[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.4] don't allow Dom0 access to IOMMUs' MMIO pages

commit 7d61d8ebfa641d2624ccbce5d23906f711f83a37
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Fri Oct 17 15:56:07 2014 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Fri Oct 17 15:56:07 2014 +0200

    don't allow Dom0 access to IOMMUs' MMIO pages
    
    Just like for LAPIC, IO-APIC, MSI, and HT we shouldn't be granting Dom0
    access to these. This implicitly results in these pages also getting
    marked reserved in the machine memory map Dom0 uses to determine the
    ranges where PCI devices can have their MMIO ranges placed.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Acked-by: Kevin Tian <kevin.tian@xxxxxxxxx>
    master commit: fdf30377fbc4fa6798bfda7d69e5d448c2b8e834
    master date: 2014-10-06 11:15:01 +0200
---
 xen/drivers/passthrough/amd/pci_amd_iommu.c |    8 ++++++++
 xen/drivers/passthrough/vtd/iommu.c         |    4 ++++
 2 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c 
b/xen/drivers/passthrough/amd/pci_amd_iommu.c
index f97fcf2..d462e5b 100644
--- a/xen/drivers/passthrough/amd/pci_amd_iommu.c
+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c
@@ -19,6 +19,7 @@
  */
 
 #include <xen/sched.h>
+#include <xen/iocap.h>
 #include <xen/pci.h>
 #include <xen/pci_regs.h>
 #include <xen/paging.h>
@@ -283,6 +284,7 @@ static int amd_iommu_domain_init(struct domain *d)
 static void __init amd_iommu_dom0_init(struct domain *d)
 {
     unsigned long i; 
+    const struct amd_iommu *iommu;
 
     if ( !iommu_passthrough && !need_iommu(d) )
     {
@@ -304,6 +306,12 @@ static void __init amd_iommu_dom0_init(struct domain *d)
         }
     }
 
+    for_each_amd_iommu ( iommu )
+        if ( iomem_deny_access(d, PFN_DOWN(iommu->mmio_base_phys),
+                               PFN_DOWN(iommu->mmio_base_phys +
+                                        IOMMU_MMIO_REGION_LENGTH - 1)) )
+            BUG();
+
     setup_dom0_pci_devices(d, amd_iommu_setup_dom0_device);
 }
 
diff --git a/xen/drivers/passthrough/vtd/iommu.c 
b/xen/drivers/passthrough/vtd/iommu.c
index e543c08..be346b2 100644
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -23,6 +23,7 @@
 #include <xen/sched.h>
 #include <xen/xmalloc.h>
 #include <xen/domain_page.h>
+#include <xen/iocap.h>
 #include <xen/iommu.h>
 #include <asm/hvm/iommu.h>
 #include <xen/numa.h>
@@ -1259,6 +1260,9 @@ static void __init intel_iommu_dom0_init(struct domain *d)
 
     for_each_drhd_unit ( drhd )
     {
+        if ( iomem_deny_access(d, PFN_DOWN(drhd->address),
+                               PFN_DOWN(drhd->address)) )
+            BUG();
         iommu_enable_translation(drhd);
     }
 }
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.4

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.