aboutsummaryrefslogtreecommitdiff
path: root/include/hw
diff options
context:
space:
mode:
authorPeter Xu <peterx@redhat.com>2018-05-18 15:25:11 +0800
committerMichael S. Tsirkin <mst@redhat.com>2018-05-23 17:33:57 +0300
commit1d9efa73e12ddf361ea997c2d532cc4afa6674d1 (patch)
tree885f2de689980de529f1f9cb364591433b387cc2 /include/hw
parentb4a4ba0d68f50f218ee3957b6638dbee32a5eeef (diff)
downloadqemu-1d9efa73e12ddf361ea997c2d532cc4afa6674d1.zip
qemu-1d9efa73e12ddf361ea997c2d532cc4afa6674d1.tar.gz
qemu-1d9efa73e12ddf361ea997c2d532cc4afa6674d1.tar.bz2
intel-iommu: add iommu lock
SECURITY IMPLICATION: this patch fixes a potential race when multiple threads access the IOMMU IOTLB cache. Add a per-iommu big lock to protect IOMMU status. Currently the only thing to be protected is the IOTLB/context cache, since that can be accessed even without BQL, e.g., in IO dataplane. Note that we don't need to protect device page tables since that's fully controlled by the guest kernel. However there is still possibility that malicious drivers will program the device to not obey the rule. In that case QEMU can't really do anything useful, instead the guest itself will be responsible for all uncertainties. CC: QEMU Stable <qemu-stable@nongnu.org> Reported-by: Fam Zheng <famz@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'include/hw')
-rw-r--r--include/hw/i386/intel_iommu.h6
1 files changed, 6 insertions, 0 deletions
diff --git a/include/hw/i386/intel_iommu.h b/include/hw/i386/intel_iommu.h
index 032e33b..016e74b 100644
--- a/include/hw/i386/intel_iommu.h
+++ b/include/hw/i386/intel_iommu.h
@@ -300,6 +300,12 @@ struct IntelIOMMUState {
OnOffAuto intr_eim; /* Toggle for EIM cabability */
bool buggy_eim; /* Force buggy EIM unless eim=off */
uint8_t aw_bits; /* Host/IOVA address width (in bits) */
+
+ /*
+ * Protects IOMMU states in general. Currently it protects the
+ * per-IOMMU IOTLB cache, and context entry cache in VTDAddressSpace.
+ */
+ QemuMutex iommu_lock;
};
/* Find the VTD Address space associated with the given bus pointer,