RE: [PATCH v2 3/3] iommu/vt-d: Fix race condition during PASID entry replacement

Next message: Tian, Kevin: "RE: [PATCH v2 2/3] iommu/vt-d: Clear Present bit before tearing down context entry"
Previous message: Nautiyal, Ankit K: "Re: [PATCH] drm/display: Bump LSPCON mode switch timeout to 1000ms"
In reply to: Samiullah Khawaja: "Re: [PATCH v2 3/3] iommu/vt-d: Fix race condition during PASID entry replacement"
Next in thread: Jason Gunthorpe: "Re: [PATCH v2 0/3] iommu/vt-d: Ensure atomicity in context and PASID entry updates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tian, Kevin

Date: Wed Jan 21 2026 - 01:24:54 EST

> From: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>
> Sent: Tuesday, January 20, 2026 2:18 PM
>
> The Intel VT-d PASID table entry is 512 bits (64 bytes). When replacing
> an active PASID entry (e.g., during domain replacement), the current
> implementation calculates a new entry on the stack and copies it to the
> table using a single structure assignment.
>
> struct pasid_entry *pte, new_pte;
>
> pte = intel_pasid_get_entry(dev, pasid);
> pasid_pte_config_first_level(iommu, &new_pte, ...);
> *pte = new_pte;
>
> Because the hardware may fetch the 512-bit PASID entry in multiple
> 128-bit chunks, updating the entire entry while it is active (Present
> bit set) risks a "torn" read. In this scenario, the IOMMU hardware
> could observe an inconsistent state — partially new data and partially
> old data — leading to unpredictable behavior or spurious faults.
>
> Fix this by removing the unsafe "replace" helpers and following the
> "clear-then-update" flow, which ensures the Present bit is cleared and
> the required invalidation handshake is completed before the new
> configuration is applied.
>
> Fixes: 7543ee63e811 ("iommu/vt-d: Add pasid replace helpers")
> Signed-off-by: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>

Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx>