[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 0/6] direct-map memory map

  • To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, <sstabellini@xxxxxxxxxx>, <julien@xxxxxxx>
  • From: Penny Zheng <penny.zheng@xxxxxxx>
  • Date: Fri, 15 Oct 2021 03:09:39 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=none (message not signed); arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BBYPsV10Pj0YiSpLBJG2gkfU1JF6UmqHwHsJEG2dSnE=; b=I9QZRU0X2kso3zaJABqhlyH006eYgSc/AxB4KCu8Tqm4hPtH44TIhGrcesitArU11xCt19DlQ0+4hwXL95hxJs/zAkmgu4wF8JoUOJipdQanKvRV6v5iCbSLo/frLg9j37Q5r+P1HdbyHmERSWJahKeKG3jdglmVX9rBqwKkHysJ2MFf66ShcMhzD8GWAI5oTaK3SG7RpokrW8KNuaPK8OeidUwXAjb+Hz6efQPV0mOtGMVNdTBtUKrZwodsxDzN+DcfUmmAkFlwGMOSGnX1RgEtDCQRnBfeM7CcPFJS29yd0AMXLVftrkU+u7lKMGRJn6+iMiQMlIc7l7Wx3cTJJw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ExZIgGj0J7GndyddY97s09t8TxJoeQAUFPE6uwlJ9viwS5DnPPTLlKi+XTT+qe0k86ye+Ym9NnTe3DUhVeGtvb+9rIKAcOOnF+nEMU+fSxUz5k8mDtPr24+e8W6etg5qQBDugkGHplaBrGMzGk+3SeCcg4Bk30n5TQMABtCsdGo/ejhR/y1PWaBhUXQZLxNs7fOrXnu4BplXlfPLiwVLPzy9TFOEvs92aSzPfz8LgXi8jbYzmdKrJ7X5mhcAWe9IGhu4HsakVOvAkpKEMZ42h3A5gUl5BW+s+o4ItzQ3/pfrztF9O9PLjX1n8xlZyHCJMZMGeIn0WJcD2Cwto8ChCw==
  • Cc: <Wei.Chen@xxxxxxx>, <Bertrand.Marquis@xxxxxxx>
  • Delivery-date: Fri, 15 Oct 2021 03:10:31 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true

Cases where domU needs direct-map memory map:
  * IOMMU not present in the system.
  * IOMMU disabled if it doesn't cover a specific device and all the guests
are trusted. Thinking a mixed scenario, where a few devices with IOMMU and
a few without, then guest DMA security still could not be totally guaranteed.
So users may want to disable the IOMMU, to at least gain some performance
improvement from IOMMU disabled.
  * IOMMU disabled as a workaround when it doesn't have enough bandwidth.
To be specific, in a few extreme situation, when multiple devices do DMA
concurrently, these requests may exceed IOMMU's transmission capacity.
  * IOMMU disabled when it adds too much latency on DMA. For example,
TLB may be missing in some IOMMU hardware, which may bring latency in DMA
progress, so users may want to disable it in some realtime scenario.

Users should be aware that it is not always secure to assign a DMA-capable
device without IOMMU protection.
When the device is not protected by the IOMMU, the administrator should make
sure that:
 1. The device is assigned to a trusted guest.
 2. Users have additional security mechanism on the platform.

Requesting direct-map memory mapping for the domain, when IOMMU is absent from
the system or it is disabled (status = "disabled" in device tree), In which
case, "direct-map" property is added under the appropriate domain node.

Right now, direct-map is only supported when domain on Static Allocation,
that is, "xen,static-mem" is also necessary in the domain configuration.

Looking into related [design link](
for more details.

The whole design is about Static Allocation and direct-map, and this
Patch Serie only covers parts of it, which are direct-map memory map.
Other features will be delievered through different patch series.

See https://lists.xenproject.org/archives/html/xen-devel/2021-09/msg00855.html
for Domain on Static Allocation.

This patch serie is based on

v2 changes:
- remove the introduce of internal flag
- Refine is_domain_direct_mapped to check whether the flag
XEN_DOMCTL_CDF_directmap is set
- reword "1:1 direct-map" to just "direct-map"
- split the common codes into two helpers: parse_static_mem_prop and
acquire_static_memory_bank to deduce complexity.
- introduce a new helper allocate_static_memory_11 for allocating static
memory for direct-map guests
- remove panic action since it is fine to assign a non-DMA capable device when
IOMMU and direct-map both off
- remove redistributor accessor
- introduce new helper "is_domain_use_host_layout()"
- explain why vpl011 initialization before creating its device tree node
- error out if the domain is direct-mapped and the IRQ is not found
- harden the code and add a check/comment when the hardware UART region
is smaller than CUEST_VPL011_SIZE.

Stefano Stabellini (6):
  xen: introduce XEN_DOMCTL_CDF_directmap
  xen/arm: introduce direct-map for domUs
  xen/arm: if direct-map domain use native addresses for GICv2
  xen/arm: if direct-map domain use native addresses for GICv3
  xen/arm: if direct-map domain use native UART address and IRQ number
    for vPL011
  xen/docs: add a document to explain how to do passthrough without

 docs/misc/arm/device-tree/booting.txt |  10 +
 docs/misc/arm/passthrough-noiommu.txt |  54 +++++
 xen/arch/arm/domain.c                 |   3 +-
 xen/arch/arm/domain_build.c           | 316 ++++++++++++++++++++------
 xen/arch/arm/vgic-v2.c                |  26 ++-
 xen/arch/arm/vgic-v3.c                |  20 +-
 xen/arch/arm/vgic/vgic-v2.c           |  27 ++-
 xen/arch/arm/vpl011.c                 |  54 ++++-
 xen/common/domain.c                   |   3 +-
 xen/include/asm-arm/domain.h          |   7 +-
 xen/include/asm-arm/new_vgic.h        |  10 +
 xen/include/asm-arm/vgic.h            |  12 +-
 xen/include/asm-arm/vpl011.h          |   2 +
 xen/include/public/domctl.h           |   4 +-
 14 files changed, 449 insertions(+), 99 deletions(-)
 create mode 100644 docs/misc/arm/passthrough-noiommu.txt




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.