The purpose of this commit is not to support privileged requests but
to prevent devices from doing things they wouldn't be able to do
with real hardware.
We simply block privileged requests when the SRS ecap is not set
and abort when the ecap is present.
For now, its not worth implementing support for privileged requests
because the kernel does not support it.
(https://lore.kernel.org/linux-iommu/20230411064815.31456-11-baolu.lu@linux.intel.com/)
However, we may consider working on it depending on how the development
goes in the kernel.
Signed-off-by: Clement Mathieu--Drif <clement.mathieu--drif@eviden.com>
---
hw/i386/intel_iommu.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index e89f31da02..38a9c87da5 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -4917,13 +4917,27 @@ static IOMMUTLBEntry vtd_iommu_ats_do_translate(IOMMUMemoryRegion *iommu,
hwaddr addr,
IOMMUAccessFlags flags)
{
- IOMMUTLBEntry entry;
+ IOMMUTLBEntry entry = { .target_as = &address_space_memory };
VTDAddressSpace *vtd_as = container_of(iommu, VTDAddressSpace, iommu);
+ IntelIOMMUState *s = vtd_as->iommu_state;
+
+ /* Guard that makes sure we avoid weird behaviors */
+ if ((flags & IOMMU_PRIV) && (s->ecap & VTD_ECAP_SRS)) {
+ error_report_once("Privileged ATS not supported");
+ abort();
+ }
if (vtd_is_interrupt_addr(addr)) {
+ vtd_prepare_error_entry(&entry);
vtd_report_ir_illegal_access(vtd_as, addr, flags & IOMMU_WO);
+ } else if ((flags & IOMMU_PRIV) && !(s->ecap & VTD_ECAP_SRS)) {
+ /*
+ * For translation-request-with-PASID with PR=1, remapping hardware
+ * not supporting supervisor requests (SRS=0 in the Extended
+ * Capability Register) forces R=W=E=0 in addition to setting PRIV=1.
+ */
vtd_prepare_error_entry(&entry);
- entry.target_as = &address_space_memory;
+ entry.perm = IOMMU_PRIV;
} else {
entry = vtd_iommu_translate(iommu, addr, flags, VTD_IDX_ATS);
}
--
2.51.0