From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 24B88C61DA4 for ; Fri, 24 Feb 2023 11:55:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7199E6B0074; Fri, 24 Feb 2023 06:55:51 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 6C70B6B0075; Fri, 24 Feb 2023 06:55:51 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 568176B0078; Fri, 24 Feb 2023 06:55:51 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 4867F6B0074 for ; Fri, 24 Feb 2023 06:55:51 -0500 (EST) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id E9630A190C for ; Fri, 24 Feb 2023 11:55:50 +0000 (UTC) X-FDA: 80502031260.26.93CB1D5 Received: from mail-lj1-f169.google.com (mail-lj1-f169.google.com [209.85.208.169]) by imf30.hostedemail.com (Postfix) with ESMTP id D9B5C8001B for ; Fri, 24 Feb 2023 11:55:48 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=oYtJEH81; spf=pass (imf30.hostedemail.com: domain of zhi.wang.linux@gmail.com designates 209.85.208.169 as permitted sender) smtp.mailfrom=zhi.wang.linux@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1677239749; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=SM2jD2WGkkdjc+YfrvfeooKgMPREveodz0PCNlMVFUU=; b=M/wILhRYwCAQ5pDQFlNAnvSuZB0CeR6th2q+7DosZywB5xvHVw0xIcyU3Lth5dpUBMCPVu zIS14gWx3Ku5h+qnQuCs18LOXHPHCU0o6Is5SFL9llexS4SlXH7Sg4pCDsplj7GtI+jNZs OuQZxEkcbn+qc5MF4xN8hk9j9kUgE90= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=oYtJEH81; spf=pass (imf30.hostedemail.com: domain of zhi.wang.linux@gmail.com designates 209.85.208.169 as permitted sender) smtp.mailfrom=zhi.wang.linux@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1677239749; a=rsa-sha256; cv=none; b=jMg+FnMr1/4iobC6oWC4EmL4j75COvJ9xMnF6Q8vx146ebzZbnQfCCkLGzA+e0/ZSOCVS6 /LKrEeqfUkncKy1oIhozFAfn1HprUU3tnZJ6Y2dBMXbqcnXTwBfDoSpLg07cv0tWwWob6F Unu8MMBRFebJAvhIhRGSITdhuQOEKFg= Received: by mail-lj1-f169.google.com with SMTP id t14so11181880ljd.5 for ; Fri, 24 Feb 2023 03:55:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=SM2jD2WGkkdjc+YfrvfeooKgMPREveodz0PCNlMVFUU=; b=oYtJEH81IIRS5o0x+xLdmMNllSAuwKBCUooS8AOaxRt/BE2cRWtGVWH+Bvz/Sp9Tkv r5BQzvKNC+0V5/PWEzDgoV1DnyLuGa7xy3g76rs+pkCS/Udh21KWrBYoUMSWUJohp2Wm ST9xgqK1Wbop0OnRewSDsJjHAB21U+24MnCBkEoTdnK9UgmN5GKr/nktQDZdIlpt68Er vi+srj5T3SfN3DkzjbTiuuKTf2C1X6vO2zE0ab5Qupw1aIfOOTbOUoJaOJ7o7e2rRcIJ 2grOIfhbo9PlYhGn3XLA91cNnkMhyIZDQf26A6U7LyWyMqIx9KtRacvhxatGUck2N0to SCdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SM2jD2WGkkdjc+YfrvfeooKgMPREveodz0PCNlMVFUU=; b=yNbGIHeWxtwvE6xD/1Qxgftjb5cR9Gq2j8kHFC+ywjhxLwIysFpYYe6c9q7UzqIi79 k/9hpAEAJ11LxLt+IwYBYmjUpNQSQDFPXnRE+DCtFEojWbFSKX4+KXi1jHOcK3OxeKlW DEbyApwZtV2c3LSw1eylTBrgJ+R8MVInrC7flbOooKI+Zza0Jvbc4AMoCQPm1OCI0sti m6OlS9l5NSnzMPliFsy4TOSto72kQP2XCtocdwmlo8Ef56AZJmrGDqd7ghYVVOcf+iRs QNeSEV9FsSlF3G8p8grnyJ3FfwKyorYxYGPIxVPfgOmDgrcsp4nM0cR5DikGMBG1FX9b cioA== X-Gm-Message-State: AO0yUKWX89sYlw8eLdcX64FDSyUGuWvJgNGezyojEeExG99iKNeRtKeu +gZSn0QztgQM/3FzLBAG1+w= X-Google-Smtp-Source: AK7set/WeGrqGcctJ0TVe1kLF8QFmtLiUiu8GO3U35HUeDbvsI/VmUrvYYPSOTjYEDAl0Scs+kKEyw== X-Received: by 2002:a2e:a9a2:0:b0:293:47c6:e876 with SMTP id x34-20020a2ea9a2000000b0029347c6e876mr8132243ljq.2.1677239746722; Fri, 24 Feb 2023 03:55:46 -0800 (PST) Received: from localhost (88-115-161-74.elisa-laajakaista.fi. [88.115.161.74]) by smtp.gmail.com with ESMTPSA id s2-20020a19ad42000000b004cc7026d95asm1665253lfd.259.2023.02.24.03.55.