1. Patchew
  2. linux
  3. [PATCH v3 00/15] iommu/amd: Introduce Nested Translation support
  4. View patch

[PATCH v3 12/15] iommu/amd: Validate guest DTE for nested translation

Suravee Suthikulpanit posted 15 patches 2 months, 1 week ago
There is a newer version of this series
[PATCH v3 12/15] iommu/amd: Validate guest DTE for nested translation
Posted by Suravee Suthikulpanit 2 months, 1 week ago 
To make sure that configuration for host (v1) and guest (v2) page tables
are valid before allocate nested domain.

Suggested-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
---
 drivers/iommu/amd/amd_iommu_types.h |  2 ++
 drivers/iommu/amd/nested.c          | 41 +++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+)

diff --git a/drivers/iommu/amd/amd_iommu_types.h b/drivers/iommu/amd/amd_iommu_types.h
index 9374e6f7a19d..a68b5c2fc0a2 100644
--- a/drivers/iommu/amd/amd_iommu_types.h
+++ b/drivers/iommu/amd/amd_iommu_types.h
@@ -418,6 +418,8 @@
 #define DTE_FLAG_V	BIT_ULL(0)
 #define DTE_FLAG_TV	BIT_ULL(1)
 #define DTE_FLAG_HAD	(3ULL << 7)
+#define DTE_MODE_MASK	GENMASK_ULL(11, 9)
+#define DTE_HOST_TRP	GENMASK_ULL(51, 12)
 #define DTE_FLAG_GIOV	BIT_ULL(54)
 #define DTE_FLAG_GV	BIT_ULL(55)
 #define DTE_GLX		GENMASK_ULL(57, 56)
diff --git a/drivers/iommu/amd/nested.c b/drivers/iommu/amd/nested.c
index 0ab5d65ec283..3307c925d3c1 100644
--- a/drivers/iommu/amd/nested.c
+++ b/drivers/iommu/amd/nested.c
@@ -17,6 +17,43 @@ static inline struct nested_domain *to_ndomain(struct iommu_domain *dom)
 	return container_of(dom, struct nested_domain, domain);
 }
 
+static int validate_gdte_nested(struct iommu_hwpt_amd_guest *gdte)
+{
+	u32 gpt_level = FIELD_GET(DTE_GPT_LEVEL_MASK, gdte->dte[2]);
+
+	/* Must be zero: Mode, Host-TPR */
+	if (FIELD_GET(DTE_MODE_MASK, gdte->dte[0]) != 0 ||
+	    FIELD_GET(DTE_HOST_TRP, gdte->dte[0]) != 0)
+		return -EINVAL;
+
+	/* Must be non-zero: V, GIOV, GV, GCR3 TRP */
+	if (FIELD_GET(DTE_FLAG_V, gdte->dte[0]) == 0 ||
+	    FIELD_GET(DTE_FLAG_GIOV, gdte->dte[0]) == 0 ||
+	    FIELD_GET(DTE_FLAG_GV, gdte->dte[0]) == 0 ||
+	    (FIELD_GET(DTE_GCR3_14_12, gdte->dte[0]) == 0 &&
+	     FIELD_GET(DTE_GCR3_30_15, gdte->dte[1]) == 0 &&
+	     FIELD_GET(DTE_GCR3_51_31, gdte->dte[1]) == 0))
+		return -EINVAL;
+
+	/* Valid Guest Paging Mode values are 0 and 1 */
+	if (gpt_level != 0 && gpt_level != 1)
+		return -EINVAL;
+
+	/* GLX = 3 is reserved */
+	if (FIELD_GET(DTE_GLX, gdte->dte[0]) == 3)
+		return -EINVAL;
+
+	/*
+	 * We need to check host capability before setting
+	 * the Guest Paging Mode
+	 */
+	if (gpt_level == GUEST_PGTABLE_5_LEVEL &&
+	    amd_iommu_gpt_level < PAGE_MODE_5_LEVEL)
+		return -EOPNOTSUPP;
+
+	return 0;
+}
+
 /*
  * This function is assigned to struct iommufd_viommu_ops.alloc_domain_nested()
  * during the call to struct iommu_ops.viommu_init().
@@ -38,6 +75,10 @@ amd_iommu_alloc_domain_nested(struct iommufd_viommu *viommu, u32 flags,
 	if (ret)
 		return ERR_PTR(ret);
 
+	ret = validate_gdte_nested(&gdte);
+	if (ret)
+		return ERR_PTR(ret);
+
 	ndom = kzalloc(sizeof(*ndom), GFP_KERNEL);
 	if (!ndom)
 		return ERR_PTR(-ENOMEM);
-- 
2.34.1
Re: [PATCH v3 12/15] iommu/amd: Validate guest DTE for nested translation
Posted by Jason Gunthorpe 2 months, 1 week ago 
On Thu, Oct 09, 2025 at 11:57:52PM +0000, Suravee Suthikulpanit wrote:
> To make sure that configuration for host (v1) and guest (v2) page tables
> are valid before allocate nested domain.
> 
> Suggested-by: Jason Gunthorpe <jgg@nvidia.com>
> Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
> ---
>  drivers/iommu/amd/amd_iommu_types.h |  2 ++
>  drivers/iommu/amd/nested.c          | 41 +++++++++++++++++++++++++++++
>  2 files changed, 43 insertions(+)

I would squash this into the prior patch, but looks OK. I did not try
to do a detailed check this is a complete/correct list of fields.

Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>

Jason

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.