On 15/4/25 13:49, Philippe Mathieu-Daudé wrote:
On 15/4/25 11:30, Paolo Bonzini wrote:
On 4/15/25 08:18, CLEMENT MATHIEU--DRIF wrote:
Address space creation might end up being called without holding the
bql as it is exposed through the IOMMU ops.
Signed-off-by: Clement Mathieu--Drif <clement.mathieu--d...@eviden.com>
Please use a separate lock instead of the BQL.
There is already a IntelIOMMUState::iommu_lock with
vtd_iommu_lock() / vtd_iommu_unlock() helpers.
commit 1d9efa73e12ddf361ea997c2d532cc4afa6674d1
Author: Peter Xu <pet...@redhat.com>
Date: Fri May 18 15:25:11 2018 +0800
intel-iommu: add iommu lock
SECURITY IMPLICATION: this patch fixes a potential race when
multiple threads access the IOMMU IOTLB cache.
Add a per-iommu big lock to protect IOMMU status. Currently the
only thing to be protected is the IOTLB/context cache, since that
can be accessed even without BQL, e.g., in IO dataplane.
Note that we don't need to protect device page tables since that's
fully controlled by the guest kernel. However there is still
possibility that malicious drivers will program the device to not
obey the rule. In that
case QEMU can't really do anything useful, instead the guest itself
will be responsible for all uncertainties.
diff --git a/include/hw/i386/intel_iommu.h b/include/hw/i386/intel_iommu.h
index 032e33bcb20..016e74bedb7 100644
--- a/include/hw/i386/intel_iommu.h
+++ b/include/hw/i386/intel_iommu.h
@@ -300,6 +300,12 @@ struct IntelIOMMUState {
+
+ /*
+ * Protects IOMMU states in general. Currently it protects the
+ * per-IOMMU IOTLB cache, and context entry cache in VTDAddressSpace.
+ */
+ QemuMutex iommu_lock;
