[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] don't allow Dom0 access to IOMMUs' MMIO pages



> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
> Sent: Thursday, October 02, 2014 6:35 AM
> 
> Just like for LAPIC, IO-APIC, MSI, and HT we shouldn't be granting Dom0
> access to these. This implicitly results in these pages also getting
> marked reserved in the machine memory map Dom0 uses to determine the
> ranges where PCI devices can have their MMIO ranges placed.
> 
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> 

Acked-by: Kevin Tian <kevin.tian@xxxxxxxxx>

> --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c
> +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c
> @@ -19,6 +19,7 @@
>   */
> 
>  #include <xen/sched.h>
> +#include <xen/iocap.h>
>  #include <xen/pci.h>
>  #include <xen/pci_regs.h>
>  #include <xen/paging.h>
> @@ -283,6 +284,7 @@ static int amd_iommu_domain_init(struct
>  static void __hwdom_init amd_iommu_hwdom_init(struct domain *d)
>  {
>      unsigned long i;
> +    const struct amd_iommu *iommu;
> 
>      if ( !iommu_passthrough && !need_iommu(d) )
>      {
> @@ -304,6 +306,12 @@ static void __hwdom_init amd_iommu_hwdom
>          }
>      }
> 
> +    for_each_amd_iommu ( iommu )
> +        if ( iomem_deny_access(d,
> PFN_DOWN(iommu->mmio_base_phys),
> +                               PFN_DOWN(iommu->mmio_base_phys
> +
> +
> IOMMU_MMIO_REGION_LENGTH - 1)) )
> +            BUG();
> +
>      setup_hwdom_pci_devices(d, amd_iommu_setup_hwdom_device);
>  }
> 
> --- a/xen/drivers/passthrough/vtd/iommu.c
> +++ b/xen/drivers/passthrough/vtd/iommu.c
> @@ -23,6 +23,7 @@
>  #include <xen/sched.h>
>  #include <xen/xmalloc.h>
>  #include <xen/domain_page.h>
> +#include <xen/iocap.h>
>  #include <xen/iommu.h>
>  #include <asm/hvm/iommu.h>
>  #include <xen/numa.h>
> @@ -1258,6 +1259,9 @@ static void __hwdom_init intel_iommu_hwd
> 
>      for_each_drhd_unit ( drhd )
>      {
> +        if ( iomem_deny_access(d, PFN_DOWN(drhd->address),
> +                               PFN_DOWN(drhd->address)) )
> +            BUG();
>          iommu_enable_translation(drhd);
>      }
>  }
> 
> 


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.