From nobody Tue Dec 16 12:20:34 2025 Received: from va-1-112.ptr.blmpb.com (va-1-112.ptr.blmpb.com [209.127.230.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 748C92868B0 for ; Wed, 10 Dec 2025 17:27:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.127.230.112 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765387662; cv=none; b=go/lDjSDkpAiSW8NtNbd8Bf4vxemAoO66TfruqmQAgD1ukJlUfhYgwMp+VoKJEpS9RjuLcWjpwUpCwjhEsRGZMppF0AHkZ/j/xwx7OlTQz+kOGTaMEdOXMS2ZxB84SNbJ1QUx0jV4b/4mYqRWfgOfbO9IvjFRzlZ5MCdMu9pGW0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765387662; c=relaxed/simple; bh=fiAIMgiAauXV8AxhAqdIBNZ9/EkluTuz2VvwONvmCQ8=; h=Cc:Message-Id:References:Date:Mime-Version:In-Reply-To:From: Content-Type:To:Subject; b=XJ0qwFbV/l+V06zNkfJGr2iFDd11fWK2w4QQh9+1PMIfrJnRXX/v5vs3fUnp+9+SwG5GkhnIE0DlU59FLJTVT5S9a/vMfUJuRw/I8X3hoUWDd8OkWxLp4qE8UceAmeX2IBBHu5l24AzIy9oK2QPtWLDEKOyNrnAOdj7Hw9jMFsw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=bytedance.com; spf=pass smtp.mailfrom=bytedance.com; dkim=pass (2048-bit key) header.d=bytedance.com header.i=@bytedance.com header.b=chHWsLq3; arc=none smtp.client-ip=209.127.230.112 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=bytedance.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=bytedance.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=bytedance.com header.i=@bytedance.com header.b="chHWsLq3" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=2212171451; d=bytedance.com; t=1765386929; h=from:subject: mime-version:from:date:message-id:subject:to:cc:reply-to:content-type: mime-version:in-reply-to:message-id; bh=AvqYlMPn7JWDEi0g2ZUmP/c7en8JLBZ1SfcbG3kZXjw=; b=chHWsLq3sLlY/TGALr3qtwXl48NZUP0CHAPXWU/BlgYKSAZRKxO7UUVpqh2dnVoRZin/HR KoaHvo08f/5TnB38VoKPjrfZzenM0qq2lcd31MLB3qkSgu+BkYkUNiiVv+NnXifgBiX0Xe gVjAxj/LqoXK8hfzplC4Jk2u2rQj+bTvPtatdpUXphwVeZMmUraNOiHXlnyiu0A+fcP19C gjKxH+Z1erKx0pEHCzzqcZ8U089CgCcEwVgAuaUP3CzScONEfHNP6dTaIK40Qb8msyPu3N zNjquM+zihB7JWbsKfaWO4cMPqXjMujaymNTFGH2Hdz/3SD6j/gEgxA/eyU1Ow== Cc: , , , Message-Id: <20251210171431.1589-2-guojinhui.liam@bytedance.com> References: <20251210171431.1589-1-guojinhui.liam@bytedance.com> Date: Thu, 11 Dec 2025 01:14:30 +0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 X-Lms-Return-Path: In-Reply-To: <20251210171431.1589-1-guojinhui.liam@bytedance.com> From: "Jinhui Guo" Content-Transfer-Encoding: quoted-printable To: , , , Subject: [PATCH 1/2] iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode X-Original-From: Jinhui Guo X-Mailer: git-send-email 2.17.1 Content-Type: text/plain; charset="utf-8" PCIe endpoints with ATS enabled and passed through to userspace (e.g., QEMU, DPDK) can hard-lock the host when their link drops, either by surprise removal or by a link fault. Commit 4fc82cd907ac ("iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected") adds pci_dev_is_disconnected() to devtlb_invalidation_with_pasid() so ATS invalidation is skipped only when the device is being safely removed, but it applies only when Intel IOMMU scalable mode is enabled. With scalable mode disabled or unsupported, a system hard-lock occurs when a PCIe endpoint's link drops because the Intel IOMMU waits indefinitely for an ATS invalidation that cannot complete. Call Trace: qi_submit_sync qi_flush_dev_iotlb __context_flush_dev_iotlb.part.0 domain_context_clear_one_cb pci_for_each_dma_alias device_block_translation blocking_domain_attach_dev iommu_deinit_device __iommu_group_remove_device iommu_release_device iommu_bus_notifier blocking_notifier_call_chain bus_notify device_del pci_remove_bus_device pci_stop_and_remove_bus_device pciehp_unconfigure_device pciehp_disable_slot pciehp_handle_presence_or_link_change