• Alex Williamson's avatar
    iommu/vt-d: Fix VM domain ID leak · 6cbebdad
    Alex Williamson authored
    commit 46ebb7af upstream.
    
    This continues the attempt to fix commit fb170fb4 ("iommu/vt-d:
    Introduce helper functions to make code symmetric for readability").
    The previous attempt in commit 71684406 ("iommu/vt-d: Detach
    domain *only* from attached iommus") overlooked the fact that
    dmar_domain.iommu_bmp gets cleared for VM domains when devices are
    detached:
    
    intel_iommu_detach_device
      domain_remove_one_dev_info
        domain_detach_iommu
    
    The domain is detached from the iommu, but the iommu is still attached
    to the domain, for whatever reason.  Thus when we get to domain_exit(),
    we can't rely on iommu_bmp for VM domains to find the active iommus,
    we must check them all.  Without that, the corresponding bit in
    intel_iommu.domain_ids doesn't get cleared and repeated VM domain
    creation and destruction will run out of domain IDs.  Meanwhile we
    still can't call iommu_detach_domain() on arbitrary non-VM domains or
    we risk clearing in-use domain IDs, as 71684406 attempted to
    address.
    
    It's tempting to modify iommu_detach_domain() to test the domain
    iommu_bmp, but the call ordering from domain_remove_one_dev_info()
    prevents it being able to work as fb170fb4 seems to have intended.
    Caching of unused VM domains on the iommu object seems to be the root
    of the problem, but this code is far too fragile for that kind of
    rework to be proposed for stable, so we simply revert this chunk to
    its state prior to fb170fb4.
    
    Fixes: fb170fb4 ("iommu/vt-d: Introduce helper functions to make
                          code symmetric for readability")
    Fixes: 71684406 ("iommu/vt-d: Detach domain *only* from attached
                          iommus")
    Signed-off-by: default avatarAlex Williamson <alex.williamson@redhat.com>
    Cc: Jiang Liu <jiang.liu@linux.intel.com>
    Signed-off-by: default avatarJoerg Roedel <jroedel@suse.de>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    6cbebdad
intel-iommu.c 119 KB