Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2679549pxj;
        Mon, 31 May 2021 08:06:06 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJy2Lx7wGR/bZqzuao0GJ4z10Tse84y3B0JmKDzKrV7KaJVr1KHcS7L9Ox+YLVzjZRL2dEWZ
X-Received: by 2002:a6b:4e15:: with SMTP id c21mr17214085iob.116.1622473565845;
        Mon, 31 May 2021 08:06:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1622473565; cv=none;
        d=google.com; s=arc-20160816;
        b=rMayISdsn6HZjCz+247pxb8fz8HX4HeNJorFV6KIyKZdqcXNiyHqjscfFZDo49p6zn
         K5QeCaNlPxVD98h09Ri8pjd5AYQfWDD6sJW3L4nADoO8b8yyMXXG5ftKR85k6I1od+MA
         W2Oq0KzP/zZ7cslcd5JDknNmFRVcB0uMPtadrO8FtpfMBCzWuU4F9G6WjOlLZD+6N47J
         0ycPBdRUISooYDon3OafYplOfukkO2L/stBaygw9MzKGnZ0TZurQsZyfIcvttozmqQtx
         9PWg1tsrcHe03b6irzMsXNQoDGtDSLZPc9BUt72hF317qwstHN0Ws2jSlWaniDhmkKUT
         Ikiw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=n87zFipsSbTFnymVcqUXLZXC1CDuHshg3DYKdhN0irQ=;
        b=cgMJr+pLPGqZGZHshQ3B8xFQIeLWbt7/P19MeVWWfx8s/aoAMINB52V1V0l9x3gRJN
         e4H2SJ6/2PbOoCiz+dWOfiAf7Wii5gSknNugTGcKEu9Rcsi88ZZXK/Awg4k8MgJGK1OL
         lkWqv1QG5Qupn10cArqemFkXAFZJi8bycwpNKy6raEhA9o1Z59/KWp4VbxQIZVm76y9u
         7XQlV9yiZr3yb5yoD6SX+ng6k6GXajfocMt386/WqJxSQfmkX1yIYgtpd71AYM/KOgd3
         eBo0Xlhvd+rWUEaHGy1SkeU1/JNu+dT3f40vbWgj2zYEZxk2myv6OTL2dPnE22Oy4iOl
         uPFQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=gPvzuZ2W;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id w31si13907423jal.77.2021.05.31.08.05.52;
        Mon, 31 May 2021 08:06:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=gPvzuZ2W;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233329AbhEaPGs (ORCPT <rfc822;luke.ovalle@gmail.com>
        + 99 others); Mon, 31 May 2021 11:06:48 -0400
Received: from mail.kernel.org ([198.145.29.99]:40810 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S232952AbhEaOIk (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 31 May 2021 10:08:40 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 16F316196E;
        Mon, 31 May 2021 13:39:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1622468391;
        bh=Ou48hjh+SQEI9T9F+iUAIa0saih4lHf3vBU+IbLh2Xs=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=gPvzuZ2Wybg3kocFisaGkGpmjWHaxwe/h3C6M8OmKpZ057hDgnhiVw5UYpeZYtfCK
         C4FBCfPR3z9OOX+GLDSdKg0sxV6OWk1Ub4zM2K4XRaUS+SToeIG6P46yHO+1PSzeDW
         BC1lfa5LGoeR7FTdg/9R81490NCz05IdeyW8/W0U=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Jacob Pan <jacob.jun.pan@linux.intel.com>,
        Lu Baolu <baolu.lu@linux.intel.com>,
        Joerg Roedel <jroedel@suse.de>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.10 224/252] iommu/vt-d: Use user privilege for RID2PASID translation
Date:   Mon, 31 May 2021 15:14:49 +0200
Message-Id: <20210531130705.608331573@linuxfoundation.org>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210531130657.971257589@linuxfoundation.org>
References: <20210531130657.971257589@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Lu Baolu <baolu.lu@linux.intel.com>

[ Upstream commit 54c80d907400189b09548039be8f3b6e297e8ae3 ]

When first-level page tables are used for IOVA translation, we use user
privilege by setting U/S bit in the page table entry. This is to make it
consistent with the second level translation, where the U/S enforcement
is not available. Clear the SRE (Supervisor Request Enable) field in the
pasid table entry of RID2PASID so that requests requesting the supervisor
privilege are blocked and treated as DMA remapping faults.

Fixes: b802d070a52a1 ("iommu/vt-d: Use iova over first level")
Suggested-by: Jacob Pan <jacob.jun.pan@linux.intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Link: https://lore.kernel.org/r/20210512064426.3440915-1-baolu.lu@linux.intel.com
Link: https://lore.kernel.org/r/20210519015027.108468-3-baolu.lu@linux.intel.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/iommu/intel/iommu.c | 7 +++++--
 drivers/iommu/intel/pasid.c | 3 ++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
index eececdeaa40f..b21c8224b1c8 100644
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -2606,9 +2606,9 @@ static int domain_setup_first_level(struct intel_iommu *iommu,
 				    struct device *dev,
 				    u32 pasid)
 {
-	int flags = PASID_FLAG_SUPERVISOR_MODE;
 	struct dma_pte *pgd = domain->pgd;
 	int agaw, level;
+	int flags = 0;
 
 	/*
 	 * Skip top levels of page tables for iommu which has
@@ -2624,7 +2624,10 @@ static int domain_setup_first_level(struct intel_iommu *iommu,
 	if (level != 4 && level != 5)
 		return -EINVAL;
 
-	flags |= (level == 5) ? PASID_FLAG_FL5LP : 0;
+	if (pasid != PASID_RID2PASID)
+		flags |= PASID_FLAG_SUPERVISOR_MODE;
+	if (level == 5)
+		flags |= PASID_FLAG_FL5LP;
 
 	if (domain->domain.type == IOMMU_DOMAIN_UNMANAGED)
 		flags |= PASID_FLAG_PAGE_SNOOP;
diff --git a/drivers/iommu/intel/pasid.c b/drivers/iommu/intel/pasid.c
index ce4ef2d245e3..1e7c17989084 100644
--- a/drivers/iommu/intel/pasid.c
+++ b/drivers/iommu/intel/pasid.c
@@ -677,7 +677,8 @@ int intel_pasid_setup_second_level(struct intel_iommu *iommu,
 	 * Since it is a second level only translation setup, we should
 	 * set SRE bit as well (addresses are expected to be GPAs).
 	 */
-	pasid_set_sre(pte);
+	if (pasid != PASID_RID2PASID)
+		pasid_set_sre(pte);
 	pasid_set_present(pte);
 	pasid_flush_caches(iommu, pte, pasid, did);
 
-- 
2.30.2