pciehp_ist Commit 81e921fd3216 ("iommu/vt-d: Fix NULL domain on device release") adds intel_pasid_teardown_sm_context() to intel_iommu_release_device(), which calls qi_flush_dev_iotlb() and can also hard-lock the system when a PCIe endpoint's link drops. Call Trace: qi_submit_sync qi_flush_dev_iotlb __context_flush_dev_iotlb.part.0 intel_context_flush_no_pasid device_pasid_table_teardown pci_pasid_table_teardown pci_for_each_dma_alias intel_pasid_teardown_sm_context intel_iommu_release_device iommu_deinit_device __iommu_group_remove_device iommu_release_device iommu_bus_notifier blocking_notifier_call_chain bus_notify device_del pci_remove_bus_device pci_stop_and_remove_bus_device pciehp_unconfigure_device pciehp_disable_slot pciehp_handle_presence_or_link_change pciehp_ist Sometimes the endpoint loses connection without a link-down event (e.g., due to a link fault); killing the process (virsh destroy) then hard-locks the host. Call Trace: qi_submit_sync qi_flush_dev_iotlb __context_flush_dev_iotlb.part.0 domain_context_clear_one_cb pci_for_each_dma_alias device_block_translation blocking_domain_attach_dev __iommu_attach_device __iommu_device_set_domain __iommu_group_set_domain_internal iommu_detach_group vfio_iommu_type1_detach_group vfio_group_detach_container vfio_group_fops_release __fput pci_dev_is_disconnected() only covers safe-removal paths; pci_device_is_present() tests accessibility by reading vendor/device IDs and internally calls pci_dev_is_disconnected(). On a ConnectX-5 (8 GT/s, x2) this costs ~70 =C2=B5s. Since __context_flush_dev_iotlb() is only called on {attach,release}_dev paths (not hot), add pci_device_is_present() there to skip inaccessible devices and avoid the hard-lock. Fixes: 37764b952e1b ("iommu/vt-d: Global devTLB flush when present context = entry changed") Fixes: 81e921fd3216 ("iommu/vt-d: Fix NULL domain on device release") Signed-off-by: Jinhui Guo --- drivers/iommu/intel/pasid.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/iommu/intel/pasid.c b/drivers/iommu/intel/pasid.c index 3e2255057079..b1e8eb6a6504 100644 --- a/drivers/iommu/intel/pasid.c +++ b/drivers/iommu/intel/pasid.c @@ -1099,9 +1099,20 @@ int intel_pasid_setup_sm_context(struct device *dev) */ static void __context_flush_dev_iotlb(struct device_domain_info *info) { + struct pci_dev *pdev; + if (!info->ats_enabled) return; =20 + /* + * Skip dev-IOTLB flush for inaccessible PCIe devices to prevent the + * Intel IOMMU from waiting indefinitely for an ATS invalidation that + * cannot complete. + */ + pdev =3D dev_is_pci(info->dev) ? to_pci_dev(info->dev) : NULL; + if (pdev && !pci_device_is_present(pdev)) + return; + qi_flush_dev_iotlb(info->iommu, PCI_DEVID(info->bus, info->devfn), info->pfsid, info->ats_qdep, 0, MAX_AGAW_PFN_WIDTH); =20 --=20 2.20.1 From nobody Tue Dec 16 12:20:34 2025 Received: from sg-1-103.ptr.blmpb.com (sg-1-103.ptr.blmpb.com [118.26.132.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F36742744F for ; Wed, 10 Dec 2025 17:15:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=118.26.132.103 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765386959; cv=none; b=gT1w0/EBAw0xq/Lq9vivSuw8QKQlgSWadIxKmv7hcneFfRZpDRSIozmDLWDlR9yHlmq+BbEaMoNTM9f8MKADHODpL+1br6SR3VfD7+mMT+f53KX4xn5HYk41dKYGpNmKXsRI+m6TsVzZGBmcrH0oGrGFX+CIvb8W+WRUN3FerYk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765386959; c=relaxed/simple; bh=JVpDEvrxrbWtEEQEuEUIisGJXq7Gm+HsqEypdIIT4Pk=; h=From:Mime-Version:To:Message-Id:Cc:In-Reply-To:Content-Type: References:Subject:Date; b=QmC2zCvZOY94ZotYPfR5+HBGrdXFrrNySE+Ol79XdGWv6l8mASj5ZIkGlS44GYg/NDaue7Im+ov9rMGwB2A/f0wQRnWEv7cDqV659aPnSMsjH7EVtQfpuS0jj2sQZ+OMDJb9geSYhiE/acrbZOIUj6tSp7cFfkwZfaSmQ6L986s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=bytedance.com; spf=pass smtp.mailfrom=bytedance.com; dkim=pass (2048-bit key) header.d=bytedance.com header.i=@bytedance.com header.b=XCJxho4V; arc=none smtp.client-ip=118.26.132.103 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=bytedance.