Xen project Mailing List

Re: [PATCH v4 1/2] xen/arm: fix arm_iommu_map_page after f9f6b22abf1d

From: Stewart Hildebrand <stewart.hildebrand@xxxxxxx>

Date: Thu, 24 Jul 2025 10:14:34 -0400

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=piFjnQMGW7ohJbHPkBNKz8dr3T7e/7nke42T/lRvTzI=; b=x1HnsUE0fcdyZSEIV61f4OFQF2S1ZTQ6e4YCaaE8KwWIeTiL4Smvu+NQbI/iCjLZc4P095jVgXPdesJRYyMk7qv90Fdv1XsVy9tvnyi4rRraVuuCJfs4H9pBpg8fK/mfa4azDoit3vM1r55h5juka9C69P4XudHwbopepKrUaou8e3QcN0VOd4JoN24Id4nwKRLYyMkMDduNkGlyfJd588Ywdh3CblgM0APxdoOe10dqB1az8hrmWG+xmDET+dprhgbk7dtvZSX4GBR3o4FxR3V7kIhGJ/9B+TWakbXg/cekUJy5e7Rmm3RjHxlVyKpwU4c2mJ6qub5jmKwMImytNA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=L17lhswk8+8x+xN3P1Qt4CXzdtt4Luqad1uT8cxM5Xhpi2sgGfqRTlMwFO9c+wJpE/DldNCtd4Gk6xVK6bNg9orchhwsnVjpo3KvKrWXX7Kwrjw1N2VyRDqnZTHcg501jDezUF7lvd8cSJMLktc5JrQ2KQJGo/tO5SVpZ/CBdd8SbATcUyoGl5O/MFmDYF98iPS97qJs5pYvRHZVJzkvz1Hw+TLGcKOKtiVObsLdo6W6SzxL1mLMn1hTBm/kZjoXY8t122RXT0i2STjbIZPjxDsWCy5pfZCgl5iEr6w5VNs+AMtf/D1ZwdFBQHnqH1S2ARTE0xR44314hpytlQCF5A==

Cc: Stefano Stabellini <stefano.stabellini@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Thu, 24 Jul 2025 14:15:07 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 7/24/25 04:07, Jan Beulich wrote: > On 23.07.2025 20:13, Stewart Hildebrand wrote: >> From: Stefano Stabellini <stefano.stabellini@xxxxxxx> >> >> Up until f9f6b22abf1d "xen/arm: Map ITS doorbell register to IOMMU page >> tables" the only caller of iommu_map on ARM was grant_table.c which has >> a specific usage model and restrictions as described by the in-code >> comment in arm_iommu_map_page. >> >> f9f6b22abf1d introduced a second caller to iommu_map on ARM: >> vgic_v3_its_init_virtual. This specific statement in the >> f9f6b22abf1d commit message is partially wrong: >> >> "Note that the 1:1 check in arm_iommu_map_page remains for now, as >> virtual ITSes are currently only created for hwdom where the doorbell >> mapping is always 1:1." >> >> Leading to crashes any time the hardware domain is not direct-mapped >> (e.g. cache coloring and non-Dom0 hardware domain): >> >> (XEN) Xen BUG at drivers/passthrough/arm/iommu_helpers.c:47 >> [...] >> (XEN) Xen call trace: >> (XEN) [<00000a000024c758>] arm_iommu_map_page+0x80/0x90 (PC) >> (XEN) [<00000a000024c750>] arm_iommu_map_page+0x78/0x90 (LR) >> (XEN) [<00000a0000250884>] iommu_map+0xcc/0x29c >> (XEN) [<00000a0000288024>] vgic_v3_its_init_domain+0x18c/0x1e8 >> (XEN) [<00000a0000285228>] vgic-v3.c#vgic_v3_domain_init+0x168/0x21c >> (XEN) [<00000a0000281dcc>] domain_vgic_init+0x14c/0x210 >> (XEN) [<00000a00002705a4>] arch_domain_create+0x150/0x1f0 >> (XEN) [<00000a00002055e8>] domain_create+0x47c/0x6c0 >> (XEN) [<00000a00002cf090>] create_domUs+0x7f8/0x8cc >> (XEN) [<00000a00002eb588>] start_xen+0x8f4/0x998 >> (XEN) [<00000a000020018c>] head.o#primary_switched+0x4/0x10 >> >> Specifically, non-1:1 hardware domain exists with cache coloring >> enabled. For that, is_domain_direct_mapped(d) is false but >> domain_use_host_layout(d) is true. >> >> Change the is_domain_direct_mapped(d) checks in arm_iommu_map_page and >> arm_iommu_unmap_page into domain_use_host_layout(d) checks. >> >> Move the in-code comment specific to the grant table to grant-table.c >> and adjust to be architecture-neutral. >> >> Fixes: f9f6b22abf1d ("xen/arm: Map ITS doorbell register to IOMMU page >> tables") >> Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxx> >> Signed-off-by: Stewart Hildebrand <stewart.hildebrand@xxxxxxx> >> --- >> v3->v4: >> * adjust comment to be architecture-neutral > > Hmm, it's now arch-neutral, but still not quite correct. > >> --- a/xen/common/grant_table.c >> +++ b/xen/common/grant_table.c >> @@ -1274,6 +1274,11 @@ map_grant_ref( >> } >> >> /* >> + * Grant mappings can be used for DMA requests. The dev_bus_addr >> + * returned by the hypercall is the MFN (not the GFN). For device >> + * protected by an IOMMU, Xen needs to add a 1:1 mapping in the >> domain >> + * p2m to allow DMA request to work. >> + * >> * We're not translated, so we know that dfns and mfns are >> * the same things, so the IOMMU entry is always 1-to-1. >> */ > > The original comment, for a reason, talks about DFN, not GFN. The relationship > to P2M (where GFNs might indeed matter) also isn't quite clear to me: > iommu_legacy_map() alters IOMMU mappings. Which may or may not be shared with > CPU ones. Ah, you're right, I assumed iommu page tables are always shared with cpu... A bad assumption, sorry about that. > > Fundamental question: What exactly is insufficient in the comment that's there > already? Nothing. It was nothing more than trying to find a new home for the comment in xen/drivers/passthrough/arm/iommu_helpers.c, but perhaps it's better to drop the comment altogether and leave xen/common/grant_table.c unchanged.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.