[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] iommu/vtd: fix address translation for superpages

  • To: Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 24 May 2023 18:11:03 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cKlbmUGuOtAnnhs3muv7wdY4OoUhyDfht/b6x81YJCc=; b=XBPvs5u4AkW/MzLqsB6TYFYtdlzMGxWdNHwTeLxtlbphS6njOYuNiGLTiNknMzIYGYyj1KseodkQN3t5s/zFny45zhgq+LGuI9uIVcnFksyfEi9jfARuEsKcfOOUKxqHB98P2gpQUbDBU/ZgrT+7kzFL6EZHk8wEAVg19smz4mHrdh6FiJZSyfxIK90SUNee99CrMjEoJMwPllAQ10C2f1lX2w2Et6YiL/y30g/rTDs9WZpT6fKoLntsMlxiBkbJHruRVLxXxAzlG1g2+yAmUaRnCyx9u7kwnBQ7nVcsrIjhpr0Ry3bFg/JCeJalh6ntKIkNvuP1QC9CuJ3YhHuPrw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RZiWlxdS7FO5sQT/6Ne0RIcxcs3a2rr58GOG2GWdoP+b4khxw7idDsXqfJM0adJPR8Hu7d3os2KOuaGcuHvaMNQFxbS1DfPaTwBstNSQ6x0p3aaw5TyisbmCRxpm+CzfxNRBd3tt0z4Qd5+GEXq3GYoFhqqT0X0mfA16gUvzZcfPsL4uH+C2Sk4WHj37qLyeM9qc3tLd4whA81iReTOaAtp9ij0kxKP78wLM1og0jSgWPSBGgh90y/EiKBFEEddWKronOW5a46gUQSAZbkBNaAHIaH9lG3US/dG6obbvzNxeiJxUjkE/aB63UIuVwclxJLX6tSeQj2bx7Obzw0YIRQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Wed, 24 May 2023 16:11:22 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 24.05.2023 17:22, Roger Pau Monne wrote:
> When translating an address that falls inside of a superpage in the
> IOMMU page tables the fetching of the PTE value wasn't masking of the
> contiguous related data, which caused the returned data to be
> corrupt as it would contain bits that the caller would interpret as
> part of the address.
> 
> Fix this by masking off the contiguous bits.
> 
> Fixes: c71e55501a61 ('VT-d: have callers specify the target level for page 
> table walks')
> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Just to clarify: The title says superpages and you also only deal with
superpages. Yet in the earlier discussion I pointed out that the 4k-page
case looks to also be flawed (I don't think anymore we iterate one too
many times, but I'm pretty sure the r/w flags are missing in what we
return to intel_iommu_lookup_page()). Did you convince yourself
otherwise in the meantime? Or is that going to be a separate change
(whether by you or someone else, like me)?

> --- a/xen/drivers/passthrough/vtd/iommu.c
> +++ b/xen/drivers/passthrough/vtd/iommu.c
> @@ -368,7 +368,7 @@ static uint64_t addr_to_dma_page_maddr(struct domain 
> *domain, daddr_t addr,
>                   * with the address adjusted to account for the residual of
>                   * the walk.
>                   */
> -                pte_maddr = pte->val +
> +                pte_maddr = (pte->val & ~DMA_PTE_CONTIG_MASK) +

While this addresses the problem at hand, wouldn't masking by PADDR_MASK
be more forward compatible (for whenever another of the high bits gets
used)?

Jan

>                      (addr & ((1UL << level_to_offset_bits(level)) - 1) &
>                       PAGE_MASK);
>                  if ( !target )

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.