Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1307221pxu;
        Mon, 23 Nov 2020 17:53:42 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwtzwBfWk15NwfIbh/Y8DmULQ+HJQOU1uZlq3oV+LsxrbemcZHIdx8SeBvGW7b4aw00KV48
X-Received: by 2002:a05:6402:1644:: with SMTP id s4mr1896529edx.221.1606182822390;
        Mon, 23 Nov 2020 17:53:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1606182822; cv=none;
        d=google.com; s=arc-20160816;
        b=dRhKaI5BUvKMFnjpuE2mDNtcymkGmx+1p/A9abEZjm2Zbuy2J/FchKjLV0nNmQN9hA
         6yf8yqv0gQ7b0rzaHtqEC9p80zHPgvfKqgoVD+m3eOdOtIyfJ8dUZlOanR1hSKztwmfI
         vmAP9xSwnqZUQrvN+ME/JJBeOdUo9ZJAsAfoARVNo9xuSuqTJzlHUYkDM+X2yNVowVYt
         XKWPb4Dc1lOywzlgH1aZ1C+0hAd8Js4RDHRIVRCY3U3ob31cv9cjJBmE2FMKNJKyv3fQ
         IABwuJicCRiVyyrxzmbu3leQ/zzbawFVN2H1/FBxzSaZm+zWTzlElF0RyiPRYRWx4xEy
         dbdg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=VuWQkGbPKRMhj7cIyWq3eh1ua423DEO80VmFt2G/x/k=;
        b=NgI95uDokhcezqUG9Fu8NxAYl3vYeonVu37tDRhnbyhDxWpv2nZFXlccittfH1J62u
         /7i5x9ryMeOXDhQ6/hAiG7XHEvi5o8/cIXBwQOudH/VgS9SJje8f5fSHAymK0x3649OE
         K/jEd/k0H9+sG5HajVxe5jWbxBOBoyuvKakGVrfaKBFBqVS84cYmnS0+F0WoCS0Vv9V6
         Z95i6mxYReonH1JB6Xzgw2zJ9cyGKZmmuXQO/zX/vwiA36GaLouujMR0K0USQnzGJB/L
         4yCrjhoC3yuWfRbpsCfyF0wVZC4AyCEeaiK1LPwn0h7CJGQvKUsLe9OHi/2EGNrdkrLn
         i1JQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=1n2J89Jj;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id g16si3505458ejf.167.2020.11.23.17.53.19;
        Mon, 23 Nov 2020 17:53:42 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=1n2J89Jj;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732073AbgKWMiQ (ORCPT <rfc822;thunderbird.krnldev@gmail.com>
        + 99 others); Mon, 23 Nov 2020 07:38:16 -0500
Received: from mail.kernel.org ([198.145.29.99]:50502 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1732043AbgKWMiD (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 23 Nov 2020 07:38:03 -0500
Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id F3D122065E;
        Mon, 23 Nov 2020 12:38:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1606135082;
        bh=Rx2/1H7YeV5ykEuIKvCuZtHIT5BWvbhD02Gt7L0XEFA=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=1n2J89JjVLmpwChCocTfsJp7evrEllFtjZURUUdDkTKN9LLLrddJdtQt4mkbNCRIo
         Yreol/r+2J+v1NwcAam2F8bPNlEoOYSfz4Nz2AZLUZyRRm1cRx1wS5u1Z82xHmepUy
         hLPBgsiZre98GdnZP/abTlpleyutI6yYVWFbgMyc=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Zhenzhong Duan <zhenzhong.duan@gmail.com>,
        Lukasz Hawrylko <lukasz.hawrylko@linux.intel.com>,
        Lu Baolu <baolu.lu@linux.intel.com>,
        Will Deacon <will@kernel.org>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 098/158] iommu/vt-d: Avoid panic if iommu init fails in tboot system
Date:   Mon, 23 Nov 2020 13:22:06 +0100
Message-Id: <20201123121824.661709561@linuxfoundation.org>
X-Mailer: git-send-email 2.29.2
In-Reply-To: <20201123121819.943135899@linuxfoundation.org>
References: <20201123121819.943135899@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Zhenzhong Duan <zhenzhong.duan@gmail.com>

[ Upstream commit 4d213e76a359e540ca786ee937da7f35faa8e5f8 ]

"intel_iommu=off" command line is used to disable iommu but iommu is force
enabled in a tboot system for security reason.

However for better performance on high speed network device, a new option
"intel_iommu=tboot_noforce" is introduced to disable the force on.

By default kernel should panic if iommu init fail in tboot for security
reason, but it's unnecessory if we use "intel_iommu=tboot_noforce,off".

Fix the code setting force_on and move intel_iommu_tboot_noforce
from tboot code to intel iommu code.

Fixes: 7304e8f28bb2 ("iommu/vt-d: Correctly disable Intel IOMMU force on")
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@gmail.com>
Tested-by: Lukasz Hawrylko <lukasz.hawrylko@linux.intel.com>
Acked-by: Lu Baolu <baolu.lu@linux.intel.com>
Link: https://lore.kernel.org/r/20201110071908.3133-1-zhenzhong.duan@gmail.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/x86/kernel/tboot.c     | 3 ---
 drivers/iommu/intel-iommu.c | 5 +++--
 include/linux/intel-iommu.h | 1 -
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
index a49fe1dcb47e8..bded81591ad95 100644
--- a/arch/x86/kernel/tboot.c
+++ b/arch/x86/kernel/tboot.c
@@ -512,9 +512,6 @@ int tboot_force_iommu(void)
 	if (!tboot_enabled())
 		return 0;
 
-	if (intel_iommu_tboot_noforce)
-		return 1;
-
 	if (no_iommu || swiotlb || dmar_disabled)
 		pr_warning("Forcing Intel-IOMMU to enabled\n");
 
diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
index 1147626f0d253..984c7a6ea4fe8 100644
--- a/drivers/iommu/intel-iommu.c
+++ b/drivers/iommu/intel-iommu.c
@@ -179,7 +179,7 @@ static int rwbf_quirk;
  * (used when kernel is launched w/ TXT)
  */
 static int force_on = 0;
-int intel_iommu_tboot_noforce;
+static int intel_iommu_tboot_noforce;
 static int no_platform_optin;
 
 #define ROOT_ENTRY_NR (VTD_PAGE_SIZE/sizeof(struct root_entry))
@@ -4927,7 +4927,8 @@ int __init intel_iommu_init(void)
 	 * Intel IOMMU is required for a TXT/tboot launch or platform
 	 * opt in, so enforce that.
 	 */
-	force_on = tboot_force_iommu() || platform_optin_force_iommu();
+	force_on = (!intel_iommu_tboot_noforce && tboot_force_iommu()) ||
+		    platform_optin_force_iommu();
 
 	if (iommu_init_mempool()) {
 		if (force_on)
diff --git a/include/linux/intel-iommu.h b/include/linux/intel-iommu.h
index e54d51308f6f5..6b559d25a84ee 100644
--- a/include/linux/intel-iommu.h
+++ b/include/linux/intel-iommu.h
@@ -706,7 +706,6 @@ extern int iommu_calculate_agaw(struct intel_iommu *iommu);
 extern int iommu_calculate_max_sagaw(struct intel_iommu *iommu);
 extern int dmar_disabled;
 extern int intel_iommu_enabled;
-extern int intel_iommu_tboot_noforce;
 extern int intel_iommu_gfx_mapped;
 #else
 static inline int iommu_calculate_agaw(struct intel_iommu *iommu)
-- 
2.27.0