releases/5.11.21/iommu-vt-d-remove-wo-permissions-on-second-level-pag.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From e40b40b313a1b805635c064812237a4b142f4248 Mon Sep 17 00:00:00 2001
 From: Sasha Levin <sashal@kernel.org>
 Date: Sat, 20 Mar 2021 10:54:12 +0800
 Subject: iommu/vt-d: Remove WO permissions on second-level paging entries

 From: Lu Baolu <baolu.lu@linux.intel.com>

 [ Upstream commit eea53c5816889ee8b64544fa2e9311a81184ff9c ]

 When the first level page table is used for IOVA translation, it only
 supports Read-Only and Read-Write permissions. The Write-Only permission
 is not supported as the PRESENT bit (implying Read permission) should
 always set. When using second level, we still give separate permissions
 that allows WriteOnly which seems inconsistent and awkward. We want to
 have consistent behavior. After moving to 1st level, we don't want things
 to work sometimes, and break if we use 2nd level for the same mappings.
 Hence remove this configuration.

 Suggested-by: Ashok Raj <ashok.raj@intel.com>
 Fixes: b802d070a52a1 ("iommu/vt-d: Use iova over first level")
 Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
 Link: https://lore.kernel.org/r/20210320025415.641201-3-baolu.lu@linux.intel.com
 Signed-off-by: Joerg Roedel <jroedel@suse.de>
 Signed-off-by: Sasha Levin <sashal@kernel.org>
 ---
  drivers/iommu/intel/iommu.c | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)

 diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
 index 2f5d12cdb298..82300b0d3074 100644
 --- a/drivers/iommu/intel/iommu.c
 +++ b/drivers/iommu/intel/iommu.c
 @@ -2354,8 +2354,9 @@ __domain_mapping(struct dmar_domain *domain, unsigned long iov_pfn,
  		return -EINVAL;

  	attr = prot & (DMA_PTE_READ | DMA_PTE_WRITE | DMA_PTE_SNP);
 +	attr |= DMA_FL_PTE_PRESENT;
  	if (domain_use_first_level(domain)) {
 -		attr |= DMA_FL_PTE_PRESENT | DMA_FL_PTE_XD | DMA_FL_PTE_US;
 +		attr |= DMA_FL_PTE_XD | DMA_FL_PTE_US;

  		if (domain->domain.type == IOMMU_DOMAIN_DMA) {
  			attr |= DMA_FL_PTE_ACCESS;
 --
 2.30.2
	From e40b40b313a1b805635c064812237a4b142f4248 Mon Sep 17 00:00:00 2001
	From: Sasha Levin <sashal@kernel.org>
	Date: Sat, 20 Mar 2021 10:54:12 +0800
	Subject: iommu/vt-d: Remove WO permissions on second-level paging entries

	From: Lu Baolu <baolu.lu@linux.intel.com>

	[ Upstream commit eea53c5816889ee8b64544fa2e9311a81184ff9c ]

	When the first level page table is used for IOVA translation, it only
	supports Read-Only and Read-Write permissions. The Write-Only permission
	is not supported as the PRESENT bit (implying Read permission) should
	always set. When using second level, we still give separate permissions
	that allows WriteOnly which seems inconsistent and awkward. We want to
	have consistent behavior. After moving to 1st level, we don't want things
	to work sometimes, and break if we use 2nd level for the same mappings.
	Hence remove this configuration.

	Suggested-by: Ashok Raj <ashok.raj@intel.com>
	Fixes: b802d070a52a1 ("iommu/vt-d: Use iova over first level")
	Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
	Link: https://lore.kernel.org/r/20210320025415.641201-3-baolu.lu@linux.intel.com
	Signed-off-by: Joerg Roedel <jroedel@suse.de>
	Signed-off-by: Sasha Levin <sashal@kernel.org>
	---
	drivers/iommu/intel/iommu.c \| 3 ++-
	1 file changed, 2 insertions(+), 1 deletion(-)

	diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c
	index 2f5d12cdb298..82300b0d3074 100644
	--- a/drivers/iommu/intel/iommu.c
	+++ b/drivers/iommu/intel/iommu.c
	@@ -2354,8 +2354,9 @@ __domain_mapping(struct dmar_domain *domain, unsigned long iov_pfn,
	return -EINVAL;

	attr = prot & (DMA_PTE_READ \| DMA_PTE_WRITE \| DMA_PTE_SNP);
	+ attr \|= DMA_FL_PTE_PRESENT;
	if (domain_use_first_level(domain)) {
	- attr \|= DMA_FL_PTE_PRESENT \| DMA_FL_PTE_XD \| DMA_FL_PTE_US;
	+ attr \|= DMA_FL_PTE_XD \| DMA_FL_PTE_US;

	if (domain->domain.type == IOMMU_DOMAIN_DMA) {
	attr \|= DMA_FL_PTE_ACCESS;
	--
	2.30.2