[PATCH v2 1/4] iommu/vt-d: Block PASID attachment to nested domain with dirty tracking
From: Zhenzhong Duan
Date: Mon Mar 30 2026 - 06:16:44 EST
Kernel lacks dirty tracking support on nested domain attached to PASID,
fails the attachment early if nesting parent domain is dirty tracking
configured, otherwise dirty pages would be lost.
Cc: stable@xxxxxxxxxxxxxxx
Fixes: f35f22cc760e ("iommu/vt-d: Access/Dirty bit support for SS domains")
Suggested-by: Kevin Tian <kevin.tian@xxxxxxxxx>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx>
---
drivers/iommu/intel/nested.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/iommu/intel/nested.c b/drivers/iommu/intel/nested.c
index 2b979bec56ce..16c82ba47d30 100644
--- a/drivers/iommu/intel/nested.c
+++ b/drivers/iommu/intel/nested.c
@@ -148,6 +148,7 @@ static int intel_nested_set_dev_pasid(struct iommu_domain *domain,
{
struct device_domain_info *info = dev_iommu_priv_get(dev);
struct dmar_domain *dmar_domain = to_dmar_domain(domain);
+ struct iommu_domain *s2_domain = &dmar_domain->s2_domain->domain;
struct intel_iommu *iommu = info->iommu;
struct dev_pasid_info *dev_pasid;
int ret;
@@ -155,10 +156,13 @@ static int intel_nested_set_dev_pasid(struct iommu_domain *domain,
if (!pasid_supported(iommu) || dev_is_real_dma_subdevice(dev))
return -EOPNOTSUPP;
+ if (s2_domain->dirty_ops)
+ return -EINVAL;
+
if (context_copied(iommu, info->bus, info->devfn))
return -EBUSY;
- ret = paging_domain_compatible(&dmar_domain->s2_domain->domain, dev);
+ ret = paging_domain_compatible(s2_domain, dev);
if (ret)
return ret;
--
2.47.3