lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 21 Jun 2023 18:54:55 -0500
From:   Suravee Suthikulpanit <suravee.suthikulpanit@....com>
To:     <linux-kernel@...r.kernel.org>, <iommu@...ts.linux.dev>,
        <kvm@...r.kernel.org>
CC:     <joro@...tes.org>, <robin.murphy@....com>, <yi.l.liu@...el.com>,
        <alex.williamson@...hat.com>, <jgg@...dia.com>,
        <nicolinc@...dia.com>, <baolu.lu@...ux.intel.com>,
        <eric.auger@...hat.com>, <pandoh@...gle.com>,
        <kumaranand@...gle.com>, <jon.grimm@....com>,
        <santosh.shukla@....com>, <vasant.hegde@....com>,
        <jay.chen@....com>, <joseph.chung@....com>,
        "Suravee Suthikulpanit" <suravee.suthikulpanit@....com>
Subject: [RFC PATCH 08/21] iommu/amd: Allow nested IOMMU page tables

The GCR3 table contains guest CR3 registers, and it is used to
setup guest page tables. Current logic only allow guest CR3 table
setup only when the host table is not setup (i.e. PAGE_MODE_NONE).
Therefore, only 1-level page translation is allowed
(e.g. host only vs. guest only).

Remove this restriction to allow nested page table setup.

Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@....com>
---
 drivers/iommu/amd/iommu.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c
index 333c8a4831be..c23f99ebdffc 100644
--- a/drivers/iommu/amd/iommu.c
+++ b/drivers/iommu/amd/iommu.c
@@ -2531,12 +2531,12 @@ int amd_iommu_domain_enable_v2(struct iommu_domain *dom, int pasids, bool giov)
 	spin_lock_irqsave(&pdom->lock, flags);
 
 	/*
-	 * Save us all sanity checks whether devices already in the
-	 * domain support IOMMUv2. Just force that the domain has no
-	 * devices attached when it is switched into IOMMUv2 mode.
+	 * With nested page table, we can enable * v2 (i.e GCR3)
+	 * on a existing domain. Therefore, only check if domain
+	 * already enable v2.
 	 */
 	ret = -EBUSY;
-	if (pdom->dev_cnt > 0 || pdom->flags & PD_IOMMUV2_MASK)
+	if (pdom->flags & PD_IOMMUV2_MASK)
 		goto out;
 
 	if (!pdom->gcr3_tbl)
@@ -2688,9 +2688,6 @@ static int __set_gcr3(struct protection_domain *domain, u32 pasid,
 {
 	u64 *pte;
 
-	if (domain->iop.mode != PAGE_MODE_NONE)
-		return -EINVAL;
-
 	pte = __get_gcr3_pte(domain->gcr3_tbl, domain->glx, pasid, true);
 	if (pte == NULL)
 		return -ENOMEM;
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