Xen project Mailing List

Re: [Xen-devel] Unshared IOMMU issues

To: "Julien Grall" <julien.grall@xxxxxxx>, "Oleksandr Tyshchenko" <olekstysh@xxxxxxxxx>

From: "Jan Beulich" <JBeulich@xxxxxxxx>

Date: Thu, 16 Feb 2017 09:34:30 -0700

Cc: nd@xxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Xen Devel <xen-devel@xxxxxxxxxxxxx>

Delivery-date: Thu, 16 Feb 2017 16:34:47 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 16.02.17 at 17:11, <julien.grall@xxxxxxx> wrote: > On 16/02/17 15:52, Jan Beulich wrote: >>>>> On 16.02.17 at 16:02, <olekstysh@xxxxxxxxx> wrote: >>> On Thu, Feb 16, 2017 at 11:36 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote: >>>>>>> On 15.02.17 at 18:43, <olekstysh@xxxxxxxxx> wrote: >>>>> 1. >>>>> I need: >>>>> Allow P2M core on ARM to update IOMMU mapping from the first >>>>> "p2m_set_entry". >>>>> I do: >>>>> I explicitly set need_iommu flag for *every* guest domain during >>>>> iommu_domain_init() on ARM in case if page table is not shared. >>>>> At that moment I have no knowledge about will any device be assigned >>>>> to this domain or not. I am just want to receive all mapping updates >>>>> from P2M code. The P2M will update IOMMU mapping only when need_iommu >>>>> is set and page table is not shared. >>>>> I have doubts: >>>>> Is it correct to just force need_iommu flag? >>>> >>>> No, I don't think so. This is a waste of a measurable amount of >>>> resources when page tables aren't shared. >>>> >>>>> Or maybe another flag should be introduced? >>>> >>>> Not sure what you think of here. Where's the problem with building >>>> IOMMU page tables at the time the first device gets assigned, just >>>> like x86 does? >>> OK, I have already had a look at arch_iommu_populate_page_table() for x86. >>> I don't know at the moment how this solution can help me. >>> There are a least two points the prevent me from doing the similar thing. >>> 1. For create IOMMU mapping I need both mfn and gfn. (+ flags). >>> I am able to get mfn only. How can I find corresponding gfn? >> >> As the x86 one shows, via mfn_to_gmfn(). If ARM doesn't have >> this, perhaps it needs to gain it? > > Looking at the x86 implementation, mfn_to_gmfn is using a table for that > indexed by the MFN. This is requiring virtual address space that is > already scarce on ARM32 and also using physical memory. > > I am not convinced this is the right things to do on ARM as the only > user so far will be the IOMMU code. > > Another solution would be to go through the stage-2 page table and > replicate all the mappings. That's certainly an option, if you want to save the memory (and VA space on ARM32). It only makes the x86 model of establishing the mappings slightly more compute intensive. >>> 2. The d->page_list seems only contains domain RAM (not 100% sure). >>> Where can I get other regions (mmios, etc)? >> >> These necessarily are being tracked for the domain, so you need to >> take them from wherever they're stored on ARM. > > Is there any reason why you don't seem to have such code on x86? AFAICT > only RAM is currently mapped. Well, no-one care so far, I would guess. Even runtime mappings of MMIO space were mad work properly only very recently (by Roger). > Regarding ARM, we know whether a domain is allowed to access a certain > range of MMIO, but, similarly to above, we don't have the conversion MFN > -> GFN for them. However in this case, we would not be able to use an > M2P as a same MFN may be mapped in multiple domain. Mapped by multiple domains? If one DomU and Dom0, I can see this as possible, but not a requirement. If multiple DomU-s I have to raise the question of security. In any event, your stage-2 table walking approach ought to cover this case, too. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.