From: CLEMENT MATHIEU--DRIF <clement.mathieu--drif@eviden.com>
Date: Wed, 29 Oct 2025 10:51:45 +0000 (+0000)
Subject: intel_iommu: Minimal handling of privileged ATS request
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0acb2b193b01665300a1ab5007a144fdaa6e340d;p=thirdparty%2Fqemu.git

intel_iommu: Minimal handling of privileged ATS request

The purpose of this commit is not to support privileged requests but
to prevent devices from doing things they wouldn't be able to do
with real hardware.

We simply block privileged requests when the SRS ecap is not set
and abort when the ecap is present.

For now, its not worth implementing support for privileged requests
because the kernel does not support it.
(https://lore.kernel.org/linux-iommu/20230411064815.31456-11-baolu.lu@linux.intel.com/)
However, we may consider working on it depending on how the development
goes in the kernel.

Signed-off-by: Clement Mathieu--Drif <clement.mathieu--drif@eviden.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20251029105137.1097933-7-clement.mathieu--drif@eviden.com>
---

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 6ba1c1676b..77adeed0cc 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -5190,13 +5190,27 @@ static IOMMUTLBEntry vtd_iommu_ats_do_translate(IOMMUMemoryRegion *iommu,
                                                 hwaddr addr,
                                                 IOMMUAccessFlags flags)
 {
-    IOMMUTLBEntry entry;
+    IOMMUTLBEntry entry = { .target_as = &address_space_memory };
     VTDAddressSpace *vtd_as = container_of(iommu, VTDAddressSpace, iommu);
+    IntelIOMMUState *s = vtd_as->iommu_state;
+
+    /* Guard that makes sure we avoid weird behaviors */
+    if ((flags & IOMMU_PRIV) && (s->ecap & VTD_ECAP_SRS)) {
+        error_report_once("Privileged ATS not supported");
+        abort();
+    }
 
     if (vtd_is_interrupt_addr(addr)) {
+        vtd_prepare_error_entry(&entry);
         vtd_report_ir_illegal_access(vtd_as, addr, flags & IOMMU_WO);
+    } else if ((flags & IOMMU_PRIV) && !(s->ecap & VTD_ECAP_SRS)) {
+        /*
+         * For translation-request-with-PASID with PR=1, remapping hardware
+         * not supporting supervisor requests (SRS=0 in the Extended
+         * Capability Register) forces R=W=E=0 in addition to setting PRIV=1.
+         */
         vtd_prepare_error_entry(&entry);
-        entry.target_as = &address_space_memory;
+        entry.perm = IOMMU_PRIV;
     } else {
         entry = vtd_iommu_translate(iommu, addr, flags, VTD_IDX_ATS);
     }