From: "Michael S. Tsirkin" <mst@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
Thomas Huth <thuth@redhat.com>, Peter Xu <peterx@redhat.com>,
Jason Wang <jasowang@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Richard Henderson <richard.henderson@linaro.org>,
Eduardo Habkost <eduardo@habkost.net>,
Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Subject: [PULL 16/22] hw/i386/intel_iommu: Fix endianness problems related to VTD_IR_TableEntry
Date: Thu, 3 Aug 2023 18:21:36 -0400 [thread overview]
Message-ID: <642ba89672279fbdd14016a90da239c85e845d18.1691101215.git.mst@redhat.com> (raw)
In-Reply-To: <cover.1691101215.git.mst@redhat.com>
From: Thomas Huth <thuth@redhat.com>
The code already tries to do some endianness handling here, but
currently fails badly:
- While it already swaps the data when logging errors / tracing, it fails
to byteswap the value before e.g. accessing entry->irte.present
- entry->irte.source_id is swapped with le32_to_cpu(), though this is
a 16-bit value
- The whole union is apparently supposed to be swapped via the 64-bit
data[2] array, but the struct is a mixture between 32 bit values
(the first 8 bytes) and 64 bit values (the second 8 bytes), so this
cannot work as expected.
Fix it by converting the struct to two proper 64-bit bitfields, and
by swapping the values only once for everybody right after reading
the data from memory.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230802135723.178083-3-thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
---
include/hw/i386/intel_iommu.h | 50 ++++++++++++++++++-----------------
hw/i386/intel_iommu.c | 16 +++++------
2 files changed, 34 insertions(+), 32 deletions(-)
diff --git a/include/hw/i386/intel_iommu.h b/include/hw/i386/intel_iommu.h
index 89dcbc5e1e..7fa0a695c8 100644
--- a/include/hw/i386/intel_iommu.h
+++ b/include/hw/i386/intel_iommu.h
@@ -178,37 +178,39 @@ enum {
union VTD_IR_TableEntry {
struct {
#if HOST_BIG_ENDIAN
- uint32_t __reserved_1:8; /* Reserved 1 */
- uint32_t vector:8; /* Interrupt Vector */
- uint32_t irte_mode:1; /* IRTE Mode */
- uint32_t __reserved_0:3; /* Reserved 0 */
- uint32_t __avail:4; /* Available spaces for software */
- uint32_t delivery_mode:3; /* Delivery Mode */
- uint32_t trigger_mode:1; /* Trigger Mode */
- uint32_t redir_hint:1; /* Redirection Hint */
- uint32_t dest_mode:1; /* Destination Mode */
- uint32_t fault_disable:1; /* Fault Processing Disable */
- uint32_t present:1; /* Whether entry present/available */
+ uint64_t dest_id:32; /* Destination ID */
+ uint64_t __reserved_1:8; /* Reserved 1 */
+ uint64_t vector:8; /* Interrupt Vector */
+ uint64_t irte_mode:1; /* IRTE Mode */
+ uint64_t __reserved_0:3; /* Reserved 0 */
+ uint64_t __avail:4; /* Available spaces for software */
+ uint64_t delivery_mode:3; /* Delivery Mode */
+ uint64_t trigger_mode:1; /* Trigger Mode */
+ uint64_t redir_hint:1; /* Redirection Hint */
+ uint64_t dest_mode:1; /* Destination Mode */
+ uint64_t fault_disable:1; /* Fault Processing Disable */
+ uint64_t present:1; /* Whether entry present/available */
#else
- uint32_t present:1; /* Whether entry present/available */
