pci: Block ATS requests when privileged mode is disabled

author CLEMENT MATHIEU--DRIF <clement.mathieu--drif@eviden.com>

Wed, 29 Oct 2025 10:51:44 +0000 (10:51 +0000)

committer Michael S. Tsirkin <mst@redhat.com>

Thu, 5 Feb 2026 08:18:40 +0000 (03:18 -0500)
author CLEMENT MATHIEU--DRIF <clement.mathieu--drif@eviden.com>
Wed, 29 Oct 2025 10:51:44 +0000 (10:51 +0000)
committer Michael S. Tsirkin <mst@redhat.com>
Thu, 5 Feb 2026 08:18:40 +0000 (03:18 -0500)
diff --git a/hw/pci/pci.c b/hw/pci/pci.c

index 9035caca92f63798a66eeb9a7125d1643545f000..90d6d71efdcfcbaa0da531523fb3e647e04c48a7 100644 (file)
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -3171,6 +3171,10 @@ ssize_t pci_ats_request_translation(PCIDevice *dev, uint32_t pasid,
          return -EPERM;
      }
  
+    if (priv_req && !pcie_pasid_priv_enabled(dev)) {
+        return -EPERM;
+    }
+
      pci_device_get_iommu_bus_devfn(dev, &iommu_bus, &bus, &devfn);
      if (iommu_bus && iommu_bus->iommu_ops->ats_request_translation) {
          return iommu_bus->iommu_ops->ats_request_translation(bus,
author	CLEMENT MATHIEU--DRIF <clement.mathieu--drif@eviden.com>
	Wed, 29 Oct 2025 10:51:44 +0000 (10:51 +0000)
committer	Michael S. Tsirkin <mst@redhat.com>
	Thu, 5 Feb 2026 08:18:40 +0000 (03:18 -0500)