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=bytedance.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=bytedance.com header.i=@bytedance.com header.b="XCJxho4V" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=2212171451; d=bytedance.com; t=1765386942; h=from:subject: mime-version:from:date:message-id:subject:to:cc:reply-to:content-type: mime-version:in-reply-to:message-id; bh=CShaiNcFwFgIz00yFpNyGPher1OgtGoU+XBK8EUepuY=; b=XCJxho4V0+aLWwV1VH0yP5EEuGe3YWn8U1f3rLxw10DPYBPvGrbcre3skRHV5nd8T5jsC9 XE73DysNn9rArFMLR+j5QCd4Wm9vtzxUsOSUIwyqX9nH0YnTHwbvvZFJ3bxP0fa2pu+VgT LIRaQhloXgm7y7KeuH9+rBp2vQ57+Ir2zwb3SauRfMRPLVODmxabum9Ca7j5FYbxFKXByN aN/M1GzrMUllVwpkdIRT84U6YEmY3dnLHWF6cvr6aXORKNvdBo0glPxTigdzsWMD6btRMj k3T0lla1OF2o5FYjvvQN0I1QheOrq2iokm/3fJdm0RMKileuloYbYyPC/XzswA== From: "Jinhui Guo" Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable To: , , , Message-Id: <20251210171431.1589-3-guojinhui.liam@bytedance.com> X-Original-From: Jinhui Guo X-Lms-Return-Path: Cc: , , , In-Reply-To: <20251210171431.1589-1-guojinhui.liam@bytedance.com> References: <20251210171431.1589-1-guojinhui.liam@bytedance.com> X-Mailer: git-send-email 2.17.1 Subject: [PATCH 2/2] iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode Date: Thu, 11 Dec 2025 01:14:31 +0800 Content-Type: text/plain; charset="utf-8" Commit 4fc82cd907ac ("iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected") relies on pci_dev_is_disconnected() to skip ATS invalidation for safely-removed devices, but it does not cover link-down caused by faults, which can still hard-lock the system. For example, if a VM fails to connect to the PCIe device, "virsh destroy" is executed to release resources and isolate the fault, but a hard-lockup occurs while releasing the group fd. Call Trace: qi_submit_sync qi_flush_dev_iotlb intel_pasid_tear_down_entry device_block_translation blocking_domain_attach_dev __iommu_attach_device __iommu_device_set_domain __iommu_group_set_domain_internal iommu_detach_group vfio_iommu_type1_detach_group vfio_group_detach_container vfio_group_fops_release __fput Although pci_device_is_present() is slower than pci_dev_is_disconnected(), it still takes only ~70 =C2=B5s on a ConnectX-5 (8 GT/s, x2) and becomes even faster as PCIe speed and width increase. Besides, devtlb_invalidation_with_pasid() is called only in the paths below, which are far less frequent than memory map/unmap. 1. mm-struct release 2. {attach,release}_dev 3. set/remove PASID 4. dirty-tracking setup The gain in system stability far outweighs the negligible cost of using pci_device_is_present() instead of pci_dev_is_disconnected() to decide when to skip ATS invalidation, especially under GDR high-load conditions. Fixes: 4fc82cd907ac ("iommu/vt-d: Don't issue ATS Invalidation request when= device is disconnected") Signed-off-by: Jinhui Guo --- drivers/iommu/intel/pasid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iommu/intel/pasid.c b/drivers/iommu/intel/pasid.c index b1e8eb6a6504..e9dea47decdb 100644 --- a/drivers/iommu/intel/pasid.c +++ b/drivers/iommu/intel/pasid.c @@ -218,7 +218,7 @@ devtlb_invalidation_with_pasid(struct intel_iommu *iomm= u, if (!info || !info->ats_enabled) return; =20 - if (pci_dev_is_disconnected(to_pci_dev(dev))) + if (!pci_device_is_present(to_pci_dev(dev))) return; =20 sid =3D PCI_DEVID(info->bus, info->devfn); --=20 2.20.1