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Feb 2023 03:55:46 -0800 (PST) Date: Fri, 24 Feb 2023 13:55:44 +0200 From: Zhi Wang To: Michael Roth Cc: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: Re: [PATCH RFC v8 35/56] KVM: SVM: Add KVM_SEV_SNP_LAUNCH_UPDATE command Message-ID: <20230224135544.000075fb@gmail.com> In-Reply-To: <20230220183847.59159-36-michael.roth@amd.com> References: <20230220183847.59159-1-michael.roth@amd.com> <20230220183847.59159-36-michael.roth@amd.com> X-Mailer: Claws Mail 4.1.0 (GTK 3.24.33; x86_64-w64-mingw32) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: D9B5C8001B X-Stat-Signature: bco39eg9taw6mmasb9oah8e7dw8uxsbe X-HE-Tag: 1677239748-891475 X-HE-Meta: U2FsdGVkX18Mqe5CMPCp6UlVBZmSOuuzGHoTo+aWlXCdFz0tH9BC04vR+Z6lyYZYkcE4LPs4zMT7yD1o+eX6aDXigMIT1mkNYKIJzcltPDF1bCM/nnxPf5SZk4RNjM7P8doaZW2vHDFzbn5P1wPDlQryQ90S3b6CXt8MCRANMhV/66nncAYWij5W4hIsHmrf6Mr31eae0ISNlTLBb4QUr/iG9/XXNOHDcCyN3J8jCpdEi4J6C0Vcs9SefJwjgUeTZu3nwE3CsDKwul2EVhQjEi1YA0poosOAGP4OHRDPsC1GfM6cMRDYfyoD1jm5G+5Mc8t3tbMs0vYhEvboRy/ATrrqN5KDv4qWk1p2iuBnNDtkIvQoS8dn4SQKygL439m4M8RCSWaJI6h0q4OqIpnQfeTiMWfFCe6QFurFBf62Je6o8gyI/SjyjNTWGXLxOqbmU5QlcAHKEB+iXSBG+UWpTxixne+2jLrRclP+EEjo9sqU2MdlVzyuke4KYKPmcBDaoVikuSDyXi8c8Rx8HDskd4nX/p9uU9eZkRoWIHIwH1sVj7upZ0RRtGZcMpIHYXHtbwvGDL7jAy40CzhFldzO91a+Mk2pvclS1b50FGBkqlKWxX5Xij324b4tFoogiXQwuOpLo/Ys7yPmo4SVuDvpJNd4R4TfXuc66ZSPdu0L/12km9vx9JOafc1//sa1TVwbvTb7Q51YUY6smH5CqO1UYi9/6TsJ1Nh5hBpg8sVlmkc5yfDlGsPgDoN5V2Di0vbLMVg+xQcswqBA6R1sTHWVWk08zHlWqTc7UBVv5iigTWREltvfGtU5x1TO37pq2ZE8tapxjHP/NoO+Un2H9ACHwIDCzoHLwxEessnBgaAFvJ9kK/po1nH7lAzAQ+QvGtmykNe5jVq+Mq+elcUZR/NPw+j/fNPZbXfiM7iFphO90lUtfhsMBPhXHxFaDuI+25iNm/W1D6TjoWYFkbjG1xb nnA+LbNe qjxHwp7ioTkSFt/fKiHApBJA8Gamh48ryjkaVyhcmsBp9FFoGmvCJ0q3YoUPXp0RyIl5a16MK61m3om4hAsaA7A0YaIW/dvG8tcBpB7iqXGIne/NcxSr3F6vRTR4tx2U7zaODEdhzxVFpjAXBoomCjW/Byuy1bhLgC+mzlD38hgXtrPY0YG+AxFpLQtTNHKMGw/GDQNzBz8X2WYgxIZOweTtbaNjixN0Vh5BI2r04MHm4nHtd+H+oTPXGekxTDMev8V4miNpLsvUJCZHy0sRPX5LUUvCkbZCza537HiWYiExcb7tFSQEAsKk3cCoJaGA1fzxDi6Nfv3CyVICCRxbp1qhBBNWjsCw02qWxVnVySnpWQhDZlL3YoaqZNM4hwzR6GeaEt8NDFj3zsID6ghtNCSboMOndkz2XK3E8G+dGRsyvZoCNGVbdydcUVqnD5DzTJmJckwXgsOdezoyvvPWYAuDptjasjMY11+ljqbQYAQ8ytj6EjD81h1QiGl1d4LAEdQAbZX6XdXGEC+Alym9lhVWNgGK9uxBoWLCrHWm0IL+J9JV6Cy3B2cE2rw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, 20 Feb 2023 12:38:26 -0600 Michael Roth wrote: > From: Brijesh Singh > > The KVM_SEV_SNP_LAUNCH_UPDATE command can be used to insert data into the > guest's memory. The data is encrypted with the cryptographic context > created with the KVM_SEV_SNP_LAUNCH_START. > > In addition to the inserting data, it can insert a two special pages > into the guests memory: the secrets page and the CPUID page. > > While terminating the guest, reclaim the guest pages added in the RMP > table. If the reclaim fails, then the page is no longer safe to be > released back to the system and leak them. > > For more information see the SEV-SNP specification. > > Co-developed-by: Michael Roth > Signed-off-by: Michael Roth > Signed-off-by: Brijesh Singh > Signed-off-by: Ashish Kalra > --- > .../virt/kvm/x86/amd-memory-encryption.rst | 29 +++ > arch/x86/kvm/svm/sev.c | 190 ++++++++++++++++++ > include/uapi/linux/kvm.h | 19 ++ > 3 files changed, 238 insertions(+) > > diff --git a/Documentation/virt/kvm/x86/amd-memory-encryption.rst b/Documentation/virt/kvm/x86/amd-memory-encryption.rst > index 58971fc02a15..c94be8e6d657 100644 > --- a/Documentation/virt/kvm/x86/amd-memory-encryption.rst > +++ b/Documentation/virt/kvm/x86/amd-memory-encryption.rst > @@ -485,6 +485,35 @@ Returns: 0 on success, -negative on error > > See the SEV-SNP specification for further detail on the launch input. > > +20. KVM_SNP_LAUNCH_UPDATE > +------------------------- > + > +The KVM_SNP_LAUNCH_UPDATE is used for encrypting a memory region. It also > +calculates a measurement of the memory contents. The measurement is a signature > +of the memory contents that can be sent to the guest owner as an attestation > +that the memory was encrypted correctly by the firmware. > + > +Parameters (in): struct kvm_snp_launch_update > + > +Returns: 0 on success, -negative on error > + > +:: > + > + struct kvm_sev_snp_launch_update { > + __u64 start_gfn; /* Guest page number to start from. */ > + __u64 uaddr; /* userspace address need to be encrypted */ > + __u32 len; /* length of memory region */ > + __u8 imi_page; /* 1 if memory is part of the IMI */ > + __u8 page_type; /* page type */ > + __u8 vmpl3_perms; /* VMPL3 permission mask */ > + __u8 vmpl2_perms; /* VMPL2 permission mask */ > + __u8 vmpl1_perms; /* VMPL1 permission mask */ > + }; > + > +See the SEV-SNP spec for further details on how to build the VMPL permission > +mask and page type. > + > + > References > ========== > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c > index 097bb2138360..03dd227f6090 100644 > --- a/arch/x86/kvm/svm/sev.c > +++ b/arch/x86/kvm/svm/sev.c > @@ -234,6 +234,37 @@ static void sev_decommission(unsigned int handle) > sev_guest_decommission(&decommission, NULL); > } > > +static int snp_page_reclaim(u64 pfn) > +{ > + struct sev_data_snp_page_reclaim data = {0}; > + int err, rc; > + > + data.paddr = __sme_set(pfn << PAGE_SHIFT); > + rc = sev_do_cmd(SEV_CMD_SNP_PAGE_RECLAIM, &data, &err); > + if (rc) { > + /* > + * If the reclaim failed, then page is no longer safe > + * to use. > + */ > + snp_mark_pages_offline(pfn, > + page_level_size(PG_LEVEL_4K) >> PAGE_SHIFT); > + } > + > + return rc; > +} > + > +static int host_rmp_make_shared(u64 pfn, enum pg_level level, bool leak) > +{ > + int rc; > + > + rc = rmp_make_shared(pfn, level); > + if (rc && leak) > + snp_mark_pages_offline(pfn, > + page_level_size(level) >> PAGE_SHIFT); > + > + return rc; > +} > + PATCH 24 has similar functions. It would be better to expose them. > static void sev_unbind_asid(struct kvm *kvm, unsigned int