]> git.proxmox.com Git - pve-kernel.git/blob - patches/kernel/0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch
projects / pve-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
fix #1537: cherry-pick AMD NPT / IOMMU fix
[pve-kernel.git] / patches / kernel / 0003-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch
1 From 3fc2d021182ae384089c4d8e5e0f1528198fdc60 Mon Sep 17 00:00:00 2001
2 From: Mark Weiman <mark.weiman@markzz.com>
3 Date: Sat, 29 Jul 2017 09:15:32 -0400
4 Subject: [PATCH 03/10] pci: Enable overrides for missing ACS capabilities
5 (4.12+)
6 MIME-Version: 1.0
7 Content-Type: text/plain; charset=UTF-8
8 Content-Transfer-Encoding: 8bit
9
10 This an updated version of Alex Williamson's patch from:
11 https://lkml.org/lkml/2013/5/30/513
12
13 Original commit message follows:
14 PCIe ACS (Access Control Services) is the PCIe 2.0+ feature that
15 allows us to control whether transactions are allowed to be redirected
16 in various subnodes of a PCIe topology. For instance, if two
17 endpoints are below a root port or downsteam switch port, the
18 downstream port may optionally redirect transactions between the
19 devices, bypassing upstream devices. The same can happen internally
20 on multifunction devices. The transaction may never be visible to the
21 upstream devices.
22
23 One upstream device that we particularly care about is the IOMMU. If
24 a redirection occurs in the topology below the IOMMU, then the IOMMU
25 cannot provide isolation between devices. This is why the PCIe spec
26 encourages topologies to include ACS support. Without it, we have to
27 assume peer-to-peer DMA within a hierarchy can bypass IOMMU isolation.
28
29 Unfortunately, far too many topologies do not support ACS to make this
30 a steadfast requirement. Even the latest chipsets from Intel are only
31 sporadically supporting ACS. We have trouble getting interconnect
32 vendors to include the PCIe spec required PCIe capability, let alone
33 suggested features.
34
35 Therefore, we need to add some flexibility. The pcie_acs_override=
36 boot option lets users opt-in specific devices or sets of devices to
37 assume ACS support. The "downstream" option assumes full ACS support
38 on root ports and downstream switch ports. The "multifunction"
39 option assumes the subset of ACS features available on multifunction
40 endpoints and upstream switch ports are supported. The "id:nnnn:nnnn"
41 option enables ACS support on devices matching the provided vendor
42 and device IDs, allowing more strategic ACS overrides. These options
43 may be combined in any order. A maximum of 16 id specific overrides
44 are available. It's suggested to use the most limited set of options
45 necessary to avoid completely disabling ACS across the topology.
46 Note to hardware vendors, we have facilities to permanently quirk
47 specific devices which enforce isolation but not provide an ACS
48 capability. Please contact me to have your devices added and save
49 your customers the hassle of this boot option.
50
51 Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
52 ---
53 Documentation/admin-guide/kernel-parameters.txt | 9 +++
54 drivers/pci/quirks.c | 102 ++++++++++++++++++++++++
55 2 files changed, 111 insertions(+)
56
57 diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
58 index 7441c67d1d8e..73fd6abac39b 100644
59 --- a/Documentation/admin-guide/kernel-parameters.txt
60 +++ b/Documentation/admin-guide/kernel-parameters.txt
61 @@ -2918,6 +2918,15 @@
62 nomsi [MSI] If the PCI_MSI kernel config parameter is
63 enabled, this kernel boot option can be used to
64 disable the use of MSI interrupts system-wide.
65 + pci_acs_override =
66 + [PCIE] Override missing PCIe ACS support for:
67 + downstream
68 + All downstream ports - full ACS capabilities
69 + multfunction
70 + All multifunction devices - multifunction ACS subset
71 + id:nnnn:nnnn
72 + Specfic device - full ACS capabilities
73 + Specified as vid:did (vendor/device ID) in hex
74 noioapicquirk [APIC] Disable all boot interrupt quirks.
75 Safety option to keep boot IRQs enabled. This
76 should never be necessary.
