[RFC PATCH 21/42] iommu/vt-d: Check reserved bits for IOMMU_DOMAIN_KVM domain
From: Yan Zhao
Date: Sat Dec 02 2023 - 04:55:04 EST
Compatibility check between IOMMU driver and KVM.
rsvd_bits_mask is provided by KVM to guarantee that the set bits are
must-be-zero bits in PTEs. Intel vt-d driver can check it to see if all
must-be-zero bits required by IOMMU side are included.
In this RFC, only bit 11 is checked for simplicity and demo purpose.
Signed-off-by: Yan Zhao <yan.y.zhao@xxxxxxxxx>
---
drivers/iommu/intel/kvm.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/drivers/iommu/intel/kvm.c b/drivers/iommu/intel/kvm.c
index 1ce334785430b..998d6daaf7ea1 100644
--- a/drivers/iommu/intel/kvm.c
+++ b/drivers/iommu/intel/kvm.c
@@ -32,6 +32,18 @@ static bool is_iommu_cap_compatible_to_kvm_domain(struct dmar_domain *domain,
return true;
}
+static int check_tdp_reserved_bits(const struct kvm_exported_tdp_meta_vmx *tdp)
+{
+ int i;
+
+ for (i = PT64_ROOT_MAX_LEVEL; --i >= 0;) {
+ if (!(tdp->rsvd_bits_mask[0][i] & BIT(11)) ||
+ !(tdp->rsvd_bits_mask[1][i] & BIT(11)))
+ return -EFAULT;
+ }
+ return 0;
+}
+
int prepare_kvm_domain_attach(struct dmar_domain *domain, struct intel_iommu *iommu)
{
if (is_iommu_cap_compatible_to_kvm_domain(domain, iommu))
@@ -90,6 +102,11 @@ intel_iommu_domain_alloc_kvm(struct device *dev, u32 flags, const void *data)
return ERR_PTR(-EOPNOTSUPP);
}
+ if (check_tdp_reserved_bits(tdp)) {
+ pr_err("Reserved bits incompatible between KVM and IOMMU\n");
+ return ERR_PTR(-EOPNOTSUPP);
+ }
+
dmar_domain = alloc_domain(IOMMU_DOMAIN_KVM);
if (!dmar_domain)
return ERR_PTR(-ENOMEM);
--
2.17.1