handle) > { > struct sev_data_deactivate deactivate; > @@ -2093,6 +2124,162 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) > return rc; > } > > +static int snp_launch_update_gfn_handler(struct kvm *kvm, > + struct kvm_gfn_range *range, > + void *opaque) > +{ > + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; > + struct kvm_memory_slot *memslot = range->slot; > + struct sev_data_snp_launch_update data = {0}; > + struct kvm_sev_snp_launch_update params; > + struct kvm_sev_cmd *argp = opaque; > + int *error = &argp->error; > + int i, n = 0, ret = 0; > + unsigned long npages; > + kvm_pfn_t *pfns; > + gfn_t gfn; > + > + if (!kvm_slot_can_be_private(memslot)) { > + pr_err("SEV-SNP requires restricted memory.\n"); > + return -EINVAL; > + } > + > + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params))) { > + pr_err("Failed to copy user parameters for SEV-SNP launch.\n"); > + return -EFAULT; > + } > + > + data.gctx_paddr = __psp_pa(sev->snp_context); > + > + npages = range->end - range->start; > + pfns = kvmalloc_array(npages, sizeof(*pfns), GFP_KERNEL_ACCOUNT); > + if (!pfns) > + return -ENOMEM; > + > + pr_debug("%s: GFN range 0x%llx-0x%llx, type %d\n", __func__, > + range->start, range->end, params.page_type); > + > + for (gfn = range->start, i = 0; gfn < range->end; gfn++, i++) { > + int order, level; > + void *kvaddr; > + > + ret = kvm_restrictedmem_get_pfn(memslot, gfn, &pfns[i], &order); > + if (ret) > + goto e_release; > + > + n++; > + ret = snp_lookup_rmpentry((u64)pfns[i], &level); > + if (ret) { > + pr_err("Failed to ensure GFN 0x%llx is in initial shared state, ret: %d\n", > + gfn, ret); > + return -EFAULT; > + } > + > + kvaddr = pfn_to_kaddr(pfns[i]); > + if (!virt_addr_valid(kvaddr)) { > + pr_err("Invalid HVA 0x%llx for GFN 0x%llx\n", (uint64_t)kvaddr, gfn); > + ret = -EINVAL; > + goto e_release; > + } > + > + ret = kvm_read_guest_page(kvm, gfn, kvaddr, 0, PAGE_SIZE); > + if (ret) { > + pr_err("Guest read failed, ret: 0x%x\n", ret); > + goto e_release; > + } > + > + ret = rmp_make_private(pfns[i], gfn << PAGE_SHIFT, PG_LEVEL_4K, > + sev_get_asid(kvm), true); > + if (ret) { > + ret = -EFAULT; > + goto e_release; > + } > + > + data.address = __sme_set(pfns[i] << PAGE_SHIFT); > + data.page_size = X86_TO_RMP_PG_LEVEL(PG_LEVEL_4K); > + data.page_type = params.page_type; > + data.vmpl3_perms = params.vmpl3_perms; > + data.vmpl2_perms = params.vmpl2_perms; > + data.vmpl1_perms = params.vmpl1_perms; > + ret = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_LAUNCH_UPDATE, > + &data, error); > + if (ret) { > + pr_err("SEV-SNP launch update failed, ret: 0x%x, fw_error: 0x%x\n", > + ret, *error); > + snp_page_reclaim(pfns[i]); > + > + /* > + * When invalid CPUID function entries are detected, the firmware > + * corrects these entries for debugging purpose and leaves the > + * page unencrypted so it can be provided users for debugging > + * and error-reporting. > + * > + * Copy the corrected CPUID page back to shared memory so > + * userpsace can retrieve this information. > + */ > + if (params.page_type == SNP_PAGE_TYPE_CPUID && > + *error == SEV_RET_INVALID_PARAM) { > + int ret; > + > + host_rmp_make_shared(pfns[i], PG_LEVEL_4K, true); > + > + ret = kvm_write_guest_page(kvm, gfn, kvaddr, 0, PAGE_SIZE); > + if (ret) > + pr_err("Failed to write CPUID page back to userspace, ret: 0x%x\n", > + ret); > + } > + > + > + goto e_release; > + } > + } > + > + /* > + * Memory attribute updates via KVM_SET_MEMORY_ATTRIBUTES are serialized > + * via kvm->slots_lock, so use the same protocol for updating them here. > + */ > + mutex_lock(&kvm->slots_lock); > + kvm_vm_set_region_attr(kvm, range->start, range->end, KVM_MEMORY_ATTRIBUTE_PRIVATE); > + mutex_unlock(&kvm->slots_lock); > + > +e_release: > + /* Content of memory is updated, mark pages dirty */ > + for (i = 0; i < n; i++) { > + set_page_dirty(pfn_to_page(pfns[i])); > + mark_page_accessed(pfn_to_page(pfns[i])); > + > + /* > + * If its an error, then update RMP entry to change page ownership > + * to the hypervisor. > + */ > + if (ret) > + host_rmp_make_shared(pfns[i], PG_LEVEL_4K, true); > + > + put_page(pfn_to_page(pfns[i])); > + } > + > + kvfree(pfns); > + return ret; > +} > + > +static int snp_launch_update(struct kvm *kvm, struct kvm_sev_cmd *argp) > +{ > + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; > + struct kvm_sev_snp_launch_update params; > + > + if (!sev_snp_guest(kvm)) > + return -ENOTTY; > + > + if (!sev->snp_context) > + return -EINVAL; > + > + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params))) > + return -EFAULT; > + > + return kvm_vm_do_hva_range_op(kvm, params.uaddr, params.uaddr + params.len, > + snp_launch_update_gfn_handler, argp); > +} > + > int sev_mem_enc_ioctl(struct kvm *kvm, void __user *argp) > { > struct kvm_sev_cmd sev_cmd; > @@ -2186,6 +2373,9 @@ int sev_mem_enc_ioctl(struct kvm *kvm, void __user *argp) > case KVM_SEV_SNP_LAUNCH_START: > r = snp_launch_start(kvm, &sev_cmd); > break; > + case KVM_SEV_SNP_LAUNCH_UPDATE: > + r = snp_launch_update(kvm, &sev_cmd); > + break; > default: > r = -EINVAL; > goto out; > diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h > index cf19799ca5ce..4098bba17aa4 100644 > --- a/include/uapi/linux/kvm.h > +++ b/include/uapi/linux/kvm.h > @@ -1920,6 +1920,7 @@ enum sev_cmd_id { > /* SNP specific commands */ > KVM_SEV_SNP_INIT, > KVM_SEV_SNP_LAUNCH_START, > + KVM_SEV_SNP_LAUNCH_UPDATE, > > KVM_SEV_NR_MAX, > }; > @@ -2036,6 +2037,24 @@ struct kvm_sev_snp_launch_start { > __u8 pad[6]; > }; > > +#define KVM_SEV_SNP_PAGE_TYPE_NORMAL 0x1 > +#define KVM_SEV_SNP_PAGE_TYPE_VMSA 0x2 > +#define KVM_SEV_SNP_PAGE_TYPE_ZERO 0x3 > +#define KVM_SEV_SNP_PAGE_TYPE_UNMEASURED 0x4 > +#define KVM_SEV_SNP_PAGE_TYPE_SECRETS 0x5 > +#define KVM_SEV_SNP_PAGE_TYPE_CPUID 0x6 > + > +struct kvm_sev_snp_launch_update { > + __u64 start_gfn; > + __u64 uaddr; > + __u32 len; > + __u8 imi_page; > + __u8 page_type; > + __u8 vmpl3_perms; > + __u8 vmpl2_perms; > + __u8 vmpl1_perms; > +}; > + > #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) > #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) > #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2)