Inherit Access Control Services (ACS) flags on all incoming preserved devices (endpoints and upstream bridges) during a Live Update. Inheriting ACS flags avoids changing routing rules while memory transactions are in flight from preserved devices. This is also strictly necessary to ensure that IOMMU group assignments do not change across a Live Update for preserved devices, as changing ACS configurations can split or merge IOMMU groups. Cache the inherited ACS controls established by the previous kernel in struct pci_dev so that ACS controls do not change after a reset (pci_restore_state() calls pci_enable_acs()). Signed-off-by: David Matlack --- drivers/pci/liveupdate.c | 49 ++++++++++++++++++++++++++++++++++ drivers/pci/liveupdate.h | 11 ++++++++ drivers/pci/pci.c | 5 ++++ include/linux/pci_liveupdate.h | 6 +++++ 4 files changed, 71 insertions(+) diff --git a/drivers/pci/liveupdate.c b/drivers/pci/liveupdate.c index d8e06afde2c7..e3cd6d76636c 100644 --- a/drivers/pci/liveupdate.c +++ b/drivers/pci/liveupdate.c @@ -120,6 +120,18 @@ * This enables the PCI core and any drivers bound to the bridge to participate * in the Live Update so that preserved endpoints can continue issuing memory * transactions during the Live Update. + * + * Handling Preserved Devices + * ========================== + * + * The PCI core treats preserved devices differently than non-preserved devices. + * This section enumerates those differences. + * + * * The PCI core inherits all ACS flags enabled on incoming preserved devices + * rather than assigning new ones. This ensures that TLPs are routed the same + * way after Live Update and ensures that IOMMU groups do not change. Note + * that a device will use its inherited ACS flags for the lifetime of its + * struct pci_dev (i.e. even after pci_liveupdate_finish()). */ #define pr_fmt(fmt) "PCI: liveupdate: " fmt @@ -361,6 +373,16 @@ static int pci_liveupdate_preserve_device_new(struct pci_ser *ser, struct pci_de { int i; + /* + * Do not preserve a devices that rely on device-specific ACS + * equivalents (for now) since that would complicate keeping ACS + * flags constant across Live Update. + */ + if (dev->dev_flags & PCI_DEV_FLAGS_ACS_ENABLED_QUIRK) { + pci_warn(dev, "Refusing to preserve device that relies on ACS quirks\n"); + return -EINVAL; + } + if (ser->nr_devices == ser->max_nr_devices) return -ENOSPC; @@ -571,6 +593,7 @@ void pci_liveupdate_setup_device(struct pci_dev *dev) pci_info(dev, "Device was preserved by previous kernel across Live Update\n"); guard(write_lock)(&dev->liveupdate.lock); dev->liveupdate.incoming = dev_ser; + dev->liveupdate.was_preserved = true; /* * Hold the ref on the incoming FLB until pci_liveupdate_finish() so @@ -671,6 +694,32 @@ void pci_liveupdate_finish(struct pci_dev *dev) } EXPORT_SYMBOL_GPL(pci_liveupdate_finish); +void pci_liveupdate_init_acs(struct pci_dev *dev) +{ + guard(read_lock)(&dev->liveupdate.lock); + + if (!dev->acs_cap || !dev->liveupdate.incoming) + return; + + pci_read_config_word(dev, dev->acs_cap + PCI_ACS_CTRL, &dev->liveupdate.acs_ctrl); +} + +bool pci_liveupdate_inherit_acs(struct pci_dev *dev) +{ + guard(read_lock)(&dev->liveupdate.lock); + + /* + * Use liveupdate.was_preserved instead of liveupdate.incoming since the + * device's ACS controls should not change even after the device is + * finished participating in the Live Update. + */ + if (!dev->acs_cap || !dev->liveupdate.was_preserved) + return false; + + pci_write_config_word(dev, dev->acs_cap + PCI_ACS_CTRL, dev->liveupdate.acs_ctrl); + return true; +} + /** * pci_liveupdate_is_incoming() - Check if a device is incoming preserved * @dev: The PCI device to check diff --git a/drivers/pci/liveupdate.h b/drivers/pci/liveupdate.h index 0bd3e961d5c5..c0826ca717e3 100644 --- a/drivers/pci/liveupdate.h +++ b/drivers/pci/liveupdate.h @@ -14,6 +14,8 @@ void pci_liveupdate_setup_device(struct pci_dev *dev); void pci_liveupdate_cleanup_device(struct pci_dev *dev); bool pci_liveupdate_inherit_buses(void); +void pci_liveupdate_init_acs(struct pci_dev *dev); +bool pci_liveupdate_inherit_acs(struct pci_dev *dev); #else static inline void pci_liveupdate_setup_device(struct pci_dev *dev) { @@ -27,6 +29,15 @@ static inline bool pci_liveupdate_inherit_buses(void) { return false; } + +static inline void pci_liveupdate_init_acs(struct pci_dev *dev) +{ +} + +static inline bool pci_liveupdate_inherit_acs(struct pci_dev *dev) +{ + return false; +} #endif #endif /* DRIVERS_PCI_LIVEUPDATE_H */ diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index 8f7cfcc00090..cd2c1f2ada92 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -33,6 +33,7 @@ #include #include #include +#include "liveupdate.h" #include "pci.h" DEFINE_MUTEX(pci_slot_mutex); @@ -1017,6 +1018,9 @@ void pci_enable_acs(struct pci_dev *dev) bool enable_acs = false; int pos; + if (pci_liveupdate_inherit_acs(dev)) + return; + /* If an iommu is present we start with kernel default caps */ if (pci_acs_enable) { if (pci_dev_specific_enable_acs(dev)) @@ -3657,6 +3661,7 @@ void pci_acs_init(struct pci_dev *dev) pci_read_config_word(dev, pos + PCI_ACS_CAP, &dev->acs_capabilities); pci_disable_broken_acs_cap(dev); + pci_liveupdate_init_acs(dev); } /** diff --git a/include/linux/pci_liveupdate.h b/include/linux/pci_liveupdate.h index 1c2ee32ad058..34f9900c7d29 100644 --- a/include/linux/pci_liveupdate.h +++ b/include/linux/pci_liveupdate.h @@ -18,11 +18,17 @@ * @lock: Lock used to protect members of struct pci_liveupdate. * @outgoing: State preserved for the next kernel. * @incoming: State preserved by the previous kernel. + * @acs_ctrl: ACS features established by the previous kernel. + * @was_preserved: True if this struct pci_dev was preserved by the previous + * kernel. Unlike @incoming, this field is not cleared after + * the device is finished participating in Live Update. */ struct pci_liveupdate { rwlock_t lock; struct pci_dev_ser *outgoing; struct pci_dev_ser *incoming; + u16 acs_ctrl; + unsigned int was_preserved:1; }; struct pci_dev; -- 2.54.0.563.g4f69b47b94-goog