From: Baolu Lu <baolu.lu@linux.intel.com>
To: Yi Liu <yi.l.liu@intel.com>,
joro@8bytes.org, alex.williamson@redhat.com, jgg@nvidia.com,
kevin.tian@intel.com, robin.murphy@arm.com
Cc: baolu.lu@linux.intel.com, cohuck@redhat.com,
eric.auger@redhat.com, nicolinc@nvidia.com, kvm@vger.kernel.org,
mjrosato@linux.ibm.com, chao.p.peng@linux.intel.com,
yi.y.sun@linux.intel.com, peterx@redhat.com, jasowang@redhat.com,
shameerali.kolothum.thodi@huawei.com, lulu@redhat.com,
suravee.suthikulpanit@amd.com, iommu@lists.linux.dev,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
zhenzhong.duan@intel.com, joao.m.martins@oracle.com,
xin.zeng@intel.com
Subject: Re: [PATCH v6 8/8] iommu/vt-d: Disallow read-only mappings to nest parent domain
Date: Sat, 21 Oct 2023 11:24:15 +0800 [thread overview]
Message-ID: <23133231-c6d7-469e-8f55-2e7667acb097@linux.intel.com> (raw)
In-Reply-To: <20231020093246.17015-9-yi.l.liu@intel.com>
On 10/20/23 5:32 PM, Yi Liu wrote:
> From: Lu Baolu <baolu.lu@linux.intel.com>
>
> When remapping hardware is configured by system software in scalable mode
> as Nested (PGTT=011b) and with PWSNP field Set in the PASID-table-entry,
> it may Set Accessed bit and Dirty bit (and Extended Access bit if enabled)
> in first-stage page-table entries even when second-stage mappings indicate
> that corresponding first-stage page-table is Read-Only.
>
> As the result, contents of pages designated by VMM as Read-Only can be
> modified by IOMMU via PML5E (PML4E for 4-level tables) access as part of
> address translation process due to DMAs issued by Guest.
>
> This disallows read-only mappings in the domain that is supposed to be used
> as nested parent. Reference from Sapphire Rapids Specification Update [1],
> errata details, SPR17. Userspace should know this limitation by checking
> the IOMMU_HW_INFO_VTD_ERRATA_772415_SPR17 flag reported in the IOMMU_GET_HW_INFO
> ioctl.
>
> [1] https://www.intel.com/content/www/us/en/content-details/772415/content-details.html
>
> Reviewed-by: Kevin Tian <kevin.tian@intel.com>
> Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
> Signed-off-by: Yi Liu <yi.l.liu@intel.com>
> ---
> drivers/iommu/intel/iommu.c | 9 +++++++++
> drivers/iommu/intel/iommu.h | 1 +
> include/uapi/linux/iommufd.h | 12 +++++++++++-
> 3 files changed, 21 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
> index c7704e7efd4a..a0341a069fbf 100644
> --- a/drivers/iommu/intel/iommu.c
> +++ b/drivers/iommu/intel/iommu.c
> @@ -2193,6 +2193,11 @@ __domain_mapping(struct dmar_domain *domain, unsigned long iov_pfn,
> if ((prot & (DMA_PTE_READ|DMA_PTE_WRITE)) == 0)
> return -EINVAL;
>
> + if (!(prot & DMA_PTE_WRITE) && domain->is_nested_parent) {
> + pr_err_ratelimited("Read-only mapping is disallowed on the domain which serves as the parent in a nested configuration, due to HW errata (ERRATA_772415_SPR17)\n");
> + return -EINVAL;
> + }
> +
> attr = prot & (DMA_PTE_READ | DMA_PTE_WRITE | DMA_PTE_SNP);
> attr |= DMA_FL_PTE_PRESENT;
> if (domain->use_first_level) {
> @@ -4101,6 +4106,9 @@ intel_iommu_domain_alloc_user(struct device *dev, u32 flags,
> domain = iommu_domain_alloc(dev->bus);
> if (!domain)
> return ERR_PTR(-ENOMEM);
> + container_of(domain,
> + struct dmar_domain,
> + domain)->is_nested_parent = request_nest_parent;
How about
to_dmar_domain(domain)->is_nested_parent = ...;
?
I would also prefer to introduce is_nested_parent_domain to the user
domain allocation patch (patch 7/8). This field should be checked when
allocating a nested user domain.
diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index 8f81a5c9fcc0..d3f6bc1f6590 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -4121,6 +4121,8 @@ intel_iommu_domain_alloc_user(struct device *dev,
u32 flags,
return ERR_PTR(-EINVAL);
if (request_nest_parent)
return ERR_PTR(-EINVAL);
+ if (!to_dmar_domain(parent)->is_nested_parent)
+ return ERR_PTR(-EINVAL);
return intel_nested_domain_alloc(parent, user_data);
}
Best regards,
baolu
next prev parent reply other threads:[~2023-10-21 3:29 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-20 9:32 [PATCH v6 0/8] Add Intel VT-d nested translation (part 1/2) Yi Liu
2023-10-20 9:32 ` [PATCH v6 1/8] iommufd: Add data structure for Intel VT-d stage-1 domain allocation Yi Liu
2023-10-20 9:32 ` [PATCH v6 2/8] iommu/vt-d: Extend dmar_domain to support nested domain Yi Liu
2023-10-20 9:32 ` [PATCH v6 3/8] iommu/vt-d: Add helper for nested domain allocation Yi Liu
2023-10-20 11:49 ` Baolu Lu
2023-10-23 11:00 ` Liu, Yi L
2023-10-20 9:32 ` [PATCH v6 4/8] iommu/vt-d: Add helper to setup pasid nested translation Yi Liu
2023-10-20 9:32 ` [PATCH v6 5/8] iommu/vt-d: Make domain attach helpers to be extern Yi Liu
2023-10-20 12:20 ` Baolu Lu
2023-10-20 9:32 ` [PATCH v6 6/8] iommu/vt-d: Set the nested domain to a device Yi Liu
2023-10-20 9:32 ` [PATCH v6 7/8] iommu/vt-d: Add nested domain allocation Yi Liu
2023-10-21 3:07 ` Baolu Lu
2023-10-23 11:11 ` Liu, Yi L
2023-10-20 9:32 ` [PATCH v6 8/8] iommu/vt-d: Disallow read-only mappings to nest parent domain Yi Liu
2023-10-21 3:24 ` Baolu Lu [this message]
2023-10-23 11:15 ` Liu, Yi L
2023-10-23 12:18 ` Baolu Lu
2023-10-24 2:06 ` Liu, Yi L
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=23133231-c6d7-469e-8f55-2e7667acb097@linux.intel.com \
--to=baolu.lu@linux.intel.com \
--cc=alex.williamson@redhat.com \
--cc=chao.p.peng@linux.intel.com \
--cc=cohuck@redhat.com \
--cc=eric.auger@redhat.com \
--cc=iommu@lists.linux.dev \
--cc=jasowang@redhat.com \
--cc=jgg@nvidia.com \
--cc=joao.m.martins@oracle.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=lulu@redhat.com \
--cc=mjrosato@linux.ibm.com \
--cc=nicolinc@nvidia.com \
--cc=peterx@redhat.com \
--cc=robin.murphy@arm.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=xin.zeng@intel.com \
--cc=yi.l.liu@intel.com \
--cc=yi.y.sun@linux.intel.com \
--cc=zhenzhong.duan@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.