[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 10/11] xen/arm: device assignment on 1:1 direct-map domain

To: Penny Zheng <penny.zheng@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, sstabellini@xxxxxxxxxx
From: Julien Grall <julien@xxxxxxx>
Date: Thu, 23 Sep 2021 16:26:40 +0500
Cc: Bertrand.Marquis@xxxxxxx, Wei.Chen@xxxxxxx
Delivery-date: Thu, 23 Sep 2021 11:26:47 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi,

On 23/09/2021 08:11, Penny Zheng wrote:

User could do device passthrough, with "xen,force-assign-without-iommu" in
the device tree snippet, on trusted guest through 1:1 direct-map,
if IOMMU absent or disabled on hardware.

At the moment, it would be possible to passthrough a non-DMA capabledevice with direct-mapping. After this patch, this is going to be forbidden.


In order to achieve that, this patch adds 1:1 direct-map check and disables
iommu-related action.

Signed-off-by: Penny Zheng <penny.zheng@xxxxxxx>
---
  xen/arch/arm/domain_build.c | 12 ++++++++----
  1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
index c92e510ae7..9a9d2522b7 100644
--- a/xen/arch/arm/domain_build.c
+++ b/xen/arch/arm/domain_build.c
@@ -2070,14 +2070,18 @@ static int __init handle_passthrough_prop(struct 
kernel_info *kinfo,
      if ( res < 0 )
          return res;

+ /*

+     * If xen_force, we allow assignment of devices without IOMMU protection.
+     * And if IOMMU is disabled or absent, 1:1 direct-map is necessary > +     
*/
+    if ( xen_force && is_domain_direct_mapped(kinfo->d) &&
+         !dt_device_is_protected(node) )

dt_device_is_protected() will be always false unless the device isprotected behing an SMMU using the legacy binding. So I don't think thisis correct to move this check ahead. In fact..

+        return 0;
+
      res = iommu_add_dt_device(node);

... the call should already be a NOP when the IOMMU is disabled or thedevice is not behind an IOMMU. So can you explain what you are trying toprevent here?

      if ( res < 0 )
          return res;

- /* If xen_force, we allow assignment of devices without IOMMU protection. */

-    if ( xen_force && !dt_device_is_protected(node) )
-        return 0;
-
      return iommu_assign_dt_device(kinfo->d, node);
  }


Cheers,

--
Julien Grall

References:
- [PATCH 00/11] 1:1 direct-map memory map
  - From: Penny Zheng
- [PATCH 10/11] xen/arm: device assignment on 1:1 direct-map domain
  - From: Penny Zheng

Prev by Date: Re: [PATCH v2 06/17] xen/device-tree: Add dt_property_read_variable_u32_array helper
Next by Date: Re: [PATCH v3 8/9] x86/HVM: skip offline vCPU-s when dumping VMCBs/VMCSes
Previous by thread: [PATCH 10/11] xen/arm: device assignment on 1:1 direct-map domain
Next by thread: [PATCH 11/11] xen/docs: add a document to explain how to do passthrough without IOMMU
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.