On 25.02.2022 09:41, Roger Pau Monné wrote: > On Thu, Feb 24, 2022 at 05:43:13PM +0100, Jan Beulich wrote: >> On 24.02.2022 17:37, Roger Pau Monne wrote: >>> Introduce a new field to mark devices as broken: having it set >>> prevents the device from being assigned to guests. Use the field in >>> order to mark ATS devices that have failed a flush as broken, thus >>> preventing them to be assigned to any guest. >>> >>> This allows the device IOMMU context entry to be cleaned up properly, >>> as calling _pci_hide_device will just change the ownership of the >>> device, but the IOMMU context entry of the device would be left as-is. >>> It would also leak a Domain ID, as removing the device from it's >>> previous owner will allow releasing the DID used by the device without >>> having cleaned up the context entry. >> >> This DID aspect is VT-d specific, isn't it? I'd be inclined to ask to >> make this explicit (which could be done while committing if no other >> need for a v3 arises). > > Indeed. AMD doesn't use iommu_dev_iotlb_flush_timeout so the function > is VT-d specific.
But perhaps wrongly so. Which is why I'd prefer to ... > What about using: > > "Introduce a new field to mark devices as broken: having it set > prevents the device from being assigned to guests. Use the field in > order to mark ATS devices that have failed a flush when using VT-d as > broken, thus preventing them to be assigned to any guest. ... omit VT-d here (i.e. leave this paragraph as you had it before), but ... > This allows the device IOMMU context entry to be cleaned up properly, > as calling _pci_hide_device will just change the ownership of the > device, but the IOMMU context entry of the device would be left as-is. > It would also leak a VT-d Domain ID if using one, as removing the > device from it's previous owner will allow releasing the IOMMU DID > used by the device without having cleaned up the context entry." ... use this as replacement. Jan