77 diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
78 index 02b009426670..c29d89ffc9b2 100644
79 --- a/drivers/pci/quirks.c
80 +++ b/drivers/pci/quirks.c
81 @@ -3687,6 +3687,107 @@ static int __init pci_apply_final_quirks(void)
82
83 fs_initcall_sync(pci_apply_final_quirks);
84
85 +static bool acs_on_downstream;
86 +static bool acs_on_multifunction;
87 +
88 +#define NUM_ACS_IDS 16
89 +struct acs_on_id {
90 + unsigned short vendor;
91 + unsigned short device;
92 +};
93 +static struct acs_on_id acs_on_ids[NUM_ACS_IDS];
94 +static u8 max_acs_id;
95 +
96 +static __init int pcie_acs_override_setup(char *p)
97 +{
98 + if (!p)
99 + return -EINVAL;
100 +
101 + while (*p) {
102 + if (!strncmp(p, "downstream", 10))
103 + acs_on_downstream = true;
104 + if (!strncmp(p, "multifunction", 13))
105 + acs_on_multifunction = true;
106 + if (!strncmp(p, "id:", 3)) {
107 + char opt[5];
108 + int ret;
109 + long val;
110 +
111 + if (max_acs_id >= NUM_ACS_IDS - 1) {
112 + pr_warn("Out of PCIe ACS override slots (%d)\n",
113 + NUM_ACS_IDS);
114 + goto next;
115 + }
116 +
117 + p += 3;
118 + snprintf(opt, 5, "%s", p);
119 + ret = kstrtol(opt, 16, &val);
120 + if (ret) {
121 + pr_warn("PCIe ACS ID parse error %d\n", ret);
122 + goto next;
123 + }
124 + acs_on_ids[max_acs_id].vendor = val;
125 +
126 + p += strcspn(p, ":");
127 + if (*p != ':') {
128 + pr_warn("PCIe ACS invalid ID\n");
129 + goto next;
130 + }
131 +
132 + p++;
133 + snprintf(opt, 5, "%s", p);
134 + ret = kstrtol(opt, 16, &val);
135 + if (ret) {
136 + pr_warn("PCIe ACS ID parse error %d\n", ret);
137 + goto next;
138 + }
139 + acs_on_ids[max_acs_id].device = val;
140 + max_acs_id++;
141 + }
142 +next:
143 + p += strcspn(p, ",");
144 + if (*p == ',')
145 + p++;
146 + }
147 +
148 + if (acs_on_downstream || acs_on_multifunction || max_acs_id)
149 + pr_warn("Warning: PCIe ACS overrides enabled; This may allow non-IOMMU protected peer-to-peer DMA\n");
150 +
151 + return 0;
152 +}
153 +early_param("pcie_acs_override", pcie_acs_override_setup);
154 +
155 +static int pcie_acs_overrides(struct pci_dev *dev, u16 acs_flags)
156 +{
157 + int i;
158 +
159 + /* Never override ACS for legacy devices or devices with ACS caps */
160 + if (!pci_is_pcie(dev) ||
161 + pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ACS))
162 + return -ENOTTY;
163 +
164 + for (i = 0; i < max_acs_id; i++)
165 + if (acs_on_ids[i].vendor == dev->vendor &&
166 + acs_on_ids[i].device == dev->device)
167 + return 1;
168 +
169 + switch (pci_pcie_type(dev)) {
170 + case PCI_EXP_TYPE_DOWNSTREAM:
171 + case PCI_EXP_TYPE_ROOT_PORT:
172 + if (acs_on_downstream)
173 + return 1;
174 + break;
175 + case PCI_EXP_TYPE_ENDPOINT:
176 + case PCI_EXP_TYPE_UPSTREAM:
177 + case PCI_EXP_TYPE_LEG_END:
178 + case PCI_EXP_TYPE_RC_END:
179 + if (acs_on_multifunction && dev->multifunction)
180 + return 1;
181 + }
182 +
183 + return -ENOTTY;
184 +}
185 +
186 /*
187 * Following are device-specific reset methods which can be used to
188 * reset a single function if other methods (e.g. FLR, PM D0->D3) are
189 @@ -4514,6 +4615,7 @@ static const struct pci_dev_acs_enabled {
190 { 0x10df, 0x720, pci_quirk_mf_endpoint_acs }, /* Emulex Skyhawk-R */
191 /* Cavium ThunderX */
192 { PCI_VENDOR_ID_CAVIUM, PCI_ANY_ID, pci_quirk_cavium_acs },
193 + { PCI_ANY_ID, PCI_ANY_ID, pcie_acs_overrides },
194 { 0 }
195 };
196
197 --
198 2.14.2
199
Linux Kernel for Proxmox projects