| Message ID | 1481681345-32424-2-git-send-email-peterx@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Wed, Dec 14, 2016 at 10:09:04AM +0800, Peter Xu wrote: > Currently vt-d Context Entry (CE) only allows 39/48 bits address width. > If guest software configured more than that, we complain and report. > > Signed-off-by: Peter Xu <peterx@redhat.com> > --- > hw/i386/intel_iommu.c | 17 ++++++++++++++++- > hw/i386/intel_iommu_internal.h | 2 ++ > 2 files changed, 18 insertions(+), 1 deletion(-) > > diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c > index 5f3e351..517a2a3 100644 > --- a/hw/i386/intel_iommu.c > +++ b/hw/i386/intel_iommu.c > @@ -599,9 +599,19 @@ static inline uint32_t vtd_get_level_from_context_entry(VTDContextEntry *ce) > return 2 + (ce->hi & VTD_CONTEXT_ENTRY_AW); > } > > +/* Return 0 if failed to fetch valid aw */ > static inline uint32_t vtd_get_agaw_from_context_entry(VTDContextEntry *ce) > { > - return 30 + (ce->hi & VTD_CONTEXT_ENTRY_AW) * 9; > + uint8_t aw = (ce->hi & VTD_CONTEXT_ENTRY_AW); > + /* > + * According to vt-d spec 10.4.2 bits 12:8, SAGAW only allows > + * 39/48 bits. > + */ > + if (aw > VTD_CE_AW_48BIT) { 5-level is almost sure to allow more. I don't see the point of this test. > + error_report("Context entry address width not supported (aw=%d)" , aw); > + return 0; > + } > + return 30 + aw * 9; > } > > static const uint64_t vtd_paging_entry_rsvd_field[] = { > @@ -642,6 +652,11 @@ static int vtd_gpa_to_slpte(VTDContextEntry *ce, uint64_t gpa, bool is_write, > uint32_t ce_agaw = vtd_get_agaw_from_context_entry(ce); > uint64_t access_right_check; > > + if (!ce_agaw) { > + error_report("Illegal context entry AGAW"); > + return -VTD_FR_CONTEXT_ENTRY_INV; > + } > + > /* Check if @gpa is above 2^X-1, where X is the minimum of MGAW in CAP_REG > * and AW in context-entry. > */ > diff --git a/hw/i386/intel_iommu_internal.h b/hw/i386/intel_iommu_internal.h > index 11abfa2..e808c67 100644 > --- a/hw/i386/intel_iommu_internal.h > +++ b/hw/i386/intel_iommu_internal.h > @@ -406,6 +406,8 @@ typedef struct VTDRootEntry VTDRootEntry; > #define VTD_CONTEXT_ENTRY_RSVD_LO (0xff0ULL | ~VTD_HAW_MASK) > /* hi */ > #define VTD_CONTEXT_ENTRY_AW 7ULL /* Adjusted guest-address-width */ > +#define VTD_CE_AW_39BIT 1 > +#define VTD_CE_AW_48BIT 2 > #define VTD_CONTEXT_ENTRY_DID(val) (((val) >> 8) & VTD_DOMAIN_ID_MASK) > #define VTD_CONTEXT_ENTRY_RSVD_HI 0xffffffffff000080ULL > > -- > 2.7.4
On Wed, Dec 14, 2016 at 04:48:42AM +0200, Michael S. Tsirkin wrote: > On Wed, Dec 14, 2016 at 10:09:04AM +0800, Peter Xu wrote: > > Currently vt-d Context Entry (CE) only allows 39/48 bits address width. > > If guest software configured more than that, we complain and report. > > > > Signed-off-by: Peter Xu <peterx@redhat.com> > > --- > > hw/i386/intel_iommu.c | 17 ++++++++++++++++- > > hw/i386/intel_iommu_internal.h | 2 ++ > > 2 files changed, 18 insertions(+), 1 deletion(-) > > > > diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c > > index 5f3e351..517a2a3 100644 > > --- a/hw/i386/intel_iommu.c > > +++ b/hw/i386/intel_iommu.c > > @@ -599,9 +599,19 @@ static inline uint32_t vtd_get_level_from_context_entry(VTDContextEntry *ce) > > return 2 + (ce->hi & VTD_CONTEXT_ENTRY_AW); > > } > > > > +/* Return 0 if failed to fetch valid aw */ > > static inline uint32_t vtd_get_agaw_from_context_entry(VTDContextEntry *ce) > > { > > - return 30 + (ce->hi & VTD_CONTEXT_ENTRY_AW) * 9; > > + uint8_t aw = (ce->hi & VTD_CONTEXT_ENTRY_AW); > > + /* > > + * According to vt-d spec 10.4.2 bits 12:8, SAGAW only allows > > + * 39/48 bits. > > + */ > > + if (aw > VTD_CE_AW_48BIT) { > > 5-level is almost sure to allow more. I don't see the point of this test. Please check above comment - spec only allow 3/4 level page table. My version of vt-d spec is 2016 Oct. I suppose that's new enough... -- peterx
