[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.3] don't allow Dom0 access to IOMMUs' MMIO pages

commit 3845ef72a9a9fe7befa89339e36d201dd874a56e
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Fri Oct 17 16:05:25 2014 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Fri Oct 17 16:05:25 2014 +0200

    don't allow Dom0 access to IOMMUs' MMIO pages
    
    Just like for LAPIC, IO-APIC, MSI, and HT we shouldn't be granting Dom0
    access to these. This implicitly results in these pages also getting
    marked reserved in the machine memory map Dom0 uses to determine the
    ranges where PCI devices can have their MMIO ranges placed.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Acked-by: Kevin Tian <kevin.tian@xxxxxxxxx>
    master commit: fdf30377fbc4fa6798bfda7d69e5d448c2b8e834
    master date: 2014-10-06 11:15:01 +0200
---
 xen/drivers/passthrough/amd/pci_amd_iommu.c |    8 ++++++++
 xen/drivers/passthrough/vtd/iommu.c         |    4 ++++
 2 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c 
b/xen/drivers/passthrough/amd/pci_amd_iommu.c
index d0cb15c..4c27b10 100644
--- a/xen/drivers/passthrough/amd/pci_amd_iommu.c
+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c
@@ -19,6 +19,7 @@
  */
 
 #include <xen/sched.h>
+#include <xen/iocap.h>
 #include <xen/pci.h>
 #include <xen/pci_regs.h>
 #include <xen/paging.h>
@@ -317,6 +318,7 @@ static int amd_iommu_domain_init(struct domain *d)
 static void __init amd_iommu_dom0_init(struct domain *d)
 {
     unsigned long i; 
+    const struct amd_iommu *iommu;
 
     if ( !iommu_passthrough && !need_iommu(d) )
     {
@@ -338,6 +340,12 @@ static void __init amd_iommu_dom0_init(struct domain *d)
         }
     }
 
+    for_each_amd_iommu ( iommu )
+        if ( iomem_deny_access(d, PFN_DOWN(iommu->mmio_base_phys),
+                               PFN_DOWN(iommu->mmio_base_phys +
+                                        IOMMU_MMIO_REGION_LENGTH - 1)) )
+            BUG();
+
     setup_dom0_pci_devices(d, amd_iommu_setup_dom0_device);
 }
 
diff --git a/xen/drivers/passthrough/vtd/iommu.c 
b/xen/drivers/passthrough/vtd/iommu.c
index 04c2639..4533554 100644
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -23,6 +23,7 @@
 #include <xen/sched.h>
 #include <xen/xmalloc.h>
 #include <xen/domain_page.h>
+#include <xen/iocap.h>
 #include <xen/iommu.h>
 #include <asm/hvm/iommu.h>
 #include <xen/numa.h>
@@ -1260,6 +1261,9 @@ static void __init intel_iommu_dom0_init(struct domain *d)
 
     for_each_drhd_unit ( drhd )
     {
+        if ( iomem_deny_access(d, PFN_DOWN(drhd->address),
+                               PFN_DOWN(drhd->address)) )
+            BUG();
         iommu_enable_translation(drhd);
     }
 }
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.3

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.