Xen project Mailing List

Re: [Xen-devel] [PATCH] don't allow Dom0 access to IOMMUs' MMIO pages

To: Jan Beulich <JBeulich@xxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: "Tian, Kevin" <kevin.tian@xxxxxxxxx>

Date: Fri, 3 Oct 2014 21:09:26 +0000

Accept-language: en-US

Cc: "Zhang, Yang Z" <yang.z.zhang@xxxxxxxxx>, Aravind Gopalakrishnan <aravind.gopalakrishnan@xxxxxxx>, "suravee.suthikulpanit@xxxxxxx" <suravee.suthikulpanit@xxxxxxx>

Delivery-date: Fri, 03 Oct 2014 21:11:03 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Thread-index: AQHP3kWw5D3HGjqGdECgTXOi3uyB55we3u+Q

Thread-topic: [PATCH] don't allow Dom0 access to IOMMUs' MMIO pages

> From: Jan Beulich [mailto:JBeulich@xxxxxxxx] > Sent: Thursday, October 02, 2014 6:35 AM > > Just like for LAPIC, IO-APIC, MSI, and HT we shouldn't be granting Dom0 > access to these. This implicitly results in these pages also getting > marked reserved in the machine memory map Dom0 uses to determine the > ranges where PCI devices can have their MMIO ranges placed. > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> > Acked-by: Kevin Tian <kevin.tian@xxxxxxxxx> > --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c > +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c > @@ -19,6 +19,7 @@ > */ > > #include <xen/sched.h> > +#include <xen/iocap.h> > #include <xen/pci.h> > #include <xen/pci_regs.h> > #include <xen/paging.h> > @@ -283,6 +284,7 @@ static int amd_iommu_domain_init(struct > static void __hwdom_init amd_iommu_hwdom_init(struct domain *d) > { > unsigned long i; > + const struct amd_iommu *iommu; > > if ( !iommu_passthrough && !need_iommu(d) ) > { > @@ -304,6 +306,12 @@ static void __hwdom_init amd_iommu_hwdom > } > } > > + for_each_amd_iommu ( iommu ) > + if ( iomem_deny_access(d, > PFN_DOWN(iommu->mmio_base_phys), > + PFN_DOWN(iommu->mmio_base_phys > + > + > IOMMU_MMIO_REGION_LENGTH - 1)) ) > + BUG(); > + > setup_hwdom_pci_devices(d, amd_iommu_setup_hwdom_device); > } > > --- a/xen/drivers/passthrough/vtd/iommu.c > +++ b/xen/drivers/passthrough/vtd/iommu.c > @@ -23,6 +23,7 @@ > #include <xen/sched.h> > #include <xen/xmalloc.h> > #include <xen/domain_page.h> > +#include <xen/iocap.h> > #include <xen/iommu.h> > #include <asm/hvm/iommu.h> > #include <xen/numa.h> > @@ -1258,6 +1259,9 @@ static void __hwdom_init intel_iommu_hwd > > for_each_drhd_unit ( drhd ) > { > + if ( iomem_deny_access(d, PFN_DOWN(drhd->address), > + PFN_DOWN(drhd->address)) ) > + BUG(); > iommu_enable_translation(drhd); > } > } > > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.