff8190aac5 ffff88099173fe28
 Call Trace:
  [<ffffffff8190aac5>] set_remapped_irq_affinity+0x25/0x40
  [<ffffffff811322dc>] irq_do_set_affinity+0x1c/0x50
  [<ffffffff81132458>] irq_set_affinity_locked+0x98/0xd0
  [<ffffffff811324d6>] __irq_set_affinity+0x46/0x70
  [<ffffffff811362dc>] write_irq_affinity.isra.6+0xdc/0x100
  [<ffffffff8113631c>] irq_affinity_list_proc_write+0x1c/0x20
  [<ffffffff8129f30d>] proc_reg_write+0x3d/0x80
  [<ffffffff812384a7>] vfs_write+0xb7/0x1f0
  [<ffffffff81243619>] ? putname+0x29/0x40
  [<ffffffff812390c5>] SyS_write+0x55/0xd0
  [<ffffffff81adc729>] system_call_fastpath+0x16/0x1b
 Code: ff 48 85 d2 74 68 4c 8b 7a 30 4d 85 ff 74 5f 48 c7 c7 00 af 66 82 e8 9e 1b 1d 00 49 8b 57 20 41 0f b7 77 28 48 c7 c7 00 af 66 82 <48> 8b 8a 90 00 00 00 41 0f b7 57 2a 01 f2 48 89 c6 48 63 d2 48
 RIP  [<ffffffff8190a652>] intel_ioapic_set_affinity+0x82/0x1b0
  RSP <ffff88099173fdb0>
 CR2: 0000000000000090

Signed-off-by: Greg Edwards <gedwards@ddn.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
 drivers/iommu/intel_irq_remapping.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'drivers/iommu/intel_irq_remapping.c')

diff --git a/drivers/iommu/intel_irq_remapping.c b/drivers/iommu/intel_irq_remapping.c
index 757e0b0d19ff..0df41f6264f5 100644
--- a/drivers/iommu/intel_irq_remapping.c
+++ b/drivers/iommu/intel_irq_remapping.c
@@ -70,6 +70,11 @@ static int get_irte(int irq, struct irte *entry)
 
 	raw_spin_lock_irqsave(&irq_2_ir_lock, flags);
 
+	if (unlikely(!irq_iommu->iommu)) {
+		raw_spin_unlock_irqrestore(&irq_2_ir_lock, flags);
+		return -1;
+	}
+
 	index = irq_iommu->irte_index + irq_iommu->sub_handle;
 	*entry = *(irq_iommu->iommu->ir_table->base + index);
 
-- 
cgit v1.2.3