- uint32_t fault_disable:1; /* Fault Processing Disable */
- uint32_t dest_mode:1; /* Destination Mode */
- uint32_t redir_hint:1; /* Redirection Hint */
- uint32_t trigger_mode:1; /* Trigger Mode */
- uint32_t delivery_mode:3; /* Delivery Mode */
- uint32_t __avail:4; /* Available spaces for software */
- uint32_t __reserved_0:3; /* Reserved 0 */
- uint32_t irte_mode:1; /* IRTE Mode */
- uint32_t vector:8; /* Interrupt Vector */
- uint32_t __reserved_1:8; /* Reserved 1 */
+ uint64_t present:1; /* Whether entry present/available */
+ uint64_t fault_disable:1; /* Fault Processing Disable */
+ uint64_t dest_mode:1; /* Destination Mode */
+ uint64_t redir_hint:1; /* Redirection Hint */
+ uint64_t trigger_mode:1; /* Trigger Mode */
+ uint64_t delivery_mode:3; /* Delivery Mode */
+ uint64_t __avail:4; /* Available spaces for software */
+ uint64_t __reserved_0:3; /* Reserved 0 */
+ uint64_t irte_mode:1; /* IRTE Mode */
+ uint64_t vector:8; /* Interrupt Vector */
+ uint64_t __reserved_1:8; /* Reserved 1 */
+ uint64_t dest_id:32; /* Destination ID */
#endif
- uint32_t dest_id; /* Destination ID */
- uint16_t source_id; /* Source-ID */
#if HOST_BIG_ENDIAN
uint64_t __reserved_2:44; /* Reserved 2 */
uint64_t sid_vtype:2; /* Source-ID Validation Type */
uint64_t sid_q:2; /* Source-ID Qualifier */
+ uint64_t source_id:16; /* Source-ID */
#else
+ uint64_t source_id:16; /* Source-ID */
uint64_t sid_q:2; /* Source-ID Qualifier */
uint64_t sid_vtype:2; /* Source-ID Validation Type */
uint64_t __reserved_2:44; /* Reserved 2 */
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 13fcde8e91..4028e32701 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -3328,14 +3328,15 @@ static int vtd_irte_get(IntelIOMMUState *iommu, uint16_t index,
return -VTD_FR_IR_ROOT_INVAL;
}
- trace_vtd_ir_irte_get(index, le64_to_cpu(entry->data[1]),
- le64_to_cpu(entry->data[0]));
+ entry->data[0] = le64_to_cpu(entry->data[0]);
+ entry->data[1] = le64_to_cpu(entry->data[1]);
+
+ trace_vtd_ir_irte_get(index, entry->data[1], entry->data[0]);
if (!entry->irte.present) {
error_report_once("%s: detected non-present IRTE "
"(index=%u, high=0x%" PRIx64 ", low=0x%" PRIx64 ")",
- __func__, index, le64_to_cpu(entry->data[1]),
- le64_to_cpu(entry->data[0]));
+ __func__, index, entry->data[1], entry->data[0]);
return -VTD_FR_IR_ENTRY_P;
}
@@ -3343,14 +3344,13 @@ static int vtd_irte_get(IntelIOMMUState *iommu, uint16_t index,
entry->irte.__reserved_2) {
error_report_once("%s: detected non-zero reserved IRTE "
"(index=%u, high=0x%" PRIx64 ", low=0x%" PRIx64 ")",
- __func__, index, le64_to_cpu(entry->data[1]),
- le64_to_cpu(entry->data[0]));
+ __func__, index, entry->data[1], entry->data[0]);
return -VTD_FR_IR_IRTE_RSVD;
}
if (sid != X86_IOMMU_SID_INVALID) {
/* Validate IRTE SID */
- source_id = le32_to_cpu(entry->irte.source_id);
+ source_id = entry->irte.source_id;
switch (entry->irte.sid_vtype) {
case VTD_SVT_NONE:
break;
@@ -3404,7 +3404,7 @@ static int vtd_remap_irq_get(IntelIOMMUState *iommu, uint16_t index,
irq->trigger_mode = irte.irte.trigger_mode;
irq->vector = irte.irte.vector;
irq->delivery_mode = irte.irte.delivery_mode;
