From: CLEMENT MATHIEU--DRIF <clement.mathieu--drif@eviden.com>
Date: Wed, 29 Oct 2025 10:51:44 +0000 (+0000)
Subject: pci: Block ATS requests when privileged mode is disabled
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ccd162e5be9dbd08e4f523d612f3ec72a2cba00a;p=thirdparty%2Fqemu.git

pci: Block ATS requests when privileged mode is disabled

Signed-off-by: Clement Mathieu--Drif <clement.mathieu--drif@eviden.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20251029105137.1097933-5-clement.mathieu--drif@eviden.com>
---

diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index 9035caca92..90d6d71efd 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -3171,6 +3171,10 @@ ssize_t pci_ats_request_translation(PCIDevice *dev, uint32_t pasid,
         return -EPERM;
     }
 
+    if (priv_req && !pcie_pasid_priv_enabled(dev)) {
+        return -EPERM;
+    }
+
     pci_device_get_iommu_bus_devfn(dev, &iommu_bus, &bus, &devfn);
     if (iommu_bus && iommu_bus->iommu_ops->ats_request_translation) {
         return iommu_bus->iommu_ops->ats_request_translation(bus,