[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] iommu/vtd: fix address translation for superpages

  • To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 10 May 2023 15:30:21 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nkwdbCza5GI8/fMe9/WG6chBxRImyMQTKLkUScg/9gU=; b=Kr2Y3bRRqRHITPod+Jjw3pbEIKUWLXkNSf5cgpEqGV1X1y9HixsMCNB1LzOvMQ1ds43vteIg/CEBqxcTvyf11vpkBiGy8tvYr+RMtBRHdx8V+QQudBr29iaDEJNqU9uIrZn4eipAL3aKmkDsiqwZOjLYu4nurWQfTNl8CD9qNDO4ku9UDGNRwne/R+1Ng5n5ArVUVVe/nWK0ewmi2PPH/jg5GkwFzUKBJuuNGdAq0gAs47zPzzktLBbKuQkl62ckv+TXYWo5Umu5KYJ4Q+tCjdutxoBBXVi1A7NNGeO/c3LVfC3Y+nzIg2bc308McQb38j6q2TdfRzzT7lTmB37MMw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=G+Nz5ZA0Igd7picUaiEoj8G/JQpNfZ3QWwtyzxxNExZd4ocYo5m8I4CvfHHh5NLTEP3ZkdQd0v3nabR2qzSLgYvL3oX7QlQO3hXhkt3p2J+L9OADdRn8MJnsFqHN3iGZp3IVmrTyies4Fp1LtYk1O5EPSA1cGajbHgKTEQNq3TK9RfUamjGBPA6o4dIPvVzy7TxTw8EBZBhntG2tjE3TIZlO3l7RYPpHi4l/N9jlkxjrGfKvPJMHrJqKaLfx5whLdPwnU7J4eMFDQr/gpJCbnNoneb9n3G9NAZgDvkPIAeC266ZQCWd4tlE308N6wAFs7+xYrZtbwWyfYdC0QrfKKw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Wed, 10 May 2023 13:30:37 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 10.05.2023 12:22, Roger Pau Monné wrote:
> On Wed, May 10, 2023 at 12:00:51PM +0200, Jan Beulich wrote:
>> On 10.05.2023 10:27, Roger Pau Monné wrote:
>>> On Tue, May 09, 2023 at 06:06:45PM +0200, Jan Beulich wrote:
>>>> On 09.05.2023 12:41, Roger Pau Monne wrote:
>>>>> When translating an address that falls inside of a superpage in the
>>>>> IOMMU page tables the fetching of the PTE physical address field
>>>>> wasn't using dma_pte_addr(), which caused the returned data to be
>>>>> corrupt as it would contain bits not related to the address field.
>>>>
>>>> I'm afraid I don't understand:
>>>>
>>>>> --- a/xen/drivers/passthrough/vtd/iommu.c
>>>>> +++ b/xen/drivers/passthrough/vtd/iommu.c
>>>>> @@ -359,16 +359,18 @@ static uint64_t addr_to_dma_page_maddr(struct 
>>>>> domain *domain, daddr_t addr,
>>>>>  
>>>>>              if ( !alloc )
>>>>>              {
>>>>> -                pte_maddr = 0;
>>>>>                  if ( !dma_pte_present(*pte) )
>>>>> +                {
>>>>> +                    pte_maddr = 0;
>>>>>                      break;
>>>>> +                }
>>>>>  
>>>>>                  /*
>>>>>                   * When the leaf entry was requested, pass back the full 
>>>>> PTE,
>>>>>                   * with the address adjusted to account for the residual 
>>>>> of
>>>>>                   * the walk.
>>>>>                   */
>>>>> -                pte_maddr = pte->val +
>>>>> +                pte_maddr +=
>>>>>                      (addr & ((1UL << level_to_offset_bits(level)) - 1) &
>>>>>                       PAGE_MASK);
>>>>
>>>> With this change you're now violating what the comment says (plus what
>>>> the comment ahead of the function says). And it says what it says for
>>>> a reason - see intel_iommu_lookup_page(), which I think your change is
>>>> breaking.
>>>
>>> Hm, but the code in intel_iommu_lookup_page() is now wrong as it takes
>>> the bits in DMA_PTE_CONTIG_MASK as part of the physical address when
>>> doing the conversion to mfn?  maddr_to_mfn() doesn't perform a any
>>> masking to remove the bits above PADDR_BITS.
>>
>> Oh, right. But that's a missing dma_pte_addr() in intel_iommu_lookup_page()
>> then. (It would likely be better anyway to switch "uint64_t val" to
>> "struct dma_pte pte" there, to make more visible that it's a PTE we're
>> dealing with.) I indeed overlooked this aspect when doing the earlier
>> change.
> 
> I guess I'm still confused, as the other return value for target == 0
> (when the address is not part of a superpage) does return
> dma_pte_addr(pte).  I think that needs further fixing then.

Hmm, indeed. But I think it's worse than this: addr_to_dma_page_maddr()
also does one too many iterations in that case. All "normal" callers
supply a positive "target". We need to terminate the walk at level 1
also when target == 0.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.