[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xen/arm: Let the IOMMU be accessible by Dom0 if forcibly disabled in Xen

On 08/08/2019 12:23, Oleksandr wrote:

On 08.08.19 14:01, Roger Pau Monné wrote:

Hi, Roger.

On Thu, Aug 08, 2019 at 01:53:23PM +0300, Oleksandr Tyshchenko wrote:
From: Oleksandr Tyshchenko <oleksandr_tyshchenko@xxxxxxxx>

Don't skip IOMMU nodes when creating DT for Dom0 if IOMMU has been
forcibly disabled in bootargs (e.g. "iommu=0") in order to let
the IOMMU be accessible by DOM0.

I don't think your code is doing what you expect... If iommu=0, then Xen will not lookup for IOMMUs (iommu_hardware_setup() will not be called). So none of the device will have DEVICE_IOMMU set and hence they are already given to dom0.

But I think it is wrong to give the IOMMUs to Dom0 when iommu=0. This is not the goal of this option. If you want to passthrough the IOMMU to Dom0, then you should use the parameter iommu_hwdom_passthrough.

However, I agree with Roger that giving the IOMMU to dom0 is a pretty bad idea. So this should be fixed.

Signed-off-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@xxxxxxxx>
I have heard there is a "possible" case when the IOMMU could be accessible by DOM0.
So, I think, for this to work we need to create corresponding DT nodes in the DT
at least.
dom0 on ARM being an autotranslated guest I'm not sure how it's going
to program the DMA remapping in the iommu, since it doesn't know the
mfns of the memory it uses at all, hence I don't see the point in
exposing the hardware iommu to dom0 unless there's some emulation done
to make dom0 able to access it.

Currently, Dom0 on ARM is always 1:1 mapped (gfn == mfn). However, I don't really know how long this assumption it is going to be true.

The 1:1 mapped is only correct for Dom0 RAM. Any foreign mapping will not be mapped 1:1.

We actually have code in Linux to keep track of the foreign mapping as any DMA access should be using the machine physical address (and not Dom0 physical address).

This brings some headache when IOMMU is used in Xen because we have to add a 1:1 mapping for foreign page so you can still DMA in it. This will be fun trying to fix XSA-300 because of that...

Ideally the 1:1 mapping should only be used when necessary. Unfortunately this is not trivial to remove. For a first, Linux is assuming the 1:1 mapping so you need to teach Linux to not assume that anymore. So we need to know if the kernel is able to deal with it when building dom0.

Furthermore, having an IOMMU on a platform sadly doesn't mean all DMA-capable devices will be behind it. This is a bit difficult to find out in Xen.

In short, this is quite a mess to resolve :/.


Julien Grall

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.