Xen project Mailing List

[PATCH v2 6/6] xen/docs: add a document to explain how to do passthrough without IOMMU

To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, <sstabellini@xxxxxxxxxx>, <julien@xxxxxxx>

From: Penny Zheng <penny.zheng@xxxxxxx>

Date: Fri, 15 Oct 2021 03:09:45 +0000

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 40.67.248.234) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=none (message not signed); arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RUJuKpAtpsPU2vd6yUZACXFm8wINo0vkIbxoIx5eFVM=; b=Rjy6QoCV3pDCu5gpmG9yF+GWjaKwaStinPyOgojDWpLE1Y+nhnounzUsUTJJ4DFljhR6MzZG5p+fJ633yIlBrEClucHfh4V15Q/5qJ8ba8UiETjih8QJ/Fq5JGhNxxnfskdsaNqLtdEezERfxdavQjEIr9CZcDdcsYekpwVfBn6fsn7BG86Xr5hpSVo1CeTja08h1jt+N/fjw+dVdkVq6rvzhmm2WFvodCh5ryV8pue0bBLx3lWHEJHM0NkF1dPkLal8V4UH+wG8fodEBc3T4/jmm/Ht4xG+UZZJzCj2cr42H2zGu7dCFfDNpK3ezb8yy6glIwRkVQkS/yeokJQdfQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RTil/ROeOmMLOH5a1lRAnlSp5rPpVYsB31Y0sGMCldDxYNHOhVDXwvlhhMFbsXoQYrliXpE8YkS6XC9fLCdxIYnfW8answvxRG4/99IkufxK+wd3y+vdMGXPuEeB54p+/UufGVpJ+ILlzq3q/ZcZNCh7bTM2/4MFeUmjSHtFrfYQ+8srQOt7xxCAkVh5a29Q6gqNEv3zmCkA7XoftsxLdsnf2ePBQ6vIF+XOc59zPKzH7NVyywQnOi/ayXPOP7zA/0XnOChV3FO/41ZThw5k1VQ8IL/PIJ9TgfjktdeNK5gHgGRHgS65SXgtHd7vyTKMe7mfrXqJ2KXnDJa1fXoS+g==

Cc: <Wei.Chen@xxxxxxx>, <Bertrand.Marquis@xxxxxxx>

Delivery-date: Fri, 15 Oct 2021 03:10:38 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Nodisclaimer: true

From: Stefano Stabellini <stefano.stabellini@xxxxxxxxxx> Make sure to start with a WARNING about security. Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxx> Signed-off-by: Penny Zheng <penny.zheng@xxxxxxx> --- docs/misc/arm/passthrough-noiommu.txt | 54 +++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 docs/misc/arm/passthrough-noiommu.txt diff --git a/docs/misc/arm/passthrough-noiommu.txt b/docs/misc/arm/passthrough-noiommu.txt new file mode 100644 index 0000000000..61aeb8a5cd --- /dev/null +++ b/docs/misc/arm/passthrough-noiommu.txt @@ -0,0 +1,54 @@ +Request Device Assignment without IOMMU support +=============================================== + +*WARNING: +Users should be aware that it is not always secure to assign a device without +IOMMU protection. +When the device is not protected by the IOMMU, the administrator should make +sure that: + 1. The device is assigned to a trusted guest. + 2. Users have additional security mechanism on the platform. + + +This document assumes that the IOMMU is absent from the system or it is +disabled (status = "disabled" in device tree). + + +Add xen,force-assign-without-iommu; to the device tree snippet: + +ethernet: ethernet@ff0e0000 { + compatible = "cdns,zynqmp-gem"; + xen,path = "/amba/ethernet@ff0e0000"; + xen,reg = <0x0 0xff0e0000 0x1000 0x0 0xff0e0000>; + xen,force-assign-without-iommu; +}; + +Request 1:1 memory mapping for the domain on static allocation +============================================================== + +Add a direct-map property under the appropriate /chosen/domU node which +is also statically allocated with physical memory ranges through +xen,static-mem property as its guest RAM. + +Below is an example on how to specify the 1:1 memory mapping for the domain +on static allocation in the device-tree: + +/ { + chosen { + domU1 { + compatible = "xen,domain"; + #address-cells = <0x2>; + #size-cells = <0x2>; + cpus = <2>; + memory = <0x0 0x80000>; + #xen,static-mem-address-cells = <0x1>; + #xen,static-mem-size-cells = <0x1>; + xen,static-mem = <0x30000000 0x20000000>; + direct-map; + ... + }; + }; +}; + +Besides reserving a 512MB region starting at the host physical address +0x30000000 to DomU1, it also requests 1:1 memory mapping. -- 2.25.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.