Xen project Mailing List

Re: [PATCH v2] iommu/vtd: fix address translation for superpages

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Thu, 25 May 2023 09:45:14 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EJvHevO7biyUOSdytZ8ksfwQqaBAWDYcktoOqdcqjiM=; b=Xhqc+2DfRkKXKiMV1ExxN2uNF7qwof3gt6nJSc6N88Eyj4SGymUR0RMZEaRkVy2vZF3nAVjmYhednBxUicfJrKpTJSVdkCk8UOpo8Vltf4mkuVXZp7fleYaWGWWagK5VcO16MfgKokHgWQSUPKblDVrkXOVY+raQBvL2/Q2i0ZptyocM1Im5xl2GnUM3cVDklxmXiLwNVr5GMPGBURJh2ytJN9VeYTRSFqy6k6yDYU6btPjhZGEt9IaFOwJgy8GUMkmVUb33e8xItBDcojARhpr4loib/YvahQ9Ij4ohDpMpdah4LWEHufKCo5eVooCQZ1yDhhRyTm+d1HXhobGBAA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WYtzxjn+y3dz/Nou8ba4tS8VnqlEIPt3swNz7ZU4YG2pVCXydRmgxWahRPo4ec2yF93sSaiGIs94HccxDo6XUB+HXrP1h1sLBbTqt+1kqALIA/IANI86+ZrbXPwCobvBOfOF9pkj63qEAl3V3nu/HSCuulDYIwb4D7pxxvjzGZGYTEOo6qtgotZ01W6m1PouoLqfXVdBW1VFgx7VnOdcvsllRmG7gimdIh0xVGxyVUSmZHGgrqBTIHNDIO6QQf60deTUjqAEfNuRHI/D1rWqLMc2OKpCRvKFjqBkVNHsVAdjX+GhSia2CcI1bdbRl0j5gucRsCPU+3RrMvrYO1XiFA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Thu, 25 May 2023 07:45:44 +0000

Ironport-data: A9a23:BZjh+qLvr6pvrPVSFE+R+ZQlxSXFcZb7ZxGr2PjKsXjdYENSgTwGn TRMCmvUO6mCMWr2fd1wbo/npkwDvMeDzYBiHgtlqX01Q3x08seUXt7xwmUcnc+xBpaaEB84t ZV2hv3odp1coqr0/0/1WlTZhSAgk/rOHvykU7Ss1hlZHWdMUD0mhQ9oh9k3i4tphcnRKw6Ws Jb5rta31GWNglaYCUpKrfrbwP9TlK6q4mhA4wZiPawjUGL2zBH5MrpOfcldEFOgKmVkNrbSb /rOyri/4lTY838FYj9yuu+mGqGiaue60Tmm0hK6aYD76vRxjnVaPpIAHOgdcS9qZwChxLid/ jnvWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I+QrvBIAzt03ZHzaM7H09c4wHHsX5 cUHDwsSVRfcnu+TxKLgQOVj05FLwMnDZOvzu1lG5BSBUbMDfsqGRK/Ho9hFwD03m8ZCW+7EY NYUYiZuaxKGZABTPlAQC9Q1m+LAanvXKmUE7g7K4/VspTGNnGSd05C0WDbRUsaNSshP2F6Ru 0rN/njjAwFcP9uaodaA2iv13rWWwnqgA+r+EpWm2uxNp1O+7VdIKzQTe1WA+92/lX+xDoc3x 0s8v3BGQbIJ3E6hQ8T5Xha4iGWZpRNaUN1Ve8U55R+MzOzI4g+fLmkCUjNFLtchsaceVTEsk 1OEgd7tLThuq6GOD2KQ8K+OqjG/MjRTKnUNDRLoViMA6tjn5YQs1BTGS44/FLbv14OlXzbt3 zqNsS4ywa0JitIG3Lm6+laBhC+wop/OTUg+4QC/sn+Z0z6VrbWNP+SAgWU3J94ZRGpFZjFtZ EQ5pvU=