> From: Peter Xu [mailto:peterx@redhat.com] > Sent: Wednesday, December 14, 2016 10:54 AM > > On Wed, Dec 14, 2016 at 04:48:42AM +0200, Michael S. Tsirkin wrote: > > On Wed, Dec 14, 2016 at 10:09:04AM +0800, Peter Xu wrote: > > > Currently vt-d Context Entry (CE) only allows 39/48 bits address width. > > > If guest software configured more than that, we complain and report. > > > > > > Signed-off-by: Peter Xu <peterx@redhat.com> > > > --- > > > hw/i386/intel_iommu.c | 17 ++++++++++++++++- > > > hw/i386/intel_iommu_internal.h | 2 ++ > > > 2 files changed, 18 insertions(+), 1 deletion(-) > > > > > > diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c > > > index 5f3e351..517a2a3 100644 > > > --- a/hw/i386/intel_iommu.c > > > +++ b/hw/i386/intel_iommu.c > > > @@ -599,9 +599,19 @@ static inline uint32_t > vtd_get_level_from_context_entry(VTDContextEntry *ce) > > > return 2 + (ce->hi & VTD_CONTEXT_ENTRY_AW); > > > } > > > > > > +/* Return 0 if failed to fetch valid aw */ > > > static inline uint32_t vtd_get_agaw_from_context_entry(VTDContextEntry *ce) > > > { > > > - return 30 + (ce->hi & VTD_CONTEXT_ENTRY_AW) * 9; > > > + uint8_t aw = (ce->hi & VTD_CONTEXT_ENTRY_AW); > > > + /* > > > + * According to vt-d spec 10.4.2 bits 12:8, SAGAW only allows > > > + * 39/48 bits. > > > + */ > > > + if (aw > VTD_CE_AW_48BIT) { > > > > 5-level is almost sure to allow more. I don't see the point of this test. > > Please check above comment - spec only allow 3/4 level page table. > > My version of vt-d spec is 2016 Oct. I suppose that's new enough... > It is in the works and will be published in January. Thanks Kevin
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c index 5f3e351..517a2a3 100644 --- a/hw/i386/intel_iommu.c +++ b/hw/i386/intel_iommu.c @@ -599,9 +599,19 @@ static inline uint32_t vtd_get_level_from_context_entry(VTDContextEntry *ce) return 2 + (ce->hi & VTD_CONTEXT_ENTRY_AW); } +/* Return 0 if failed to fetch valid aw */ static inline uint32_t vtd_get_agaw_from_context_entry(VTDContextEntry *ce) { - return 30 + (ce->hi & VTD_CONTEXT_ENTRY_AW) * 9; + uint8_t aw = (ce->hi & VTD_CONTEXT_ENTRY_AW); + /* + * According to vt-d spec 10.4.2 bits 12:8, SAGAW only allows + * 39/48 bits. + */ + if (aw > VTD_CE_AW_48BIT) { + error_report("Context entry address width not supported (aw=%d)" , aw); + return 0; + } + return 30 + aw * 9; } static const uint64_t vtd_paging_entry_rsvd_field[] = { @@ -642,6 +652,11 @@ static int vtd_gpa_to_slpte(VTDContextEntry *ce, uint64_t gpa, bool is_write, uint32_t ce_agaw = vtd_get_agaw_from_context_entry(ce); uint64_t access_right_check; + if (!ce_agaw) { + error_report("Illegal context entry AGAW"); + return -VTD_FR_CONTEXT_ENTRY_INV; + } + /* Check if @gpa is above 2^X-1, where X is the minimum of MGAW in CAP_REG * and AW in context-entry. */ diff --git a/hw/i386/intel_iommu_internal.h b/hw/i386/intel_iommu_internal.h index 11abfa2..e808c67 100644 --- a/hw/i386/intel_iommu_internal.h +++ b/hw/i386/intel_iommu_internal.h @@ -406,6 +406,8 @@ typedef struct VTDRootEntry VTDRootEntry; #define VTD_CONTEXT_ENTRY_RSVD_LO (0xff0ULL | ~VTD_HAW_MASK) /* hi */ #define VTD_CONTEXT_ENTRY_AW 7ULL /* Adjusted guest-address-width */ +#define VTD_CE_AW_39BIT 1 +#define VTD_CE_AW_48BIT 2 #define VTD_CONTEXT_ENTRY_DID(val) (((val) >> 8) & VTD_DOMAIN_ID_MASK) #define VTD_CONTEXT_ENTRY_RSVD_HI 0xffffffffff000080ULL
Currently vt-d Context Entry (CE) only allows 39/48 bits address width. If guest software configured more than that, we complain and report. Signed-off-by: Peter Xu <peterx@redhat.com> --- hw/i386/intel_iommu.c | 17 ++++++++++++++++- hw/i386/intel_iommu_internal.h | 2 ++ 2 files changed, 18 insertions(+), 1 deletion(-)