Changeset 89498 in vbox

Timestamp:

Jun 4, 2021 7:45:24 AM (3 years ago)

Author:

vboxsync

Message:

Intel IOMMU: bugref:9967 We need to validate the top level paging entity as well.

File:

• trunk/src/VBox/Devices/Bus/DevIommuIntel.cpp (modified) (3 diffs)

trunk/src/VBox/Devices/Bus/DevIommuIntel.cpp

@@ -2138 +2138 @@
      * Unlike AMD IOMMU paging, here there is no feature for "skipping" levels.
      */
-    uint64_t uPtEntity = pMemReqAux->uSlptPtr;
-    for (int8_t iLevel = pMemReqAux->cPagingLevel - 1; iLevel >= 0; iLevel--)
-    {
-        /*
-         * Read the paging entry for the current level.
-         */
-        uint8_t const cLevelShift = X86_PAGE_4K_SHIFT + (iLevel * 9);
-        {
-            uint16_t const idxPte         = (uDmaAddr >> cLevelShift) & UINT64_C(0x1ff);
-            uint64_t const offPte         = idxPte << 3;
-            RTGCPHYS const GCPhysPtEntity = uPtEntity | offPte;
-            int const rc = PDMDevHlpPhysReadMeta(pDevIns, GCPhysPtEntity, &uPtEntity, sizeof(uPtEntity));
-            if (RT_SUCCESS(rc))
-            { /* likely */ }
-            else
-            {
-                if (pMemReqAux->fTtm == VTD_TTM_LEGACY_MODE)
-                    dmarAtFaultRecordEx(pDevIns, kDmarDiag_Atf_Lsl_1, VTDATFAULT_LSL_1, pMemReqIn, pMemReqAux);
-                else
-                    dmarAtFaultRecordEx(pDevIns, kDmarDiag_Atf_Ssl_1, VTDATFAULT_SSL_1, pMemReqIn, pMemReqAux);
-                return VERR_IOMMU_ADDR_TRANSLATION_FAILED;
-            }
-        }
-
+    uint64_t uPtEntity   = pMemReqAux->uSlptPtr;
+    int8_t   iLevel      = pMemReqAux->cPagingLevel - 1;
+    uint8_t  cLevelShift = X86_PAGE_4K_SHIFT + (iLevel * 9);
+    Assert(iLevel >= 2);
+    for (;;)
+    {
         /*
          * Check I/O permissions.
@@ -2204 +2186 @@
         if (fLargePage && iLevel > 0)
         {
-            Assert(iLevel == 1 || iLevel == 2);
+            Assert(iLevel == 1 || iLevel == 2);     /* Is guaranteed by the reserved bits check above. */
             uint8_t const fSllpsMask = RT_BF_GET(pThis->fCapReg, VTD_BF_CAP_REG_SLLPS);
             if (fSllpsMask & RT_BIT(iLevel - 1))
@@ -2234 +2216 @@
             return dmarDrUpdateIoPageOut(pDevIns, GCPhysBase, cLevelShift, fPtPerm, pMemReqIn, pMemReqAux, pIoPageOut);
         }
-    }
-
-    /* Shouldn't ever reach here. */
-    return VERR_IOMMU_IPE_0;
+
+        /*
+         * Move to the next level.
+         */
+        --iLevel;
+        cLevelShift = X86_PAGE_4K_SHIFT + (iLevel * 9);
+
+        /*
+         * Read the paging entry for the next level.
+         */
+        {
+            uint16_t const idxPte         = (uDmaAddr >> cLevelShift) & UINT64_C(0x1ff);
+            uint64_t const offPte         = idxPte << 3;
+            RTGCPHYS const GCPhysPtEntity = uPtEntity | offPte;
+            int const rc = PDMDevHlpPhysReadMeta(pDevIns, GCPhysPtEntity, &uPtEntity, sizeof(uPtEntity));
+            if (RT_SUCCESS(rc))
+            { /* likely */ }
+            else
+            {
+                if (pMemReqAux->fTtm == VTD_TTM_LEGACY_MODE)
+                    dmarAtFaultRecordEx(pDevIns, kDmarDiag_Atf_Lsl_1, VTDATFAULT_LSL_1, pMemReqIn, pMemReqAux);
+                else
+                    dmarAtFaultRecordEx(pDevIns, kDmarDiag_Atf_Ssl_1, VTDATFAULT_SSL_1, pMemReqIn, pMemReqAux);
+                return VERR_IOMMU_ADDR_TRANSLATION_FAILED;
+            }
+        }
+    }
 }