> From: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>
> Sent: Monday, January 20, 2025 4:02 PM
>
> This driver supports page faults on PCI RID since commit <9f831c16c69e>
> ("iommu/vt-d: Remove the pasid present check in prq_event_thread") by
> allowing the reporting of page faults with the pasid_present field cleared
> to the upper layer for further handling. The fundamental assumption here
> is that the detach or replace operations act as a fence for page faults.
> This implies that all pending page faults associated with a specific RID
> or PASID are flushed when a domain is detached or replaced from a device
> RID or PASID.
>
> However, the intel_iommu_drain_pasid_prq() helper does not correctly
> handle faults for RID. This leads to faults potentially remaining pending
> in the iommu hardware queue even after the domain is detached, thereby
> violating the aforementioned assumption.
>
> Fix this issue by extending intel_iommu_drain_pasid_prq() to cover faults
> for RID.
>
> Fixes: 9f831c16c69e ("iommu/vt-d: Remove the pasid present check in
> prq_event_thread")
> Cc: stable@xxxxxxxxxxxxxxx
> Suggested-by: Kevin Tian <kevin.tian@xxxxxxxxx>
> Signed-off-by: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>
> ---
> drivers/iommu/intel/prq.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/intel/prq.c b/drivers/iommu/intel/prq.c
> index c2d792db52c3..043f02d7b460 100644
> --- a/drivers/iommu/intel/prq.c
> +++ b/drivers/iommu/intel/prq.c
> @@ -87,7 +87,8 @@ void intel_iommu_drain_pasid_prq(struct device *dev,
> u32 pasid)
> struct page_req_dsc *req;
>
> req = &iommu->prq[head / sizeof(*req)];
> - if (!req->pasid_present || req->pasid != pasid) {
> + if (req->rid != sid ||
> + (req->pasid_present && req->pasid != pasid)) {
> head = (head + sizeof(*req)) & PRQ_RING_MASK;
> continue;
> }
Ah you'd also want to skip (!req->pasid_present &&
pasid != IOMMU_NO_PASID)