Ironport-hdrordr: A9a23:8kkUGKCnE1EeOvzlHehvsseALOsnbusQ8zAXPhhKOG9omwmj5r STdPRy726OtN9jYgB0pTngAtjVfZq4z/VICOYqTMiftWXdyRKVxcRZnPvfKl7bamHDH4xmpN ldmsFFYbWbYTca7beckW+F+pQbsai6GciT9KnjJhxWPHtXgtRbnntE43GgYzBLrWd9dOIE/a 6nl4t6jgvlVWUca8y6AnUffu7YutHHrpLpZhYaGwUq8k2rgSmz4LD3KgOf1BsFST9DqI1Skl TtokjU96+nu/G+xgT903bJ75NKsNH9yt1Fbfb87vQ9G3HBmwysbIRkV6ajuCkvoOazzV42nN 7Hs34bTqFOwkKUUnC+pBPs3wX66S0p+m/GwUKVhnHyyPaJJg7SRvAxwr6wvXPimgcdVHwW6s 929lPck6ASIQLLnSz76dSNfxZ2lnCsqX5nvf8Pg2dZWY4+bqYUiYAE5ktaHLoJASq/sekcYb BTJfCZwMwTXUKRbnjfsGUq6NuwXk4rFhPDblketteT2z12mmk860cD3sQQkloJ6Zp4YZhZ4O bvNLhuidh1P4krRJM4IN1Ebdq8C2TLTx6JGGWOIW7/HKVCAH7Jo46f2sR82An/EqZn8LIC3L D6FH9Iv287fEzjTeeU2odQzxzLSGKhGRzw18B3/fFCy+PBbYuuFRfGZEElksOmrflaKNbcQe yPNJVfBOKmBXfyGLxOwxb1V/BpWCYjufUuy4cGsm+105/2w8zRx7bmmc/oVeHQ+OMfKz/C6n hqZkm7GCwP1DHlKy/FaN64YQKsRqW1x+MDLEHgxZlk9GDWXrc88DT9uW7Jpf1jYQcyx5DeXH EOZY8PwZnL4VVfCw7zni9U0u00NDcf3F1mOEk69zPj5yjPAOU+UpOkCDhvNVO8V2hCc/8=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, May 24, 2023 at 06:11:03PM +0200, Jan Beulich wrote: > On 24.05.2023 17:22, Roger Pau Monne wrote: > > When translating an address that falls inside of a superpage in the > > IOMMU page tables the fetching of the PTE value wasn't masking of the > > contiguous related data, which caused the returned data to be > > corrupt as it would contain bits that the caller would interpret as > > part of the address. > > > > Fix this by masking off the contiguous bits. > > > > Fixes: c71e55501a61 ('VT-d: have callers specify the target level for page > > table walks') > > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> > > Just to clarify: The title says superpages and you also only deal with > superpages. Yet in the earlier discussion I pointed out that the 4k-page > case looks to also be flawed (I don't think anymore we iterate one too > many times, but I'm pretty sure the r/w flags are missing in what we > return to intel_iommu_lookup_page()). Did you convince yourself > otherwise in the meantime? Or is that going to be a separate change > (whether by you or someone else, like me)? Gah no, i did assert that the iterations are OK, but completely forgot about the r/w bits. > > > --- a/xen/drivers/passthrough/vtd/iommu.c > > +++ b/xen/drivers/passthrough/vtd/iommu.c > > @@ -368,7 +368,7 @@ static uint64_t addr_to_dma_page_maddr(struct domain > > *domain, daddr_t addr, > > * with the address adjusted to account for the residual of > > * the walk. > > */ > > - pte_maddr = pte->val + > > + pte_maddr = (pte->val & ~DMA_PTE_CONTIG_MASK) + > > While this addresses the problem at hand, wouldn't masking by PADDR_MASK > be more forward compatible (for whenever another of the high bits gets > used)? Right, I've just masked ~DMA_PTE_CONTIG_MASK like it's done below when splitting a superpage, but for the use case here it does make more sense to use PADDR_MASK. Thanks, Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.