- irq->dest = le32_to_cpu(irte.irte.dest_id);
+ irq->dest = irte.irte.dest_id;
if (!iommu->intr_eime) {
#define VTD_IR_APIC_DEST_MASK (0xff00ULL)
#define VTD_IR_APIC_DEST_SHIFT (8)
--
MST
next prev parent reply other threads:[~2023-08-03 22:22 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-03 22:20 [PULL 00/22] pc,pci,virtio,crypto: bugfixes Michael S. Tsirkin
2023-08-03 22:20 ` [PULL 01/22] hw/virtio-iommu: Fix potential OOB access in virtio_iommu_handle_command() Michael S. Tsirkin
2023-08-03 22:20 ` [PULL 02/22] hw/pci-bridge/cxl_upstream.c: Use g_new0() in build_cdat_table() Michael S. Tsirkin
2023-08-03 22:20 ` [PULL 03/22] virtio-iommu: Standardize granule extraction and formatting Michael S. Tsirkin
2023-08-03 22:20 ` [PULL 04/22] hw/virtio: Add a protection against duplicate vu_scmi_stop calls Michael S. Tsirkin
2023-08-03 22:20 ` [PULL 05/22] tests: acpi: x86: whitelist expected blobs Michael S. Tsirkin
2023-08-03 22:21 ` [PULL 06/22] x86: acpi: workaround Windows not handling name references in Package properly Michael S. Tsirkin
2023-08-03 22:21 ` [PULL 07/22] tests: acpi: x86: update expected blobs Michael S. Tsirkin
2023-08-03 22:21 ` [PULL 08/22] tests: acpi: whitelist " Michael S. Tsirkin
2023-08-03 22:21 ` [PULL 09/22] acpi: x86: remove _ADR on host bridges Michael S. Tsirkin
2023-08-03 22:21 ` [PULL 10/22] tests: acpi: update expected blobs Michael S. Tsirkin
2023-08-03 22:21 ` [PULL 11/22] hw/virtio: qmp: add RING_RESET to 'info virtio-status' Michael S. Tsirkin
2023-08-03 22:21 ` [PULL 12/22] virtio: Fix packed virtqueue used_idx mask Michael S. Tsirkin
2023-08-03 22:21 ` [PULL 13/22] pci: do not respond config requests after PCI device eject Michael S. Tsirkin
2023-08-04 4:37 ` Michael Tokarev
2023-08-03 22:21 ` [PULL 14/22] vhost: fix the fd leak Michael S. Tsirkin
2023-08-04 4:36 ` Michael Tokarev
2023-08-04 4:56 ` Michael Tokarev
2023-08-03 22:21 ` [PULL 15/22] hw/i386/intel_iommu: Fix trivial endianness problems Michael S. Tsirkin
2023-08-03 22:21 ` Michael S. Tsirkin [this message]
2023-08-03 22:21 ` [PULL 17/22] hw/i386/intel_iommu: Fix struct VTDInvDescIEC on big endian hosts Michael S. Tsirkin
2023-08-03 22:21 ` [PULL 18/22] hw/i386/intel_iommu: Fix index calculation in vtd_interrupt_remap_msi() Michael S. Tsirkin
2023-08-03 22:21 ` [PULL 19/22] hw/i386/x86-iommu: Fix endianness issue in x86_iommu_irq_to_msi_message() Michael S. Tsirkin
2023-08-03 22:21 ` [PULL 20/22] include/hw/i386/x86-iommu: Fix struct X86IOMMU_MSIMessage for big endian hosts Michael S. Tsirkin
2023-08-03 22:21 ` [PULL 21/22] virtio-crypto: verify src&dst buffer length for sym request Michael S. Tsirkin
2023-08-03 22:21 ` [PULL 22/22] cryptodev: Handle unexpected request to avoid crash Michael S. Tsirkin
2023-08-04 4:35 ` Michael Tokarev
2023-08-04 6:10 ` zhenwei pi
2023-08-04 6:35 ` Michael Tokarev
2023-08-04 4:12 ` [PULL 00/22] pc,pci,virtio,crypto: bugfixes Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=642ba89672279fbdd14016a90da239c85e845d18.1691101215.git.mst@redhat.com \
--to=mst@redhat.com \
--cc=eduardo@habkost.net \
--cc=jasowang@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).