From nobody Sat Feb 7 20:44:08 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5EE7D35CB7F for ; Thu, 22 Jan 2026 01:51:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769046688; cv=none; b=pGn/Y6WQICSwEHQPY6VDivwOC1QQqClXXVaba1Z0NLKqprugHhSkiD1r1HWGr5ooYYJjeD9yQHJk30kY0qAwVDQe2YAlB6Azo2a7k/FohTc9HeROlBxTJTnWU7GK2cMoJ1Imy5oIzMXr6iFZfAOv44VPQ7zcIjU7muEAu2Q34Sk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769046688; c=relaxed/simple; bh=ccjGZDmIa9lrD/sPBBC6A+WacPVxmul231gi/NFW/LY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=a3rfHBftllaZRC8hBdDZDtFpdS689a+KuJmExj/sYInuwvx20uy/WxT7ePlY1CwqfTEpJ0FVp97Bf3Cliy+avfbRNFVcVnoJgVQoUS2LhzqZ5oUCyUDlV507E5D+KWxzhDRZSpbxNoL4Z92UfDXEy0+0MCUZRX6F9sRX5xOVCWY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=FUL94RNh; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="FUL94RNh" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1769046686; x=1800582686; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ccjGZDmIa9lrD/sPBBC6A+WacPVxmul231gi/NFW/LY=; b=FUL94RNhepJnHrtCU6I5Cva8k2blb/YK4ltcF3Ff7/lf3JXOszsx7Iug E2ek7WFXfPdbNlZD2/7cgrwJ5CwYebXtq91n3wITpGhAm94BogXXfV68G CfFBbwrJzVvaxxPCR00Wm+3XBJuz/o/IgtYXyFimIR9TFd5RQxAC1dJe6 J1bFvD5HpGLtnLD2KBaMkrSk2vnUXZbE0m5ipkk9hjYnpohSC65ydvF/p AAq/vLrEfU+41lxzYALSJ5xMLIZqsXtl/T7mIHu3DJKffMvCzZEbqG/Tr N2TBlP5M5HkW1oL4QzRsykHnA7ZU9LNsFhnJ3pjJPxHVgjF0LK3d3Mx/W Q==; X-CSE-ConnectionGUID: 3zfbalAyRnuj77Pf0j41/Q== X-CSE-MsgGUID: YTflKPdyQMiKPaUj8igVvg== X-IronPort-AV: E=McAfee;i="6800,10657,11678"; a="81393034" X-IronPort-AV: E=Sophos;i="6.21,244,1763452800"; d="scan'208";a="81393034" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2026 17:51:26 -0800 X-CSE-ConnectionGUID: ItYt5QW+QYmnjtRzsRFEXg== X-CSE-MsgGUID: YzeNCHDDRjS+LHj1DbZQag== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.21,244,1763452800"; d="scan'208";a="211455624" Received: from allen-box.sh.intel.com ([10.239.159.52]) by fmviesa004.fm.intel.com with ESMTP; 21 Jan 2026 17:51:24 -0800 From: Lu Baolu To: Joerg Roedel Cc: Yi Liu , Dmytro Maluka , Jinhui Guo , iommu@lists.linux.dev, linux-kernel@vger.kernel.org Subject: [PATCH 1/7] iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode Date: Thu, 22 Jan 2026 09:48:50 +0800 Message-ID: <20260122014856.2457052-2-baolu.lu@linux.intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260122014856.2457052-1-baolu.lu@linux.intel.com> References: <20260122014856.2457052-1-baolu.lu@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: Jinhui Guo PCIe endpoints with ATS enabled and passed through to userspace (e.g., QEMU, DPDK) can hard-lock the host when their link drops, either by surprise removal or by a link fault. Commit 4fc82cd907ac ("iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected") adds pci_dev_is_disconnected() to devtlb_invalidation_with_pasid() so ATS invalidation is skipped only when the device is being safely removed, but it applies only when Intel IOMMU scalable mode is enabled. With scalable mode disabled or unsupported, a system hard-lock occurs when a PCIe endpoint's link drops because the Intel IOMMU waits indefinitely for an ATS invalidation that cannot complete. Call Trace: qi_submit_sync qi_flush_dev_iotlb __context_flush_dev_iotlb.part.0 domain_context_clear_one_cb pci_for_each_dma_alias device_block_translation blocking_domain_attach_dev iommu_deinit_device __iommu_group_remove_device iommu_release_device iommu_bus_notifier blocking_notifier_call_chain bus_notify device_del pci_remove_bus_device pci_stop_and_remove_bus_device pciehp_unconfigure_device pciehp_disable_slot pciehp_handle_presence_or_link_change pciehp_ist Commit 81e921fd3216 ("iommu/vt-d: Fix NULL domain on device release") adds intel_pasid_teardown_sm_context() to intel_iommu_release_device(), which calls qi_flush_dev_iotlb() and can also hard-lock the system when a PCIe endpoint's link drops. Call Trace: qi_submit_sync qi_flush_dev_iotlb __context_flush_dev_iotlb.part.0 intel_context_flush_no_pasid device_pasid_table_teardown pci_pasid_table_teardown pci_for_each_dma_alias intel_pasid_teardown_sm_context intel_iommu_release_device iommu_deinit_device __iommu_group_remove_device iommu_release_device iommu_bus_notifier blocking_notifier_call_chain bus_notify device_del pci_remove_bus_device pci_stop_and_remove_bus_device pciehp_unconfigure_device pciehp_disable_slot pciehp_handle_presence_or_link_change pciehp_ist Sometimes the endpoint loses connection without a link-down event (e.g., due to a link fault); killing the process (virsh destroy) then hard-locks the host. Call Trace: qi_submit_sync qi_flush_dev_iotlb __context_flush_dev_iotlb.part.0 domain_context_clear_one_cb pci_for_each_dma_alias device_block_translation blocking_domain_attach_dev __iommu_attach_device __iommu_device_set_domain __iommu_group_set_domain_internal iommu_detach_group vfio_iommu_type1_detach_group vfio_group_detach_container vfio_group_fops_release __fput pci_dev_is_disconnected() only covers safe-removal paths; pci_device_is_present() tests accessibility by reading vendor/device IDs and internally calls pci_dev_is_disconnected(). On a ConnectX-5 (8 GT/s, x2) this costs ~70 =C2=B5s. Since __context_flush_dev_iotlb() is only called on {attach,release}_dev paths (not hot), add pci_device_is_present() there to skip inaccessible devices and avoid the hard-lock. Fixes: 37764b952e1b ("iommu/vt-d: Global devTLB flush when present context = entry changed") Fixes: 81e921fd3216 ("iommu/vt-d: Fix NULL domain on device release") Cc: stable@vger.kernel.org Signed-off-by: Jinhui Guo Link: https://lore.kernel.org/r/20251211035946.2071-2-guojinhui.liam@byteda= nce.com Signed-off-by: Lu Baolu --- drivers/iommu/intel/pasid.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/iommu/intel/pasid.c b/drivers/iommu/intel/pasid.c index 3e2255057079..3f6d78180d79 100644 --- a/drivers/iommu/intel/pasid.c +++ b/drivers/iommu/intel/pasid.c @@ -1102,6 +1102,14 @@ static void __context_flush_dev_iotlb(struct device_= domain_info *info) if (!info->ats_enabled) return; =20 + /* + * Skip dev-IOTLB flush for inaccessible PCIe devices to prevent the + * Intel IOMMU from waiting indefinitely for an ATS invalidation that + * cannot complete. + */ + if (!pci_device_is_present(to_pci_dev(info->dev))) + return; + qi_flush_dev_iotlb(info->iommu, PCI_DEVID(info->bus, info->devfn), info->pfsid, info->ats_qdep, 0, MAX_AGAW_PFN_WIDTH); =20 --=20 2.43.0