@@ -1384,6 +1384,16 @@ EXPORT_SYMBOL_GPL(iommu_group_id);
13841384static struct iommu_group * get_pci_alias_group (struct pci_dev * pdev ,
13851385 unsigned long * devfns );
13861386
1387+ /*
1388+ * To consider a PCI device isolated, we require ACS to support Source
1389+ * Validation, Request Redirection, Completer Redirection, and Upstream
1390+ * Forwarding. This effectively means that devices cannot spoof their
1391+ * requester ID, requests and completions cannot be redirected, and all
1392+ * transactions are forwarded upstream, even as it passes through a
1393+ * bridge where the target device is downstream.
1394+ */
1395+ #define REQ_ACS_FLAGS (PCI_ACS_SV | PCI_ACS_RR | PCI_ACS_CR | PCI_ACS_UF)
1396+
13871397/*
13881398 * For multifunction devices which are not isolated from each other, find
13891399 * all the other non-isolated functions and look for existing groups. For
@@ -1396,13 +1406,13 @@ static struct iommu_group *get_pci_function_alias_group(struct pci_dev *pdev,
13961406 struct pci_dev * tmp = NULL ;
13971407 struct iommu_group * group ;
13981408
1399- if (!pdev -> multifunction || pci_acs_enabled (pdev , PCI_ACS_ISOLATED ))
1409+ if (!pdev -> multifunction || pci_acs_enabled (pdev , REQ_ACS_FLAGS ))
14001410 return NULL ;
14011411
14021412 for_each_pci_dev (tmp ) {
14031413 if (tmp == pdev || tmp -> bus != pdev -> bus ||
14041414 PCI_SLOT (tmp -> devfn ) != PCI_SLOT (pdev -> devfn ) ||
1405- pci_acs_enabled (tmp , PCI_ACS_ISOLATED ))
1415+ pci_acs_enabled (tmp , REQ_ACS_FLAGS ))
14061416 continue ;
14071417
14081418 group = get_pci_alias_group (tmp , devfns );
@@ -1546,7 +1556,7 @@ struct iommu_group *pci_device_group(struct device *dev)
15461556 if (!bus -> self )
15471557 continue ;
15481558
1549- if (pci_acs_path_enabled (bus -> self , NULL , PCI_ACS_ISOLATED ))
1559+ if (pci_acs_path_enabled (bus -> self , NULL , REQ_ACS_FLAGS ))
15501560 break ;
15511561
15521562 pdev = bus -> self ;
0 commit comments